Hi all,
Just wondering, we have a situation where we have a Vlan capable switch behind a canopy subscriber module that we cannot manage. The subscriber module passes all Vlans in its membership table no worries but not the managment Vlan.
Am I right in saying that subscriber modules do not “pass” the management Vlan? only recieve it to manage itself?
It will pass anything you like if it is set up correctly.
Do you have the SM set to tag unatgged ingress packets with a particular VID? Is the SM set to pass all packets, tagged, or untagged? Are the management packets from your switch tagged or untagged?
Aaron
Thanks for ya reply,
The SM is set up to allow all frames, untagged ingress set to 1 and management vlan set to 30 (as an example, not our real management no)
Setup is like this
Customer -> Switch -> SM -> AP -> NOC.
We are unable to even ping the switch.
Customer Vlans pass no worries, even if I set a port up on the switch to tag packets to vlan 30 and try and access the SM it does not work. (I assume it should or at the very least pass it onto the NOC?)
Whatever you set the management VLAN to the SM will tag those packets to. Make sure the switch port you have plugged into the SM is set for tagged on VID 30 and untagged on VID 1. I had issues with APs when I changed their VIDs from 1 - my management traffic as all on VID 1 now.
I haev this set up in a couple of places. If this continues to be an issue I can post detailed setup info for you.
Aaron
Hey Aaron,
Once again thanks for your reply and happy New Year,
a detailed setup info would be great.
The switch port the SM is plugged into is tagged for 30 but allows tagged packets only (I am pretty sure, i have not been out there since installing and cant access it remotely)
Thanks.
Sorry for the late reply.
What happens if you set the switch port to accept untagged packets for the management VLAN? For some reason I recall having an issue with trying to get the managment VLAN to be tagged. Can’t remember right now.
Here is a little more detail on my setup:
An AP is connected to the switch, management VID not tagged, all others are. The switch accepts untagged packets on the VID for both the AP and SM ports, all other VIDs are tagged. The SM has management VID set to 1, and all others included in it’s Membership list.
Dumn question, but can I assume you’re not using NAT on that SM? Just had to ask.
Aaron
Whatever you set the management VLAN to the SM will tag those packets to.
Not to intrude on the thread, but this brings up a question.
I thought what you describe above is what the Ingress VID parameter does?
In other words, if my laptop is on a switched network, as soon as traffic from my laptop hits the SM, if the packet is untagged, the SM will tag that packet with whatever VID is in the "Ingress VID" parameter and send it out over the RF.
The management VLAN is what the SM needs to see in a tagged packet in order to open up the management interface.
Ingress = 30
Management = 1
A PC on the switch wants to get into the SM. When that packets hits the SM Ethernet interface, its tagged with 30. The management interface will not open up because it expects to see 1.
Now, if Ingress AND Management were both 30, it would open up the interface.
Am I close here or am I missing something?
Sorry again for intruding on the thread!
msmith, you are correct. I have a number of sites where I want to manage the SM for the customer but have them on their own VLAN at the same time. I will set the Untagged Ingress VID to theirs and leave the management VID as 1. This way they can not access the SM management (unless their equipment is VLAN aware and will tag the packets with 1) and I can still access the SM with VID 1 - different VLANs and different logical subnets.
Aaron
Thanks for the clarification Aaron.