Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

mfhmemon

1 Message

5511

December 29th, 2004 05:00

Multiple VLAN membership issue

hi
 
I work in a small educational institute and we have dell switches and servers.
 
the 3 main switches are dell powerconnect 3348.  i have been trying to configure them for multiple vlan membership but having no luck. so i reset them to factory default and set them up for password. and nothing else.
 
now let me tell u how and where they are and how i want them.
 
switch 1
i want this switch to be divided into 4 vlans.
 
1) will be for staff
2) will be for IT
3) will be for Student Server and machines
4 will be for External
 
Now in this i want ITS to be a part of the other 3 vlans, so i can ping from a machine in vlan2 to vlan3, or from vlan 2 to vlan 1, or vlan2 to vlan4.
 
student servers have no connection to any  staff servers.  they exist as a seperate entity.  only a group of people that will be connected to vlan2 need to access student servers for the sake of update and maintanance, but they actually belong to staff network that is also a seperate entity.
 
please guide me as to how to setup vlans on this switch so i can achieve my goal.
 
switch 2
This is a simple staff only switch.  only 1 vlan on this switch.  one cable from this switch goes to switch 3 and one from g1 to swtich 1
 
switch 3
this switch connects the lab computers and also has staff computers connected to it.  It needs to be divided into 2 vlans, 1 for students and 1 for staff.  but i also want the instructer machine to be a part of both the domanis for providing remote assistance to students and connecting to staff network for his files.
 
Please help me out.  if you need any more information, please let me know.
 
thanking you all in advance
 
MFH

GregM_1

2 Intern

 • 

112 Posts

December 29th, 2004 16:00

You really need a layer-3 switch to do this job.

Since the 33xx series is a pure layer-2 switch, it cannot route, what you are trying to achieve is a layer-2 workaround known as port overlapping. 

Yes, with port overlap you could make this happen, but it will not be a secure or smooth network.

The reason is in the way port overlap works.  Since the switch looks at the CAM table to decide where to switch frames to, with port overlap your other devices are in different vlans, so it never learns where they are, so it floods every frame.  This defeats the purpose of having a switch. 

Also, for example, if the IT vlan is communicating with the External VLAN, since the switch cannot map addresses across vlans, it has to flood, but the nature of port overlap causes this flood across all shared vlans, the response from IT will be seen by ALL vlans.  Hence no real security.

Keep in mind I am saying the data being send to the common VLAN (IT in your case) is secure, the replies get flooded across the entire switch.

If you decide you want to go forward with port overlap, I recommend giving support a call.  This is to in depth for a simple forum request.

skyking60

6 Posts

February 23rd, 2005 00:00

The layer 3 switch is the right way to go, but there is one workaround.
 
Depending on how many IT computers there are, you can install a second NIC in the IT management computers, and therefore manage or connect to the other Vlan. It is not pretty, involving some cable runs, but it will give you the network oversight you seek without getting new switches.
You can then figure out a switch structure that accomodates the user and server needs.
 

Was this post helpful?

View All

No Events found!

Top