Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

2650 VLAN's

Jeff Willis
Occasional Visitor

2650 VLAN's

I have an IP address block of 208.18.12.1/23 (512 IP's) and want to divide it into 32 vlans (subnets of /28) using a 2650 switch. Each vlan (subnet) is for a department and should be isolated from each other but each have outside access to the internet via a Cisco 2621 router. Ideally each Vlan (subnet) should be able to access the corporate vlan (vlan2) for corporate resources without having to go to the router. I have read the documentation and it only confuses me more. Anu input would be appreciated

Jeff
7 REPLIES
Marcus_20
Frequent Advisor

Re: 2650 VLAN's

Be aware that the 2650 uses L3 Lite, that means that it's only capable of static routing.
Nevertheless you can easily assign different ip addresses for different VLANs, just as you suggest.
You could solve your problem with static routes and then restricting access with ACLs.
I don't think that the 2650 can route VLANs.
Maybe a full featured L3 device such as the 53xx would be more appropriate...

/Marcus
Mark Landin
Valued Contributor

Re: 2650 VLAN's

The 2650 DOES do L3 switching between VLAN's, using static IP routes.

Note that you can only have 16 routes though, so this may limit you to 16 VLANs.
Mark Landin
Valued Contributor

Re: 2650 VLAN's

Indeed, 512 ports would suggest a few 41xx or 53xx switches. :) The 53xx does FULL layer 2 switching in hardware, whereas the 4108 switches (and I think the 2650) implement this in software (slower).
Ron Kinner
Honored Contributor

Re: 2650 VLAN's

Jeff,

Just assign each VLAN an IP address in the subnet for that VLAN. All hosts on the same VLAN must now use that VLAN's IP address as their default route.

You need only define one static route on the switch (a default) and that is to your Cisco2621. You will have to tell your Cisco about the new subnets that it can reach via the VLAN1 IP address gateway.

The 2650 will automatically learn of the subnets present on each VLAN and will route between them without any input from you as long as IP routing is enabled and you assign a different IP address and subnet to each VLAN.

Breaking everything up into 32 VLANS will isolate the collision domains and cut down on the amount of traffic so everything will speed up but you will not be able to complete isolate each VLAN from the other. They can still talk if they know each other's IP address or if there is a local DNS that gives out that info. If total isolation is a requirement then the router will have to play too. In that case you would turn off IP routing on the 2650 and set up a trunk to the Cisco with every VLAN present. This requires 32 subinterfaces on the Cisco each with an IP address in the associated VLANs subnet (which would become the default gateway for all hosts in the VLAN). You could then filter via access lists on the Cisco. (I can find no indication in the manuals or the product specification and features that a 2650 has ever heard of access lists or filters (except for multicasting) so I think this would be the only way. ) This would put a lot of extra traffic on the link to the Cisco and would be a lot of work so I wouldn't bother unless you have a bunch of criminal or paranoid users. After all they have been one big happy family up until now.

Ron
Jeff Willis
Occasional Visitor

Re: 2650 VLAN's

Ron - thanks

In this example I have the 2650 port1 connected to the Cisco 2621. When I set up the Vlans - should the ports be tagged or untagged? or some tagged and some untagged. ALL Vlans will need to communicate through port1 to the Cisco 2621 for internet access

Jeff
Ron Kinner
Honored Contributor

Re: 2650 VLAN's

You should be able to get by without tagging anything. Since the switch does the routing between VLANs the router just needs to be in 1 VLAN with an IP address valid for that VLAN. You will need to add a route or routes to the Cisco so that it know about all of the little subnets. You can probably get by with a single route pointing to the whole /23 via the IP address (in the same VLAN that the route is in) of the switch.

Don't forget to put a default route in the switch pointing to the Cisco and to tell all of your hosts what their new default gateway is.

Ron
Vincent Bruijnes
Occasional Visitor

Re: 2650 VLAN's

Is it also possible to use the bloks on each of the VLANS but without using a router? Or is it always needed to have a router? I do not own a router but i use the one from my ip provider. Is it advisable if needed to use a software router like quagga / zebra ?

Thanks in Advance
Vincent Bruijnes
http://www.nlisp.nl