Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

M

maxusa

63 Posts

9191

November 26th, 2007 05:00

HELP: Separating management and other VLANs in PowerConnect 6248 and 5324

Hello forum, please point in the right direction. Spent 5 days killing myself with research and trial configs to no avail. This has to be something simple...

Task: need to separate the management and other VLANs in PC6248 and PC5324. The topology is very simple. I have daisy-chained a firewall then PC2724, then PC6248, then PC5324. Switches have 2 physical links connected to the next. VLAN1 is used for management only and uses its dedicated link. Other VLANs are trunked over the 2nd link.
 
All is fine until it reaches the last device, PC5324. I can have either management VLAN1 passing traffic or other VLANs, but not both. If both ports are enabled on the 5324, then only VLAN1 passes to other devices. If I shutdown the VLAN1 port (g1), then other VLANs start passing traffic.
 
Firewall:
port1 = untagged, management subnet to PC2724/g1
port2 = untagged, subnet2 to PC2724/g2
port3 = untagged, subnet3 to PC2724/g3
port4 = untagged, subnet4 to PC2724/g4
 
PC2724:
g1 = Access; PVID 1, management subnet from Firewall
g2 = Access; PVID 22, subnet2 from Firewall
g3 = Access; PVID 23, subnet3 from Firewall
g4 = Access; PVID 24, subnet4 from Firewall
g5 = Access; PVID 1, management subnet to PC6248/g1
g6 = Trunk; PVID 21; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 to PC6248/g2
 
PC6248:
g1 = Access; PVID 1, management subnet from PC2724/g5
g2 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 from PC2724/g6
g3 = Access; PVID 1, management subnet to PC5324/g1
g4 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 to PC5324/g2
g5 = Access; PVID 22, Host1
 
PC5324:
g1 = Access; PVID 1, management subnet from PC6248/g3
g2 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 from PC6248/g4
g3 = Access; PVID 22, Host2
 
I can manage the PC2724, PC6248, and PC5324 using VLAN1 and HTTP. Host 1 passes traffic to the firewall. However, Host 1 cannot reach Host2 and Host 2 cannot go beyond the 5324 until PC5324/g1 is shutdown. Then Host2 passes traffic to Host1 and the firewall.
 
Any ideas?

StarLog

203 Posts

December 2nd, 2007 18:00

Maxus,

Not usre I can help, but can you share what the ip scheme is like, and what gateway is used, as well if it static or dhcp.

The management vlan1 of the 62xx is not routable, to my knowledge.

maxusa

63 Posts

December 2nd, 2007 19:00

All are statically assigned IP addresses. There is no routing done in the PC6248 for this exercise. The switches do VLANs only. The firewall is in the NAT mode and routes where necessary.
 
Firewall:
port1 = untagged, management subnet to PC2724/g1, 192.168.1.1/24
port2 = untagged, subnet2 to PC2724/g2, 192.168.2.1/24
port3 = untagged, subnet3 to PC2724/g3, 192.168.3.1/24
port4 = untagged, subnet4 to PC2724/g4, 192.168.4.1/24
 
PC2724:
g1 = Access; PVID 1, management subnet from Firewall, 192.168.1.11/24, GW=192.168.1.1
g2 = Access; PVID 22, subnet2 from Firewall
g3 = Access; PVID 23, subnet3 from Firewall
g4 = Access; PVID 24, subnet4 from Firewall
g5 = Access; PVID 1, management subnet to PC6248/g1
g6 = Trunk; PVID 21; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 to PC6248/g2
 
PC6248:
g1 = Access; PVID 1, management subnet from PC2724/g5, 192.168.1.12/24, GW=192.168.1.1
g2 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 from PC2724/g6
g3 = Access; PVID 1, management subnet to PC5324/g1
g4 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 to PC5324/g2
g5 = Access; PVID 22, Host1, 192.168.2.11/24, GW=192.168.2.1
 
PC5324:
g1 = Access; PVID 1, management subnet from PC6248/g3, 192.168.1.13/24, GW=192.168.1.1
g2 = Trunk; VLAN22 Tagged, subnet2; VLAN23 Tagged, subnet3; VLAN24 Tagged, subnet4 from PC6248/g4
g3 = Access; PVID 22, Host2, 192.168.2.12/24, GW=192.168.2.1

maxusa

63 Posts

December 3rd, 2007 08:00

Solved the problem of the management interface (on VLAN1) not working by disabling global routing:
 
# no ip routing
 
This just does not make sense. Can anyone explain?
 
  1. I want VLAN1 to be/stay the management VLAN with interface IP=192.168.1.12/24 routed to the default gateway GW=192.168.1.1. The management VLAN1 shall not be accessible from any other VLAN in the switch and, similarly, no other VLAN can be accessed from the management VLAN1. This can be a single port, say, 1/g1.
  2. I want to have multiple other VLANs in the switch to selectively route among other VLANs and/or beyond.
  3. My previous attempts ended with either VLAN1 or other VLANs working, but not both.

Thanks in advance for educating.

View More

View All

No Events found!

Top