HELP: Separating management and other VLANs in PowerConnect 6248 and 5324
Hello forum, please point in the right direction. Spent 5 days killing myself with research and trial configs to no avail. This has to be something simple...
Task: need to separate the management and other VLANs in PC6248 and PC5324. The topology is very simple. I have daisy-chained a firewall then PC2724, then PC6248, then PC5324. Switches have 2 physical links connected to the next. VLAN1 is used for management only and uses its dedicated link. Other VLANs are trunked over the 2nd link.
All is fine until it reaches the last device, PC5324. I can have either management VLAN1 passing traffic or other VLANs, but not both. If both ports are enabled on the 5324, then only VLAN1 passes to other devices. If I shutdown the VLAN1 port (g1), then other VLANs start passing traffic.
port1 = untagged, management subnet to PC2724/g1
port2 = untagged, subnet2 to PC2724/g2
port3 = untagged, subnet3 to PC2724/g3
port4 = untagged, subnet4 to PC2724/g4
g1 = Access; PVID 1, management subnet from Firewall
g2 = Access; PVID 22, subnet2 from Firewall
g3 = Access; PVID 23, subnet3 from Firewall
g4 = Access; PVID 24, subnet4 from Firewall
g5 = Access; PVID 1, management subnet to PC6248/g1
I can manage the PC2724, PC6248, and PC5324 using VLAN1 and HTTP. Host 1 passes traffic to the firewall. However, Host 1 cannot reach Host2 and Host 2 cannot go beyond the 5324 until PC5324/g1 is shutdown. Then Host2 passes traffic to Host1 and the firewall.
Re: HELP: Separating management and other VLANs in PowerConnect 6248 and 5324
Solved the problem of the management interface (on VLAN1) not working by disabling global routing:
# no ip routing
This just does not make sense. Can anyone explain?
I want VLAN1 to be/stay the management VLAN with interface IP=192.168.1.12/24 routed to the default gateway GW=192.168.1.1. The management VLAN1 shall not be accessible from any other VLAN in the switch and, similarly, no other VLAN can be accessed from the management VLAN1. This can be a single port, say, 1/g1.
I want to have multiple other VLANs in the switch to selectively route among other VLANs and/or beyond.
My previous attempts ended with either VLAN1 or other VLANs working, but not both.