Jun 10, 2013

How To Change The Default VLAN on A Dell PowerConnect 3448P So You Can Use VLAN 1 As A Trunk With All VLANs Tagged

A little over a year ago we had a crappy in-house Panasonic PBX for our phone system. Nobody knew how to configure it, and the consultant we hired to work on it, who is the only Panasonic guy in town, changed jobs. We decided to retire it and go with a hosted VoIP provider.

The problem at the time was the crappy switches that the IT guy who I replaced used to build the network originally were dumb, un-managed switches. I knew that if we were going with VoIP we needed to separate the SIP traffic to it's own VLAN, which meant we needed managed switches.

Well since my company is also very cheap, I couldn't spend any money on decent CISCO Catalyst switches, and we ended up with these really terrible Trendnet TEG-448WS switches that could handle VLANs fine, but were super basic when it came to QoS, which is important in VoIP.

After over a year of random drops, and other irritating issues, we had a VoIP company come in to make a recommendation. Mainly, I wanted a 3rd party to come in and confirm what I had been trying to say for a while, which was that we needed better switches.

They still wouldn't let me get a CISCO Catalyst, but they did let me buy some refurbished Dell PowerConnect 3448P's. These switches had more robust QoS features, but they had an interesting problem on their own. By default, you can't modify VLAN 1. It is considered the Native VLAN, or the Default VLAN. That means that all ports are untagged on VLAN 1, and you can't change that. Well, I should say, it's kind of a pain, hence this article, but it can be done.

In order to use VLAN 1 in a true trunk, which is what I wanted to do, you need to be able to set a port to be tagged on all VLANs. Now, you might be saying, why not just set the port on the device you are connecting to as untagged? Then there isn't an issue right? That's true, but the device I was connecting to was a Fortigate 60C Firewall, and it wouldn't give me that option. All VLAN interfaces on that unit are tagged, and cannot be set to untagged. At least, I don't know how to do that.

So what I had to do was to change the VLAN number of the default VLAN on my Dell PowerConnect 3448P. You cannot do this through the web interface either by the way, you have to do this through the terminal. I recommend doing it using the serial port. Also, once you do this, the original IP will be wiped out, so prepare for that. I set mine to 600, because I wasn't going to use it.

Here's what I did:
  • Create a new vlan

    enable > configure > vlan database > vlan 600
  • Set the new vlan as the default vlan

     default-vlan vlan 600
  • Save your config, then reboot the device

    end > copy ru st

    reload

  • Create a new vlan 1

    enable > configure > vlan database > vlan 1
  • Set a new IP for vlan 1

    exit > interface vlan 1 > ip address 192.168.0.8 255.255.255.0
  • Set a new IP for vlan 600

    exit > interface vlan 600 > ip address 192.168.1.8 255.255.255.0
  • Plug your laptop into one of the ports, it should be untagged with vlan 600.
  • Give a static ip to your laptop on that subnet, and browse to the ip address of vlan 600
  • Login to the web interface, and now you can start tagging and untagging ports on vlan 1 through the gui.
Kind of a pain in the butt I agree, and I know that using VLAN 1 is not technically the best practice, but that is how the network is setup, and it would be an even bigger pain in the butt to correct it than it is to just change the default VLAN on this switch.

Did this help you out? Are you in a similar situation? Let us know about it in the comments.

Enhanced by Zemanta



Twitter Delicious Facebook Digg Stumbleupon Favorites More

 
Design by Free WordPress Themes | Bloggerized by Lasantha - Premium Blogger Themes | stopping spam