DHCP not passing through on primary VLAN

Problem

When connecting to the primary SSID no IP address is issued to the client.

When connecting to the secondary SSID (guest) a correct IP is issued.

Configuration

I'm configuring a Nebula managed system comprising of:

NSG100, GS1920-24, GS1920HP-24, WAC6303D-S

There are three VLANs defined:

VLAN10 = main data for physical and wireless; DHCP server issuing on 192.168.80.x

VLAN20 = guest wireless access, DHCP server issuing on 192.168.85.x

VLAN30 = telephony access, DHCP server issuing on 192.168.110.x

Management VLAN is 1, default

All VLANs come back to Port Group 1 on the NSG

The GS1920HP-24 is configured with

  • Ports 1-12 allowing VLAN 1, 10, 20 and PVID 10
  • Ports 13-24 allowing VLAN 1, 30 and PVID 30
  • Ports 25-28 allowing all VLAN and used for uplink

The non-HP unit is 1-24 allowing VLAN 1, 10, 20 and PVID 10, and 25-28 allowing all, used for uplink

Physical connections

If I use a wired connection into ports 1-12 I get issued a correct address

Into ports 13-24 I get issued a correct address

So DHCP is passing through from the NSG to the switches correctly.

SSID configuration

Both SSIDs are configured with the appropriate VLAN id.


I am totally baffled as to why the guest network on VLAN 20 is issuing address correctly, but the primary isn't, but only when via wireless.

Any help much appreciated.

Tagged:

Accepted Solution

All Replies

  • Nebula_JasonNebula_Jason Zyxel Official Agent Posts: 99  mod

    Hi @GingerMonkey ,

    Welcome to Zyxel Community!

    Thanks for your clear information.

    I think there is misconfiguration on your Nebula Switch.

    The PVID of port 1-12 and 13-24 on GS1920-24HP, and the PVID of port 1-24 on GS1920-24 should be all configure as PVID 1, or the traffic for VLAN 10 and VLAN 30 from NSG will be untagged out to your APs.(It should be tagged out to APs)

    Hope it helps.

    Jason
  • GingerMonkeyGingerMonkey Member Posts: 4
    edited August 8, 2019 4:53PM

    Hi @Nebula_Jason

    Thanks for the response.

    I originally had the PVID set to 1 throughout, but found:

    • if I made a wired connection on any port the device would pick up the underlying LAN1 IP range, not the appropriate VLAN range. Changing the PVID to be the 'default' VLAN for that port meant that the right IP is assigned when wired
    • the AP didn't even show up online (although I think that may be due to the original firmware being hugely out of date)

    It's important at this site that the VLAN is determined by the physical connection (or SSID) and does not have to be manually set on each client device. PVID of 1 throughout seemed to run contrary to that, but I may have been missing something.

    Supplementary, if I switch it all back to PVID 1:

    • On the AP, in the IP configuration (Access Point > Status > LAN IP) should that be set to Untagged or Tagged (and presumably PVID to 1 also)?
  • In fact, having just done some reading, I'm convinced that the PVID on the switch ports needs to be set to the desired VLAN, as the documentation indicates that the PVID is what the switch will add to any untagged traffic - as the whole system will be running off DHCP, all initial traffic will be untagged, so the infrastructure has to maintain the appropriate VLAN memberships.

    I can see how it might need tweaking on the AP, although I would have thought that the AP would be sending tagged traffic because the VLAN ID is embedded in the SSID.

    https://kb.zyxel.com/KB/searchArticle!gwsViewDetail.action?articleOid=007222&lang=EN

  • RUnglaubeRUnglaube Member Posts: 117  Ally Member

    You could use the LAN 1 interface as Management VLAN and don't need to create a VLAN 1.

    If you don't want to use LAN 1, make sure that the uplink port on the switch (connecting to the NSG) has a PVID that is different than 1, 10, 20 or 30, which are VLAN interfaces you create, it could be 100 for example. In this case, the untagged traffic from LAN 1 will be encapsulated in VLAN100. Then you could set the PVID as you mentioned.

    For the IP settings, if you use LAN 1 for management, you could leave it as Untagged. If you want to keep VLAN 1, you need to set it as Tagged.

    "You will never walk along"
  • Thanks @Jason that helps.

    There are a couple of other wrinkles I needed to solve, but I understand your point now, and have reconfigured the system accordingly. Along with help from one of your colleagues on the support team on some related issues, all is now working.

Sign In to comment.