3com simple vlan setup
I have a 3com 2948-SFP switch with all machines running in VLAN. Now, we want to provide a 'public' network where machines would only have access to our internet gateway and our DHCP server.
I'd say a pretty basic setup, but I cannot get it to work.
My current switch configuration:
All but 1 ports are untagged members of VLAN1
The other port is untagged member of VLAN2 (This is where guests would be patched into)
The ports connected to the internet gateway and dhcp server are tagged members of VLAN2
Diagnostics so far:
I can see the MAC address of the machine attached to the VLAN2 untagged port. I'm not able to connect to either the dhcp server, (requesting an ip address doesn't work) and trying to use a fixed IP to connect to the gateway doesn't work either.
My guess is that packets are not 'tagged' and as such will not arrive at the ports for the internet gateway. But I might be completely wrong here.
I've read the relevant parts in the 3com 2948-SFP manual, that didn't explain anything, just repeated what I already see in the switches webinterface.
I'd really appreciate any help, or pointers in the right direction.
Originally Posted by bcx
Sounds like a routing issue.
Might want to look at: (won't help solve the issue, but might be good to expand later on)
Download details: Deploying Wireless Provisioning Services (WPS) Technology
Thanks for your reply matt40k, but I think you might confuse VLAN with WLAN. VLAN is a partitioning technique for ethernet, and in this case I'm talking about wired ethernet.
In my network I don't do any routing, all machines are in the same subnet.
No, VLAN you'll need to route between VLAN, vlan splits up a network so they are completely separate, so anything on VLAN1 can't see anything on VLAN2.
The article talks about making a public and a corporate (wireless) network.
Why did you tag the ports for DHCP and the gateway ? they should be untagged as well
I fixed it.
Before I only separated the networks from layer 2 (ethernet packet) perspective, now I separated the secondary lan from IP (layer 3) perspective. I added vlan interface to my debian DHCP/DNS server with an ip address, enabled it to offer ip addresses is the new range, and told my router about the vlan to route between the vlan and the internet, and block traffic from vlan2 to the main network.
Thanks matt40k, for enabling the epiphany I had in the shower yesterday.
If someone else wants more details, just follow up in this thread.
I have a similar issues, I have a 3com 2824-sfp switch and was trying to get a access point setup for the internet. I do not want the access point to have access to our LAN. I am using a older linksys wrt54g as a access point. Using it as a switch with wireless turned on. I created a VLAN1 with everything turn on (set to D) except one port VLAN2 everything off except one port as D talking to AP. My router is on port two, anytime I turn port 2 into uplink (think that mean tagged) on either VLAN my connection to the router drops. Seems like I have tired about ever possible combination, but not setting something up right. any help is appreciated.