Hi,
I have two 6250 switch.
I need to define diff port having diff ip subnet ....So, all the IP subnet is seperated and cannot
communicate to each other
But I also need to have one zone which port/IP subnet can communicate to all other IP subnet
in the switch .That mean ALL other IP subnet can communicate to this IP subnet and this IP subnet
can communicate to all other IP subnet in the switch
I also need another zone that port/IP subnet can access other IP subnet in the switch.
BUt aLL other IP subnet cannot access to this IP subnet reversely .
One more question
How can I limit the port bandwidth ?? For example , If I want to limit the port with in/out bandwidth 70M only.
How can I config in the switch ???
Please advise how I can do it in detailed and please provide some example
create zone /ip subnet only allow access to outside
-
chuikingman
Re: create zone /ip subnet only allow access to outside
Hi,
I try ( follow all I know) but not work
I use vlan 1 ( ip interface 10.1.9.248/16) as default network and the switch will connect to the local physical network with ip 10.1.0.0/16 GW 10.1.1.249. The switch can ping to 10.1.1.249. It is ok .
I create port 1/23 with vlan 11 .. ip interface 11.1.9.249/16 …
I connect a PC to 1/23 . I want this PC can reach 10.1.1.249 GW
How can I do it ??? Please advise
-> show ip route
+ = Equal cost multipath routes
* = BFD Enabled static route
Total 5 routes
Dest Address Subnet Mask Gateway Addr Age Protocol
------------------+-----------------+-----------------+---------+-----------
0.0.0.0 0.0.0.0 10.1.1.249 01:00:58 NETMGMT
10.1.0.0 255.255.0.0 10.1.9.248 01:00:58 LOCAL
10.1.9.235 255.255.255.255 10.1.9.235 9d 2h LOCAL
11.1.0.0 255.255.0.0 11.1.9.249 00:08:03 LOCAL
127.0.0.1 255.255.255.255 127.0.0.1 26d18h LOCAL
-> show ip interface
Total 6 interfaces
Name IP Address Subnet Mask Status Forward Device
--------------------------------+---------------+---------------+------+-------+----------------------------------------------------
Loopback 127.0.0.1 255.0.0.0 UP NO Loopback
Loopback0 10.1.9.235 255.255.255.255 UP YES Loopback0
vlan1 10.1.9.248 255.255.0.0 UP YES vlan 1
vlan11 11.1.9.249 255.255.0.0 UP YES vlan 11
vlan2 10.9.0.248 255.255.0.0 DOWN NO vlan 2
vlan3 11.2.9.249 255.255.0.0 DOWN NO vlan 3
-> show vlan port
vlan port type status
------+-------+---------+-------------
1 1/1 default forwarding
1 1/2 default inactive
1 1/3 default inactive
1 1/4 default inactive
1 1/5 default forwarding
1 1/6 default inactive
1 1/7 default forwarding
1 1/8 default inactive
1 1/9 default forwarding
1 1/10 default inactive
1 1/11 default inactive
1 1/12 default inactive
1 1/16 default inactive
1 1/17 default inactive
1 1/18 default inactive
1 1/19 default inactive
1 1/20 default inactive
1 1/21 default inactive
1 1/22 default inactive
1 1/24 default inactive
2 1/13 default inactive
2 1/14 default inactive
2 1/15 default inactive
2 1/22 qtagged inactive
11 1/23 default forwarding
->
I try ( follow all I know) but not work
I use vlan 1 ( ip interface 10.1.9.248/16) as default network and the switch will connect to the local physical network with ip 10.1.0.0/16 GW 10.1.1.249. The switch can ping to 10.1.1.249. It is ok .
I create port 1/23 with vlan 11 .. ip interface 11.1.9.249/16 …
I connect a PC to 1/23 . I want this PC can reach 10.1.1.249 GW
How can I do it ??? Please advise
-> show ip route
+ = Equal cost multipath routes
* = BFD Enabled static route
Total 5 routes
Dest Address Subnet Mask Gateway Addr Age Protocol
------------------+-----------------+-----------------+---------+-----------
0.0.0.0 0.0.0.0 10.1.1.249 01:00:58 NETMGMT
10.1.0.0 255.255.0.0 10.1.9.248 01:00:58 LOCAL
10.1.9.235 255.255.255.255 10.1.9.235 9d 2h LOCAL
11.1.0.0 255.255.0.0 11.1.9.249 00:08:03 LOCAL
127.0.0.1 255.255.255.255 127.0.0.1 26d18h LOCAL
-> show ip interface
Total 6 interfaces
Name IP Address Subnet Mask Status Forward Device
--------------------------------+---------------+---------------+------+-------+----------------------------------------------------
Loopback 127.0.0.1 255.0.0.0 UP NO Loopback
Loopback0 10.1.9.235 255.255.255.255 UP YES Loopback0
vlan1 10.1.9.248 255.255.0.0 UP YES vlan 1
vlan11 11.1.9.249 255.255.0.0 UP YES vlan 11
vlan2 10.9.0.248 255.255.0.0 DOWN NO vlan 2
vlan3 11.2.9.249 255.255.0.0 DOWN NO vlan 3
-> show vlan port
vlan port type status
------+-------+---------+-------------
1 1/1 default forwarding
1 1/2 default inactive
1 1/3 default inactive
1 1/4 default inactive
1 1/5 default forwarding
1 1/6 default inactive
1 1/7 default forwarding
1 1/8 default inactive
1 1/9 default forwarding
1 1/10 default inactive
1 1/11 default inactive
1 1/12 default inactive
1 1/16 default inactive
1 1/17 default inactive
1 1/18 default inactive
1 1/19 default inactive
1 1/20 default inactive
1 1/21 default inactive
1 1/22 default inactive
1 1/24 default inactive
2 1/13 default inactive
2 1/14 default inactive
2 1/15 default inactive
2 1/22 qtagged inactive
11 1/23 default forwarding
->
-
chuikingman
Re: create zone /ip subnet only allow access to outside
HI,
Any config example for " intervlan routing " in omni switch ??? Please advise ....
Thank
Any config example for " intervlan routing " in omni switch ??? Please advise ....
Thank
-
devnull
Re: create zone /ip subnet only allow access to outside
Creating an IP Interface for the VLAN is enough..
therefore in your example a PC on Port 1/23 with an IP address out of 11.1.0.0/16 and the default gateway 11.1.9.249 Should be able to reach the vlan 1 IP of the switch (10.1.9.248)
10.1.9.249 is some device "behind" vlan 1? This device need of course either a default route (which is probably bad as you are pointing a default route back) towards the Alcatel switch OR a route for 11.1.0.0/16 towards 10.1.9.248.
Did not understand you zone thing and a 1 vlan can communicate but others don't sound like a setup for a firewall as switch acls (in my opinion) is a pain in the a**)
therefore in your example a PC on Port 1/23 with an IP address out of 11.1.0.0/16 and the default gateway 11.1.9.249 Should be able to reach the vlan 1 IP of the switch (10.1.9.248)
10.1.9.249 is some device "behind" vlan 1? This device need of course either a default route (which is probably bad as you are pointing a default route back) towards the Alcatel switch OR a route for 11.1.0.0/16 towards 10.1.9.248.
Did not understand you zone thing and a 1 vlan can communicate but others don't sound like a setup for a firewall as switch acls (in my opinion) is a pain in the a**)
-
chuikingman
Re: create zone /ip subnet only allow access to outside
Hi,
I do not understand .
In vlan 11 , there is ip interface 11.1.9.249/16
in vlan 1 there is ip interface 10.1.9.248/16 that is a existing PC network 10.1.0.0/16 with GW 10.1.1.249 and DNS 10.1.1.2
I already add static routing 0.0.0.0/0 GW 10.1.1.249 .
So, from my view, PC connect to VLAN 11 with IP 11.1.X.X can ping/connect to 10.1.1.249 (external GW) ...
Is it right ??
But in fact , i find I cannot ping from vlan 11 to 10.1.1.249 . I can only ping to 10.1.9.248 only ...
Please advise what can I do and config ???
I do not understand .
In vlan 11 , there is ip interface 11.1.9.249/16
in vlan 1 there is ip interface 10.1.9.248/16 that is a existing PC network 10.1.0.0/16 with GW 10.1.1.249 and DNS 10.1.1.2
I already add static routing 0.0.0.0/0 GW 10.1.1.249 .
So, from my view, PC connect to VLAN 11 with IP 11.1.X.X can ping/connect to 10.1.1.249 (external GW) ...
Is it right ??
But in fact , i find I cannot ping from vlan 11 to 10.1.1.249 . I can only ping to 10.1.9.248 only ...
Please advise what can I do and config ???
-
devnull
Re: create zone /ip subnet only allow access to outside
Do a drawing.
Insert Routes / configured Default Gateways.
Your external Gateway needs to know a way (route) towards network vlan 11(11.1.0.0/16) pointing to 10.1.1.248
Both "ends" need to know where they need to send the packets for a target. Only entering a default gateway on the alcatel side (config above) is not enough.
Insert Routes / configured Default Gateways.
Your external Gateway needs to know a way (route) towards network vlan 11(11.1.0.0/16) pointing to 10.1.1.248
Both "ends" need to know where they need to send the packets for a target. Only entering a default gateway on the alcatel side (config above) is not enough.
-
chuikingman
Re: create zone /ip subnet only allow access to outside
I attach the diagram.
Please advise how I can config , allow vlan 11 ping and access to 10.1.1.249 that is connect to vlan 1 ....
Please advise how I can config , allow vlan 11 ping and access to 10.1.1.249 that is connect to vlan 1 ....
You do not have the required permissions to view the files attached to this post.
-
devnull
Re: create zone /ip subnet only allow access to outside
What is the routing table of 10.1.1.249?
Can you ping from PC to 10.1.9.248 (that should work)
You need a route for 11.1.0.0/16 pointing to 10.1.9.248 entered on 10.1.1.249.
Can you ping from PC to 10.1.9.248 (that should work)
You need a route for 11.1.0.0/16 pointing to 10.1.9.248 entered on 10.1.1.249.
