Highlighted

Unable to share port between VLANs on old PowerConnect 2724

Jump to solution

Greetings all, my company has an old PowerConnect 2724 switch and I'm passing the last month stuck in a odd situation: I want to create three VLANs for security purposes, with 1 specific port (of my ISP Fiber Access Point, say port 23) being shared in 2 VLANs. He is what I did:

  • VLAN 1 stay only with management port access (say port 17) in specific network range;
  • Created VLAN 2: Put all ports as U, except the PC that I will used for management (this port stayed on VLAN 1), the ISP port and also, other resources port as T (such as printers and servers)
  • Created VLAN 3: Put the PC that I want to secure as U (say port 6). Put the printers, server and the ISP Access Point as T.

Setted PVID of port 6 as VLAN 3, PVID of port 23 as VLAN 2 as the other ports (except port 17).

With this, as expected, no one PCs of VLAN 2 can ping my secure PC (port 6) however, at my VLAN 3, from the secure PC I can't ping any host of the internet (no internet) and also, cannot ping my servers and printers.

At this points I have tried almost everything and read a lot of in internet: Set Untage instead of Tagged on ISP Port and server / printers. Set Allowed Tag Only, Allowed All, Not filtering, ...

So at the end of the day (month in my case) I truly miss my CISCO switch however the company will not buy new ones just because I can't set a VLAN.. My bad or Dells bad?

Any help?

0 Kudos
1 Solution

Accepted Solutions
Highlighted

RE: Unable to share port between VLANs on old PowerConnect 2724

Jump to solution

Greetings Daniel and thanks a lot for the reply.

I got it! So if I create my VLAN on the L2 switch and plug in (cascading) to a L3 switch that we will probably buy (thinking about Dell X1026), I will be able to separate the VLANs on L2 switch (servers, printers, pcs, AP, ...) and all of them can communicate with my main AD W2k12 server that will be on another VLAN, thanks to L3 switch, currect?

I'm wondering to deploy something like this:

Layer 2 Sw (8 VLANs) >> Layer 3 Sw (Routing) >> PfSense Appliance >> router/gateway >> ISP.

Is this even possible?

If so, the cascading between the L2 and L3, needs to be 10Gbps? I'm preety sure that the PowerConnect 2724 does not support this throughput (or even cascading at all, cause it is too old).

Thanks

View solution in original post

0 Kudos
2 Replies
Highlighted
Anonymous
Not applicable

RE: Unable to share port between VLANs on old PowerConnect 2724

Jump to solution

The majority of your end devices will send and receive untagged packets. You mentioned placing servers and printers as Tagged for some VLANS, but the servers and printers are probably not sending tagged packets.

Example untagged:

You have a printer plugged into a port that is set to U for VLAN 2 and T for VLAN 3. The printer is sending untagged packets and will communicate on the VLAN that is set to U. The printer will not communicate with the VLANs that are set to T.

Example tagged:

You have an Access Point that is plugged into a port that is set to U for VLAN 2 and T for VLAN 3. you configure the AP to Tag packets for VLAN 3. The AP will send and received tagged packets for VLAN 3, and will not be communicating on the untagged VLAN 2.

The 2700 series switches are layer 2 switches, and are not able to route between VLANs. A device in VLAN 3 will not be able to communicate with a device in VLAN 2, unless there is a layer 3 device on the network that facilitates that connection.

In most networks you will have the layer 2 switches that end devices connect to. Those Layer 2 switches connect to a Layer 3 switch that is the core switch and routes between the VLANs. Then the Layer 3 switch connects to a firewall/gateway which provides connection to the internet. Sometimes the layer 3 function is collapsed down into the firewall/gateway.

Layer 2>>Layer3>>firewall/gateway>>ISP/external connection

What device does port 23 currently plug into? If that device supports VLAN tagging and routing, then you can configure port 23 to be tagged for the additional VLANs, and let the upstream device route the VLANs.

Highlighted

RE: Unable to share port between VLANs on old PowerConnect 2724

Jump to solution

Greetings Daniel and thanks a lot for the reply.

I got it! So if I create my VLAN on the L2 switch and plug in (cascading) to a L3 switch that we will probably buy (thinking about Dell X1026), I will be able to separate the VLANs on L2 switch (servers, printers, pcs, AP, ...) and all of them can communicate with my main AD W2k12 server that will be on another VLAN, thanks to L3 switch, currect?

I'm wondering to deploy something like this:

Layer 2 Sw (8 VLANs) >> Layer 3 Sw (Routing) >> PfSense Appliance >> router/gateway >> ISP.

Is this even possible?

If so, the cascading between the L2 and L3, needs to be 10Gbps? I'm preety sure that the PowerConnect 2724 does not support this throughput (or even cascading at all, cause it is too old).

Thanks

View solution in original post

0 Kudos