0

I have a 3com 4200g switch. I have created 2 vlans and have the default management vlan1.

How would i connect the 2 vlans that i have created to the management vlan.

I assum that i am going to need some form of ip routing.

Inkey
  • 127
  • 6
  • Do you need two VLANs for any reason? Maybe you're just making things difficult for no benefit. – David Schwartz Aug 22 '12 at 13:19
  • we currently use one big vlan and im looking to split the different departments into their own vlans for security and to reduce network traffic. – Inkey Aug 22 '12 at 14:30
  • 1. For security? That's a pretty vague statement. What security? Some fuzzy idea that "VLAN's are for security so I need to have them". 2. How is having VLAN's going to reduce network traffic? Do the machines in one VLAN not need to communicate with machines in the other VLAN? If they don't need to communicate then that must mean that they're not communicating now so what traffic are you reducing? Don't just do things because you can or because you think you should or because someone said you should. Have specific goals and objectives and specific needs or problems that you're addressing. – joeqwerty Aug 22 '12 at 14:45

1 Answers1

4

  1. Take a router and connect it to both VLANs (either with physically separate ports or with trunking).

  2. Give that router an IP address in each VLAN.

  3. For each VLAN, either make that router the default router for hosts in that VLAN, configure each host in the VLAN to use that router to reach IP addresses in other VLANs, configure the existing default router for that VLAN to use this router to reach hosts in other VLANs, or use some kind of dynamic routing protocol such as OSPF between all your routers.

This is called inter-VLAN routing.

Update: Your switch has limited inter-VLAN routing capabilities. But here's an example of how to set it up. Say you want the switch to route between VLAN 2, 192.168.1.0/24 and VLAN 3, 192.168.2.0/24. The switch's address on VLAN 2 will be 192.168.1.250 and the switch's address on VLAN 3 will be 192.168.2.1. The configuration would be:

interface vlan-interface 2
  ip address 192.168.1.250 255.255.255.0
!
interface vlan-interface 3
  ip address 192.168.2.1 255.255.255.0
!

Again though, this will only work if traffic on VLAN 2 devices that need to go to VLAN 3 devices goes to 192.168.1.250 and if traffic on VLAN 3 devices that need to go to VLAN 2 devices goes to 192.168.2.1. The switch can't route traffic it doesn't get.

So, in my example, devices on VLAN 3 could have 192.168.2.1 set as their default gateway. And the default gateway on VLAN 2 could be a router that knows to route packets bound for 192.168.2.0/24 to 192.168.1.250.

Also note that this will not make Internet access work unless the router that does your NAT knows to NAT for the IPs on the other VLANs. This is a complex enough configuration that you may wish to hire a consultant.

David Schwartz
  • 31,215
  • 2
  • 53
  • 82
  • Is there any way of doing using the switch as the router? – Inkey Aug 22 '12 at 11:44
  • Yes. The 4200g has very limited inter-VLAN routing capabilities (8 IP interfaces, 32 static routes), but it may be sufficient for your application. For VLANs that don't already have a router in them, make the switch's IP in that VLAN their default gateway. For VLANs that do, you'll have to configure static routes in that other router to the IP ranges on the other VLANs (with the switch's IP in that VLAN as the next hop). – David Schwartz Aug 22 '12 at 12:59
  • "This is called inter-VLAN routing" - or just, you know, **routing**. You're not talking about L3 switching here, after all. – adaptr Aug 22 '12 at 13:19
  • @adaptr: I mean inter-VLAN routing as opposed to routing between distinct physical interfaces. The vast majority of routers don't use VLANs at all (except internally). – David Schwartz Aug 22 '12 at 13:21
  • Nothing routes between interfaces - routing occurs between *networks*. In that sense, there is no logical difference (and indeed, there is no protocol difference) between routing across VLANs or actual LANs. – adaptr Aug 22 '12 at 13:23
  • @adaptr: I think that's confusing terminology. Routers don't magically gather packets from networks. They get packets because they're transmitted on a specific interface that is connected to that router. – David Schwartz Aug 22 '12 at 13:24