Solved

Vlan setup

Posted on 2010-11-21
15
810 Views
Last Modified: 2012-06-21
I am looking to setup a couple of vlan's, and I am just not getting it. I have one 3com 4500 48 port switch, and I want to setup 3 Vlan's on it. Vlan Group 1, Vlan Group 2, and Vlan Group 3. I have 2 servers,and a cable Internet connection I will need all 3 groups to be able to access, then each group will have one server that only their group will need to access on their Vlan. There will be about 5 or 6 computers in each group. Currently 1 switch is all I have, eventually I made need to add another. If you have IP addressing ideas that would work best for this setup, etc.. I am all for it. I can can change whatever settings I need to. Looking for straitforward answer, steps, information to get setup.

Thank you very much for your help!
0
Comment
Question by:heydude
  • 8
  • 6
15 Comments
 
LVL 57

Expert Comment

by:giltjr
ID: 34187418
0
 
LVL 12

Expert Comment

by:atrevido
ID: 34191465
That article should get you going as giltjr posted
REgarding IP addressing scheme, I'm a firm believer in keep it simple

3 VLANS - Class C /24 subnets

VLAN 1 - 10.0.1.x
VLAN 2 - 10.0.2.x
VLAN 3 - 10.0.3.x

You don't mention a router here but your switch does do dynamic routing, so make sure the switches default gateway on VLAN 1 is the cable modem.

No problems with adding another switch, the only trick would be to ensure your uplink or "trunk" port between switch1 and switch 2 is tagged with all VLANs so they can traverse the link
0
 

Author Comment

by:heydude
ID: 34193743
Sorry, but I am just not getting it. I have 3 vlan's setup, Vlan1 the default, vlan 2, and vlan 3.
Vlan 1 = 192.168.1.1
Vlan 2 = 192.168.2.1
vlan 3 = 192.168.3.1

My cable modem has an internal ip of 192.168.1.254
Vlan 1 has all ports except the ports configured for vlan 2 and vlan 3 below
Vlan 2 is ports 5,6,7,8,9, and 10
Vlan 3 is ports 10,11,12,13,14,and 15

I'm not sure what my next steps are?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34195909
What's not working?

Do you have at least 1 computer on each VLAN?  If so can they all ping each other?

My guess is that computers on VLAN 2 and 3 can't access the Internet.  What you need to do is configure your cable modem with routes to 192.168.2.0/24 and 192.168.3.0/24 (/24 netmask is 255.255.255.0).  The route should point to what ever IP address the 4500 has in VLAN 1.
0
 

Author Comment

by:heydude
ID: 34202066
The computer plugged into vlan 1 with the cable modem can get an ip address, and hit the internet. The computer plugged into vlan 2 or vlan 3, setup with a static ip address cannot hit the web, or a computer in the other vlan's? I will try your suggestion above and see if I can hit the web from the other vlan's.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34202109
On some L3 switches you need to enable IP routing.

When you have a computer connected to a port in VLAN2 (or 3) can you ping the router address for that VLAN?
0
 

Author Comment

by:heydude
ID: 34220913
I have to start from scratch, I got lost somewhere. I just cannot seem to get a grip on the VLAN thing. Ok, if I have the following setup on the switch:

3 vlan's setup, Vlan1 the default, vlan 2, and vlan 3.
Vlan 1 = interface ip address 192.168.1.254/255.255.255.0
Vlan 2 = interface ip address 192.168.2.254/255.255.255.0
vlan 3 = interface ip address 192.168.3.254/255.255.255.0

My cable modem is plugged into port 1 of the switch, and I configured a static route(ip route-static 0.0.0.0 0.0.0.0 192.168.1.1) on vlan 1 to the internal ip of my cable modem at 192.168.1.1/ 255.255.255.0
Vlan 1 has all ports except the ports configured for vlan 2 and vlan 3 below
Vlan 2 is ports 6,7,8,9, and 10
Vlan 3 is ports 12,13,14,15, and 16

A computer in vlan 3 can ping a computer in vlan 2, and a computer in vlan 1. A computer in vlan 2 can ping a computer in vlan 1. Computers in vlan1 can't ping vlan2  or vlan 3. Vlan 2 can't ping vlan 3.
I am unable to ping 192.168.1.1 from vlan 2 or vlan 3,  so I am unable to get on the Internet from vlan 2 or vlan 3. I can ping 192.168.1.1 from vlan 1.

When I did a ping test, I setup a computer in vlan 2 and vlan 3 with the following settings:

comp 1

Ip: 192.168.2.10
subnet mask: 255.255.255.0
gateway: 192.168.2.254
dns: 192.168.1.1

comp 2
 
Ip: 192.168.3.10
subnet mask: 255.255.255.0
gateway: 192.168.3.254
dns: 192.168.1.1
 
Hopefully that is not too confusing, I tried to put as much information as I could about the setup.

Thank you!

0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 

Author Comment

by:heydude
ID: 34220962
Ok, after I posted my last reply, I remembered the routing you had mentioned. I added routes from vlan 2 and vlan 3 to the 4500 address on my cable modem and I can now hit the web from either vlan, and I can hit the router IP now. I can ping downward, just can ping upward? Should I be able to do that? Hit vlan 1 and vlan 2 from vlan 3, hit vlan 1 from vlan 2, but can't hit vlan 2 or vlan 3 from vlan 1 or vlan 2?
0
 

Author Comment

by:heydude
ID: 34220988
I think part of my confusion was the fact that I guess the 4500 being layer 3, I didn't think I would need to add any routes on the modem. It would all be done on the switch.
0
 
LVL 57

Accepted Solution

by:
giltjr earned 500 total points
ID: 34222056
The 4500 is a layer 3 device and will do routing, however, the modem needs to know how to get back.  Think of this picture:


   PC1 - 192.168.1.99-------|-------|
   PC2 - 192.168.2.99-------|4500 |-------- (192.168.1.1) MODEM ------ Internet
   PC3 - 192.168.3.99-------|-------|
   

Now, when traffic from PC3 hits the 4500 the 4500 will know where to send it no matter where it needs to go.  Now if PC3 is going to something on the Internet the 4500 will route the traffic to the modem.  When the response comes back, the MODEM need to know where to send the traffic destine for 192.168.3.99.

By default the modem knows about VLAN1 (192.168.1.0/24) and its default route.  The default route points back to the Internet.  So without adding routes to the modem when the modem receives traffic that is going to 192.168.3.99 it will send it back to the Internet.


--> I can ping downward, just can ping upward?

I am not sure what you mean by ping downward or upward.  Can you be a bit more specific?  Like:

  192.168.1.10 can ping 192.168.2.10 and 192.168.3.10
  192.168.2.10 can ping 192.168.1.10 and 192.168.3.10 and 192.168.1.1
  192.168.3.10 can ping 192.168.1.10 and 192.168.2.10 and 192.168.1.1
  192.168.1.10 can ping hostX (where host X is on the Internet)
  192.168.2.10 can NOT ping hostX (where host X is on the Internet)
  192.168.3.10 can NOT ping hostX (where host X is on the Internet)
0
 

Author Comment

by:heydude
ID: 34222411
Ok, after I posted my last reply, I remembered the routing you had mentioned. I added routes from vlan 2 and vlan 3 to the 4500 address on my cable modem and I can now hit the web from either vlan, and I can hit the router IP now. I can ping downward, just can ping upward? Should I be able to do that? Hit vlan 1 and vlan 2 from vlan 3, hit vlan 1 from vlan 2, but can't hit vlan 2 or vlan 3 from vlan 1 or vlan 2?

Cable Modem
Ip address: 192.168.1.1
Subnet: 255.255.255.0

4500
Ip address: 192.168.1.254
Subnet: 255.255.255.0
Static Route: 192.168.1.1

comp 1 in vlan 2

Ip: 192.168.2.10
subnet mask: 255.255.255.0
gateway: 192.168.2.254
dns: 192.168.1.1

comp 2 in vlan 3
 
Ip: 192.168.3.10
subnet mask: 255.255.255.0
gateway: 192.168.3.254
dns: 192.168.1.1

Looking at the statement above, and the settings, from a computer configured in VLAN 3, I can ping computers in VLAN 2 and VLAN 1, and the 192.168.1.1 address. From a computer configured for VLAN 2, I can ping computers in VLAN 1, and the 192.168.1.1 address. I can also access websites from any computer in any VLAN now. If I ping from VLAN 1, I cannot ping a computer configured for VLAN 2 or VLAN 3. If I ping a computer configured located in VLAN 3 from VLAN 2 I get no response either. With a ping, I can hit computers going from
VLAN 3 -> VLAN 2 -> VLAN 1 (I referred to this as downard), but not, VLAN 1 -> VLAN 2 -> VLAN 3 (I referred to this downward)  
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34223001
O.K. You mean up because 3 is greater than 2 and 1, and down because 1 is less than 2 and 3.  There is no up or down.  You could have numbered the VLANs in the opposite order (meaning VLAN 1 is 192.168.3.0).  Sothere is no "up" or "down." So:

   VLAN 1 can NOT ping VLAN 2 and 3
   VLAN 2 can ping VLAN 1 but can NOT ping VLAN 3
   VLAN 3 can not ping VLAN 1 or 2.

From the 4500 can you ping computers in VLAN 1, 2, and 3?

From a computer in VLAN 2 can you ping 192.168.2.254 and/or 192.168.1.254?

From a computer in VLAN 3 can you ping 192.168.3.254 and/or 192.168.1.254?
0
 

Author Comment

by:heydude
ID: 34227740
giltjr,

I appreciate your help, so far things seem to be working. I am able to ping all ip addresses from all vlans. I haven't had a chance to test yet, but if I wanted to add a server to VLAN 1 for everyone on all VLAN's to access, then 1 server on VLAN2 just for them, and 1 server on VLAN 3 just for them to access, is there anything that I would have to do to make that happen? I figure a server on VLAN 2 should be able to be accessed by VLAN 2 by default, and a server on VLAN 3 should be able to be accessed by VLAN 3 by default because they are in the same VLAN, the server on VLAN 1 being accessed by VLAN 2 and VLAN 3, I am not sure about?
0
 
LVL 57

Expert Comment

by:giltjr
ID: 34230060
A server is really nothing but another computer.  So if you can ping any computer from any other computer, no matter what VLAN it is on, then you will be able to add another computer to VLAN 1 and all other computer will be able to access it.
0
 

Author Closing Comment

by:heydude
ID: 34234620
Thank you for your help
0

Featured Post

Give your grad a cloud of their own!

With up to 8TB of storage, give your favorite graduate their own personal cloud to centralize all their photos, videos and music in one safe place. They can save, sync and share all their stuff, and automatic photo backup helps free up space on their smartphone and tablet.

Join & Write a Comment

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now