You can use a method call VLAN overlapping but it is not really recommended because of the excessive volume of broadcast traffic resulting in this method.  However if you do not have a router then this may be the only method workable for you.  Here is a discussion of VLAN overlapping.

http://forums.us.dell.com/supportforums/board/message?board.id=pc_managed&message.id=5941&query.id=809913#M5941

Cuong.

We got our network working, without requiring a router or layer 3 switch.  I thought I would post this follow-up for the benefit of other newbies who might be trying to figure out something similar.

Here's the way we ended up configuring our switches:
  Port 1 - VLAN 1 (management interface)
  Access Ports for VLAN 2 (Private data traffic)
  Access Ports for VLAN 3 (Public data traffic)
  Access Ports for VLAN 4 (IP cameras)
  (optional) Uplink Trunk Port
  (optional) Downlink Trunk Port

The Access Ports are configured to allow all packets, Ingress Filtering is enabled, and have PVID=the VLAN number.  Each Access Port is configured as a member of one VLAN (the same one as the PVID).  Egress frames are untagged.
Trunk Ports have PVID=4095, accept only Tagged frames, Ingress Filtering is enabled, and are configured to be a member of each VLAN (e.g., 2,3,4).  Egress frames are tagged.

We have a single fiber link between our two buildings, so the 2724s on each end are configured to use port 24 as a Trunk Port.  If a switch is connected to other switches, you need to create a Trunk Port for each connected switch.

Everything on our in-house network is connected to VLAN 2 Access Ports.  We have a separate DSL modem for public access; it's connected to one of the VLAN 3 Access Ports.  Across our property, we have a number of Wi-Fi access points connected to VLAN 3 Access Ports.

The only downside: we lost the ability to remotely manage the switches because the management port uses VLAN 1, which can't go over a trunk connection.  If you need remote management, I guess you have to pay the $$ and go for some SNMP managed switches.  I'm not sure how the SNMP traffic would be carried over a Trunk connection, but maybe you can assign the SNMP traffic to another VLAN.

Hope this helps.

-Steve

Message Edited by Midnightcoder on 07-21-200610:58 AM

• Option 1: configure an IP address on another VLAN to be used for management (you don't have to manage only on VLAN 1 - you can manage on another VLAN if you want).  For example in your case you have all your private data on VLAN 2 so you can configure an IP address for the switch on VLAN 2 (same way you configured the IP address on VLAN 1).  You can now access the switch management interface through VLAN 2 and therefore should be able to manage the switch from any workstation that's on VLAN 2.
• Option 2: instead of using trunk mode for the trunk port.  You can also use "general mode" for the trunk port.  General mode allow you to configure exactly what you want without the limitation enforced by trunk or access modes.  So if you configure the trunk using general mode.  You could configure the trunk port exactly the same way as you have it now except you can also configure the port PVID to be 1 (which allow untagged traffic from VLAN 1 to be accepted over the trunk and then put on VLAN 1).  Since the trunk PVID is 1, ingress filter will allow traffic from VLAN 1 to cross the trunk.

Cuong.

Thanks for the reply.  I appreciate your suggestions for accessing the Admin Interface.  However, I don't understand option 1.  We are using 27xx switches.  Although I can see how to set the switch IP address, I don't understand how to associate an IP address with a particular VLAN.  Option 2 looks perfect, though.  Thanks again!

-Steve