Here's a weird one for you guys. I haven't been working with VLANs all that long and even less time with Ubiquiti devices, so I'm sure that I'm missing something here, but am not sure what.
The scenario: three Ubiquiti switches managed by a Unifi controller on-premise. Their IPs are all currently on VLAN 1 in an environment I just inherited. I want to segment the network so that all switch management IPs are in VLAN 50. The existing configured-before-me trunks between these three switches are on the default All profile, which sets VLAN 1 as the native/untagged, and all other VLANs as tagged. This means VLAN 50 is currently tagged on all the uplinks between switches. One of the three switches acts as the core (call it Switch A), with the other two connected to it through these trunks.
I picked one of the two non-core switches (call it Switch B) and moved it to an IP on VLAN 50 through the controller. The switch went offline in the controller and I could not ping the new IP. On a hunch, I changed the configuration for the port on Switch A that Switch B uses for uplink to a profile that has VLAN 50 as the native/untagged, with all other VLANs tagged. Switch B came online right away and I could ping the new IP.
Why does VLAN 50 need to be untagged on the core (A) side for B to be pingable, and why doesn't it need to be untagged on the B side of the uplink?
Does Ubiquiti send switch management traffic as untagged packets?
No comments:
Post a Comment