[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 9163
  • Last Modified:

Inter Vlan Routing and Routing to Internet on 3com 4800G Core Switch

Hi experts.  I have spent some time putting together my network which consists of the following:

3com Office Connect VPN Router (Acts as Gateway for 2 WAN connections from different ISPs)
3com 4800G Layer 3 Switch (Acts as core switch, houses VLAN/Interface info)
3-3com 4200G Layer 2 Switches (Distribution/Access layer switches)

From a layer 2 standpoint I seem to have things working well.  All 3 4200s are trunked via LACP back to the 4800G and VLAN information is allowed to traverse through the trunks and I've tested it as working.

Now on to my question:

I have 9 Vlans (including the default) as I wish to segment different parts of the network for both organizational and security reasons.

I have 2-3 Vlans that should talk to eachother while the others should not route to any other interface save hitting the Internet.  So far I'm able to jump on a Vlan (ie Vlan 2 192.168.101/24) and ping the Interface of 192.168.101.1.  I can also ping other interfaces such as Vlan 3 192.168.102.1.  But I cannot get past the interface to route to the Internet.

Here's the steps I took after assigning the ports to Vlan 2 (Example)
-----
interface vlan 2
undo ip address
ip route-static 192.168.101.0 255.255.255.0 192.168.101.1
interface vlan 2
ip address 192.168.101.1

-----

When I do a display ip routing-table this is the result:
Destination/Mask    Proto  Pre  Cost         NextHop         Interface

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
192.168.100.0/24    Direct 0    0            192.168.100.2   Vlan1
192.168.100.2/32    Direct 0    0            127.0.0.1       InLoop0
192.168.101.0/24    Direct 0    0            192.168.101.1   Vlan2
192.168.101.1/32    Direct 0    0            127.0.0.1       InLoop0
192.168.102.0/24    Direct 0    0            192.168.102.1   Vlan3
192.168.102.1/32    Direct 0    0            127.0.0.1       InLoop0
192.168.103.0/24    Direct 0    0            192.168.103.1   Vlan4
192.168.103.1/32    Direct 0    0            127.0.0.1       InLoop0
192.168.104.0/24    Direct 0    0            192.168.104.1   Vlan5
192.168.104.1/32    Direct 0    0            127.0.0.1       InLoop0
192.168.105.0/24    Direct 0    0            192.168.105.1   Vlan6
192.168.105.1/32    Direct 0    0            127.0.0.1       InLoop0
192.168.108.0/24    Direct 0    0            192.168.108.1   Vlan9
192.168.108.1/32    Direct 0    0            127.0.0.1       InLoop0
-----

I'm assuming there's something I'm missing here with a Next hop so the 192.168.101.0 network will know to forward requests for Internet traffic to the router at 192.168.101.1.

I also want to know how to limit communication between the Vlans so that they will only route to the Internet and not InterVlan.

I've included my running configuration if it would help.  Thanks in advance, guys!

#
 version 5.20 Release 2202P01, Release 2202P01
#
 sysname 4800G-CORE
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 telnet server enable
#
 undo cluster enable
#
igmp-snooping
#
vlan 1
 description DEFAULT
 igmp-snooping enable
#
vlan 2
 description 2
 ip-subnet-vlan 0 ip 192.168.101.1 255.255.255.0
#
vlan 3
 description 3
 ip-subnet-vlan 0 ip 192.168.102.1 255.255.255.0
#
vlan 4
 description 4
 ip-subnet-vlan 0 ip 192.168.103.1 255.255.255.0
#
vlan 5
 description 5
 ip-subnet-vlan 0 ip 192.168.104.1 255.255.255.0
#
vlan 6
 description 6
 ip-subnet-vlan 0 ip 192.168.105.1 255.255.255.0
#
vlan 7
 description 7
 ip-subnet-vlan 0 ip 192.168.106.1 255.255.255.0
#
vlan 8
 description 8
 ip-subnet-vlan 0 ip 192.168.107.1 255.255.255.0
#vlan 9
 description 9
 ip-subnet-vlan 0 ip 192.168.108.1 255.255.255.0
#
radius scheme system
 server-type extended
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool 1
 network 192.168.102.0 mask 255.255.255.0
#
user-group system
#
local-user admin
 authorization-attribute level 3
 service-type telnet terminal
local-user manager
 password simple manager
 authorization-attribute level 2
 service-type telnet terminal
local-user monitor
 password simple monitor
 authorization-attribute level 1
 service-type telnet terminal
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation2
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation3
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation4
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation5
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.100.2 255.255.255.0
#
interface Vlan-interface2
 ip address 192.168.101.1 255.255.255.0
#
interface Vlan-interface3
 ip address 192.168.102.1 255.255.255.0
#
interface Vlan-interface4
 ip address 192.168.103.1 255.255.255.0
#
interface Vlan-interface5
 ip address 192.168.104.1 255.255.255.0
#
interface Vlan-interface6
 ip address 192.168.105.1 255.255.255.0
#
interface Vlan-interface7
 ip address 192.168.106.1 255.255.255.0
#
interface Vlan-interface8
 ip address 192.168.107.1 255.255.255.0
#
interface Vlan-interface9
 ip address 192.168.108.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 4
#
interface GigabitEthernet1/0/12
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 4
#
interface GigabitEthernet1/0/13
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/14
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/15
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/16
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/17
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/18
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/19
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/20
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/21
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/22
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/23
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/24
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/25
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
 ip route-static 192.168.100.0 255.255.255.0 192.168.100.1
 ip route-static 192.168.101.0 255.255.255.0 192.168.101.1
 ip route-static 192.168.102.0 255.255.255.0 192.168.102.1
 ip route-static 192.168.102.0 255.255.255.0 192.168.101.1
 ip route-static 192.168.103.0 255.255.255.0 192.168.103.1
 ip route-static 192.168.104.0 255.255.255.0 192.168.104.1
 ip route-static 192.168.105.0 255.255.255.0 192.168.105.1
 ip route-static 192.168.106.0 255.255.255.0 192.168.106.1
 ip route-static 192.168.107.0 255.255.255.0 192.168.107.1
 ip route-static 192.168.108.0 255.255.255.0 192.168.108.1
#
 snmp-agent
 snmp-agent local-engineid 8000002B03001EC16FA6A9
 snmp-agent community read public
 snmp-agent community write private
 snmp-agent sys-info contact 
 snmp-agent sys-info location
 snmp-agent sys-info version all
#
 dhcp enable
#
user-interface aux 0
 authentication-mode scheme
user-interface aux 1 8
user-interface vty 0 4
 authentication-mode scheme
#
return

Open in new window

0
jajelinek
Asked:
jajelinek
  • 7
  • 6
1 Solution
 
bkepfordCommented:
You need to add a static default route

ip route-static 0.0.0.0 0.0.0.0 x.x.x.x (Internet gateway ip address)

Secondly you can remove

ip route-static 192.168.100.0 255.255.255.0 192.168.100.1
 ip route-static 192.168.101.0 255.255.255.0 192.168.101.1
 ip route-static 192.168.102.0 255.255.255.0 192.168.102.1
 ip route-static 192.168.102.0 255.255.255.0 192.168.101.1
 ip route-static 192.168.103.0 255.255.255.0 192.168.103.1
 ip route-static 192.168.104.0 255.255.255.0 192.168.104.1
 ip route-static 192.168.105.0 255.255.255.0 192.168.105.1
 ip route-static 192.168.106.0 255.255.255.0 192.168.106.1
 ip route-static 192.168.107.0 255.255.255.0 192.168.107.1
 ip route-static 192.168.108.0 255.255.255.0 192.168.108.1

By default a switch knows where directly connected networks are. So if traffic is bound for the 192.168.101.x network the switch will automatically send it out the directly connected interface of 192.168.101.1 without being told.

Lastly why do you have route to 192.168.100.1 for the 192.168.100.0/24 network when your vlan 1 interface has an IP of 192.168.100.2?

interface Vlan-interface1
 ip address 192.168.100.2 255.255.255.0
0
 
bkepfordCommented:
To stop intervlan routing you need to setup access-lists between vlans and apply them to the vlan interface. (not sure how to do it in a 3Com but in a Cisco it would look like this)  

if you Internet IP was on 192.168.108.254 and you wanted vlan 1 to only access the internet vlan 2 to only access vlan 3 and the internet. Notice that I only have permit statements, it is because in access-lists if it is not permitted by default it is denied

access-list 100 permit ip 192.168.100.0 0.0.0.255 192.168.108.0 0.0.0.255
!
access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.102.0 0.0.0.255
access-list 101 permit ip 192.168.101.0 0.0.0.255 192.168.108.0 0.0.0.255
!
access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.101.0 0.0.0.255
access-list 102 permit ip 192.168.102.0 0.0.0.255 192.168.108.0 0.0.0.255
!
interface vlan 1
 ip access-group 100 in
interface vlan 2
 ip access-group 101 in
interface vlan 3
 ip access-group 102 in

0
 
jajelinekAuthor Commented:
Lastly why do you have route to 192.168.100.1 for the 192.168.100.0/24 network when your vlan 1 interface has an IP of 192.168.100.2?

interface Vlan-interface1
 ip address 192.168.100.2 255.255.255.0
-----quote------------

Our Internet IP/Router is 192.168.100.1 (Management Vlan 1) I figured since the Vlan1 interface needed an IP I would assign it 192.168.100.2 and the switch would try to hop to the 192.168.100.1 router address.  I removed all of the routes and added a static route of: 0.0.0.0 0.0.0.0 192.168.100.1 and I can only hit the Internet from Vlan 1.  When I plug into Vlan 2 and assign an ip address of 192.168.101.20 and the gateway as 192.168.101.1 I can ping all of the vlan interfaces but I cannot route past them to hit the Internet or reach 192.168.100.1.  

Here is my current configuration:

#
 version 5.20 Release 2202P01, Release 2202P01
#
 sysname 4800G
#
 irf mac-address persistent timer
 irf auto-update enable
 undo irf link-delay
#
 domain default enable system
#
 telnet server enable
#
 undo cluster enable
#
igmp-snooping
#
vlan 1
 description DEFAULT
 igmp-snooping enable
#
vlan 2
 description ADMIN
 ip-subnet-vlan 0 ip 192.168.101.1 255.255.255.0
#
vlan 3
 description CAD
 ip-subnet-vlan 0 ip 192.168.102.1 255.255.255.0
#
vlan 4
 description CLINIC
 ip-subnet-vlan 0 ip 192.168.103.1 255.255.255.0
#
vlan 5
 description COMM
 ip-subnet-vlan 0 ip 192.168.104.1 255.255.255.0
#
description EDU
 ip-subnet-vlan 0 ip 192.168.105.1 255.255.255.0
#
vlan 7
 description PHONE
 ip-subnet-vlan 0 ip 192.168.106.1 255.255.255.0
#
vlan 8
 description RADIO
 ip-subnet-vlan 0 ip 192.168.107.1 255.255.255.0
#
vlan 9
 description SWAT
#
radius scheme system
 server-type extended
 primary authentication 127.0.0.1 1645
 primary accounting 127.0.0.1 1646
 user-name-format without-domain
#
domain system
 access-limit disable
 state active
 idle-cut disable
 self-service-url disable
#
dhcp server ip-pool 1
 network 192.168.102.0 mask 255.255.255.0
#
user-group system
#
local-user admin
 authorization-attribute level 3
 service-type telnet terminal
local-user manager
 password simple manager
 authorization-attribute level 2
 service-type telnet terminal
local-user monitor
 password simple monitor
 authorization-attribute level 1
 service-type telnet terminal
#
interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation2
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation3
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation4
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
#
interface Bridge-Aggregation5
#
interface NULL0
#
interface Vlan-interface1
 ip address 192.168.100.2 255.255.255.0
#
interface Vlan-interface2
 ip address 192.168.101.1 255.255.255.0
#
interface Vlan-interface3
 ip address 192.168.102.1 255.255.255.0
#
interface Vlan-interface4
 ip address 192.168.103.1 255.255.255.0
#
interface Vlan-interface5
 ip address 192.168.104.1 255.255.255.0
#
interface Vlan-interface6
 ip address 192.168.105.1 255.255.255.0
#
interface Vlan-interface7
 ip address 192.168.106.1 255.255.255.0
#
interface Vlan-interface8
 ip address 192.168.107.1 255.255.255.0
#
interface Vlan-interface9
 ip address 192.168.108.1 255.255.255.0
#
interface GigabitEthernet1/0/1
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/2
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/3
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/4
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/5
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/6
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/7
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/8
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/9
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/10
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/11
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 4
#
interface GigabitEthernet1/0/12
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 4
#
interface GigabitEthernet1/0/13
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/14
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/15
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/16
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 1
#
interface GigabitEthernet1/0/17
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/18
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/19
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/20
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 2
#
interface GigabitEthernet1/0/21
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/22
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/23
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/24
 port link-type trunk
 port trunk permit vlan all
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
 port link-aggregation group 3
#
interface GigabitEthernet1/0/25
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/26
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/27
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
interface GigabitEthernet1/0/28
 shutdown
 broadcast-suppression pps 3000
 undo jumboframe enable
 stp edged-port enable
#
 ip route-static 0.0.0.0 0.0.0.0 192.168.100.1
#
 snmp-agent
 snmp-agent local-engineid 8000002B03001EC16FA6A9
 snmp-agent community read public
 snmp-agent community write private
 snmp-agent sys-info contact Jeremy Hyde
 snmp-agent sys-info location 2800 Aldine Bender Houston, TX 77039
 snmp-agent sys-info version all
#
 dhcp enable
#
user-interface aux 0
 authentication-mode scheme
user-interface aux 1 8
user-interface vty 0 4
 authentication-mode scheme
#
return
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
bkepfordCommented:
On a Cisco Switch you have to enable ip routing with the command "ip routing" maybe the 3Com is simmilar
0
 
jajelinekAuthor Commented:
I've researched this and there is no IP Routing.  3com switches will automatically route between Vlans once the interface is setup.  So to recap here's where I'm at:

OfficeConnect router: (Lan/Uplink set to 192.168.100.1)
4800G Layer 3 Switch
(Vlan1 Interface set to 192.168.100.2)
(Vlan2 Interface set to 192.168.101.1)
PC Set to 192.168.101.2 gateway 192.168.101.1

I can ping the Vlan interfaces but nothing past it.  

If my Internet/uplink to the router is sitting in Vlan1 and I'm trying to gain access to that uplink via Vlan2 technically I won't be able to route to the next hop, only between Vlan interfaces.  So here's what I've tried.

I enabled another interface on the router with 192.168.101.1 as the IP, went back and set the VLAN2 Interface on the 4800G to 192.168.101.2. And now Vlan1 and Vlan2 both can reach the Internet through different interfaces.

Now what I'm noticing is that I can ping the Vlan Interfaces, but cannot route traffic Inter-Vlan.

So if I want Internet access for all the Vlans does that mean I'll have to create a new interface and cable for each Vlan from the router?

If this were Cisco I'd do this all on subinterfaces on the router, trunk via one cable from the switch to the router and call it a night.  Has anyone else had weird issues like this with 3com?  Either I'm ignorant or just really displeased with their equipment.

0
 
bkepfordCommented:
what is the default gateway on your clients? it needs to be the switch interface appriopriate for each vlan.

what you did with your router interface is not best practice and I would recommend you undo it.
0
 
jajelinekAuthor Commented:
For Vlan 2 the default gateway is the Vlan Interface 192.168.101.2.  

I'd be happy to undo enabling the second interface on the OfficeConnect router but I did it for testing purposes just to make sure the Vlans were working/etc.  I'm sort of stuck right now.

Again with Cisco this would be more straight forward, but I'm stuck with the 3com gear right now.
0
 
bkepfordCommented:
Thats OK I just know Cisco not 3Com.  Can you post your routing table again now that you have removed all the static routes.
0
 
bkepfordCommented:
This is an excert from the 4800G config guide. According to this your routing looks good. I'm going to start going through your VLAN setup see if I see anything.

I'm sure you have it but here is the link to the configuration guide.

http://support.3com.com/documents/switches/4800G/3Com_Switch_4800G_Config_Guide_Release2202.pdf


Basic Static Route Configuration Example
Network requirements
The IP addresses and masks of the switches and hosts are shown in the following figure. Static routes
are required for interconnection between any two hosts.
Figure 1-1 Network diagram for static route configuration
Configuration procedure
1) Configuring IP addresses for interfaces (omitted)
2) Configuring static routes
# Configure a default route on Switch A.
<SwitchA> system-view
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 1.1.4.2
# Configure two static routes on Switch B.
<SwitchB> system-view
[SwitchB] ip route-static 1.1.2.0 255.255.255.0 1.1.4.1
[SwitchB] ip route-static 1.1.3.0 255.255.255.0 1.1.5.6
# Configure a default route on Switch C
<SwitchC> system-view
[SwitchC] ip route-static 0.0.0.0 0.0.0.0 1.1.5.5
3) Configure the hosts.
The default gateways for the three hosts A, B and C are 1.1.2.3, 1.1.6.1 and 1.1.3.1 respectively. The
configuration procedure is omitted.
4) Display the configuration.
# Display the IP routing table of Switch A.
[SwitchA] display ip routing-table
Routing Tables: Public
Destinations : 7 Routes : 7
1-7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 1.1.4.2 Vlan500
1.1.2.0/24 Direct 0 0 1.1.2.3 Vlan300
1.1.2.3/32 Direct 0 0 127.0.0.1 InLoop0
1.1.4.0/30 Direct 0 0 1.1.4.1 Vlan500
1.1.4.1/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
# Display the IP routing table of Switch B.
[SwitchB] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
1.1.2.0/24 Static 60 0 1.1.4.1 Vlan500
1.1.3.0/24 Static 60 0 1.1.5.6 Vlan600
1.1.4.0/30 Direct 0 0 1.1.4.2 Vlan500
1.1.4.2/32 Direct 0 0 127.0.0.1 InLoop0
1.1.5.4/30 Direct 0 0 1.1.5.5 Vlan600
1.1.5.5/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
1.1.6.0/24 Direct 0 0 192.168.1.47 Vlan100
1.1.6.1/32 Direct 0 0 127.0.0.1 InLoop0
# Use the ping command on Host B to check reachability to Host A, assuming Windows XP runs on the
two hosts.
C:\Documents and Settings\Administrator>ping 1.1.2.2
Pinging 1.1.2.2 with 32 bytes of data:
Reply from 1.1.2.2: bytes=32 time=1ms TTL=255
Reply from 1.1.2.2: bytes=32 time=1ms TTL=255
Reply from 1.1.2.2: bytes=32 time=1ms TTL=255
Reply from 1.1.2.2: bytes=32 time=1ms TTL=255
Ping statistics for 1.1.2.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
# Use the tracert command on Host B to check reachability to Host A.
[HostB] tracert 1.1.2.2
Tracing route to 1.1.2.2 over a maximum of 30 hops
1-8
1 <1 ms <1 ms <1 ms 1.1.6.1
2 <1 ms <1 ms <1 ms 1.1.4.1
3 1 ms <1 ms <1 ms 1.1.2.2
Trace complete.
0
 
jajelinekAuthor Commented:
Here is my current routing table:

Routing Tables: Public
        Destinations : 6        Routes : 6

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0
127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0
192.168.100.0/24    Direct 0    0            192.168.100.2   Vlan1
192.168.100.2/32    Direct 0    0            127.0.0.1       InLoop0
192.168.101.0/24    Direct 0    0            192.168.101.2   Vlan2
192.168.101.2/32    Direct 0    0            127.0.0.1       InLoop0
0
 
jajelinekAuthor Commented:
Update:  This is the only way I'm able to get things working right now:

Setup 2 interfaces on the Office Connect router (192.168.100.1 Vlan1 and 192.168.101.1 Vlan2)
On the 4800G setup 2 Vlan interfaces Vlan1 192.168.100.2 and Vlan2 192.168.101.2
On Vlan 1 host: IP: 192.168.100.20 Sub: 255.255.255.0 GW: 192.168.100.1
On Vlan 2 host: IP: 192.168.101.20 Sub: 255.255.255.0 GW: 192.168.101.1

I can ping from both hosts between Vlans and route traffic through the Internet.  

If I set the Vlan interfaces on the switch as .1 and the Lan interfaces on the Router as another subnet it's not going to work as there's no common interface for the Vlans to route to (either via RIP or Static).  

So far this is the only way I've gotten it to work and I feel that I'm wasting a $3000USD switch right now and that I'm probably doing something wrong with my config.  3com support is NO help so far... (Surprise)
0
 
bkepfordCommented:
Since you are using IP subnet VLAN  assignments how are you doing your IP addressing? DHCP? or Static?
0
 
jajelinekAuthor Commented:
Most of our Vlans have have very few hosts so we will be using static for those workstations/devices.  The two major Vlans will have DHCP running with a /24 scope in each.  

We'll have a total of 9 Vlans (including the default).  Out of which only 4 need Internet access, the rest will be isolated with ACLs put in place (I assume this will work) to block traffic between Vlans).
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

  • 7
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now