Comware Based
cancel
Showing results for 
Search instead for 
Did you mean: 

Inter VLAN Routig with Switch 4500

miguelgomis
Occasional Visitor

Inter VLAN Routig with Switch 4500

Hi everybody...



I am new with 3COM Switch programming.



I have a customer working on a single network (172.16.224.0/24) for many years but now I must add two new sub-networks (172.16.226.0/25 and 172.16.226.128/25) in a 50 ports 4500 Switch and make new sub-net clients access various Server resources (DNS, Proxy, File Server, etc.) in previous unique LAN.



My scenario is:



VLAN 224 for 172.16.224.0/24, VLAN Interface IP Address 172.16.224.20/24 and Ethernet Ports 1/0/1 to 1/0/24



VLAN 2261 for 172.16.226.0/25, VLAN Interface IP Address 172.16.226.1/25 and Ethernet Ports 1/0/25 to 1/0/36



VLAN 2262 for 172.16.226.128/25, VLAN Interface IP Address 172.16.226.129/25 and Ethernet Ports 1/0/37 to 1/0/48



All Ethernet Ports are configured for Access type.



Add default gateway:

ip route-static 0.0.0.0 0.0.0.0 172.16.224.3



Add Static Routes:

ip route-static 172.16.226.0 255.255.255.128 172.16.226.1



ip route-static 172.16.226.128 255.255.255.128 172.16.226.129



After 2 weeks of trying many configuration scenarios, reading a lot of internet posts, initializing the Switch to factory defaults another lot of times and starting over again... I get stuck with routing packets through sub-nets.



Some times I can ping 172.16.226.2 from 172.16.226.130 but not vice-versa...



Any idea what am I doing bad??

Should I have to consider apply some sort of ACLs??

Should I have implement RIP??



Many thanks beforehand.



5 REPLIES
richardkok
Frequent Advisor

Re: Inter VLAN Routig with Switch 4500

Something like this



vlan 224

description VLAN224

name VLAN224

#

vlan 2261

description VLAN2261

name VLAN2261

#

vlan 2262

description VLAN2262

name VLAN02262

#

interface Vlan-interface1

ip address x.x.x.x x.x.x.x

#

interface Vlan-interface224

ip address 172.16.224.20 255.255.255.0

#

interface Vlan-interface2261

ip address 172.16.226.1 255.255.255.128

#

interface Vlan-interface2262

ip address 172.16.226.129 255.255.255.128

#

ip route-static 0.0.0.0 0.0.0.0 172.16.224.3

#

config all ethernetports for specific vlan

#







now you are done.. no need to add extra static routes.. by default it will be routed.

You can config ACL's to control traffic on the vlans or interfaces



regards

r.

miguelgomis
Occasional Visitor

Re: Inter VLAN Routig with Switch 4500

Many thank Mr. Richard...



I thing I have made all these commands before… Anyway I'm going to factory default the switch and make these commands again, but this time I’ll take care in the order of precedence of the commands.



Last weekend I take off the switch from client’s place and initiated a test at home with 2 desktop PC and a Linksys Broadband Internet Router to simulate something like the client’s environment, but first downloaded and installed the latest Software (s3n03_03_02s56.exe) for the switch.



I’m going to work with manual IP to keep out of DHCP Snooping stuff.



I’ll be back with the results.



Regards.





miguelgomis
Occasional Visitor

Re: Inter VLAN Routig with Switch 4500

Hi guys...



Still have routing failures...



Changed Network Scenario 172.16.224.0/24 to 160.90.1.0/24



Network 160.90.1.0 is working on a 3com Switch Superstack 4200 Factory defaulted, there are a Windows 2k3 Server at 160.90.1.2 and a proxy server at 160.90.1.4



First of all I initialized Switch 4500.



Here follows the 4500 Switch Configuration:



display current-configuration

#

sysname Cumbres_1

#

undo password-control aging enable

undo password-control length enable

undo password-control history enable

password-control login-attempt 3 exceed lock-time 120

#

local-server nas-ip 127.0.0.1 key 3com

#

igmp-snooping enable

#

radius scheme system

#

domain system

#

local-user admin

service-type ssh telnet terminal

level 3

local-user manager

password simple manager

service-type ssh telnet terminal

level 2

local-user monitor

password simple monitor

service-type ssh telnet terminal

level 1

#

acl number 4999

rule 0 deny dest 0000-0000-0000 ffff-ffff-ffff

#

vlan 1

igmp-snooping enable

#

vlan 2261

description VLAN2261

name VLAN2261

#

vlan 2262

description VLAN2262

name VLAN2262

#

interface Vlan-interface1

ip address 160.90.1.69 255.255.255.0

#

interface Vlan-interface2261

ip address 172.16.226.1 255.255.255.128

#

interface Vlan-interface2262

ip address 172.16.226.129 255.255.255.128

#

interface Aux1/0/0

#

interface Ethernet1/0/1

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/2

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/3

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/4

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/5

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/6

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/7

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/8

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/9

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/10

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/11

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/12

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/13

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/14

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/15

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/16

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/17

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/18

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/19

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/20

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/21

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/22

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/23

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/24

stp edged-port enable

broadcast-suppression pps 3000

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/25

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/26

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/27

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/28

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/29

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/30

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/31

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/32

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/33

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/34

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/35

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/36

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2261

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/37

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/38

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/39

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/40

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/41

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/42

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/43

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/44

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/45

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/46

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/47

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface Ethernet1/0/48

stp edged-port enable

broadcast-suppression pps 3000

port access vlan 2262

packet-filter inbound link-group 4999 rule 0

#

interface GigabitEthernet1/0/49

#

interface GigabitEthernet1/0/50

#

interface GigabitEthernet1/0/51

shutdown

#

interface GigabitEthernet1/0/52

shutdown

#

undo xrn-fabric authentication-mode

#

interface NULL0

#

voice vlan mac-address 0001-e300-0000 mask ffff-ff00-0000 description Siemens AG phone

voice vlan mac-address 0004-0d00-0000 mask ffff-ff00-0000 description Avaya phone

voice vlan mac-address 0013-1900-0000 mask ffff-ff00-0000 description Cisco 7960 phone

voice vlan mac-address 0015-2b00-0000 mask ffff-ff00-0000 description Cisco 7940 phone

voice vlan mac-address 0060-b900-0000 mask ffff-ff00-0000 description Philips and NEC AG phone

#

ip route-static 0.0.0.0 0.0.0.0 160.90.1.4 preference 60

#

snmp-agent

snmp-agent local-engineid 8000002B00225775B9406877

snmp-agent community read public

snmp-agent community write private

snmp-agent sys-info version all

#

user-interface aux 0 7

authentication-mode scheme

screen-length 22

user-interface vty 0 4

authentication-mode scheme

#

return





.......................





I get a patch cord and plugged network 160.90.1.0 to port ethernet24 of Switch 4500





Then connected 2 PCs...



PC_1 to port Ethernet25 with the following IP settings:

Address 172.16.226.2

Mask 255.255.255.128

Gateway 172.16.226.1



PC_2 to port Ethernet48 with the following IP settings:

Address 172.16.226.130

Mask 255.255.255.128

Gateway 172.16.226.129







From a telnet connection at the 4500 Switch:



ping 160.90.1.69===> OK

ping 160.90.1.2===> OK

ping 160.90.1.4===> OK

ping 172.16.226.1===> OK

ping 172.16.226.2===> OK

ping 172.16.226.129===> OK

ping 172.16.226.130===> OK





From PC_1 Connected at port Ethernet25



ping 160.90.1.69===> OK

ping 160.90.1.2===> Fail

ping 160.90.1.4===> Fail

ping 172.16.226.1===> OK

ping 172.16.226.2===> OK

ping 172.16.226.129===> OK

ping 172.16.226.130===> OK





From PC_2 Connected at port Ethernet48



ping 160.90.1.69===> OK

ping 160.90.1.2===> Fail

ping 160.90.1.4===> Fail

ping 172.16.226.1===> OK

ping 172.16.226.2===> OK

ping 172.16.226.129===> OK

ping 172.16.226.130===> OK





Any comments ???

How can it route right to File Server 160.90.1.2 and Proxy Server 160.90.1.4 ???



Regards...





richardkok
Frequent Advisor

Re: Inter VLAN Routig with Switch 4500

OK you config sounds good good to me but you should remove the stp edged-port enable command from interface 24.. if you connect 2 switches together you should remove stp edge port.

I am curious what you have configured as GATEWAY address on your servers. it should be 160.90.1.69

can you check. perhaps it would be wise to design your network with only private addressess (10/172/192 range)



regards

r.





miguelgomis
Occasional Visitor

Re: Inter VLAN Routig with Switch 4500

Hi Mr. Richard…

Okay, stp edged-port is now disabled on Ethernet port 1/0/24 but ping diag is consistently the same.



I plugged another PC (PC-3) on Ethernet port 1/0/1 of 4500 Switch:

PC_3 on port Ethernet1 with the following IP settings:

Address 160.90.1.37

Mask 255.255.255.0

Gateway 160.90.1.69



Ping 160.90.1.2===> ok

Ping 160.90.1.4===> ok

Ping 160.90.1.69===>ok

Ping 172.16.226.1===> ok

Ping 172.16.226.2===> ok

Ping 172.16.226.129===> ok

Ping 172.16.226.130===> ok

File Server an Internet access successful.



Move to PC_1 and PC_2 with the same response:

Ping 160.90.1.2===> Fail

Ping 160.90.1.4===> Fail

Ping 160.90.1.37===> Fail

Ping 160.90.1.69===>ok

Ping 172.16.226.X===>ok



I can see Server’s network configuration but don’t have access to change it:



File Server:

Address 160.90.1.2

Mask 255.255.255.0

Gateway None



Proxy Server NIC_1:

Address 160.90.1.4

Mask 255.255.255.0

Gateway None



Proxy Server NIC_2 is DHCP Enabled and change frecuently.



I suppose 160.90.1.0 network is correct. I move testing from home to another client who is a communications provider and it’s easy to me many computer and infrastructure resources. That’s the reason I changed 172.16.224.0/24 network to 160.90.1.0/24



Best regards.