jrobinsonvls
asked on
InterVLAN Routing on 3com 2900 Series
I've read a few other posts on this, and unfortunately none have been able to get me to where I need to be.
I need to implement VLANs for my development network, inter-office VOIP, and departments. For my test I've got VLAN1,2,11. I'm working with managed routers from AT&T, and it could be a little of what is causing my issues, as I'm trying to clean up some work that was left by a former admin. All switches are 3com 2900 series.
Ideally, I want to seperate the major components on my network with the VLANs. It's most important for us at the moment, because we need to apply QoS to the phones, and to do it I need them off on their own.
I've created VLAN1,2,11 on all of my switches. I've assigned the ports connecting those switches as tagged hybrids. I have two test machines plugged into the first switch, port 11 untagged as VLAN2 and port 9 untagged as VLAN11. Neither port 9 or 11 are members of VLAN1. I have created VLAN interfaces as follows:
VLAN1interface - 10.1.1.10/24
VLAN2interface - 10.1.2.1/24
VLAN11Interface - 10.1.11.1/24
VLAN2 & VLAN 11 Device:
CAN
A VLAN1 device cannot ping anything on 2 or 11, including the interfaces with the DGW currently in place. A VLAN1 device with an address of 10.1.1.108/24 WILL Ping the interfaces of VLAN2 and 11 if the DGW is set to 10.1.1.10, but will not go any further. When I have tried to change the VLAN1 interface to 10.1.1.1, I lose connection to my server subnet of 10.1.0.0/24.
Advice is appreciated, as I have a second site that has the exact phone system connected via the PNT, and we need to do the same there. ATT is waiting to implement CoS across the WAN once we have the addressing and VLANs down.
I need to implement VLANs for my development network, inter-office VOIP, and departments. For my test I've got VLAN1,2,11. I'm working with managed routers from AT&T, and it could be a little of what is causing my issues, as I'm trying to clean up some work that was left by a former admin. All switches are 3com 2900 series.
Ideally, I want to seperate the major components on my network with the VLANs. It's most important for us at the moment, because we need to apply QoS to the phones, and to do it I need them off on their own.
I've created VLAN1,2,11 on all of my switches. I've assigned the ports connecting those switches as tagged hybrids. I have two test machines plugged into the first switch, port 11 untagged as VLAN2 and port 9 untagged as VLAN11. Neither port 9 or 11 are members of VLAN1. I have created VLAN interfaces as follows:
VLAN1interface - 10.1.1.10/24
VLAN2interface - 10.1.2.1/24
VLAN11Interface - 10.1.11.1/24
VLAN2 & VLAN 11 Device:
CAN
Ping its gateway 10.1.2.1 for VLAN2 and 11.1 for VLAN11
Receive it's IP via DHCP from 10.1.0.104 DHCP server
CANNOTReceive it's IP via DHCP from 10.1.0.104 DHCP server
Access or Ping anything beyond its VLAN - including the DHCP server it contacted for address
A VLAN1 device cannot ping anything on 2 or 11, including the interfaces with the DGW currently in place. A VLAN1 device with an address of 10.1.1.108/24 WILL Ping the interfaces of VLAN2 and 11 if the DGW is set to 10.1.1.10, but will not go any further. When I have tried to change the VLAN1 interface to 10.1.1.1, I lose connection to my server subnet of 10.1.0.0/24.
Advice is appreciated, as I have a second site that has the exact phone system connected via the PNT, and we need to do the same there. ATT is waiting to implement CoS across the WAN once we have the addressing and VLANs down.
Soulja
Which switch in your diag is handling the vlan routing? You don't note that in the diag. Have you insured that you are trunking all of the vlans? Addionally, why are you running two different subnets in vlan 1?
ASKER
The first switch is handling the vlan routing at the moment Soulja. At this point the trunking I don't THINK would be the issue, as I've got all of the devices in question on the same physical switch for testing.
As for the two subnets in VLAN1, up until two weeks ago we weren't using VLANs at all. The previous netadmin was running everything on PVID1. The ATT Router was being used to route between the 2 subnets, and as I'm reading it they've also put a route in there that allows it to route the entire /16 as well. In my head, it makes more sense to pull the routing off the ATT box and back onto the switches, but I'm not sure what effects it will have on the network as it is functioning now.
As for the two subnets in VLAN1, up until two weeks ago we weren't using VLANs at all. The previous netadmin was running everything on PVID1. The ATT Router was being used to route between the 2 subnets, and as I'm reading it they've also put a route in there that allows it to route the entire /16 as well. In my head, it makes more sense to pull the routing off the ATT box and back onto the switches, but I'm not sure what effects it will have on the network as it is functioning now.
Yes, I would pull the vlan routing off of the att router. The ATT router should just handle routing to/from the WAN.
If the router is still set up for routing, it could possibly be interferring with your routing on your L3 switch.
I also noticed in your diag that the default gateways for the vlan 1 devices are not pointing to the vlan 1 interface on the switch. If they are still pointing to your att router, that is the issue. The att router doesn't know how to get to your new vlans.
ASKER
Soulja
Are you saying that if I add another VLAN in to take the servers, add the interface, and THEN ask ATT to remove the routes from their router then I should start functioning normally?
Please understand my hesitation, because from the majority of my users prospective, the network "works" right now... if the change takes us down, there will be other issues that I'll have to deal with as well :)
Are you saying that if I add another VLAN in to take the servers, add the interface, and THEN ask ATT to remove the routes from their router then I should start functioning normally?
Please understand my hesitation, because from the majority of my users prospective, the network "works" right now... if the change takes us down, there will be other issues that I'll have to deal with as well :)
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
I see what you're saying, but what I was getting at with the other VLAN for the servers was to break them off on their own so that I'm conforming to a standard of 1 subnet per VLAN (sort of the OCD in me I guess.)
The ATT router does sit on VLAN1, so I'll submit the ticket for them to add the routes. And since ATT runs on their own time, it might be a day or so before they get them added... so standby while I set the cogs in motion.
The ATT router does sit on VLAN1, so I'll submit the ticket for them to add the routes. And since ATT runs on their own time, it might be a day or so before they get them added... so standby while I set the cogs in motion.
Yes, you are correct. You can set up another vlan. I would if I were you. Maybe vlan 3 or something. Then create a vlan interface for vlan 3 and point those devices to it.