3 Posts
0
2109
Dell X1052P and Ubiquiti Security Gateway 4P
I’m going to apologize for my lack of networking knowledge before I get started. I feel like I know enough to be dangerous and have most my VLANs configured correctly but I know I’m missing some pieces. I’m by no means am a network engineer but a volunteer that is trying to configure my churches network to be configured so security cameras and door access are on a separate network from our Wireless/LAN.
My setup is shown at the bottom in a picture.
My problem is the following:
When hardwired the switch and with a DHCP reservation to get on to the 10.75.x.x network I cannot talk to the door access controllers which are on that network. So when I change to a static IP address on the machine I can access the door access controller but cannot get to the network.
Also, I would like to be able to get from the 10.10.x.x network over to the 10.75.x.x network but cannot seem to get this working.
I’m not entirely sure if I have my ports configured correctly going to the Unifi Security Gateway. Right now I have the port set to Trunk with the following settings:
Switchport mode at Layer 2
VLAN List: 1,75, 192
Membership: Tagged
Frame Type: Admit All
Ingress Filtering: Enabled
Native VLAN ID: 1
The network has been configured by a few other people before getting to me so that is why all the weird gateways/subnets. I would consider redoing much of it but fear of breaking things and I have a full-time job and family on top of this volunteering. Any help would be greatly appreciated!
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
June 4th, 2018 12:00
For devices to communicate from different VLANs, there needs to be a layer 3 device that facilitates the connection between VLANs/Subnets.
It looks like the security gateway can perform this action.
https://bit.ly/2J9lbzg
https://bit.ly/2stRkHs
The X1052 has a Layer2+ mode that offers some routing features.
Page 215: https://dell.to/2Gi87BP
Once you have a device configured for routing, things should start communicating.
lenciso23
3 Posts
0
June 4th, 2018 16:00
Thank you Daniel,
I think I have everything configured. Did I have the port on the X1052P set up correctly? It doesn't seem to be passing the traffic through. It says Destination Host Unreachable (which I felt is better then Timed out).
Lukas
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
June 5th, 2018 05:00
When multiple VLANs need to traverse the same connection, Trunk/General mode is the proper switchport mode to use. Here is a KB article detailing the steps to configure a Trunk interface, you can use it to double check your configuration. https://dell.to/2swXiJZ
To test connectivity from switch to switch, I suggest pinging from two devices in the same VLAN but on a different switch. This will help test whether the switch to switch connections are passing traffic.
Then test VLAN routing by trying to ping between two devices on different VLANs. If same VLAN communication is good, but different VLAN communication is not working, then you can concentrate your troubleshooting on the VLAN routing configuration.
lenciso23
3 Posts
0
June 5th, 2018 07:00
So the pinging does work just fine between switches. It just fails when I am on different VLANs. By Routing Configuration, I'm assuming you mean the firewall correct?
Thanks again! Your help has been so greatly appreciated.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
June 5th, 2018 10:00
The firewall or switch can be configured to route between the VLANs.
Scenario 1:
Leave the Switch to Firewall connection as a Trunk connection and funnel all VLANs upstream to the Firewall. Then configure the Firewall to control access from VLAN to VLAN and external.
Scenario 2:
Have the switch perform VLAN to VLAN communication. It is not a layer 3 switch, but you should be able to get the VLANs communicating by applying an IP Address to each VLAN and then issue the command #ip routing.
Set the switch to firewall port to access mode for the VLAN that correcsponds to the firewalls IP address. Then implement static routes on both the switch and firewall that directs traffic in and out of the network.
Either one of these scenarios should work just fine a network on the smaller side.