Hello there!
I'm new to alcatel switches and I cannot figure out a probably rather simple problem: I'd like to have a port in more than one VLAN without tagging.
* I have two VLANs, Vlan50 and Vlan107.
* Port 1 is default Vlan to Vlan50
* Port 2 is default VLan to VLan107
Now I would like to have Port 23 in both Vlans (untagged) so that traffic can go from Port 1 to Port 23 and from Port 2 to Port 23, but not from Port 1 to Port 2.
I tried this with port mobility, assigned Port 23 as default to Vlan 50 and additionally to Vlan 107, but this got me nowhere.
Any help would be appreciated, thanks in andvance,
Frank
Port as member of multiple VLANs
-
devnull
Re: Port as member of multiple VLANs
You can't.
The problem is that the switch can't differentiate between both vlans, hence has a problem when forwarding untagged traffic to an uplink: should the traffic put in 50 or 107?
You could just bridge (e.g. using a external hair-pin cable) traffic of 107 to 50, but frankly: don't be that man!
normally such wishes result of a misunderstanding.
So why do you think you need both vlans untagged?
The problem is that the switch can't differentiate between both vlans, hence has a problem when forwarding untagged traffic to an uplink: should the traffic put in 50 or 107?
You could just bridge (e.g. using a external hair-pin cable) traffic of 107 to 50, but frankly: don't be that man!
normally such wishes result of a misunderstanding.
So why do you think you need both vlans untagged?
-
ironiemix
Re: Port as member of multiple VLANs
Hi,
thanks for your answer.
So I want to achieve the following Situation
Server Firewall
10.32.1.1/24 10.32.1.254
| |
| |
| |
Switch OS 6540
10.32.1.253 IP VLAN 11
10.32.2.254 IP VLAN 22
10.32.3.254 IP VLAN 33
| |
| |
Lan Segment 1 Lan Segment 2
10.32.2.x/24 10.32.3.x/24
* All Clients in both subnets should be able to access the server and the internet (via firewall)
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
The topic now doesn't match anymore, but any hints or example configs for me to work with to improve ma understandig would be great.
Frank
thanks for your answer.
Thats for shure in my case... I got to achieve a seperation of my network in different Vlans on Level 3. I managed to solve the problem with a cisco switch and no I am trying to port that to my Alcatel 6540. This for shure is not complicated, but I'm just learning...normally such wishes result of a misunderstanding.
So I want to achieve the following Situation
Server Firewall
10.32.1.1/24 10.32.1.254
| |
| |
| |
Switch OS 6540
10.32.1.253 IP VLAN 11
10.32.2.254 IP VLAN 22
10.32.3.254 IP VLAN 33
| |
| |
Lan Segment 1 Lan Segment 2
10.32.2.x/24 10.32.3.x/24
* All Clients in both subnets should be able to access the server and the internet (via firewall)
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
The topic now doesn't match anymore, but any hints or example configs for me to work with to improve ma understandig would be great.
Frank
-
rekeds
Re: Port as member of multiple VLANs
were you able to use two untagged vlans on the same port with other equipment?
-
ironiemix
Re: Port as member of multiple VLANs
Hi,
I think so... On a cisco SG300 I could set the "VLAN Mode" for a port to "General", after that I was able to assign this Port to more then one VLan without tagging.were you able to use two untagged vlans on the same port with other equipment?
-
devnull
Re: Port as member of multiple VLANs
Why do you need the "general" setting on the SG300?
It should work perfectly fine if you just tag the vlans on the link between 6450 and sg300
Alcatel side:
vlan 11 802.1q 1/X
vlan 22 802.1q 1/X
vlan 33 802.1q 1/X
Cisco Side:
switchport mode trunk
switchport trunk allowed vlan 11,22,33
For the access ports in different vlans on sg300 side use
switchport mode access
switchport access vlan [11 or 22 or 33]
now a PC that is access vlan 11 on sg300 must be able to ping the ip of the 6450. If the PC has set the 6450 as Default Gateway it should be able to ping the other interfaces of the 6450 as well. If you have a PC in vlan 11 and one in 22 both having the apropriate vlan IP as Default Gateway 10.32.1.253 for VLAN 11
10.32.2.254 for VLAN 22
They should be able to ping each other (Windows Firewall permitting of course)
For General mode i refer to the last message of https://community.linksys.com/t5/Switch ... d-p/161352 - quite old but completly correct.
It should work perfectly fine if you just tag the vlans on the link between 6450 and sg300
Alcatel side:
vlan 11 802.1q 1/X
vlan 22 802.1q 1/X
vlan 33 802.1q 1/X
Cisco Side:
switchport mode trunk
switchport trunk allowed vlan 11,22,33
For the access ports in different vlans on sg300 side use
switchport mode access
switchport access vlan [11 or 22 or 33]
now a PC that is access vlan 11 on sg300 must be able to ping the ip of the 6450. If the PC has set the 6450 as Default Gateway it should be able to ping the other interfaces of the 6450 as well. If you have a PC in vlan 11 and one in 22 both having the apropriate vlan IP as Default Gateway 10.32.1.253 for VLAN 11
10.32.2.254 for VLAN 22
They should be able to ping each other (Windows Firewall permitting of course)
For General mode i refer to the last message of https://community.linksys.com/t5/Switch ... d-p/161352 - quite old but completly correct.
-
ironiemix
Re: Port as member of multiple VLANs
Hi,
I'm sorry, this is a misunderstanding: I don't want to have the Cisco and the Alcatel together in one net, I want to accomplish the seperated subnets with one on them. (I took the cisco for testing because there is a howto for it - only in german: http://www.linuxmuster.net/wiki/dokumen ... g:l3switch) For testing I had the cisco, at my school we have alcatels, so I have to recreate the seperated subnets with the alcatel. The way to more switches with tagged vlans on uplinks I can handle, I only dont understand the Layer 3 funcionality on the core switch.
* All Clients in both subnets should be able to access the server and the internet (via firewall)
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
* All Clients in both subnets should be able to access the server and the internet (via firewall)
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
Frank
I'm sorry, this is a misunderstanding: I don't want to have the Cisco and the Alcatel together in one net, I want to accomplish the seperated subnets with one on them. (I took the cisco for testing because there is a howto for it - only in german: http://www.linuxmuster.net/wiki/dokumen ... g:l3switch) For testing I had the cisco, at my school we have alcatels, so I have to recreate the seperated subnets with the alcatel. The way to more switches with tagged vlans on uplinks I can handle, I only dont understand the Layer 3 funcionality on the core switch.
Code: Select all
So I want to achieve the following Situation
Server Firewall
10.32.1.1/24 10.32.1.254
| |
| _________
| |
Switch OS 6540
10.32.1.253 IP VLAN 11
10.32.2.254 IP VLAN 22
10.32.3.254 IP VLAN 33
| |_______
| |
Lan Segment 1 Lan Segment 2
10.32.2.x/24 10.32.3.x/24
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
* All Clients in both subnets should be able to access the server and the internet (via firewall)
* Clients from Segment 1 should not be able to contact clients in Segment 2
* The server runs a DHCP for the whole net, so the clients shoud be able to get an address, the switch should do dhcp relaying
* it should be possible to wake the clients (wakeonlan) from the server
Frank
-
devnull
Re: Port as member of multiple VLANs
Hi Frank,
L3 functionality:
- create an IP for the vlans and the switch will route traffic between vlans.
- if you point your devices towards these IPs (default route) they should communicate with each other.
- have a static defalut route on the switch to forward all "non-local" traffic to the firewall.
- "ip helper" on the switch is for dhcp relay
- not sure if/how it is possible to "relay" L2 magic pakets (WoL) into other Vlans. but there are Techtips for that
see viewtopic.php?t=23637
For "disallowing" Clients of Segemnt1 to communicate with Segment 2 you need ACLs which are handeld by "qos statements". I tend to hate that
read the manual expect some tests.
L3 functionality:
- create an IP for the vlans and the switch will route traffic between vlans.
- if you point your devices towards these IPs (default route) they should communicate with each other.
- have a static defalut route on the switch to forward all "non-local" traffic to the firewall.
- "ip helper" on the switch is for dhcp relay
- not sure if/how it is possible to "relay" L2 magic pakets (WoL) into other Vlans. but there are Techtips for that
see viewtopic.php?t=23637
For "disallowing" Clients of Segemnt1 to communicate with Segment 2 you need ACLs which are handeld by "qos statements". I tend to hate that
read the manual expect some tests.-
ironiemix
Re: Port as member of multiple VLANs
Hi,
thanks a lot, now I have a roadmap that I can follow! I will try and let you know of the results, this could take some days cause its busy at school...
Frank
thanks a lot, now I have a roadmap that I can follow! I will try and let you know of the results, this could take some days cause its busy at school...
Frank
-
devnull
Re: Port as member of multiple VLANs
No worries.
Test, read and ask.. i won't do your homework
Test, read and ask.. i won't do your homework
