This post is more than 5 years old
5 Posts
0
32211
VLAN configuration in a heterogeneous lab network
Hello all,
I'm trying to setup two VLANs consisted of just one computer each in a laboratory environment.
The first one is connected to a Dell PowerConnect 2816 Switch and the other one to another manufacturer Switch as shown in the picture (both are Layer 2 Switches and are configured more or less in the same manner). On the upper level, each switch is connected to a Dell PowerConnect 6024 switch (which as you probably know is a Layer 3 Switch).
I have problems in configuring the Layer 2 switches so that the VLANs can communicate with each other because from the little research I've done there is no way (?) to create a trunk link between each Layer 2 switch and the Layer 3 switch.
So far I've created two VLANs (10 & 20) on the Layer 3 switch and assigned IP addresses on them with a view to routing the traffic through the default VLAN (to the firewall) without being completely sure how this done. As regards the Layer 2 switches, an IP address can only (?) be assigned to the default VLAN and I want to have two VLANs on the left switch (10 and default) and two VLANs on the right one (20 and default).
For the first step, I would like a recommendation on how I can get an echo request from the computer located in the other VLAN and on the second step expose the computers to the internet. An extra cables approach, instead of trunk links, is welcomed.
Thank you very much in advance.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 18th, 2013 13:00
There is a good white page that talks about VLAN routing on the 6024. It is a bit older of a document, so I would use it as a guide vs using it word for word, as some things change from firmware revision to firmware revision.
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_38.pdf
Things to consider:
Native VLAN is not generally routable on these switches. The default native vlan is 1, so don’t expect that traffic to be able to communicate across switches to the different VLANs.
With the newer firmware on the 6024 I do not believe that static routes are needed.
Depending on the OS being used on the clients you may need to disable the firewall or modify rules on the firewall for ping to reply back.
Each VLAN needs to have its own subnet. For example.
VLAN 10=10.0.10.0
VLAN 20=10.0.20.0
And so on
The IP address and gateway of your clients will be that of the VLAN they are in access mode for. So a client on the 2816 that is plugged into a port for VLAN 10 would need an IP address in the 10.0.10.0 subnet. And the gateway would be the IP address that was assigned to VLAN 10 on the 6024.
Only ip address given on the layer 2 switches are for the management/native VLAN. No other VLANs get ip addresses on the the layer 2 switches, just the layer 3.
That should get you started. Feel free to post up any questions or running configs for review.
Cheers.
dpesios
5 Posts
0
October 25th, 2013 07:00
Hello Daniel,
I did a reset on the device and assigned different VLAN IDs.
The connection from the 6024 to the home router can be in general mode as well (tagged or untagged, both work).
However, with general mode, the PVID of the port should get VLAN's ID so that untagged packets coming from the router won't be passed to the default VLAN.
Trunk mode won't work, because the router's end isn't aware of VLANs.
Things to take into consideration:
1) To get the clients to Internet a static route should be created, as the one that follows
cosnole(config)#ip route 0.0.0.0 /0 10.0.8.1
2) From the routes perspective there should also be an static entry in its route table for the data stream that gets back.
Such as "10.0.10.0 /24 is reachable through 10.8.0.5" for VLAN 10 (for VLAN 20 equivalently or one can use an aggregated advertizement).
I'm going to add now the firewall and the balancer to see how it goes.
Have a nice weekend!
The running-config now is as follows:
Router Configuration
-----------------------------
interface ethernet g5
switchport mode general
exit
vlan database
vlan 8-10
exit
interface ethernet g5
switchport general pvid 8
exit
interface ethernet g5
switchport general allowed vlan add 8
exit
interface ethernet g3
switchport access vlan 9
exit
interface ethernet g5
switchport general allowed vlan add 9
exit
interface ethernet g7
switchport access vlan 10
exit
interface ethernet g5
switchport general allowed vlan add 10
exit
interface vlan 8
ip address 10.0.8.5 255.255.255.0
exit
interface vlan 9
ip address 10.0.9.5 255.255.255.0
exit
interface vlan 10
ip address 10.0.10.5 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 10.0.8.1
username admin password ?????????????????????? level 15 encrypted
snmp-server community Dell_Network_Manager rw view DefaultSuper
dpesios
5 Posts
0
October 22nd, 2013 10:00
Hello there,
For the time being, I removed the load balancer and the firewall and directly connected the home router to the Layer 3 Switch through a port configured in trunk mode so that I can expose the two hosts on the Internet but without success.
I am able to ping the host on the right from the host on the left (and vice-versa) which are located in different VLANs (10 & 20 respectively), since they are not connected the non-routable default VLAN.
How can I connect the hosts to the Internet ? And afterwards re-connect the firewall and the load balancer.
The internal IP of the home router is 192.168.103.1 - Should I give the trunk port, which now belongs to a separate VLAN, the IP 192.168.103.2 ?
dpesios
5 Posts
0
October 23rd, 2013 02:00
Daniel,
Some more detail I forgot to mention:
The VLANs on the Layer 2 Switches (VLAN 10 on the left and VLAN 20 on the right - please see the gif image) are both tagged and the hosts (clients) connected to them are running Windows 7 and Windows XP respectively, so I suppose they send untagged packets by default to these switches.
The ports on the Layer 3 switch, that the Layer 2 switches are connected to, are configured in access mode as you said.
I am going to post the running config if this is necessary.
I also apologize for the late response of my previous reply.
Thanks again.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
October 25th, 2013 06:00
Thanks for the extra information. The connection from the 6024 to the home/ISP router needs to be in access mode for a specific VLAN. In many cases a VLAN will be created specifically for this connection, but you could use VLAN 10 or 20.
I would be interested to see what your 6024 running config currently looks like.