I'm trying to segment off security cameras onto a different dhcp scope using vlans
the dhcp server is running on a sonicwall, with x2 configured to use vlan 42
I have added vlan 42 to swtich number 1, and have the uplink (port 48) set to trunk mode running into the sonicwall x5 interface
I also added vlan 42 to the switch the camera is on, and configured the port the camera is in (17) to use vlan 42.
My camera is not getting an ip address. and i think this is because setting vlan 42 on the port config makes it accept tagged traffic rather than untagged traffic.
the camera does not support tagged traffic, so i need to set the switch port for untagged traffic vlan 42
I have attached a crude paint diagram of what the setup looks like. as well as screen shots from the two switches.
What do i need to do in order to make this work?
Configure port 48 of switch 1 that faces the Sonicwall as an access port on vlan 42. Don't assign VLANs to the Sonicwall. Use X5 as the camera LAN port with its DHCP server.
Run "show mac address-table". We want to see what devices are associated with which VLAN on which ports. "show arp" will just show the devices with which the switch is communicating for management or layer 3 routing.
Configure port 48 of switch 1 that faces the Sonicwall as an access port on vlan 42. Don't assign VLANs to the Sonicwall. Use X5 as the camera LAN port with its DHCP server.
No dice.They are still not getting a lease.
What is the result of "show mac-address" on both switches?
I can run the command show mac address-table or show arp
Run "show mac address-table". We want to see what devices are associated with which VLAN on which ports. "show arp" will just show the devices with which the switch is communicating for management or layer 3 routing.
Full outputs on both switchs. page 3 of switch 1 shows a port on vlan 42 and page 2 of switch 2 shows a port on a vlan.
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page1.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page2.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page3.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page4.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page5.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW1-MACs-Page6.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW2-MACs-Page1.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW2-MACs-Page2.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW2-MACs-Page3.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW2-MACs-Page4.png
https://dl.dropboxusercontent.com/u/79628885/Switch%20Output/SW2-MACs-Page5.png
I see the Sonicwall MAC on port 48 of switch 1 and also on port 23 of switch 2 which is the trunk between the switches. So the Sonicwall side looks good. However, there are no MAC addresses associated with port 17 of switch 2.
Plug a laptop into port 17 on switch 2 and see if it gets a DHCP address on the camera subnet. I suspect that it will. Look for a physical cable issue between switch 2 port 17 and the camera.
confirmed the laptop can get an ip address. so there is an issue with the camera itself or the cabling. I will mark the first response as correct.
Keep in mind that by setting the port as access, the VLAN tag toward the camera is removed. If the cameras are configurable, don't apply any VLAN configuration to them, set them up as plain Ethernet untagged. Also obviously set them to obtain an address by DHCP. Are the cameras PoE? If so is the switch providing power?
The cameras are not vlan configurable. it is all untagged traffic. they are all working correctly on the new subnet, minus one camera because of a PoE failure on the switch.