Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

4500 VLAN/Routing Assistance

stevezemlicka
Occasional Advisor

4500 VLAN/Routing Assistance

I need to setup a 4500 with routing. Right now I have the following config:

VLAN1 - Ports 4-26 (IP Scheme 192.168.1.x)

VLAN2 - Port 1 (IP Scheme 192.168.0.x)

VLAN3 - Port 2 (IP Scheme 192.168.2.x)

VLAN4 - Port 3 (IP Scheme 192.168.3.x)



VLAN2 will be plugged into the internet. I need all VLANs to be able to get to VLAN2 but not to other VLANs. What is the best way to accomplish this?

11 REPLIES
stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

I need to setup a 4500 with routing. Right now I have the following config:

VLAN1 - Ports 4-26 (IP Scheme 192.168.1.x)

VLAN2 - Port 1 (IP Scheme 192.168.0.x)

VLAN3 - Port 2 (IP Scheme 192.168.2.x)

VLAN4 - Port 3 (IP Scheme 192.168.3.x)



VLAN2 will be plugged into the internet. I need all VLANs to be able to get to VLAN2 but not to other VLANs. What is the best way to accomplish this?

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

I think this may be as simple as properly setting up a routing table. Unfortunately my knowledge is relatively basic in this area.

richardkok
Frequent Advisor

Re: 4500 VLAN/Routing Assistance

I don't think the 4500 switch support putting ACL's on VLANS so you'll have to create ACLs and apply them on those physical interfaces.

It aint that hard.. check out the configuration guide and you'll do fine.



gr

r.

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

If I plug a computer into VLAN1, and i plug the internet into VLAN2, I can ping the IP assigned to VLAN2 interface (192.168.0.2) but I cannot ping the router (192.168.0.1) that is plugged into VLAN2.

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

Ok, so I setup a static route using the following:

ip route-static 0.0.0.0 0.0.0.0 192.168.0.2



I can ping 192.168.0.1 from the console but I cannot ping internet addresses. And from a client PC, I cannot ping 192.168.0.1 but I can still ping 192.168.0.2



Any further ideas?

This message was edited by stevezemlicka on 3-30-09 @ 4:19 PM
richardkok
Frequent Advisor

Re: 4500 VLAN/Routing Assistance

Are you willing to place your config here ? so we can check

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

#

sysname Tri-Dave

#

local-server nas-ip 127.0.0.1 key 3com

#

dhcp-server 0 ip 192.168.1.3

#

igmp-snooping enable

#

radius scheme system

#

domain system

#

local-user admin

service-type ssh telnet terminal

level 3

local-user manager

password simple manager

service-type ssh telnet terminal

level 2

local-user monitor

password simple monitor

service-type ssh telnet terminal

level 1

#

acl number 3000

rule 1 permit IP source 0.0.0.0 255.255.255.0 destination 0.0.0.0 255.255.255.0



#

acl number 4999

rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff

#

vlan 1

igmp-snooping enable

#

vlan 2 to 4

#

undo xrn-fabric authentication-mode

#

voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Siemens A

G phone

voice vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya pho

ne

voice vlan mac-address 0013-1900-0000 mask ffff-ff00-0000 description Cisco 796

0 phone

voice vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 description Cisco 794

0 phone

voice vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips a

nd NEC AG phone

#

ip route-static 0.0.0.0 0.0.0.0 192.168.0.2 preference 60

#

snmp-agent

snmp-agent local-engineid 8000002B0022573419406877

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info contact Computer Heroes

snmp-agent sys-info location Monroe, WI 53566

snmp-agent sys-info version all

#

user-interface aux 0 7

authentication-mode scheme

screen-length 22

user-interface vty 0 4

authentication-mode scheme

#

return





display vlan 1

VLAN ID: 1

VLAN Type: static

Route Interface: configured

IP Address: 192.168.1.1

Subnet Mask: 255.255.255.0

Description: VLAN 0001

Name: VLAN 0001

Tagged Ports: none

Untagged Ports:

Ethernet1/0/4 Ethernet1/0/5 Ethernet1/0/6

Ethernet1/0/7 Ethernet1/0/8 Ethernet1/0/9

Ethernet1/0/10 Ethernet1/0/11 Ethernet1/0/12

Ethernet1/0/13 Ethernet1/0/14 Ethernet1/0/15

Ethernet1/0/16 Ethernet1/0/17 Ethernet1/0/18

Ethernet1/0/19 Ethernet1/0/20 Ethernet1/0/21

Ethernet1/0/22 Ethernet1/0/23 Ethernet1/0/24

GigabitEthernet1/0/25 GigabitEthernet1/0/26



display vlan 2

VLAN ID: 2

VLAN Type: static

Route Interface: configured

IP Address: 192.168.0.2

Subnet Mask: 255.255.255.0

Description: VLAN 0002

Name: VLAN 0002

Tagged Ports: none

Untagged Ports:

Ethernet1/0/1



display vlan 3

VLAN ID: 3

VLAN Type: static

Route Interface: configured

IP Address: 192.168.2.1

Subnet Mask: 255.255.255.0

Description: VLAN 0003

Name: VLAN 0003

Tagged Ports: none

Untagged Ports:

Ethernet1/0/2



display vlan 4

VLAN ID: 4

VLAN Type: static

Route Interface: configured

IP Address: 192.168.3.1

Subnet Mask: 255.255.255.0

Description: VLAN 0004

Name: VLAN 0004

Tagged Ports: none

Untagged Ports:

Ethernet1/0/3







richardkok
Frequent Advisor

Re: 4500 VLAN/Routing Assistance

mmmm acl number 3000 is not properly configured.. you need wildcard instead of subnetmask quotation but i do not know if you placed it on that interface .. so can you do a : dis e 1/0/1 ?



to see how that interface is configured ?



regards

r.

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

I took that ACL out because I just want it to work. I'll worry about restricting inter-VLAN access once we get it working. Is that acl necessary for allowing inter-VLAN communication?



Additionally, I called and sent an e-mail to 3com to pay them for help setting this up but have not gotten a response. How long does it typically take for them to get back to me and take my money to get this resolved ASAP. I believe i placed a call on Friday and sent a couple e-mails on Monday.

This message was edited by stevezemlicka on 4-1-09 @ 9:10 AM
wolfgangB
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

The default route '0.0.0.0/0' will route any traffic to the VLAN2 gateway. How does your router handle the VLAN? Can you ping from the router to .0.2? As long as they don't see each other you won't see the internet.



Can you sniff on the router interface, to see packets arriving?



w-b

stevezemlicka
Occasional Advisor

Re: 4500 VLAN/Routing Assistance

Ok, so it turns out i had it a long time ago but since i was testing it in an environment without an advanced internet router/gateway, it didn't work. Seems as though those cheapo $50 linksys routers cannot handle different ip subnets on the inside. I have a cisco asa5505 that I will be getting a call from cisco support to setup this morning.



Yes, the default route was all that was necessary. However now I need to get the cisco switch setup to relay the traffic properly to those different subnets. I will let u guys know how it goes.