The management VLAN is designed as an out of band interface for managing the switch, but it isn’t really needed if you have other ways or reaching the switch. You do not need to add any ports to the management VLAN and can just assign it to 111 and ignore it, so yes your steps make sense.
In order to route between VLANs from the global config level you need to run ip routing. Then it should be able to route the other VLAN and be able to access the internet. To limit access you can use access control lists page 300 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_User%27s%20Guide2_en-us.pdf
already configured ip routing.. still did not got connection..
this is our full "show run" with 2 vlans:
!Current Configuration: !System Description "PowerConnect 6248, 3.3.1.10, VxWorks 6.5" !System Software Version 3.3.1.10 !Cut-through mode is configured as disabled ! configure vlan database vlan 5,124-125 vlan routing 124 1 vlan routing 125 2 exit stack member 1 2 exit ip address 106.103.1.249 255.255.255.0 ip default-gateway 106.103.1.1 access-list gabi-ACL permit ip any any ip routing interface vlan 124 name "test vlan" routing ip address 10.99.99.1 255.255.255.0 bandwidth 10000 ip mtu 1500 ip access-group gabi-ACL in 1 exit interface vlan 125 name "test-125" routing ip address 10.99.98.1 255.255.255.0 exit username "xxxxx" password xxxxxxxxxxxxxxxx level 15 encrypted line ssh password xxxxxxxxxxxxxxxxxx encrypted exit ip ssh server management access-list "gabi" exit ! interface ethernet 1/g2 no negotiation exit ! interface ethernet 1/g24 switchport access vlan 124 exit ! interface ethernet 1/g25 switchport access vlan 125 exit exit
any idea why can't i get out to the internet?
i am also cannot get connection to 106.103.1.0/24 segment (this is our current network address) - it means the new server cannot access any other server or PC..
You may need to move the other interfaces off of VLAN 1 as it is the management VLAN and that is not routable. You could also move just the management VLAN to something else and leave the other computers on VLAN 1. Does the server have the ip address of VLAN 125 as its default gateway?
can you explain please what is the purpose of management VLAN? i mean, i can get to the SSH and web interface from VLANS 124-125 as well.. so why do Dell need the management VLAN?
i will do the following steps by your reply:
1) move management VLAN to VLAN 111 instead of 1
2) give VLAN 1 the IP 106.103.1.249 on Subnet 255.255.255.0
is it make sense?
Does the server have the ip address of VLAN 125 as its default gateway? yes it is. 10.99.99/98.1
�
do you think i will have problem with the IP addresses?
the mgmt has the IP of 106.103.1.249 as you can see on the "sh run" output.. and i will change VLAN 1 to be 106.103.1.x
It is the same issue with the management VLAN not being routable, it isn’t going to route to VLAN 1 if VLAN 1 is the management VLAN. So you need to change the management VLAN or move the outside gateway to a different VLAN.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
December 4th, 2013 12:00
The management VLAN is designed as an out of band interface for managing the switch, but it isn’t really needed if you have other ways or reaching the switch. You do not need to add any ports to the management VLAN and can just assign it to 111 and ignore it, so yes your steps make sense.
Vlan database
Vlan 111
Exit
Ip address vlan 111
Should be all you need to do to move it.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
December 4th, 2013 08:00
Hi,
In order to route between VLANs from the global config level you need to run ip routing. Then it should be able to route the other VLAN and be able to access the internet. To limit access you can use access control lists page 300 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_User%27s%20Guide2_en-us.pdf
gabik
9 Posts
0
December 4th, 2013 10:00
already configured ip routing.. still did not got connection..
this is our full "show run" with 2 vlans:
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5,124-125
vlan routing 124 1
vlan routing 125 2
exit
stack
member 1 2
exit
ip address 106.103.1.249 255.255.255.0
ip default-gateway 106.103.1.1
access-list gabi-ACL permit ip any any
ip routing
interface vlan 124
name "test vlan"
routing
ip address 10.99.99.1 255.255.255.0
bandwidth 10000
ip mtu 1500
ip access-group gabi-ACL in 1
exit
interface vlan 125
name "test-125"
routing
ip address 10.99.98.1 255.255.255.0
exit
username "xxxxx" password xxxxxxxxxxxxxxxx level 15 encrypted
line ssh
password xxxxxxxxxxxxxxxxxx encrypted
exit
ip ssh server
management access-list "gabi"
exit
!
interface ethernet 1/g2
no negotiation
exit
!
interface ethernet 1/g24
switchport access vlan 124
exit
!
interface ethernet 1/g25
switchport access vlan 125
exit
exit
any idea why can't i get out to the internet?
i am also cannot get connection to 106.103.1.0/24 segment (this is our current network address) - it means the new server cannot access any other server or PC..
Thanks.
DELL-Josh Cr
Moderator
•
9.5K Posts
0
December 4th, 2013 11:00
You may need to move the other interfaces off of VLAN 1 as it is the management VLAN and that is not routable. You could also move just the management VLAN to something else and leave the other computers on VLAN 1. Does the server have the ip address of VLAN 125 as its default gateway?
gabik
9 Posts
0
December 4th, 2013 12:00
thanks,
i will give it a try and update here.
gabik
9 Posts
0
December 4th, 2013 12:00
Hi Josh, thank you for helping.
can you explain please what is the purpose of management VLAN? i mean, i can get to the SSH and web interface from VLANS 124-125 as well.. so why do Dell need the management VLAN?
i will do the following steps by your reply:
1) move management VLAN to VLAN 111 instead of 1
2) give VLAN 1 the IP 106.103.1.249 on Subnet 255.255.255.0
is it make sense?
Does the server have the ip address of VLAN 125 as its default gateway? yes it is. 10.99.99/98.1
�
do you think i will have problem with the IP addresses?
the mgmt has the IP of 106.103.1.249 as you can see on the "sh run" output.. and i will change VLAN 1 to be 106.103.1.x
�
do i need to add ports to mgmt VLAN ?
�
Thanks.
gabik
9 Posts
0
December 7th, 2013 04:00
Hi,
your method works perfect.
i still have some issue to solve:
my switch has x.x.x.249 IP address (on each VLAN i have different IP address).
to be able to route inter VLAN, i need to set the gateway on the servers/PCs to x.x.x.249
when i am using the switch as the gateway, i can access to all VLANs perfectlly.
the issue is i have no Internet. my outside gateway is 106.103.1.1 and it sit on VLAN 1.
how can i "tell" the switch to "forward" each packet which needs to be out of the switch range to 106.103.1.1 from all the VLANs?
Thanks
DELL-Josh Cr
Moderator
•
9.5K Posts
0
December 10th, 2013 07:00
It is the same issue with the management VLAN not being routable, it isn’t going to route to VLAN 1 if VLAN 1 is the management VLAN. So you need to change the management VLAN or move the outside gateway to a different VLAN.