Comware

 View Only

  • 1.  2650 VLAN Problem

    Posted May 18, 2007 12:40 AM
    Hi ,
    first of all im not an experienced user nor i didnt use these switches before.
    Ill try to explain my problem
    I have 3 2650 stacked together.Also i created 3 VLans as ,
    Default_Vlan 192.168.1.0/24
    Prod_vlan 192.168.2.0/24
    Guest_vlan. 192.168.3.0/24

    what i want to do is separate all vlans so they shouldnt interfere eachother.But i have 1 computer in Default_vlan (port 17) that should communicate with Prod_vlan.
    that's all ,Simple
    But i couldnt manage it worked.

    I did the following to archieve in all switches,
    -Linked switches on ports 49,50
    -stacked them
    -created Two additional Vlans (Prod,Guest)
    -untagged 49,50 on DEFAULT_VAN,tagged all other
    -untagged the ports in Default_VLAN that should be in Default_vlan ,no to all other ports
    -untagged the ports in Prod_vlan that should be in prod_vlan ,no to all other ports
    -untagged the ports in guest_vlan that should be in guest_vlan ,no to all other ports.
    - untagged port 17 on default_vlan,tagged 17 in Prod_vlan,no to Guest_vlan

    All ports separated correctly but i couldnt manage to port 17 work on default_vlan and prod_vlan at the same time.

    I also try to make ip routing enabled but it didnt workedout too.

    I am missing something or many thing.
    I hope i can explain
    Thnx



  • 2.  RE: 2650 VLAN Problem

    Posted May 19, 2007 09:06 PM
    A host does not understand the tagged traffic for 'Prod_VLAN' so that is why it is not working, it cannot be physically a member of two different VLANs so its traffic will need to be routed.

    What is the default gateways of your hosts in each VLAN? If IP routing is enabled, then all that needs to happen is for IP addresses to be assigned to the VLANs and hosts have their default gateway defined as their respective VLAN address (virtual router address).

    Also make sure the management VLAN is not defined for any of these VLANs as this disables routing of non-management traffic.


  • 3.  RE: 2650 VLAN Problem

    Posted May 22, 2007 12:23 AM
    Additionally host has a 802.1Q compilant interface on it and QOS tagging enabled.
    Also i didnt set default gateway because host and the members of Prod_vlan are in the same switch.
    my conf is like


    hostname "jcstack-03"
    interface 47
    no lacp
    exit
    snmp-server community "public" Unrestricted
    snmp-server host 192.168.1.31 "public"
    vlan 1
    name "DEFAULT_VLAN"
    untagged 2,5-6,10,14-17,19-20,22-24,30-31,35,37-50
    ip address 192.168.1.254 255.255.255.0
    no untagged 1,3-4,7-9,11-13,18,21,25-29,32-34,36
    exit
    vlan 2
    name "PROD"
    untagged 25-29
    no ip address
    tagged 17,49-50
    exit
    vlan 3
    name "GUEST"
    untagged 1,3-4,7-9,11-13,18,21,32-34,36
    tagged 39,49-50
    exit
    stack join 0019bb6a4100

    Thnx


  • 4.  RE: 2650 VLAN Problem

    Posted May 22, 2007 08:44 AM
    Ok I am assuming the host on port 17 has an ip address in the 192.168.1.0/24 range?

    If this is the case I believe what is happening is the hosts in "Prod_VLAN" are not able to see it because the traffic is not being routed.

    "Prod_VLAN" has no ip address so routing is not enabled for this VLAN.


  • 5.  RE: 2650 VLAN Problem

    Posted May 23, 2007 12:00 AM
    Yes the host is on 192.168.1.0/25 subnet

    After a few tryouts i managed to ping prod_vlan
    what i did is ;
    -set ip address 192.168.1.x/24 for default_vlan
    -set ip address 192.168.2.x/24 for prod_vlan
    -enabled ip routing.
    -set the default gateway of the host(at 17) to default_vlan ip.

    I amanged to ping to both side.
    But the thing is when i do the conf above i could ping one of the host in prod_vlan from one host from default_vlan even its not tagged at all.

    also when i set the gw to host it didnt route to internet gw because there is no roure for internet.

    I ll try different settings and i ll let you know if i can succeed.


  • 6.  RE: 2650 VLAN Problem

    Posted May 31, 2007 12:06 AM
    Ok here is my config ,

    Startup configuration:

    ; J4899B Configuration Editor; Created on release #H.10.31

    hostname "jcstack-03"

    ip default-gateway 192.168.1.254
    ip routing
    snmp-server community "public" Unrestricted
    snmp-server host 192.168.1.31 "public"
    vlan 1
    name "DEFAULT_VLAN"
    untagged 2,5-6,10,14-17,19-20,22-24,30-31,35,37-38,40-50
    ip address 192.168.1.254 255.255.255.0
    no untagged 1,3-4,7-9,11-13,18,21,25-29,32-34,36,39
    ip proxy-arp
    exit
    vlan 2
    name "PROD"
    untagged 25-29
    ip address 192.168.2.254 255.255.255.0
    tagged 17,49-50
    ip proxy-arp
    exit
    vlan 3
    name "GUEST"
    untagged 1,3-4,7-9,11-13,18,21,32-34,36,39
    ip address 192.168.3.254 255.255.255.0
    tagged 49-50
    ip proxy-arp
    exit
    stack join 0019bb6a4100

    All the hosts on prod_vlan (25-29) has dg 192.168.2.254 and host 17 has dg 192.168.1.254
    i can ping from 17 to any host on Defaut_vlan or prod_vlan.But other than ICMP doesnt work for prod_vlan.
    Also any host on any vlan can ping if i change its Dg to its vlan ip.
    I just want to separate all vlans except Host 17 it needs be in default_vlan and Prod_vlan at the same time.
    Helps are very welcome .Thnx


  • 7.  RE: 2650 VLAN Problem

    Posted May 31, 2007 05:09 AM
    Would it be possible to use a second NIC on the server and have it physically present on both VLANs?

    On the 2600 series they do not have access control lists to allow traffic filtering by IP.


  • 8.  RE: 2650 VLAN Problem

    Posted May 31, 2007 05:42 AM
    The host actually is not a server.Its kind of a station that should be connected to both vlans.
    Anyway if i need to some kind of feature to do separation of vlans that wont work with that conf.
    I am also could't reach host on port 17 from port 25.
    Only icmp seems working.


Related Content