cpickering
1 Copper

Advice Needed: PC 6248

Good afternoon people,

I was wondering if anyone could offer some advice please on a switch configuration I'm looking to implement.

I apologise if my terminology is not accurate, my switching knowledge is limited when it comes to VLANS etc..

I have just purchased 2 Dell PowerConnect 6248 switches without the 4 modules installed

Firmware: 2.0.0.12

The switches are relatively un-configured, infact they are un-configured. I am looking to deploy the following layout, and I will have some questions as I go along..

Layout:
The switches will be installed in seperate 42u cabinets, where in each cabinet, will be 4 network subnets.
I am looking to segregate the switches in blocks of 12 ports per VLAN, bar the final VLAN which will have 10, 2 for trunking.

Am I right in thinking that VLAN ID 1, is the master VLAN? And that anything on VLAN 1 can see anything in the other VLANS? If this is true, is it worth me using VLAN 1 as the management VLAN which will contain the 2 spare ports 47 and 48 (48 I presume will be the trunk connect). The management address I would like to be in the same subnet as one of the VLANs. Would this cause a problem?

VLAN 10: Ports 1 - 12 (192.168.20.x)
VLAN 20: Ports 13 - 24 (192.168.30.x)
VLAN 30: Ports 25 - 36 (192.168.40.x)
VLAN 40: Ports 37 - 46 (192.168.10.x)

Port 47: Management port. 192.168.10.8
Port 48: Trunk

This setup will be duplicated on the other switch, bar the management port IP.

I have arranged for the connectivity between the cabinets and my firewall is already configured.

Am I correct in believing that anything in the VLANS cannot see anything on another VLAN unless the device has a correct route setup? So the information over the ports is secured.

Once again, I'm sorry if my knowledge is pants.
I will try my best to understand and answer any questions.

Thank you for your time.

Regards.
Carl

Message Edited by cpickering on 11-14-2007 04:41 PM
0 Kudos
2 Replies
StarLog
3 Argentium

Re: Advice Needed: PC 6248

Carl,

I will try to answer.

Layout:
The switches will be installed in seperate 42u cabinets, where in each cabinet, will be 4 network subnets.
I am looking to segregate the switches in blocks of 12 ports per VLAN, bar the final VLAN which will have 10, 2 for trunking.

Am I right in thinking that VLAN ID 1, is the master VLAN?
In this case VLAN1 is the management VLAN or the Out of band vlan/ip.
I set up my vlan1 as one ip that I will never use in my segments, and it is not routable.


And that anything on VLAN 1 can see anything in the other VLANS?
Only if it is a member of the ports.

If this is true, is it worth me using VLAN 1 as the management VLAN which will contain the 2 spare ports 47 and 48 (48 I presume will be the trunk connect).

The two ports for the trunk, will contain ALL the vlans you want to pass between the switches.

The management address I would like to be in the same subnet as one of the VLANs. Would this cause a problem?

VLAN 10: Ports 1 - 12 (192.168.20.x)
VLAN 20: Ports 13 - 24 (192.168.30.x)
VLAN 30: Ports 25 - 36 (192.168.40.x)
VLAN 40: Ports 37 - 46 (192.168.10.x)

Port 47: Management port. 192.168.10.8
Port 48: Trunk

This setup will be duplicated on the other switch, bar the management port IP.

I have arranged for the connectivity between the cabinets and my firewall is already configured.

Am I correct in believing that anything in the VLANS cannot see anything on another VLAN unless the device has a correct route setup? So the information over the ports is secured.

To my knowledge that is correct. the port must be a member of one of the vlans, and it will not see the others traffic, unless you have the broadcast redirect set to broadcast in aLL the vlans.

For clerity I would rearrange your scope as such.
VLAN 10: Ports 1 - 12 (192.168.10.x)
VLAN 20: Ports 13 - 24 (192.168.20.x)
VLAN 30: Ports 25 - 36 (192.168.30.x)
VLAN 40: Ports 37 - 46 (192.168.40.x)

This would be easier to remember.

We have a similiar setup, I use one DHCP server to serve out the different IP's depending on which port it is a member of.
So a port is a member of vlan 20 when the PC requests a IP, gets served 192.168.20.xxx

The scopes in the DHCP server's default gateway are the gateway IP's assigned to the VLAN's
So the 6248's vlan 20 has a default gateway of 192.168.20.254 for instance.
Then we setup a route for all traffic to go to the firewall, if the 6248 cannot find the route.
Be sure to turn routing on.
0 Kudos
Highlighted
maxus
2 Iron

Re: Advice Needed: PC 6248

Nope, VLAN1 is not any kind of master. It is a default VLAN that comes with switches. VLAN1 is useful for management purposes as pretty much any switch has VLAN1 as default out of the box. VLANs are completely separated broadcast domains. Traffic cannot pass between VLANs unless a Layer 3 device provides routing or someone mis-wired ports. Please see this Dell article explaining VLANs in simplified terms.
 
 
 
0 Kudos