This post is more than 5 years old
9 Posts
0
23110
adding VLAN to flat network
Hi,
after reading a lot on this, i did not find the solution..
i am new at Dell networking infra, so i need your help please.
i have 6248 connected to ASA 5505 (connected to the internet)
all the PCs and servers connected today to the switch with default settings (all ports are on VLAN 1 and it is the management VLAN)
i added the management VLAN ip address so i can get into the web and SSH.
the current state works fine, all is on flat default management VLAN.
but i need now to add seperated LAN, and put server in it. i need the server to have internet access, and i need to be able to block/allow conection between it and the other network (VLAN 1)
i added VLAN, gave it IP, and put the port into the new VLAN (125):
configure
vlan 125
vlan routing 125 1
exit
interface vlan 125
name "test-125"
routing
ip address 10.99.98.1 255.255.255.0
exit
interface ethernet 1/g25
switchport access vlan 125
exit
is there a way i can get out to the internet from VLAN 125?
Thanks
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
December 4th, 2013 12:00
The management VLAN is designed as an out of band interface for managing the switch, but it isn’t really needed if you have other ways or reaching the switch. You do not need to add any ports to the management VLAN and can just assign it to 111 and ignore it, so yes your steps make sense.
Vlan database
Vlan 111
Exit
Ip address vlan 111
Should be all you need to do to move it.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
December 4th, 2013 08:00
Hi,
In order to route between VLANs from the global config level you need to run ip routing. Then it should be able to route the other VLAN and be able to access the internet. To limit access you can use access control lists page 300 ftp://ftp.dell.com/Manuals/all-products/esuprt_ser_stor_net/esuprt_powerconnect/powerconnect-6248_User%27s%20Guide2_en-us.pdf
gabik
9 Posts
0
December 4th, 2013 10:00
already configured ip routing.. still did not got connection..
this is our full "show run" with 2 vlans:
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.1.10, VxWorks 6.5"
!System Software Version 3.3.1.10
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 5,124-125
vlan routing 124 1
vlan routing 125 2
exit
stack
member 1 2
exit
ip address 106.103.1.249 255.255.255.0
ip default-gateway 106.103.1.1
access-list gabi-ACL permit ip any any
ip routing
interface vlan 124
name "test vlan"
routing
ip address 10.99.99.1 255.255.255.0
bandwidth 10000
ip mtu 1500
ip access-group gabi-ACL in 1
exit
interface vlan 125
name "test-125"
routing
ip address 10.99.98.1 255.255.255.0
exit
username "xxxxx" password xxxxxxxxxxxxxxxx level 15 encrypted
line ssh
password xxxxxxxxxxxxxxxxxx encrypted
exit
ip ssh server
management access-list "gabi"
exit
!
interface ethernet 1/g2
no negotiation
exit
!
interface ethernet 1/g24
switchport access vlan 124
exit
!
interface ethernet 1/g25
switchport access vlan 125
exit
exit
any idea why can't i get out to the internet?
i am also cannot get connection to 106.103.1.0/24 segment (this is our current network address) - it means the new server cannot access any other server or PC..
Thanks.
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
December 4th, 2013 11:00
You may need to move the other interfaces off of VLAN 1 as it is the management VLAN and that is not routable. You could also move just the management VLAN to something else and leave the other computers on VLAN 1. Does the server have the ip address of VLAN 125 as its default gateway?
gabik
9 Posts
0
December 4th, 2013 12:00
thanks,
i will give it a try and update here.
gabik
9 Posts
0
December 4th, 2013 12:00
Hi Josh, thank you for helping.
can you explain please what is the purpose of management VLAN? i mean, i can get to the SSH and web interface from VLANS 124-125 as well.. so why do Dell need the management VLAN?
i will do the following steps by your reply:
1) move management VLAN to VLAN 111 instead of 1
2) give VLAN 1 the IP 106.103.1.249 on Subnet 255.255.255.0
is it make sense?
Does the server have the ip address of VLAN 125 as its default gateway? yes it is. 10.99.99/98.1
�
do you think i will have problem with the IP addresses?
the mgmt has the IP of 106.103.1.249 as you can see on the "sh run" output.. and i will change VLAN 1 to be 106.103.1.x
�
do i need to add ports to mgmt VLAN ?
�
Thanks.
gabik
9 Posts
0
December 7th, 2013 04:00
Hi,
your method works perfect.
i still have some issue to solve:
my switch has x.x.x.249 IP address (on each VLAN i have different IP address).
to be able to route inter VLAN, i need to set the gateway on the servers/PCs to x.x.x.249
when i am using the switch as the gateway, i can access to all VLANs perfectlly.
the issue is i have no Internet. my outside gateway is 106.103.1.1 and it sit on VLAN 1.
how can i "tell" the switch to "forward" each packet which needs to be out of the switch range to 106.103.1.1 from all the VLANs?
Thanks
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
December 10th, 2013 07:00
It is the same issue with the management VLAN not being routable, it isn’t going to route to VLAN 1 if VLAN 1 is the management VLAN. So you need to change the management VLAN or move the outside gateway to a different VLAN.