Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Vlan setup

Posted on 2010-11-21
15
Medium Priority
?
818 Views
Last Modified: 2012-06-21
I am looking to setup a couple of vlan's, and I am just not getting it. I have one 3com 4500 48 port switch, and I want to setup 3 Vlan's on it. Vlan Group 1, Vlan Group 2, and Vlan Group 3. I have 2 servers,and a cable Internet connection I will need all 3 groups to be able to access, then each group will have one server that only their group will need to access on their Vlan. There will be about 5 or 6 computers in each group. Currently 1 switch is all I have, eventually I made need to add another. If you have IP addressing ideas that would work best for this setup, etc.. I am all for it. I can can change whatever settings I need to. Looking for straitforward answer, steps, information to get setup.

Thank you very much for your help!
0
Comment
Question by:heydude
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 6
15 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 34187418
0
 
LVL 12

Expert Comment

by:atrevido
ID: 34191465
That article should get you going as giltjr posted
REgarding IP addressing scheme, I'm a firm believer in keep it simple

3 VLANS - Class C /24 subnets

VLAN 1 - 10.0.1.x
VLAN 2 - 10.0.2.x
VLAN 3 - 10.0.3.x

You don't mention a router here but your switch does do dynamic routing, so make sure the switches default gateway on VLAN 1 is the cable modem.

No problems with adding another switch, the only trick would be to ensure your uplink or "trunk" port between switch1 and switch 2 is tagged with all VLANs so they can traverse the link
0
 

Author Comment

by:heydude
ID: 34193743
Sorry, but I am just not getting it. I have 3 vlan's setup, Vlan1 the default, vlan 2, and vlan 3.
Vlan 1 = 192.168.1.1
Vlan 2 = 192.168.2.1
vlan 3 = 192.168.3.1

My cable modem has an internal ip of 192.168.1.254
Vlan 1 has all ports except the ports configured for vlan 2 and vlan 3 below
Vlan 2 is ports 5,6,7,8,9, and 10
Vlan 3 is ports 10,11,12,13,14,and 15

I'm not sure what my next steps are?
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 57

Expert Comment

by:giltjr
ID: 34195909
What's not working?

Do you have at least 1 computer on each VLAN?  If so can they all ping each other?

My guess is that computers on VLAN 2 and 3 can't access the Internet.  What you need to do is configure your cable modem with routes to 192.168.2.0/24 and 192.168.3.0/24 (/24 netmask is 255.255.255.0).  The route should point to what ever IP address the 4500 has in VLAN 1.
0
 

Author Comment

by:heydude
ID: 34202066
The computer plugged into vlan 1 with the cable modem can get an ip address, and hit the internet. The computer plugged into vlan 2 or vlan 3, setup with a static ip address cannot hit the web, or a computer in the other vlan's? I will try your suggestion above and see if I can hit the web from the other vlan's.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34202109
On some L3 switches you need to enable IP routing.

When you have a computer connected to a port in VLAN2 (or 3) can you ping the router address for that VLAN?
0
 

Author Comment

by:heydude
ID: 34220913
I have to start from scratch, I got lost somewhere. I just cannot seem to get a grip on the VLAN thing. Ok, if I have the following setup on the switch:

3 vlan's setup, Vlan1 the default, vlan 2, and vlan 3.
Vlan 1 = interface ip address 192.168.1.254/255.255.255.0
Vlan 2 = interface ip address 192.168.2.254/255.255.255.0
vlan 3 = interface ip address 192.168.3.254/255.255.255.0

My cable modem is plugged into port 1 of the switch, and I configured a static route(ip route-static 0.0.0.0 0.0.0.0 192.168.1.1) on vlan 1 to the internal ip of my cable modem at 192.168.1.1/ 255.255.255.0
Vlan 1 has all ports except the ports configured for vlan 2 and vlan 3 below
Vlan 2 is ports 6,7,8,9, and 10
Vlan 3 is ports 12,13,14,15, and 16

A computer in vlan 3 can ping a computer in vlan 2, and a computer in vlan 1. A computer in vlan 2 can ping a computer in vlan 1. Computers in vlan1 can't ping vlan2  or vlan 3. Vlan 2 can't ping vlan 3.
I am unable to ping 192.168.1.1 from vlan 2 or vlan 3,  so I am unable to get on the Internet from vlan 2 or vlan 3. I can ping 192.168.1.1 from vlan 1.

When I did a ping test, I setup a computer in vlan 2 and vlan 3 with the following settings:

comp 1

Ip: 192.168.2.10
subnet mask: 255.255.255.0
gateway: 192.168.2.254
dns: 192.168.1.1

comp 2
 
Ip: 192.168.3.10
subnet mask: 255.255.255.0
gateway: 192.168.3.254
dns: 192.168.1.1
 
Hopefully that is not too confusing, I tried to put as much information as I could about the setup.

Thank you!

0
 

Author Comment

by:heydude
ID: 34220962
Ok, after I posted my last reply, I remembered the routing you had mentioned. I added routes from vlan 2 and vlan 3 to the 4500 address on my cable modem and I can now hit the web from either vlan, and I can hit the router IP now. I can ping downward, just can ping upward? Should I be able to do that? Hit vlan 1 and vlan 2 from vlan 3, hit vlan 1 from vlan 2, but can't hit vlan 2 or vlan 3 from vlan 1 or vlan 2?
0
 

Author Comment

by:heydude
ID: 34220988
I think part of my confusion was the fact that I guess the 4500 being layer 3, I didn't think I would need to add any routes on the modem. It would all be done on the switch.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 2000 total points
ID: 34222056
The 4500 is a layer 3 device and will do routing, however, the modem needs to know how to get back.  Think of this picture:


   PC1 - 192.168.1.99-------|-------|
   PC2 - 192.168.2.99-------|4500 |-------- (192.168.1.1) MODEM ------ Internet
   PC3 - 192.168.3.99-------|-------|
   

Now, when traffic from PC3 hits the 4500 the 4500 will know where to send it no matter where it needs to go.  Now if PC3 is going to something on the Internet the 4500 will route the traffic to the modem.  When the response comes back, the MODEM need to know where to send the traffic destine for 192.168.3.99.

By default the modem knows about VLAN1 (192.168.1.0/24) and its default route.  The default route points back to the Internet.  So without adding routes to the modem when the modem receives traffic that is going to 192.168.3.99 it will send it back to the Internet.


--> I can ping downward, just can ping upward?

I am not sure what you mean by ping downward or upward.  Can you be a bit more specific?  Like:

  192.168.1.10 can ping 192.168.2.10 and 192.168.3.10
  192.168.2.10 can ping 192.168.1.10 and 192.168.3.10 and 192.168.1.1
  192.168.3.10 can ping 192.168.1.10 and 192.168.2.10 and 192.168.1.1
  192.168.1.10 can ping hostX (where host X is on the Internet)
  192.168.2.10 can NOT ping hostX (where host X is on the Internet)
  192.168.3.10 can NOT ping hostX (where host X is on the Internet)
0
 

Author Comment

by:heydude
ID: 34222411
Ok, after I posted my last reply, I remembered the routing you had mentioned. I added routes from vlan 2 and vlan 3 to the 4500 address on my cable modem and I can now hit the web from either vlan, and I can hit the router IP now. I can ping downward, just can ping upward? Should I be able to do that? Hit vlan 1 and vlan 2 from vlan 3, hit vlan 1 from vlan 2, but can't hit vlan 2 or vlan 3 from vlan 1 or vlan 2?

Cable Modem
Ip address: 192.168.1.1
Subnet: 255.255.255.0

4500
Ip address: 192.168.1.254
Subnet: 255.255.255.0
Static Route: 192.168.1.1

comp 1 in vlan 2

Ip: 192.168.2.10
subnet mask: 255.255.255.0
gateway: 192.168.2.254
dns: 192.168.1.1

comp 2 in vlan 3
 
Ip: 192.168.3.10
subnet mask: 255.255.255.0
gateway: 192.168.3.254
dns: 192.168.1.1

Looking at the statement above, and the settings, from a computer configured in VLAN 3, I can ping computers in VLAN 2 and VLAN 1, and the 192.168.1.1 address. From a computer configured for VLAN 2, I can ping computers in VLAN 1, and the 192.168.1.1 address. I can also access websites from any computer in any VLAN now. If I ping from VLAN 1, I cannot ping a computer configured for VLAN 2 or VLAN 3. If I ping a computer configured located in VLAN 3 from VLAN 2 I get no response either. With a ping, I can hit computers going from
VLAN 3 -> VLAN 2 -> VLAN 1 (I referred to this as downard), but not, VLAN 1 -> VLAN 2 -> VLAN 3 (I referred to this downward)  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34223001
O.K. You mean up because 3 is greater than 2 and 1, and down because 1 is less than 2 and 3.  There is no up or down.  You could have numbered the VLANs in the opposite order (meaning VLAN 1 is 192.168.3.0).  Sothere is no "up" or "down." So:

   VLAN 1 can NOT ping VLAN 2 and 3
   VLAN 2 can ping VLAN 1 but can NOT ping VLAN 3
   VLAN 3 can not ping VLAN 1 or 2.

From the 4500 can you ping computers in VLAN 1, 2, and 3?

From a computer in VLAN 2 can you ping 192.168.2.254 and/or 192.168.1.254?

From a computer in VLAN 3 can you ping 192.168.3.254 and/or 192.168.1.254?
0
 

Author Comment

by:heydude
ID: 34227740
giltjr,

I appreciate your help, so far things seem to be working. I am able to ping all ip addresses from all vlans. I haven't had a chance to test yet, but if I wanted to add a server to VLAN 1 for everyone on all VLAN's to access, then 1 server on VLAN2 just for them, and 1 server on VLAN 3 just for them to access, is there anything that I would have to do to make that happen? I figure a server on VLAN 2 should be able to be accessed by VLAN 2 by default, and a server on VLAN 3 should be able to be accessed by VLAN 3 by default because they are in the same VLAN, the server on VLAN 1 being accessed by VLAN 2 and VLAN 3, I am not sure about?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34230060
A server is really nothing but another computer.  So if you can ping any computer from any other computer, no matter what VLAN it is on, then you will be able to add another computer to VLAN 1 and all other computer will be able to access it.
0
 

Author Closing Comment

by:heydude
ID: 34234620
Thank you for your help
0

Featured Post

Flexible connectivity for any environment

The KE6900 series can extend and deploy computers with high definition displays across multiple stations in a variety of applications that suit any environment. Expand computer use to stations across multiple rooms with dynamic access.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Join Greg Farro and Ethan Banks from Packet Pushers (http://packetpushers.net/podcast/podcasts/pq-show-93-smart-network-monitoring-paessler-sponsored/) and Greg Ross from Paessler (https://www.paessler.com/prtg) for a discussion about smart network …
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question