aneky
asked on
Managed Configure VLAN, Unable to Issue DHCP out
Currently I POCing Fortigate UTMS with plan to split company network to several vlan for ease of management. I got 3 3COM Switch 4400 SuperStack 3 3C17203 aggregated together into 1 VLAN. To start the test small, I configured 2 free ports on of the switch into VLAN 2 and configured the DMZ port on the Fortigate firewall to issue DHCP. I tested it with a cross cable connect to my laptop the DHCP issue is with no issue. I connect cross cable from the Fortigate DMZ to one VLAN 2 port while the other VLAN 2 port is connected to the test laptop.
I can ping to the dhcp server using static ip neither can I grab any ip from the dhcp server set at the fortigate DMZ port. Any 3COM switch experts out there can lend me a hand. Thanks.
I can ping to the dhcp server using static ip neither can I grab any ip from the dhcp server set at the fortigate DMZ port. Any 3COM switch experts out there can lend me a hand. Thanks.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Problem it doesn't work as it should. Unless, you wan me connect 1 pc at 1 port with pre-assigned IP and another with the same and try ping to each other to isolate maybe the problem might be at the fortigate portion.
ASKER
I telnet into the switch I checked the vlan settings still there. as I configured using the GUI.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Yeah I just did as you ask when I post the previous message. Let me enclosed screenshot to explain it better.
TELNET-VLAN-Config.JPG
TELNET-VLAN-Config.JPG
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
How to check if both ports are configured auto negotiation. I thought by default all switch port is configured for auto negotiation
in the ports menu via telnet, however, if both ports are active (green led), then port is up with correct settings.
ASKER
If that the case both ports are up with green led, but I cannot ping to the the fortigate. I manually configure the 2 static ip on 2 laptop within the same subnet and ip range (with firewall and antivirus disabled) and tried ping to each other. Both reply with timeout. I running out of ideas what going wrong with the vlan.
please issue arp -an on both laptops - I want to check whether pc's can get macs of the second side
ASKER
When I run the command arp -a on both laptop. The laptop configure with the IP 192.168.1.4 respond
Interface 192.168.1.4 ---- 0x3
Internet Address Physical Address Type
192.168.1.5 00-00-00-00-00-00 invalid
The laptop configure with IP 192.168.1.5 respond
There are no arp entries.
Interface 192.168.1.4 ---- 0x3
Internet Address Physical Address Type
192.168.1.5 00-00-00-00-00-00 invalid
The laptop configure with IP 192.168.1.5 respond
There are no arp entries.
so it means, you don't have both ports in the same vlan.....
is it possible you are using incorrect ports/unit?
is it possible you are using incorrect ports/unit?
ASKER
No I specifically configure it under unit 1 port 4 & 8. If they are not in the same VLAN 2 then if I use a laptop plug to the port I should able to grab the IP from the original VLAN 1. I had tried both ports are unable to grab IP from my DHCP server.
yes, but from the other hand if those ports are within the same vlan, pcs should be able to see each other.
can you reboot your stack?
can you reboot your stack?
ASKER
I will have to wait after office working hour to do that. If reboot is the only choice.
if you say that you have created vlan, and assigned ports to it and it still not working - I would try rebooting device....
ASKER
Ok I rebooted the switch. The problem still persist. arp -a still unable to see each other neither can ping or grabing IP from the dhcp server.
hmmmmm
please, check mac addresses learned by switch on both ports.
do both macs are within the same vlan?
please, check mac addresses learned by switch on both ports.
do both macs are within the same vlan?
ASKER
from_exp
Thanks for your help. The problem still the same. Anyway, I give up on the VLAN as my management pull the plug on my network upgrade plans so I no longer need this .
Thanks for your help. The problem still the same. Anyway, I give up on the VLAN as my management pull the plug on my network upgrade plans so I no longer need this .
ASKER
One thing need to note is if I access directly to the switch using IE, I will not be able to see the VLAN configuration as I see in 3com Network Device Manager. I no idea if it is because of the firmware of the switch might be obsolete that causes this issue.
VLAN-Config.JPG