SOLVED
Hello Johan,
Let me start with tagged and Untagged definition here ,
Untagged - To connect host device
Tagged - Its a link where it carry multiple vlan eg interswich link ,When you configure a port as 'Tagged' you are telling the switch to place an 802.1q tag in the frame that can identify the VLAN that the frame came from.
Suggest to use PVID on tagged port only for receiving untagged packets. Since you are connecting a camera suggest to use the port as access ( Untag ) .
When you config a port with only PVID ,it taggin the defult vlan in to and marking the port as Hybrid.
Let me give you example where you can use PVID
[Ethernet 1/0/6] port trunk permit vlan 10 20
Setting the port to allow VLAN 10 (telephony) and VLAN 20 (Host)
[Ethernet 1/0/6] port trunk pvid vlan 20
Setting the port to send and receive non-tagueados frames on VLAN 20
I work for HPE
Hello Johan,
From the config share, Port 1 using VLAN 10 and port 2 using VLAN 1
As per your requirment you need to use VLAN 10 on port number 2 since you are connecting Camera into that . So can you please let me know what are SVI you have crated on switch , i request you compare the IP address of the Camera which connect of VLAN 1 and VLAN 10 .
And make the port 6, as access if you want to use only the Camera Server
I work for HPE
Hi @jmpk just a note to be clear.
You reported this sentence: "When you config a port with only PVID ,it taggin the defult vlan in to and marking the port as Hybrid"...but that shouldn't be true.
Indeed a port with a particular PVID (Port VLAN ID) is a port that remove the tag (untagging) on egressing packets thus they will leave that port as untagged packets and is also the very same port of the switch where, internally to the switch [*], the tag is applied (tagging) on the ingressing untagged packets that are incoming...so a port with just the PVID configured shouldn't became an Hybrid port [**] as written...it should instead became just an Access mode port where its PVID is specified with the particular VLAN id chosen.
Avoid Hybrid ports...the OP should only use ports (re)configured in Access mode (when you are dealing with end/edge devices that are VLAN unaware so they "speak" only with untagged packets and generally their default VLAN id is 1) or ports (re)configured in Trunk mode (when there is the need to concurrently admit and transport various VLANs across devices or between a device and its connected switch port, the interface/port can be member of one untagged VLAN id + be also member of one or more tagged VLAN ids OR be just no untagged - PVID ophaned - and only member of one ore more tagged VLAN ids).
As you can note here there is a mix of terminology: HP ProCurve jargon uses the "port is (untagged/no untagged/tagged) member of one ore more VLAN id(s)" while the HP Comware jargon uses the "VLAN is untagged/tagge on that port"...exactly like the fact that HP Comware refers to interfaces...while HP ProCurve refers to ports. Apples and Oranges...but both are fruits.
[*] Consider that, internally to the switch, all packets flow tagged.
[**] Indeed the Hybrid port definition (existing on Comware devices) is: "Hybrid port: a Hybrid port allows traffic of some VLANs to pass through untagged and traffic of some other VLANs to pass through tagged. Usually, hybrid ports are configured to connect devices those support for VLAN-tagged packets are uncertain.".
That is explained on this old thread (where you copied the example of interface Ethernet 1/0/6).
I'm not an HPE Employee
@Johan5 wrote: I do not want the camera-server to be connected to the Internet, just to the camera’s.
So you need to (re)configure all interfaces where you connected IP Cameras and the IP Camera Server to be in Access Mode (Untagged into VLAN id 10):
- Fast Ethernet interface 1/0/1 should be Access mode with PVID 10
- Fast Ethernet interface 1/0/2 should be Access mode with PVID 10
- Fast Ethernet interface 1/0/6 should be Access mode with PVID 10
Fast Ethernet interfaces 1/0/3, 1/0/4 and 1/0/5 look not connected (Link Down).
Fast Ethernet interfaces 1/0/7 and 1/0/8 are Access with mode PVID 20 so we can suppose that both are used to connect (edge-/end-) hosts that need to reach the Internet (as you named the VLAN id 20), probably via one of the Trunk Mode interface (1/0/9 or 1/0/10).
Gigabit Ethernet interfaces 1/0/9 and 1/0/10 are used, each one, as Trunk mode with PVID 1 and Tagged VLAN id(s) 10 and 20, so they transport and admits packects flowing in and out with VLAN id 10 and/or VLAN id 20 tagged and/or VLAN id 1 untagged...it normally means that one of those ports (why two?) is connected to your gateway (to external networks like the Internet).
Edit: forgot to say...note that PVID = Untagged on all interfaces set to work in Access Mode, only the interface 1/0/6 is different with that regard...it has Untagged 1,10 exactly because it was set Hybrid (incorrectly or not, it doesn't matter) -> as suggested above, change its working mode into Access with PVID 10 and nothing else also correct interface 1/0/2 to match with interface 1/0/1 settings.
I'm not an HPE Employee
Wait. Camera should be unaware of the VLAN tagging, each Camera should output untagged traffic to the switch's port it is connected to...so if it is working for an IP Camera connected to a particular switch port it should work for another IP Camera connected to another switch port (configured with the same VLAN settings).
You say you lose the Camera...but...who is doing routing in your network topology? can you draw the topology and VLAN tag/untag on relevant ports (Switch-to-Switch and Device-to-Switch, at least for any relevant peer?)? I mean...if I place an IP Camera on interface 1/0/1 and 1/0/2 and 1/0/6 and those three interfaces are on the very same VLAN, simply PVID 1050 thus just Access Mode (that's because I like to use a fresh new unsued VLAN id 1050 "IP Video" with subnet 10.250.50.0/24 and SVI 10.250.50..254)...and IP Camera 1 is, as example, addressed with 10.250.50.1, IP Camera 2 with 10.250.50.2 and the IP Video Server with 10.250.50.253...all devices connected on the very same switch on interfaces listed above...then a ping test from the IP Video Server should be successful against IP Camera 1 and 2 (provided that all three devices are correctly addressed...with proper IP address, Subnet Mask and Defaut Gateway = SVI). That's the starting point.
Out of curiosity (to avoid strange issues): is your JG537A updated? see here and here.
I'm not an HPE Employee