How to configure two vlan in one switch to communicate without using the tagging port

  • 3
  • 2
  • Question
  • Updated 3 years ago
  • Answered
Hi Guys,

I want to know it is possible to configure two vlan in one switch to communicate without using the tagging port?
Photo of zahirtalib

zahirtalib

  • 130 Points 100 badge 2x thumb

Posted 3 years ago

  • 3
  • 2
Photo of Jan Steinbach

Jan Steinbach

  • 1,156 Points 1k badge 2x thumb
Configure InterVLAN routing or use an crosscable and connect two access ports which are in different VLANs.
Photo of zahirtalib

zahirtalib

  • 130 Points 100 badge 2x thumb
Hi Jan,

Can you provide me some command example for the InterVLAN routing that you mention above?
Photo of zahirtalib

zahirtalib

  • 130 Points 100 badge 2x thumb
I have enable the ipfowarding but i still not able to communicate between these two vlan. Below is my config:

---------------------------------------------------------------------------------------------
Name            VID  Protocol Addr       Flags                       Proto  Ports  Virtual
                                                                            Active router
                                                                            /Total
---------------------------------------------------------------------------------------------
Default         1    ------------------------------------------------ ANY    0 /0   VR-Default
MAXIS           20   192.168.3.251  /24  -f------m------------------- ANY    5 /18  VR-Default
Mgmt            4095 ------------------------------------------------ ANY    0 /1   VR-Mgmt
TIMEDOTCOM      10   192.168.7.1    /24  -f------m------------------- ANY    1 /8   VR-Default
---------------------------------------------------------------------------------------------
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
Could you check whether the client in VLAN 20 has 192.168.3.251 configured as his default gateway and the client in VLAN 10 use 192.168.7.1 as default gateway ?

Could you ping the clients in the different subnets from the switch ?

-Ron
Photo of Stephen Williams

Stephen Williams, Employee

  • 9,034 Points 5k badge 2x thumb
Hello everyone,

I added more detail to the gtacknowledge article that Jan Jetten-Kalthoff referenced to.  Let me know what you think.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-enable-inter-VLAN-routing-in-EXOS/
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 48,894 Points 20k badge 2x thumb
I like it ;-)
Photo of zahirtalib

zahirtalib

  • 130 Points 100 badge 2x thumb
Hi All,

Thanks You!!!
Photo of Dennis Newman

Dennis Newman

  • 120 Points 100 badge 2x thumb
Great article, and I think I understand most of it, but am very new to vlans and am still learning.
Trying to communicate between vlan 10 client 1 with ip 10.10.10.xx (internet gateway 10.10.10.1) and vlan 20 client 2 with ip 192.168.3.xx (internet gateway 192.168.3.1)
so I'm not quite positive what to put in my "configure vlan v10 ipaddress" and "configure vlan v20 ipaddress" to still allow the two clients to access their internet connections.

Thanks
Dennis
Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Dennis,

The router or a Layer 3 switch which takes care of the inter-vlan routing in a network will ideally be the gateway of all the clients or PC. 

In our case, if the switch should perform the inter-vlan routing, the IP address of the switches should have the default gateway IP address. 

Client IP 10.10.10.xx with gateway IP 10.10.10.1
Switch VLAN 10 IP address 10.10.10.1

Client IP 192.168.3.xx with gateway IP 192.168.3.1 
Switch vlan20 IP address 192.168.3.1 

IPforwarding should be enabled on the switch for these 2 vlans. 

Hope this helps! 
Photo of Dennis Newman

Dennis Newman

  • 120 Points 100 badge 2x thumb
Ok, I can see how this works to allow system at 10.10.10.190 to see printer at 192.168.3 224, and for system at 192.168.3.120 to see the server share at 10.10.10.9, but how do the 10.10 and 192.168 systems "see" their respective internet gates (formerly 10.10.10.1 and 192.168.3.1)?
What do I do for that?

Further information, the 10.10 gateway is a cisco ASA 5512x and the 192.168 gateway is a cisco ASA 5505 - the Extreme switches that we have are Summit 400 48-t's that until now have all been basically used as L2 switches.  If I'm reading correctly I need to change the "inside" interface IP on the Ciscos and make sure that the ciscos and the switch know the route to each other, then eventually I can tell the 192.168 vlan to use the 10.10 internet route (but I'm not worried about that yet)

Dennis
(Edited)
Photo of Zubair Ahmad

Zubair Ahmad

  • 188 Points 100 badge 2x thumb
Dennis,

To respond to your statement above:
"but how do the 10.10 and 192.168 systems "see" their respective internet gates (formerly 10.10.10.1 and 192.168.3.1)?"

I believe that part should be taken care by "enable ip forwarding vlan 10" and "enable ip forwarding vlan 20" commands on extreme switch.  (same command as 'ip routing' in cisco)

If that wouldn't be the case, you wouldn't be able to ping 10.10 hosts to 192.168 hosts.

Hope this clarifies something.

ZA
Photo of Dennis Newman

Dennis Newman

  • 120 Points 100 badge 2x thumb
Ok, this is possibly just my 60 year old brain not quite understanding device ip vs port or vlan ip, but - Do I need to change the inside interface ip address of my cisco asa 5512x to something other than the 10.10.10.1 that I am using as the vlan10 ip address? 
Other than that, I think I have it, but am planning on spending the next two nights re-reading the summit 400 User Guide and the Extreme Networks Solutions Handbook, and then setting this all up over the weekend and hopefully giving the boss what he's asking for on Monday.

Dennis
Photo of Zubair Ahmad

Zubair Ahmad

  • 188 Points 100 badge 2x thumb
I understood your earlier posts as, 10.10.10.1 is the IP address of VLAN10 in extreme 400 Switch. If that's true, then you can't use 10.10.10.1 for ASA5512x inside ip interface, however you can/should use 10.10.10.1 as a 'default GATEWAY' in ASA5512.
Regards,
ZA
Photo of Dennis Newman

Dennis Newman

  • 120 Points 100 badge 2x thumb
Ahh ok possibly my mistake in how I put it.

Currently my ASA 5512 has an inside interface of 10.10.10.1 and that is used as the default gateway for the 10.10 computers
Currently the Summit 400's have only the default vlan configured and the switch has a 10.10.10.20x ip address and the switches are passing 10.10 traffic as if they were L2 switches.
the ASA 5505 has an inside interface of 192.168.3.1 that is used as the default gateway for the 192.168 computers, and the 192.168 network in not currently plugged into the Summit switches.

The intent is to use vlans on the Summit to share ip printers and fileshares across both networks, and eventually let the 192.168 people use my faster internet connection (through the ASA 5512)

That being said, am I on the right track in planning to use the information here to accomplish this task?  and if so, what changes do I need to make on the ASA devices once I have the vlan routing working?

Thanks

Photo of Prashanth KG

Prashanth KG, Employee

  • 5,300 Points 5k badge 2x thumb
Hi Dennis,

Ideally, you could create a new VLAN and assign a different subnet (lets say 172.16.1.0/24) on the Extreme switch. This VLAN could be used for the internet connectivity. 

For example: 

Client IP 10.10.10.xx with gateway IP 10.10.10.1
Switch VLAN 10 IP address 10.10.10.1

Client IP 192.168.3.xx with gateway IP 192.168.3.1 
Switch vlan20 IP address 192.168.3.1 

ASA inside interface IP 172.16.1.xx with gateway of 172.16.1.1 
Switch VLAN30 IP address 172.16.1.1

IPforwarding enabled on all the three VLANs. 

So, the switch would route the traffic between VLAN 10 and VLAN 20 to take care of the printer and file shares connectivity requirement. 

And the switch would route the traffic between VLAN 10 and VLAN 30 and also between VLAN 20 and VLAN 30 to take care of the internet connectivity. 

Hope this helps! 

If I misunderstood the requirement, please clarify! 
(Edited)
Photo of Drew C.

Drew C., Community Manager

  • 39,442 Points 20k badge 2x thumb
I've posted this thread in a few places, but I think my answer here will help explain and clarify a few things:
https://community.extremenetworks.com/extreme/topics/iproute-if-only-using-l2
Photo of Dennis Newman

Dennis Newman

  • 120 Points 100 badge 2x thumb
Ok, so unless I've missed the point - I either need to change my inside interface on both ASA firewalls (and all of the nat rules) or I need to change the ip addresses of all of my end users (which could also screw up my nat rules)  - OR - once again I'm just too befuddled to figure this out (possibly making it harder in my own mind than it needs to be)
I was hoping to be able to leave the internal address of my asa at 10.10.10.1 and set the Summit switch to something like 10.10.10.2 and only need to change the "default gateway" setting on the workstations while leaving everything else set "as is"
The people over at Cisco say to do it on the asa firewalls, but the 192.168 end is a 5505 with only the basic license, so not enough interface licenses allowed.  When we picked up the Summit 400's we figured that they would help us to "clean up" our networks, but now it seems like, while they certainly can help, it will take a full re-design to do it right.

Please forgive my sounding "defeatist" it's just frustrating that I can's seem to wrap my head around what should be basic networking.  I've been lucky to have been a network administrator for a network that hasn't had any "real" problems for over 15 years, and I guess I've just gotten out of touch with the inner workings.

If anyone would like to take a stab at helping re-work this whole thing, I'd be more than happy to give any more information you may need.

Dennis