• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1587
  • Last Modified:

Configuring ports in vlans on Dell powerconnect 3324 to allow access from the hosts to the router but not other hosts in the same subnet.

I've got a customer (Shared business centre) who is trying to provide access to the router (vlan1) (as well as some shared printers) to everyone in a 192.168.0.0/24 subnet but does not want each of the customers to allow access to each other.  I would prefer to have the customers in a unique vlan (especially as some of the customers require multiple ports that need to see each other).  The router involved in the equation is simplay a broadband router and is not suitable for inter-vlan routing, and I would like all the devices to be in the same subnet anyways.  I've been able to do this with another customer using a baystack bt450, but I have no experience with the Dell powerconnect switchs.  I've done some testing with putting customers in different vlans but I can't seem to get the hosts to talk both the router and the other devices in that given vlan.

Any help greatly appreciated.
0
techeez
Asked:
techeez
  • 2
1 Solution
 
calvinetterCommented:
>The router involved in the equation is simplay a broadband router and is not suitable for inter-vlan routing
  That's the crux of the problem.  
You'd need a router (like Cisco) that supports VLAN trunking, or get a switch with routing abilities.  Also, do yourself & your customer a favor, get rid of the Dell switches, especially if you want to try configuring VLANs; I've found them to be buggy, unstable & unreliable.  If you get a lower-end Cisco router (maybe 1721 or 1751 or 1841) & Cisco Catalyst 2950 switch(es), you can setup multiple VLANs & inter-VLAN routing with the ability to control who can access what on other subnets.  An even better situation would be to get a "layer-3 switch" (one with routing capabilities) such as 3550 or 3560 series - this will have the combined abilities of a router, as well as VLAN options.  And best of all, the Cisco equipment is rock solid.

cheers
0
 
techeezAuthor Commented:
Hey Calvinetter,

Thanks... I've subsequently spoken to Dell tech-support and they say that I can do it, but they don't recommend it.  They have suggested that a method that should allow me to accomplish my goal.  By configuring the PVID on all the common ports to a new vlan (I'm going to use 100) other than vlan1 and then 'overlapping' the host ports within both their own vlan (assigning the pvid in those ports to the respective vlan)  and vlan100 that it should work. ie:

Port 1 - router - pvid 100, is Untagged in vlan 2,3,4,5,6, etc. and 100
Then
Port 2 - printer - pvid 100, untagged in vlan 2,3,4,5,6, etc. and 100

port 3 - customer 1 - pvid 2, untagged within vlan 2, and vlan100
port 4 - customer 1 - pvid 2, untagged within vlan 2, and vlan100

port 5 - customer 2 - pvid 3, untagged within vlan 3, and vlan100
port 6 - customer 2 - pvid 3, untagged within vlan 3, and vlan100

This should allow hosts in port 3 to talk to port 1,2,3,4 and not port 5 and 6...

Keeping in mind of course that all of the devices are in the same subnet.  Apparantly the key is to make the common vlan something other then vlan1

I'll post a message about the results of the test.
0
 
techeezAuthor Commented:
In case anyone is interested... I was finally able to test this out, and it does in fact work.  The only potential problem is that the devices within the shared vlan (100) end up with their mac -addresses in multiple vlans which according to Dell causes the switch to longer truly act like a 'true switch (ie. breaking up collision domains), and it constantly flushes the cam table, which cause more arp traffic, etc... But in this scenario it seems to work fine.
0
 
GranModCommented:
Closed, 500 points refunded.
GranMod
The Experts Exchange
Community Support Moderator of all Ages
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now