Switches, Hubs, and Modems
1748246 Members
3097 Online
108760 Solutions
New Discussion юеВ

Re: VLAN/Subnet NAT with 3500-24

 
David M Pratt
New Member

VLAN/Subnet NAT with 3500-24

Is it possible to use a Procurve 3500-24 to route traffic between VLANs on separate subnets?

If so, how would I proceed?

(I'm trying to get devices on VLAN C to communicate with both VLANs A & B, while preventing VLAN A & B from seeing eachother)
_____________________________
Current config:

vlan 1
name "VLAN A"
untagged 1-16
tagged 21-24
ip address 10.101.190.2/24

vlan 2 "VLAN B"
untagged 17-18
tagged 21-24
ip address 10.101.191.2/24

vlan 3 "VLAN C"
untagged 21-24
tagged 1-18
ip address 10.101.193.2/24

snmp-server community "public" unrestricted
_____________________________
6 REPLIES 6
jaredo_1
Frequent Advisor

Re: VLAN/Subnet NAT with 3500-24

I'm not the most knowledgeable with switching but I'd assume any vlan network added would end up being a connected network allowing them to route between each other. If you're looking to prevent networks from access certain other networks, wouldn't you be looking more at setting up access lists?

Assuming the hosts on each vlan network have their gateways configured correctly they should be able to route between eachother. I'd try to setup an access list to prevent one subnet from communicating with another.
jaredo_1
Frequent Advisor

Re: VLAN/Subnet NAT with 3500-24

David M Pratt
New Member

Re: VLAN/Subnet NAT with 3500-24

Thanks for the quick response! I agree that ACL would be a better way of restricting access to each subnet, but I'm still having problems getting the subnets to communicate with each other.

Is it possible for me to route between each vlan using just a 3500-24?

The client purchased this switch and would prefer if it did all the routing instead of an additional device.
Ralf Krause
Frequent Advisor

Re: VLAN/Subnet NAT with 3500-24

Yes, the 3500 can do this.
You only need to enable IP forwarding:
(config)# ip routing
Patrick Terlisten
Honored Contributor

Re: VLAN/Subnet NAT with 3500-24

Hello,

just enable ip routing in the configuration context. The switch will automatically route between direct connected VLANs. You need an ip interface in each VLAN and this ip must set at default router at the clients.

Regards,
Patrick
Best regards,
Patrick
David M Pratt
New Member

Re: VLAN/Subnet NAT with 3500-24

I enabled IP routing, but we had the default gateway on most of the devices set to something else...

Thank you so much for the help and patience! It seems I overlook some of the more obvious things. :(