Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

need help with understanding VLANs

need help with understanding VLANs

I have a 2824 switch that will be used for all of my Microsoft servers (including DHCP and DNS)...
I have a 2650 switch that will be used for all of my workstations...

The 2824 switch will be on a 192.168.1.1/24 segment.
The 2650 switch will be on a 192.168.2.1/24 segment.
(so, all my severs will have the 192.168.1.x IP, and all of my PCs will have the 192.168.2.x IP)

So how do I configure the VLANs so that when a client that is physically connected to the 2650 will get its packet routed to the 2824 when trying to communicate with a DHCP server?
16 REPLIES

Re: need help with understanding VLANs

I would also like to force communication between the switches through the higest numbered port.
(2650 port #50 is connected to 2824 port #24)

Is this possible?!
I don't understand the tagged/untagged concept and how the switch knows to route to a specific port #.
Mohieddin Kharnoub
Honored Contributor

Re: need help with understanding VLANs

Hi

You can do that in many ways, the easiest one is:

Create 2 Vlans on 2800 switch, then enable routing, untag the port connects to 2600 for Vlan2, and add the IP helper address in each Vlan poiting to your DHCP servers.

Example:
2824(config)#vlan 1 ip add 192.168.1.1/24
2824(config)#vlan 2 ip add 192.168.2.2/24
2824(config)#vlan 1 ip helper-address 192.168.1.x (DHCP Server)
2824(config)#vlan 2 ip helper-address 192.168.1.x (DHCP serber)
2824(config)#vlan 2 untag 24 (port 24 connects to 2600 switch).
2824(config)#ip routing

On the 2600 switch, create 1 Vlan, and set the default gateway for it is Vlan2 ip address on the 2800 swtich:

2650(config)#vlan 1 ip address 192.168.2.1/24
2650(config)#ip default-gateway 192.168.2.2

Thats it....
If you need internet connectivity, add a default route on the 2800 for your internet router.
2824(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.xx (internet router).

Good Luck !!!


On the 2600
Science for Everyone

Re: need help with understanding VLANs

I did this, but I am having some problems.
I cannot ping anything on either side of the subnet (or on each switch).

Right now, I have setup a test enviroment.
I have a server w/ 192.168.1.10 on the 2800 switch, and a laptop w/ 192.168.2.1 on the 2600 switch.

I cannot communicate between the 2 of them (firewalls are turned off).

Re: need help with understanding VLANs

I did this, but I am having some problems.
I cannot ping anything on either side of the subnet (or on each switch).

Right now, I have setup a test enviroment.
I have a server w/ 192.168.1.10 on the 2800 switch, and a laptop w/ 192.168.2.5 on the 2600 switch.

I cannot communicate between the 2 of them (firewalls are turned off).

Re: need help with understanding VLANs

oh... I figured it out, the laptop's gateway needs to be 192.168.2.2. (I had it set to 192.168.2.1)


However...
What exactly does the IP helper address do?!
To specify more - what else can I use a IP helper address for?! And how does it know 'WHEN' to use a IP helper address?
Mohieddin Kharnoub
Honored Contributor

Re: need help with understanding VLANs

Hi

Usually when you have your setup done on the proper way and you are not getting communication then it would be another problem like Gateway, Firewalls, ... or something missing.

However, the IP Helper-Address is to forward any DHCP request from any client to a specific DHCP server.

In your case, you have 2 Vlans, so you need 2 Scopes on the DHCP server, one for 192.168.1.x and the other for 192.168.2.x.

Once ip helper-address set in each Vlan, and the switch receives a DHCP request from a client it will forward it to the DHCP server that will assign the Proper IP equivalent to the DHCP scope for this Client's Vlan.

Good Luck !!!
Science for Everyone
Magnus_18
Advisor

Re: need help with understanding VLANs

Or you can simply have them both in the same subnet, 192.168.1.0/23 (and same vlan). In this case I see no real technical argument against this arrangement, unless you want access control lists between the subnets, for example, which the 2824 and 2650 doesn't support anyway.

Re: need help with understanding VLANs

What I still don't understand is how I determine 'which' DHCP scope the switch is sending the client to?!

If I have 2 DHCP scopes, and want the segments seperated by the physical switch that the client is on, how do I specify which scope the client needs to get an IP address from?
(everything on the 2800 uses 192.168.1.x, everything on the 2600 uses 102.168.2.x?)

-thank you very much for your responses, it is helping me greatly to understand this.
Jason Luckett
Frequent Advisor

Re: need help with understanding VLANs

The scopes are allocated by the process of anding, the subnet mask seperates the IP address into Network address and Host Address, Like the way a home address is done. the street and the house number.

The DHCP server knows which address to assign by this process ie:

The network address 192.168.1.1/24

looks like this in binary

nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
11000000.10101000.00000001.00000001

and the network address 192.168.2.1/24

looks like this in binary

nnnnnnnn.nnnnnnnn.nnnnnnnn.hhhhhhhh
11000000.10101000.00000010.00000001

so the Y octet stipulates whether they are remote or on the same network.

I hope this helps,

Jase
Jason Luckett
Frequent Advisor

Re: need help with understanding VLANs

Hi,

If I havenot explained it clearly here is a document that might explain it a bit better:

http://www.ing.unirc.it/portale/didattica/files_docenti/670090033420050614101842.pdf

I hope this helps,

Jase

Re: need help with understanding VLANs

Thanks everyone for your help... but still have 1 problem.

Here's my problem:
the HP 2650 switch is not getting out to the internet.
I have the IP route on my 2824 switch, however I can't add that same route to the 2650 because I get the error: ...not directly connected.

So... how do I get devices on the 2650 switch to access the ip route on the 2824 switch when trying to resolve out to the internet?

Anders_35
Regular Advisor

Re: need help with understanding VLANs

You don't need to add it to the 2650.
The 2824 is doing all your routing for you.

In fact, the 2650 doesn't know anything about ip at all, it only treats traffic on a MAC-address level.
It is the clients/PCs that specify where to go for the Internet connection.

When you give your 192.168.2.x clients a default gateway, that's where traffic will be sent when they want to go to the any other network than their own. The default gateway here would be 192.168.2.2.

A PC will then look up the mac-address for this IP, and ask the 2650 to forward traffic there. The 2650 knows that the MAC-address is on the 2824, and will send the traffic to it.

You might find this useful, in studying the basics of switches and IP routing:
http://www.hp.com/rnd/training/technical/primer.htm

cheers,
Anders RM :)

Re: need help with understanding VLANs

ok... let me make sure I understand this.

My devices on the 2650 can find their way to the internet router (10.10.9.100) with no problem... but the problem is that my internet router (10.10.9.100) doesn't know where to send the data back to?!
So it sends it to the 10.10.9.x ip segment and stops?

So let me know if this is right... I need to add a static route on my Internet router (which is a Cisco 1700) to point it to the 10.10.10.x network?

Keep in mind that the devices on my 2650 MUST communicate with my servers that exist on the 2824 switch.

(thanks for the link to the training primer)
Anders_35
Regular Advisor

Re: need help with understanding VLANs

Hmm.. now we are talking yet another set of IP adresses.

Does the 10.10.9.x and 10.10.10.x networks correspond to the 192.168-networks you've mentioned earlier? Or are they in addition?

In any case: The setup that has been described for you uses the 2824 as router for your clients and servers.
So, that router must know all the networks/paths where traffic can go.

That again, means that to be able to send traffic to the Cisco 1700, the 2824 must have an IP-address on the same subnet as the Cisco. If it has, it can route traffic
to it with out problem, and the return traffic will come back the same way.


>I need to add a static route on my
>Internet router (which is a Cisco 1700) to
>point it to the 10.10.10.x network?

No, you only add a route to the Internet router on the 2824. (See Mohieddin's earlier example).

Anders :)

Re: need help with understanding VLANs

sorry... I needed to change the IP address due to a conflict, but everything is still the same layout.

My internet router and my 2824 are on the same subnet... it is my 2650 switch that is on a different subnet... and it is the computers on the 2650 that seem to have problems getting out to the internet.

My 2650 can see the 2824 and all the devices on it... but when it tries to go out to the internet, it never works.

What I need help with is how to allow my computers on the 2650 switch to use the internet router that is physically connected to the 2824 on a different IP segment.
Lei.Ma
Frequent Advisor

Re: need help with understanding VLANs

are you sure that the 2824 is core as routing swith, and the 2650 is the access swith only L2 swithing ?

1) you can check the Vlan routing, Vlan2'pc ping vlan1'server .

2) if vlan routing is ok, you need check the internet router about the return routing.

3) for example :
2824 vlan 1 192.168.1.1/24
untagged 1-10(for server)
vlan 2 192.168.2.1/24
untagged 11-22(for pc)
tagged 23-24(downlink to 2650)
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.1.254(internet router address)
2650 vlan 1 192.168.1.2/24
vlan 2 192.168.2.2/24
untagged 1-48;(fpr pc)
tagged 49-50(uplink to 2824)
ip default-getway 192.168.1.1

internet router (add the return routing.)
ip route 192.168.2.0 255.255.255.0 192.168.1.1 (means vlan2 route to vlan1's gateway)

i hope it's helpful.

ray