configuration of VLAN and routing problem 6224 switch

Similar Questions

• Cisco 1921 & SG500 VLAN and DHCP problem

  Dear all,

  Thank you in advance for taking the time to read this.

  A little history:

  I want to install a project for an athlete, which is unfortunately on a budget pretty tight with a potentially large quantity of network users (~ 200 without public WIFI). I need to separate the 5 groups of users and to give them all access to internet without see each other. 5 user groups also share the same bandwidth to the internet and VLANs must be controlled bandwidth.

  To do this, I had planned to use Cisco devices built-in functions and buy a 1921 Cisco router as a switch of SG500.

  I have configured the router for 8 subinterfaces is internal NIC with 8 VLAN. I also configured DHCP Pools 8 on the 1921 and set up NAT and firewall.

  What I want to do now is have the SG500 to recognize the VLAN ID, I configured on the router (as well as on the switch using the same VLAN ID numbers), and then assign ports to the VLAN on the switch, and depending on where I plug into the switch, the device receives different IP addresses from DHCP.

  However, I can't get this to work. The router works fine, the 'intact' if left switch gives me an IP address from the DHCP server on the IP address of higher network VLAN (I.e. 168.8.0). but I can not configure the switch ports correctly so that it works. I was also confused, is that dhcp pools that I have configured on the command-line command on the router do not appear in professional CP in the mask of the pool.

  Can someone kindly check the configuration of the router and throw some guidance on how I need to configure the Ports on the SG500? I must say that I have had too many nights and I seem to confuse tagging, untagging, to exclusion and prohibiting the ;.)

  I have the router for you here:

  Thanks again and good night!

  W.

  Hi Wolfgang, for the sx500 configuration can be something like this

  config t

  database of VLAN

  VLAN 2-8

  int item in gi1/1/1

  switchport mode general

  switchport trunk allowed vlan add 2-8 tag

  switchport General disable filtering of capture

  For any client that connects must be no tagged coelio

  So if you want a client access port then you should do something like 5 unidentified to this port

  config t

  int item in gi1/1/2

  switchport mode access

  switchport access vlan 5

  -Tom
  Please mark replied messages useful

• SSL VPN and routing problem

  Hi all

  I have a strange architecture including VPN and I have a few problems that I am not able to solve:

  -J' use the ssl vpn gateway to allocate internal IP addresses of the local network described in the schema (8.8.2.0 or 8.8.3.0 according to the tunnel-group network.

  -The purpose is for vpn clients directly access the internal network.

  This works very well if there are strictly internal communications within the network. But recently, we have installed an application that needs to access both networks. No problem, I thought, but I was wrong, there seems to be a problem of routing inherent in the architecture in place.

  Let me explain the problem:

  -When I access the VPN, for example I will gave the 8.8.3.5 ip address.

  -Im running the application that needs to open a page on the web server, located at 8.8.2.120

  -l'asa receive my tcp syn datagram and forward it directly to the directly connected interface fa0/1 (based on the routing table)

  -the web server returns the response, but he sends on its default gateway which is the cisco 6509.

  -6509 it sends its vlan svi 2000

  - and finally the ASA it receives on its interface fa0/2 but seems he falls as she opened a tcp on fa0/1 connection and receives the response on fa0/2.

  I want it's traffic by tunnel to bypass the connected roads and transmit it to a default gateway of tunnel. This would ensure that the path for the request and the response would be the same.

  I would like to know if there are orders of debugging for routing decisions validate my theory?

  Do you know of any response to solve this problem?

  Thanks a lot for your help.

  When you configure the TCP State derivation always think ' which way is the SYN package coming?

  Routing failed messages always have source and destination, are of course copied the entire message?

  BTW, instead of letting clients SSL addresses attributed to vlan2000? Why not give them a separate subnet and the road back via correct interface?

  I would also check your config and the routing :-) table

  Marcin

• VLAN and VPN problem

  Madam, Sir, I have the following problem:

  ASA ClientVPN---Internet--ASA--VLAN1(192.168.1.0/24)

  | -VLAN2

  | -VLAN3

  VPN = 192.168.10.0/24

  When you create the VPN connection with the wizard, the list of networks to the tunnel,

  This does not connect and displays the following message:

  No group of translation not found for tcp src outside:192.168.10.2/48257 dst

  192.168.1.2/80

  This message is the same as it throws when trying to communicate a VLAN on the SAA,

  That's why create the following rules:

  static (outdoors, VLAN1) 192.168.10.0 192.168.10.0 255.255.255.0

  static (VLAN1, outside) 192.168.1.0 192.168.1.0 255.255.255.0

  which allows communication between the VPN and the VLAN1, but I lose internet

  access from VLAN1 please help

  Julio,

  You need to add nat are subtracted to your VLAN internal to your VPN address pool, something like this:

  access-list allowed sheep ip 192.168.1.0 255.255.255.0 192.168.10.0 255.255.255.0

  NAT (inside) 0 access-list sheep

  which will allow communication from inside 192.168.1.0/24 vpn client, you must add the remaining lines for the VLAN left and apply them on the required VLANs if they are on different interfaces, of course.

• WRT600N advanced routing problems / use as Access Point and switch

  Firmware 1.01.36 build 4 The WRT600N is connected to an existing LAN and is really only used as a Wireless N access point. There is nothing plugged into the WAN port; only the LAN port. I have NAT disabled. All traffic from a client connected to the WRT600N wireless going very well for the gateway and the Internet router. The customer experience is very good. However, there are a few minor issues as follows.

  1] Setup > Advanced Routing tab has only the following options; to do this, * not * have a picker 'Mode '. NAT, static routing and dynamic routing (RIP).    IS this NORMAL, OR should HAVE a MODE (e.g. switch) AS REFERRED to IN THE HELP FILES?

  [2] even if a connection wireless or wired to the WRT600N works very well, the WRT600N himself is unable to connect to the internet. It cannot connect to NTP to set the time and I can't ping past the gateway router using the ping of the WRT600N diagnostic utility. I ping the gateway 192.168.1.4 port inside, but I can't use the diagnostic the WRT600N ping ping utility something beyond this gateway port. The routing of the WRT600N table is below. THE GATEWAY SHOULD NOT BE 192/168.1.4? HOWEVER THE WRT600N DON'T ME LETS NOT CHANGE IT.

  Destination LAN IP Subnet Mask gateway interface

  192.168.1.0 255.255.255.0 192.168.1.71 LAN & Wireless

  127.0.0.0 255.0.0.0 * LAN & Wireless

  Topic 1. Linksys, used to have a mode option to switch between the modes 'Bridge' and 'router '. The latest routers call it now better NAT power. Gateway mode means THAT NAT is enabled. Router mode means THAT NAT is disabled. The help files are probably a little bit over. But the option is still the same.

  Re 2. It's normal if you use it as only access point (i.e. do not use the WAN port). The router always takes into account that the internet connection via the WAN port, i.e. it will always use the default gateway on the WAN port. If nothing is connected to the WAN port on the router itself has no default gateway and therefore has no access to the internet. Generally, you are not able to establish the default route in either advanced routing page. It is a known limit of these routers if you do not use as a router.

• This should be easy but... VLANS and switches

  I have 2 switches Dell 6224 is in Vlan35 and the other is vlan110 - I have an Ethernet cable connecting a switch to another - the port on the vlan 110 arrives but the port on the vlan 35 does not work - I want to access the vlan switch 110 of vlan 35 - what should I add to my config so that it works?

  Thank you very much

  Eric

  When you need two different VLANS to communicate with each other if you have enabled an L3 device on the network to perform routing. Your 6224 ToR may already setup for VIRTUAL LAN routing. In the config, it will have the command # ip Routing. Then the switch should just an IP address for each VIRTUAL local area network, and can then route between the VLANS.

  Example of possible configuration:

  6224 ToR

  VLAN 1 = 192.168.1.1
  VLAN 35 = 192.168.35.1
  VLAN 110 = 192.168.110.1
  # ip Routing
  # int port-channel 1
  switchport mode trunk #.
  # permit switchport trunk vlan add 35 110

  6220

  VLAN 1 = 192.168.1.2
  VLAN 35 only = no IP address
  VLAN 110 no = no IP address

  port-channel int # 1 (connection to ToR 6224)
  switchport mode trunk #.
  # permit switchport trunk vlan add 35 110

  port-channel int # 2 (connection iSCSI 6224)
  switchport mode access #.
  # switchport access vlan 110

  iSCSI 6224

  VLAN 1 = 192.168.1.3
  VLAN 35 only = no IP address
  VLAN 110 no = no IP address

  port-channel int # 1 (connection to 6220)
  switchport mode access #.
  # switchport access vlan 110

  You can also try to continue in the way of the use of the static routes for everything, I don't know how this will work.

• Configuration of several interfaces vlan on a layer 3 switch

  I am trying to incorporate a layer 3 switch in a network. (see figure 1 below). My problem is that in the configuration below, the layer 3 switch seems to offer no additional benefit on a layer 2 switch, because it does not pass packets from Layer 3, instead, it will take an additional router configuration.

  If I set up 2 interfaces like no switchports (diagram2) and create virtual interfaces on the switch of level 3, that is to say 0.1/g0, g0/0.2, 0.3/g0, g0/1.1,g0/1.2, g0/1.3, configure dot1q encapsulation and add ip addresses and subnets on each interface, so I understand that I can use the switch of level 3 as a router.

  However this introduces a new problem now, VLAN 1 is on both interfaces, so devices in VLAN 1 on each interface will have point to the default gateway on this specific interface and features of VLAN 1 on G0/0.1 interface must be configured with a different subnet than those on G0/1.1 interface.

  It does not seem logical, am I missing something?

  Assignment.jpg

  

  Figure 1

  assignment2.jpg

  

  Paul

  On a L3 switch you do not configure subinterfaces (usually).

  You create what's called Lass (Switched Virtual Interfaces) instead of this, and what are your L3 interfaces.

  If your L3 switch ports are ports of L2 or other trunks or assigned to a VLAN specific.

  For each VLAN you want to route you create then a SVI IE. -

  int vlan
  IP x.x.x.x
  No tap

  and the default gateway for clients in this vlan is the IP assigned to the SVI.

  Any other configuration of L3 interface, you add to the SVI.

  The only time wherever you actually use the ports of L3 is when you connect to a router for example.

  Jon

• Configure the VLAN voice and data in CISCO SF 300 8 P

  I have a couple of Cisco SF 300 8 P and P 24 switches. I have voice and data VLANS configured as:

  Data VLAN: default 145.17.59.0/24

  Voice VLANS: VLAN 20 172.22.20.0/24

  I have different DHCP servers regarding the data VLAN, we have a physical server that is configured for 145.17.59 * extended IP and Voice VLAN DHCP Server is configured as a router gateway with option 150.

  This configuration works very well with other cisco 2960 switches and 3750 etc. except CISCO SF 300 8 P and 24 p. I tried to set up the voice and data VLAN in these CISCO switches so that phone CISCO (model 6941) should get IP of the VLAN voice and PC should get the IP address of the DHCP server on the data VLAN. I tried several techniques such as LLDP, Port-to-VLAN Config etc.

  Can anyone please guide me / help on this.

  Kind regards
  A K.M.Sayeed

  Hi A.K.M., with Cisco phones you should be able to define simply automatic voice VLAN to be VLAN20.

  ID of the vlan 20 voices

  You must ensure CDP or LLDP is enabled as well. I would check in the web GUI. DHCP for phones can come from a DHCP server on a port access VLAN20 switch, or you can use dhcp for assistance to redirect DHCP server elsewhere.

  If you prefer or you have problems with the CDP or LLDP, you can also program the ports as trunks and add the tag VLAN 20 for them.  In this scenario, you need to ensure inter - vlan routing works and phones that download the file config with corrrect VLAN config.

  These switches do not run ios, so they are similar, but different from the catalyst switches that you mentioned.

  -remember messages useful rate.

• help config VLANs and inter routing VLANs on SF - 300

  Hi all.

  I divided the routing problem "SF-300 (Layer 3) can be connected to the bridge." I did not put in the entry door. Too bad, I have encountered with Packet Tracer 5. I can attach a file. Leave everything to me.

  Thank you.

  # config - code

  IP routing

  VLAN 10

  VLAN 20

  VLAN 30

  interface FastEthernet0/1

  switchport access vlan 10

  switchport mode access

  interface FastEthernet0/6

  switchport access vlan 20

  switchport mode access

  interface FastEthernet0/11

  switchport access vlan 30

  switchport mode access

  interface Vlan10

  IP 192.168.10.1 255.255.255.0

  interface Vlan20

  address 192.168.20.1 255.255.255.0

  Vlan30 interface

  192.168.30.1 IP address 255.255.255.0

  The configuration of the switch is fine. My only question is your computers. Example of

  Computer on fa1.

  Should be something like

  192.168.10.100

  255.255.255.0

  192.168.10.1

  Computer on Fa6

  192.168.20.100

  192.168.20.1

  255.255.255.0

  Also avoid any simultaneous wireless connection and you may want to disable things like firewalls of the window.

  -Tom
  Please mark replied messages useful

• EMS 2010 routing problem inter vlan

  OK, back to the base, I tried to install complicated things that did not work so now, I'm leaving the base.

  I am trying to configure my SGE2010 48 ports Gigabit cisco / switch for routing inter - vlan.

  so far, I put the mode switch layer 3 from the telnet console and rebooted, it.

  entered the interface web and changed the ip of the vlan by default management 192.168.2.3

  added the vlan 70 and vlan bridging 180, section of mangement of vlan

  under the IP, IPv4 interface address, I've added the IP address for each virtual local area network as follows:

  IP Interface Mask

  192.168.70.3 255.255.255.0 VLAN 70

  192.168.180.3 255.255.255.0 VLAN 180

  then I went in transition, management of VLANs, vlan to the port:

  set the port g1 get access to the vlan 70

  sets the g2 as an access port for vlan 180

  connected A computer to port g1 with static IP 192.168.70.200 mask 255.255.255.0 Gateway 192.168.70.3

  connected computer B to port g2 with static IP 192.168.180.180 mask 255.255.255.0 Gateway 192.168.180.3

  I'll then in the routing static routing: I see the 192.168.70.0 destination IP address 24 as a type of local railway and even for 192.168.180.0 24 as the type of local railway

  on a computer, I ping the gateway 192.168.70.3 and it works

  on computer B, I ping the gateway 192.168.180.3 and it works

  problem is that they cannot ping each other, windows firewall is disabled on both computers.

  If I do a tracert on any of the computer he reach the gateway by default but then expire on the second jump.

  any suggestions what I could have done wrong and the solution to the problem would be appreciated.

  Edit: Here's the running configuration if it helps:

  Cisco-SGE2010 # show running-config

  database of VLAN

  VLAN 70 180

  output

  g ethernet serial interface (1.26)

  switchport access vlan 70

  output

  interface ethernet g2

  switchport access vlan 180

  output

  interface vlan 70

  printer name

  output

  interface vlan 180

  name wireless

  output

  interface vlan 1

  IP 192.168.2.3 address 255.255.255.0

  output

  interface vlan 70

  IP 192.168.70.3 255.255.255.0

  output

  interface vlan 180

  IP 192.168.180.3 255.255.255.0

  output

  Cisco-SGE2010 hostname

  location of the Server SNMP here

  SNMP Server contact me

  Cisco-SGE2010 #.

  If you can test both the interface switches the routing works correctly. You need to maybe turn off the Windows Firewall or open the firewall to allow ICMP to a different subnet. Windows Vista and 7 by default will block ICMP from any other subnet then their own.

  Cisco Small Business Support Center

  Randy Manthey

  CCNA, CCNA - security

• Questions of VLAN and configuration for Cisco AIR-CT2504-25-K9 Controller

  Hello

  It's my first time thanks to the Cisco wireless solutions, so I was hopping someone could help me with the following:

  We just bought the AIR-CT2504-25-K9 controller with some points of access for the AIR-CAP1702I-E-K9.

  The network is as follows:

  Peripheral layer 3 (managed by third parties): it's on the domain network. (VLAN by default, 1 - unidentified)

  ADSL router - it's the network without comment thread. (Default Vlan 4 - tagged).

  VOIP: VLAN 5.

  Both fittings go into a switch Cisco SG500 52 (Layer 2). There is a port to shared resources on the switch SG500 with VLAN 1 (Tagged) and VLAN 4 (with tag). The WLAN controller is plugged into this port trunking.

  The data and management network are in the same subnet and on the same VLAN (1).

  I used the wizard on the controller setup.

  There are three interfaces:

  management VLAN ID 1 IP 192.168.1.2 Port 1 (configured with a gateway domain network, DHCP, etc.).

  VLAN wireless identifier 4 IP 192.168.5.1 Port 1 comments (configured with modem router ADSL, DHCP, etc.).

  Virtual IP 192.0.2.1

  Proxy DHCP active overall.

  There are two wlan networks:

  (1) area - management Interface - SSID abc.

  (2) comments - comments Wireless Interface - SSID xyz (the wizard put to management, but I changed it to the wireless).

  Are the AP connected to another SG500 switch which is shared resources to the switch with the controller.

  Ports of the APs are connected to have only 1 VLAN unidentified. They don't have 4 VLAN Tag or not identified. However, everything seems to work as expected.

  When I join the guest network (SSID xyz), I get an IP address from the router ADSL and all Internet traffic goes through him. When I connect to the domain network (SSID abc), I get an IP address from the DHCP in Windows Server and all traffic goes through the device of layer 3 (I checked the public IP address in my browser). I can't ping anything from one network to the other.

  My questions are the following:

  (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

  (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

  (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

  Thank you

  A

  Hello

  (1) how the guest network traffic (VLAN 4) headed the APs controller when they are connected to the ports on VLAN1? Is it because the traffic is encapsulated?

  Yes, I'm with CAPWAP:

  More information: http://lets-start-to-learn.blogspot.de/2014/08/cisco-wireless-understand...

  (2) is set up correctly? After you configure the controller, I saw a note in the forums, this State I can simply enter 0 for the management of VLANS to let it not identified. However, in my case, I kept it as 1, which is the same as the switches and then the tag VLAN on the switch. In addition, the set Wizard wlan of comments to use the management interface but I changed it to use the comments interface.

  If you want that mgmt interface must be unmarked and then put 0 otherwise you can use vlan 1.

  I do not have what is configured under mgmt and comments interface, but according to the name I'll say yes, you must set the comments under comments wlan interface.

  (3) when I connect to the APs of the controller, I see several options that can be configured manually. Is it necessary for this? For example, there is an option of data encryption.

  Yes, there are many things that you can configure, but I'll leave most of the default of things unless you really need to change!

  The following best practices: http://www.borderlessccie.net/?p=270

  Concerning

  Remember messages useful rates

• SGE2010 switches, VLAN and a port blocked by spanning tree

  People,

  I have 2 groups of switch.

  SGE2010 2 with VLANS is defined as 10,20 and 30

  VLAN 10 is the management VLAN and it uplinks to our border router.

  VLAN 20 is the workstation VLAN, and all workstations are pointing to the switch as their default GW

  VLAN 30 is the ip phone VLANS, and all phones use this as a gateway.

  I have a GAP between the switches said, we have a few servers on the ip phone switch that must be accessed by the clients of the workstation and the unique link of 100 MB through the router probably won't be enough.

  If I understand correctly, because the switches have different networks on them, a simple shift will not work. I did create a gap and addresses on each side, but it does not appear in this mode, I can block vlan 10 transit to the LAG, with this block I'll end with a logic loop and spanning tree will block the uplinks or LAG itself.

  I have attached a picture with a diagram of our current put in place.

  Any help/advice would be much appreciated.

  John, the 802 standard. 1 initial q indicates there isn't only global tree covering weight independently of belonging to a vlan. It's why you run into problems. Cisco has developed PVST to run on circuits of the ISL. BPMH was originally defined as 802. 1s, which is a combination of 802. 1 q + RSTP. The 802. 1s were later modified to become part of the 802. 1 q.

  The person is incorrect, because they cite "because spanning tree is construction by vlan. They are incorrect, because you have to set the properties of tree cover to allow the spanning tree protocols by vlan. Small business switches do not support the owner Cisco PVST and PVST +. However, the SB switches support BPMH which is a standard of the IEEE.

  How works the BPMH, it's that you have called proceeding, i.e. each construction covering tree. Then you have the region, SB switches support only 1 region. The region maintains the instances. Basically how it works, you activate the EMU at the global level. Then, you specify the instance. As an example, the vlan 1 is instance 1. VLAN 2 is 2.  This will allow you to run 2 physical wires between switches vlan different without looping. If you use classic STP or RSTP, the least costly path will go to the State to block/cast who works as expected.

  -Tom

• Several VLANS and DHCP relay on two stacked switch SGE2000-G5

  We were put to the task of securing a small desktop system managed that is currently set up with a standard switch for each of the offices (with different companies) to see each other and in some cases, access to each of the other documents on the network.

  Obviously, this is far from adequate set up and our goal is to isolate each office using VIRTUAL networks, but share a common internet connection provided by managed offices.  We have two switches for layer 3 Cisco SGE2000-G5, but we are new on Cisco equipment and VLAN, so we are not quite sure on how to implement this.  DHCP must be provided by a router, there is no server.  We are open to suggestions on the router as we still buy a.

  I hope that someone may be useful.

  Thank you very much

  Jim

  Hi Jim,.

  SGE2000 switches you are using must be able to handle this without issue. What type of router you are using? As long as you have a router that will take in charge VLAN / several subnets, it should be a simple configuration.

  Here's a quick run down of the measures to be implemented. (using vlan1 and vlan2)

  On the router, create a vlan / subnet 2 and set the port to connect to your shared resources with the two VLAN 1 and 2 switch. (it will be untagged, two will be marked)

  On the switch, create vlan2 and do the same for the port connected to the router. (vlan1 marked and tagged vlan2)

  Now for each switch port that you want to assign the port access and vlan1 and vlan2. (this vlan will be without a label)

  If your router allows, disable routing inter - vlan. If this isn't the case, you must create rules to block traffic from one network to the other.

  All this happens under the assumption that your router can support VLAN and can also make DHCP for this VLAN.

  Hope this information helps

• Configure the vlan with SG 300 - 10 p and 520 SA

  Hi all

  Forgive my ignorance, but I need help with the basic configuration.

  For a small office, I bought an appliance of security SA520 (for future VPN with another remote desktop) and a switch of SG 300 - 10 p to connect 3 PCs and 3 IP PHONE. The SA 520 is the router. I have to configure 2 VLANS on the switch:

  VLAN2: DATA (for PC)

  VLAN3: VOICE (for IP PHONE)

  VLAN1: BY DEFAULT.

  How can I configure simply all ports?

  I would like to configure ports 1-4 on 5 to 8 ports and VLAN2, VLAN3 and G10 port is reserved for the SA520 router.

  I want to split VOICE and DATA network.

  I think I need to create a trunk on G10 to SA520...

  Can someone help me?

  Hi Julien,

  OK sounds like you use it vlan by default for network management and the vlan 2 for vlan3 for voice and data.

  I use a calculator for this, my SA520 is ready at the present time.

  Step 1   On the SA520 add vlan 2 and vlan 3 and label them voice and data respectively.

  

  Step 2. Allows you to use the switch port 4 on the SA520 as a port to shared resources to the SG-300.

  (my intent is to use vlan1 not tagged vlan tagged 2 and vlan tagged 3 on the uplink of the switch and the SA500.)

  To do this, I have to say the SA520 port 4 of the switch will be in trunking and not access mode.

  

  You will need to check the membership of vlan 2 and vlan 3 on switch port 4.

  Step 3.  Now add a few IPS to VLAN2 and VLAN3

  Step 4.  Create DHCP scopes if that is what is needed on the SA520

  

  So now I hope that we have the SA520 with the associated IPS VLAN1, VLAN2 and VLAN3

  We also have the switch port 4 as a network interface

  We are vlan1 reproducing unidentified and vlan2 tag and tag to the SG-300 switch vlan3.

  We do the opposite on the SG-300 switch.

  If you use G10 as the uplink to the SA520 you'll notice of default port 10 must already be in trunk mode.

  Switch ports G10 should be marked for vlan 2 and labelled for vlan3.  It will be, default Gi10 untagged for vlan1.

  Make sure you keep ports switch is correctly set up.

  Best regards, Dave

• VLAN and physical and vSwitch Configuration

  I am trying to set up a laboratory at the House and recently bought a new physical switch with the goal of creating a number of VLANS to segment the different networks with router controlling access to each network.

  The router is configured with 4 networks of each on a separate interface:

  • 10 - home network network
  • 172 - network management
  • 192 - laboratory network
  • Internet

  These are in turn connected to a single physical switch. I wish that my switch to have 3 VLAN to match each network. Guests on these VIRTUAL LANs can be physical or virtual. A network adapter on the server vSphere will be bound to a vSwitch and connected to the VLAN respective on the physical switch to enable connectivity for virtual hosts.

  Can someone explain to me what to leave a VLAN tagging perspective in order to get this to work and now the separation between networks?

  I tried a combination of marking on the physical and virtual switch and impossible to get full connectivity to the physical and virtual hosts. For now, I have three VLAN (default value (1) where is my network 10), 172 and 192.

  I can ping the physical hosts on 172 and 192 VLAN but I can't ping any invited virtual.

  I can ping hosts physical and virtual a virtual guest on any other network.

  The router has not at all of any configuration of VLAN.

  Thank you

  Adam

  Hi Adam,.

  I can give you an explanation of how I could do this using cisco equipment.

  You say you have 4 NICs from your host and would have networks vlan, so a very simple way to do this would be to create the VLAN on the switch. Define each of the physical network cards on the switch to be an access port to the vlan correct. Personally, I'd be trunk all interfaces, but access is easier to explain...

  If an example (cisco config)

  Interface 1 on switch access to vlan 10 - Conf t, IM 1 interface, switch mode access port vlan, switchport Access 10

  interface 2 on the access of the switch to vlan 172 - Conf t interface IG 2, switch to access port, switchport access vlan 172

  etc.

  When you create your vswitches, select the correct uplink, create a network of the vm by vswitch, you would not need to specify a vlan.

  If you wanted connectivity between virtual LANs to happen in the switch, assuming you have a l3 switch, you can give the VLAN IP addresses to the correct subnet, use it as the gateway for customers and enable ip Routing.

  Access to Internet; How I have this setup in my lab, it is that I have a trunk between the switch and the router, allowing the VLANS on my networks that require the traffic internet, my router has sub interfaces defined on the network for each virtual local area network interface. These submarines have an IP address in the correct VLAN (all clients use this as the gateway). Internet link is connected outside the router and which deals with the nats and routing between VLAN etc.

  Another way to do would be to have an extra virtual LAN on the switch to which connect your router, give them two ip addresses, use the switch to route 0.0.0.0 0.0.0.0 for the IP address of the router. You would need to implement Nat for each network, and no doubt some allow lists but its possible.

  Not as easy to explain as I thought when starts this...