Skip to main content
Start a Conversation

This post is more than 5 years old

Solved!

Go to Solution

HEND-WY

6 Posts

43789

July 19th, 2012 11:00

Please Help! - Simple but I'm a noob

I have a simple design that I need help with for a switch that I just installed.  PowerConnect 6224

I need to define 3 VLANs (One for Customer 1, One for
Customer 2 and One for the route to the Firewall(Default Gateway))

I worked at it and I'm just not up to speed on this.  i know
it's simple and I took the configuration guide and used examples from that
that.  This is the only use for this switch and there is no configuration on
it.


Any help would be appreciated.  Thanks in advance.  (Sorry for the rough idea drawing)  Didn't have Visio loaded up.

DELL-Willy M

802 Posts

July 20th, 2012 08:00

Have you enabled routing globally on the switch?

 

console(config)# ip routing

 

Are you able to ping the firewall from the switch?

 

Then you want to view the routing table. To view the route paths. Here is an example of what you are wanting to see.

 On the firewall you would also want to check and configure routes to the subnets you have set up on the VLANs.

 

Console# show ip route

 

 

console(config)#ip route 0.0.0.0 0.0.0.0 10.0.20.x

 

Would be the command to tell all unknown traffic to exit to the firewall.  The x would be the ip of the firewall in VLAN 20.

 

 

 

HEND-WY

6 Posts

July 23rd, 2012 06:00

Thanks, that took care of it.  I really appreciate the help.

DELL-Willy M

802 Posts

July 19th, 2012 11:00

Creating VLANs

console> enable

console# config

console(config)# vlan database

console(config-vlan)# vlan 2

console(config-vlan)# exit

console(config)# interface vlan 2

console(config-if)# name Marketing   (Applies name to Vlan)

console(config-if)# ip address 192.168.1.1  (Applies IP address to Vlan)

console(config-if)# end

 

Any ports that will have a desktop or VLAN unaware device will need to configured as an access switchport

 

Configuring Access Ports

 

console> enable

console# config

console(config)# interface ethernet 1/e1

console(config-if)# switchport mode access

console(config-if)# switchport access vlan 2

console(config-if)# end

 

The port connecting to the firewall will need to be configured as a trunk/general switchport.  Depending on the compatibility of your firewall device you will use trunk or general.  The commands are basically the same just replace trunk with general.  This option is used when you are needing multiple VLANs to traverse a single connection or LAG (Link Aggregation).

 

Configuring Trunk Ports

 

console> enable

console# config

console(config)# interface ethernet 1/e5

console(config-if)# switchport mode trunk

console(config-if)# switchport trunk allowed vlan add 2

console(config-if)# end

 

Hope this helps,

 

Keep us updated if you can.

HEND-WY

6 Posts

July 19th, 2012 13:00

That makes sense to me.  Does the Trunk Port require an IP address?  My thoughts were to put on a completely different subnet and configure a firewall port on the other end. Then the 2 other vlans would be able to use that for Internet access.   Will the switch automagically use the trunk port as it's default gateway?  

HEND-WY

6 Posts

July 19th, 2012 13:00

Thanks.  I think I have another issue with this.  The managment vlan is vlan1 and it has the same IP subnet as vlan10.

What suggestions might you have for this?

Here is my current config.  I'm happy to blow it all away if necessary....

console#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"

!System Software Version 3.3.1.10

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 10,20,100

vlan routing 10 1

vlan routing 20 2

exit

stack

member 1 1

exit

ip address 10.0.10.239 255.255.255.0

ip routing

interface vlan 10

routing

ip address 10.0.1.254 255.255.255.0

exit

interface vlan 20

routing

ip address 10.0.20.239 255.255.255.0

exit

!

interface ethernet 1/g24

switchport mode general

switchport general pvid 20

switchport general allowed vlan add 10,20

exit

exit

console#

DELL-Willy M

802 Posts

July 19th, 2012 13:00

One option would be to change the management vlan.  

The following example sets VLAN 5 as management VLAN.

console(config)#ip address vlan 5

DELL-Willy M

802 Posts

July 19th, 2012 14:00

The port that you have connecting to the firewall can have a IP address that corresponds with the same subnet as the other end on the firewall.

You can set up a default gateway.  It will send and unknown destination traffic to that address for resolution.

console(config)# ip default-gateway xxx.xxx.xxx.xxx

HEND-WY

6 Posts

July 19th, 2012 14:00

You all Rock!  Thanks for helping me out.

I get a message that the gateway and  IP address are not on the same subnet when I try to add my default gateway.  Also I guess I would need to create another VLAN for that firewall port, right?  I can't just add an IP address to a switch port, right?

Here is my running config.  Sorry about the last one.  It wasn't accurate.  

console#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"

!System Software Version 3.3.1.10

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 100

vlan routing 100 1

exit

stack

member 1 1

exit

ip address none

ip routing

interface vlan 100

name "WEC"

routing

ip address 10.100.100.239 255.255.255.0

exit

!

interface ethernet 1/g2

switchport access vlan 100

exit

!

interface ethernet 1/g24

switchport mode trunk

switchport trunk allowed vlan add 100

exit

exit

console#

DELL-Willy M

802 Posts

July 19th, 2012 16:00

Yes, the port is in switchport mode you would need to create a vlan and specific for the connection between the 6224 and the firewall.  Then give it the address 192.168.10.x

In your show run I do not see an IP set for the switch.  This may be why you are receiving the message.  They do need to be in the same subnet.

stack

member 1 1

exit

ip address none

ip routing

Here is the complete example of setting the IP for the switch.

console(config)# ip address xxx.xxx.xxx.xxx

console(config)# ip default-gateway xxx.xxx.xxx.xxx

HEND-WY

6 Posts

July 19th, 2012 20:00

Okay, what am I missing....I'm just trying to get VLAN 100 to talk to the Internet now.  Once I have that, VLAN 10 should be easy.  Here is the latest config:  Sorry, I'm not getting this but I really appreciate the help and the lessons.

console#show running-config

!Current Configuration:

!System Description "PowerConnect 6224, 3.3.1.10, VxWorks 6.5"

!System Software Version 3.3.1.10

!Cut-through mode is configured as disabled

!

configure

vlan database

vlan 5,20,100

vlan routing 100 1

vlan routing 20 2

exit

stack

member 1 1

exit

ip address none

ip address vlan 5

ip routing

interface vlan 20

name "TRUNK_TO_FW"

routing

ip address 10.0.20.239 255.255.255.0

exit

interface vlan 100

name "WEC"

routing

ip address 10.100.100.239 255.255.255.0

exit

!

interface ethernet 1/g2

switchport access vlan 100

exit

!

interface ethernet 1/g24

switchport mode trunk

switchport trunk allowed vlan add 20,100

exit

exit

console#

Was this post helpful?

View All

No Events found!

Top