Question

Locked

Router/Vlan/Internet Setup

By FloralHelp ·
Hi,

I have beeen using an SMC7901BRA (ADSL modem/router, single lan port) + SMC EZ6516TX 16-Port Switch very happily for a few years. At the moment, everyone can access the internet, and everyone can see each other. My boss wants to create three virtual lan groups (HR, Accounts, Store) for security reasons. However, he still want all of them to be able to access the internet, but not across the group. There is also an IP camera installed in the Store Area. The boss wants to view live images from this camera when he is out of the office.

Lately, someone handed me a 3COM 3300 24-Ports Layer 2 switch. Though an old model, the manual indicated that it can do great VLAN. However, it did not come with a Layer 3 Module. Scouring across the internet, many people in the know suggested setting up Static Routes. I checked that the SMC7901BRA has "static routes" as one of its features.

This is what I have tried so far... failed:

I connected one lan cable from the SMC7901 to the EZ6516TX. I connected 3 Lan cables from the EZ6516TX into the 3COM 3300 (Ports 2,6,10). Ports 2,3,4,5 is assigned Vlan2, Ports 6,7,8,9 is assignedVlan3 & Ports 10,11,12,13 is assignedVlan4. However, when I switch them on (apart from being able to access the internet, which is good), everyone from all the groups can see across to the other groups ..... is it because I did not use the static routes method?

All tips/helps appreciated.

This conversation is currently closed to new comments.

6 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Answers

Collapse -

Subnets

by PoBody In reply to Router/Vlan/Internet Setu ...

Hey,

So, to start off, you said the 3COM 3300 is layer 2 only and doesn't have a layer 3 module. This is fine, it just means that the switch itself wont route between vlans.

I'm not directly familiar with any of that hardware, but I'll do my best.

So, a few questions that may help in resolving the problem. Are you using different subnets among each of the three vlans? For instance vlan two gets the subnet of 192.168.2.0 while vlan three gets a subnet 192.168.3.0 and vlan four gets 192.168.4.0 . If you don't want routing between each vlan, then simply don't set it up in the router. Also, make sure the subnet masks are set as 255.255.255.0 .

The next question. What method does the 3COM use to configure vlans? For instance, tagging each port with the option of untagged, tagged, or no.

The last question. Why not use just 3COM switch? Depending on the vlan method the switch uses you can set up one port to trunk all vlans to the router. The middle switch could be whats causing the vlans to be able to see each other since it doesn't support vlans itself. I've never done this setup myself, but I don't see why you couldn't use just one switch.

Make sure you have each vlan using a different subnet, if so, just post up, I'll see what further help I can give.

Collapse -

Subnet - vlans

by FloralHelp In reply to Subnets

Thank you!

The 3Com firnware does not allow the VLAN to be segmented into different subnets, unfortunately.

This was all the I could do: Once I got into the admin, I created the three VLan names (vlan2,vlan3,vlan4) and exited out of the menu. Then I accessed the PORTS directly and assigned each port as either vlan1, vlan2 or vlan3.

Without the router coming into the picture, the three vlans seem to be "shielded" from each other, and the users are happy. The trouble started when the users wanted to use the broadband...

I am a bit confused as I did too many things, lost track of what I was doing. I think I tried connecting the router into PORT-2 of the 3Com, and only vlan2 users can access the internet. That was why I tried the SMC Switch method (and used 3 cables, which failed as well (as all can see each other)).

Later I tried to make all the other ports (2 ~ 24) belong to vlan1(which has all the while been reserved for Port-1), but the internet part did not work. I must have missed out something.

I am interested in your proposal on "one port to trunk all vlans to the router..". Could you elaborate on this? It seems like a very neat solution.

Collapse -

Trunk

by PoBody In reply to Subnet - vlans

Ok, so using one port to trunk all vlans to the router. I'm mostly familiar with Cisco hardware and a small amount of HP, in terms of networking equipment. So I'll try my best to describe it as I don't know any specific commands or configuration specifications to your hardware.

The idea of using one port to trunk all the vlans to the router is done by specifying the specific port as a trunk port with access to all the vlans. This can be done very very differently depending on hardware. For instance with Cisco you would tell the port to be trunk and to trunk either all vlans or just certain vlans. This is fairly straight forward. I mentioned HP earlier, and I did this because it is entirely different. In fact, the method does not use the term trunking at all; at least not the method I managed to get working.

In general, you need to give one port access to all the vlans, whichever method your switch uses. So, for instance, use port 1 for the router. You should only need to use a straight through lan cable, because its router to switch, but if this doesn't work it never hurts to try a cross over cable, though I don't think it will be needed. Moving on; you need to configure port 1 with access to all the vlans. So, if a vlan tagging method is used it would look like this.

Port vlan1 vlan2 vlan3 vlan4
1 untagged tagged tagged tagged
2 no tagged no no
3 no no tagged no
4 no no no tagged

Obviously this is just an example, you'll have different ports assigned to each vlan. Your configuration may be nothing like this, but what I'm trying to get at is giving the port the router is plugged into access to all the vlans; this way all vlan traffic will flow through.

As for subnets, this is something that would most likely be configured in the router. Since your router isn't directly designed for vlans, the static routes could be used to route internet traffic to all the vlans using different subnets. The problem is that since it doesn't support vlans it most likely wouldn't support DHCP for different subnets. The problem with static routes is that it could become more work than its worth.

See if you can set up the network to this point; remember, router on port 1, or any other port, with access to all vlans, and sort out the ports how you will. Do this without any subnet differences and post up how it works. Just try and take it one step at a time. After you do this, try making some changes that make sense to you, the best way to learn is to give it a try. You can't mess anything up too bad, if so, just undo it. Good luck, post up with how this works and any other questions, I'll be glad to help.

Collapse -

a very similar case trunk firewall

by eeedison In reply to Trunk

I have a pix a local lAN 192... I was asked to create a VLAN.. and this VLAN is also supposed to be able to route via the FW.
I created the interface on the Firewall, ON a separate cisco Switch I created 2 vlans.
I also use port6 as a trunk port that is supposed to allow all VLANS to transmit/rec.

Here is the problem. One of the VLAN in the Switch, is in the same network as the IP of the Firewall. The FW has been plugged to the port 6 (trunking port)

However, I cant ping the FW from a PC in the same VLAN. Do I need Gateway? Do I need static routes? I have googled for a week searching for this answer, Nothing yet.. Any help is greatly appreciated.

ED

Collapse -

Working on the Vlan...still

by FloralHelp In reply to Trunk

Hi PoBody,

Sorry for the late reply. I was caught up with something & the boss decided to make do with what we had. But now, I have to come back to this issue as it is now required. I will find some time to setup what you have proposed.

Appreciate your generous tips & will let you know once I get it up.

Back to Software Forum
6 total posts (Page 1 of 1)  

Related Discussions

Related Forums