Switches, Hubs, and Modems
1747983 Members
4370 Online
108756 Solutions
New Discussion юеВ

Re: Basic VLAN Help For A Newby

 
Chiper
New Member

Basic VLAN Help For A Newby

Gday All,
Have been reading through the manuals and doing some digging online but i still cant seem to get my basic VLAN working.

I have a 3400 with all workstations and servers plugged in on the 192.168.1.x/24 subnet. No changes have been made and they use the default lan vlan id 1.

I want to setup a seperate network for testing. Subnet 10.10.10.x/24.

My firewall is plugged into port 24 and the seperate network is for port 28.

I setup a new vlan
vlan id 2
name testnet
ip 10.10.10.253/24
Untagged Port 28

I then went into vlan id 1 and set port 24 my uplink to the sonicwall to tagged. However when i do this i loose connection from my 192.168.1.x subnet to the firewall.

As far as i understand i shouldnt need to enable ip routing on the switch in order to achieve the simple network segregation providing all traffic is tagged on delivery to the firewall.

I have setup a seperate zone, interface and dhcp scope for the new 10.10.10.x/24 subnet with its gateway being 10.10.10.10.254. It has been set for vland id 2.

Supposedly in this configuration their is no routing required and the switch should pass the traffic.

Is my assumption here correct or am i missing something? Can anyone steer me in the right direction? Thanks


6 REPLIES 6
M Macleod
Occasional Contributor

Re: Basic VLAN Help For A Newby

Have you tagged the link both ends for vlan 1? ie firewall and switch? If the firewall is not sending tagged frames to the switch, it will not matter if the switch uplink is tagged or not...
cenk sasmaztin
Honored Contributor

Re: Basic VLAN Help For A Newby

hi Chiper
what do you want correctly
cenk

Chiper
New Member

Re: Basic VLAN Help For A Newby

The firewall a Sonicwall Pro2040 does not support VLAN tagging on its primary LAN interface. Well actually thats not quite true it states that packets sent out the interface are tagged with vlan id 0 and carry 802.1p priority information. That is only if i enable 802.1p tagging on its interface.

What i want is pretty simply i would have throught. Breaks down line this

Firewall (Sonicwall PRO 2040)
Port: X0
Name: LAN Interface
IP: 192.168.1.0/24
VLAN ID: 0 (Cant be changed)

Port: X0:V2 (Sub interface)
Name: TestNet
IP: 10.10.10.0/24
VLAN ID: 2

Pro Curve 3400CL
VLAN ID: 1
Name: DEFAULT_LAN
IP: 192.168.1.0/24
Ports: All but 28

VLAN ID: 2
Name: TestNet
IP: 10.10.10.0/24
Ports: 28

So basically i want the switch to have 2 vlans with different subnets.

Port 28 belongs to VLAN ID: 2 and is on subnet 10.10.10.0/24.

All other ports belong to VLAND ID: 1 and is on subnet 192.168.1.0/24.

Both vlans need to route to the internet via the Sonicwall firewall which is plugged into port 24 on the Pro Curve Switch.

Port X:0 on the Sonicwall is called the LAN port on the Sonicwall, has the IP: 192.168.1.254/24 and VLAN ID: 0.

Port X:0 has a sub interface called TestNet which has the IP: 10.10.10.254/24 and VLAN ID: 2.

Does that help explain what i am trying to achieve?
Chiper
New Member

Re: Basic VLAN Help For A Newby

Gday M Macleod,
The firewall is only tagging packets sent back on the TestNet interface. It tags them with vlan id=2.

So does this mean i dont have to tag any packets at all it is simply sufficient to group the ports as untagged ports in each vlan?

Will this prevent broadcast traffic between the vlans?

Chiper
New Member

Re: Basic VLAN Help For A Newby

Gday All,
I have figured out how to achieve my goal. I was tagging the ports incorrectly.

For those finding this post via a google search in an attempt to resolve your own issue here is what worked for me.

Pro Curve 3400CL

VLAN ID: 1
Name: DEFAULT_VLAN
Ports: 1-27, 29-48 Untagged
IP: 192.168.1.0/24

VLAN ID: 2
Name: TEST_NET
Ports: 28 Untagged, 24 Tagged
IP: 10.10.10.0/24

On my firewall my X0-Lan port was left as untagged.

The sub interface X0-V2 tags traffic with vlan id: 2.

Thanks to everyone for your help and suggestions. Best of luck those hunting for a solution :)


Chiper
New Member

Re: Basic VLAN Help For A Newby

Refer to my previous post for the solution.