Switches, Hubs, and Modems
1748132 Members
3405 Online
108758 Solutions
New Discussion юеВ

Re: Newbie VLAN setup

 
Gary Chu PQ
Occasional Advisor

Newbie VLAN setup

I've setup 2 VLANS that are unable to ping outside of it's own, i want the vlans to be able to communicate with each other.

On the 2626 i have trk3 enabled on ports 25 & 26 and that's uplinked to a 2900 on ports 2 & 4, also trk3 enabled.

On the 2626 i have trk3 untagged for default and tagged for vlan2 and on ports 3&4 no for default and untagged for van2, I'm using ports 3&4 for testing.

On the 2900 i have trk3 untagged for default and tagged for vlan2.


VLAN1, default_VLAN is using IP 192.168.63.0/24
VLAN2, new vlan is using IP 172.20.10.0/24
Firewall gateway is 192.168.63.1

I have added a route on the firewall for 172.20.10.0/24 but still can't get them to communicate.

Please let me know how I can get them to communicate and also access the web.

Thank you,
9 REPLIES 9
cenk sasmaztin
Honored Contributor

Re: Newbie VLAN setup

hi Gary
you can write ip route command on switch
plese send me sh run print all switch

cenk
cenk

Gary Chu PQ
Occasional Advisor

Re: Newbie VLAN setup

Hello cenk,

Attached is the running configuration for both switches.

Thank you,
cenk sasmaztin
Honored Contributor

Re: Newbie VLAN setup

hi Gary I make new config for you
please you read my note in config

cenk....


2900 SWITCH CONFIG
********************************************************
trunk 2,4 Trk3 Trunk
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1,4,5-8,11-16,19-22,A1-A4,Trk3****Trk3 become vlan1 untag member and vlan2 tag member*****
ip address 192.168.63.2 255.255.255.0
no untag 2,3
exit
vlan 2
name "Subnet10"
ip helper-address 192.168.63.3
ip address 172.20.10.1 255.255.255.0
untaged 3*******int 3 vlan 2 connection for vlan 2 member pc****
tagged Trk3
exit
vlan 10 ***********************new vlan only management for swithces
name "managemet"
ip address 10.0.10.1 255.255.255.0
untagged 2******int 2 management pc for switches***********
tagged Trk3
exit
management-vlan 10
spanning-tree Trk3 priority 4



SWITCH ROUTING CONFIG
************************************************************************************************************
and you can write ip route command on switch for internet connection
config#ip route 0.0.0.0 0.0.0.0 192.168.63.1****this ip address must be internet router lan ip address*****


INTERNET ROUTER CONFIG
*******************************************************
after you can write on internet router ip route command
ip route 192.168.63.0 255.255.255.0 192.168.63.2
ip route 172.20.10.0 255.255.255.0 192.168.63.2
and connect internet router vlan 1 untag port
for example int 1


DHCP CONF├Д┬░G
*******************************************************
you can create two scobe on dhcp server and connect vlan 1 untag port on dhcp server
for example int 4
and you can assign dhcp server ip address (nic ip)
ip address 192.168.63.3
subnet mask 255.255.255.0
default gateway 192.168.63.2

frist scobe :
scobe name:vlan 1
ip pool 192.168.63.10.......250
subnet mask 255.255.255.0
default gateway 192.168.63.2

secont scobe:
scobe name:vlan 2
ip pool 172.20.10.10.......250
subnet mask 255.255.255.0
default gateway 172.20.10.1




2626 SWITCH CONFIG

*********************************************************
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1-2,5-24,Trk3
no untagged 3-4
exit
vlan 2
name "Subnet10"
untagged 3-4
tagged Trk3
exit
vlan 10
name "managemet"
ip address 10.0.10.2 255.255.255.0
tagged Trk3
exit


spanning-tree Trk3 priority 4
password manager
************************************************************

attach each switch Trk3 interface with two patchcord
connect int 3 one pc on 2626 switch and make test
dhcp operation ,internet connection

you make switch connection only managemet vlan (vlan 10)
for security


cenk

cenk sasmaztin
Honored Contributor

Re: Newbie VLAN setup

for management switch connection only managemet vlan (vlan 10)
for security

good luck..
cenk

Gary Chu PQ
Occasional Advisor

Re: Newbie VLAN setup

Thank you for the configurations. I plan on configurating the switches later tonight and will update you with a status tomorrow.
Gary Chu PQ
Occasional Advisor

Re: Newbie VLAN setup

cenk,

I have couple of quetions for you on the 2900 configuration. I post them inside of the configuration file starting with -

2900 SWITCH CONFIG
********************************************************
trunk 2,4 Trk3 Trunk
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1,3,5-8,11-16,19-22,A1-A4,Trk3****Trk3 become vlan1 untag member and vlan2 tag member*****
ip address 192.168.63.2 255.255.255.0
no untag 2,4
- I├в m not sure what you mean; perhaps I├в m not reading this properly. How can tag these ports since they are configured as Trk3?

exit
vlan 2
name "Subnet10"
ip helper-address 192.168.63.3
ip address 172.20.10.1 255.255.255.0
untaged 4*******int 4 vlan 2 connection for vlan 2 member pc****
- how can I untag interface 4 since it's one of the ports for Trk3 ports?

tagged Trk3
exit
vlan 10 ***********************new vlan only management for swithces
name "managemet"
ip address 10.0.10.1 255.255.255.0
untagged 2******int 2 management pc for switches***********
- how can I untag interface 2 since it's one of the ports for Trk3 ports?

tagged Trk3
exit
management-vlan 10
spanning-tree Trk3 priority 4

Thank you,
cenk sasmaztin
Honored Contributor

Re: Newbie VLAN setup

hi Gray my answer in config

cenk,

I have couple of quetions for you on the 2900 configuration. I post them inside of the configuration file starting with -

2900 SWITCH CONFIG
********************************************************
trunk 2,4 Trk3 Trunk
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 1,3,5-8,11-16,19-22,A1-A4,Trk3****Trk3 become vlan1 untag member and vlan2 tag member*****
ip address 192.168.63.2 255.255.255.0
no untag 2,4

***********************************************************************************************
- I├Г┬в├В ├В m not sure what you mean; perhaps I├Г┬в├В ├В m not reading this properly. How can tag these ports since they are configured as Trk3?
vlan 1 default vlan (no managemet vlan) therefore carry vlan info on untag member not needed for carying tag port

***********************************************************************************************
exit
vlan 2
name "Subnet10"
ip helper-address 192.168.63.3
ip address 172.20.10.1 255.255.255.0
untaged 4*******int 4 vlan 2 connection for vlan 2 member pc****

*******************************************************************************
- how can I untag interface 4 since it's one of the ports for Trk3 ports?
sorry you say right please change untag interface vlan 2 for example int 15
*******************************************************************************

tagged Trk3
exit
vlan 10 ***********************new vlan only management for swithces
name "managemet"
ip address 10.0.10.1 255.255.255.0
untagged 2******int 2 management pc for switches***********

*******************************************************************************
- how can I untag interface 2 since it's one of the ports for Trk3 ports?
sorry you say right please change untag interface vlan 10 for example int 16
*********************************************************************************
tagged Trk3
exit
management-vlan 10
spanning-tree Trk3 priority 4
cenk

Gary Chu PQ
Occasional Advisor

Re: Newbie VLAN setup

I will not be able to make the changes to our current DHCP scope till the weekend. I'll update with a status early next week.
Gary Chu PQ
Occasional Advisor

Re: Newbie VLAN setup

Hello cenk,

I apologize for not posting an update sooner, but since my last message my situation has change. We actually got some new equipment to replace the 2900 and 2626 switches. We are replacing the 2900 with a 5412zl and the 2626 with a 5406zl.

The 5412zl is configured with module J8702A in slots A, C, D, E, F and module J8707A in slot B (10 GB fibre link to 5406zl)

The 5406zl is configured with module J8702A in slots A, B and module J8707A is in slot C (10 GB fibre link to 5412zl)

I├в m stilling trying to configure the VLANS on the new switches, but following your example and making the necessary changes I├в m still unable to get the VLANS to talk to each other.

These are the requirements for the new setup
1. 5412zl use IP 192.168.63.42
2. Port A1 will be the uplink to the firewall
3. Firewall port IP is 192.168.63.1
4. Default gateway is 192.168.63.1
5. DHCP and DNS is 192.168.63.2
6. VLAN 1 - Ports A2 ├в A24 will be part of subnet 192.168.63.1/24
7. VLAN 2 - Port B1 is 10GB link to C1 on 5406zl and will be part of subnet 192.168.50.1/24
8. VLAN 3 - Ports F1 ├в F24 will be part of subnet 172.20.10.1/24

Again how can I configure the 5412zl so that all the vlans will talk to each other and have access to the internet?

Thanks again for you help.