cancel
Showing results for 
Search instead for 
Did you mean: 

How to configure two vlan in one switch to communicate without using the tagging port

How to configure two vlan in one switch to communicate without using the tagging port

zahirtalib
New Contributor
Hi Guys,

I want to know it is possible to configure two vlan in one switch to communicate without using the tagging port?

18 REPLIES 18

Dennis_Newman
New Contributor
Ok, so unless I've missed the point - I either need to change my inside interface on both ASA firewalls (and all of the nat rules) or I need to change the ip addresses of all of my end users (which could also screw up my nat rules) - OR - once again I'm just too befuddled to figure this out (possibly making it harder in my own mind than it needs to be)
I was hoping to be able to leave the internal address of my asa at 10.10.10.1 and set the Summit switch to something like 10.10.10.2 and only need to change the "default gateway" setting on the workstations while leaving everything else set "as is"
The people over at Cisco say to do it on the asa firewalls, but the 192.168 end is a 5505 with only the basic license, so not enough interface licenses allowed. When we picked up the Summit 400's we figured that they would help us to "clean up" our networks, but now it seems like, while they certainly can help, it will take a full re-design to do it right.

Please forgive my sounding "defeatist" it's just frustrating that I can's seem to wrap my head around what should be basic networking. I've been lucky to have been a network administrator for a network that hasn't had any "real" problems for over 15 years, and I guess I've just gotten out of touch with the inner workings.

If anyone would like to take a stab at helping re-work this whole thing, I'd be more than happy to give any more information you may need.

Dennis

Drew_C
Valued Contributor III
I've posted this thread in a few places, but I think my answer here will help explain and clarify a few things:
https://community.extremenetworks.com/extreme/topics/iproute-if-only-using-l2

Dennis_Newman
New Contributor
Ok, this is possibly just my 60 year old brain not quite understanding device ip vs port or vlan ip, but - Do I need to change the inside interface ip address of my cisco asa 5512x to something other than the 10.10.10.1 that I am using as the vlan10 ip address?
Other than that, I think I have it, but am planning on spending the next two nights re-reading the summit 400 User Guide and the Extreme Networks Solutions Handbook, and then setting this all up over the weekend and hopefully giving the boss what he's asking for on Monday.

Dennis

Hi Dennis,

Ideally, you could create a new VLAN and assign a different subnet (lets say 172.16.1.0/24) on the Extreme switch. This VLAN could be used for the internet connectivity.

For example:

Client IP 10.10.10.xx with gateway IP 10.10.10.1
Switch VLAN 10 IP address 10.10.10.1

Client IP 192.168.3.xx with gateway IP 192.168.3.1
Switch vlan20 IP address 192.168.3.1

ASA inside interface IP 172.16.1.xx with gateway of 172.16.1.1
Switch VLAN30 IP address 172.16.1.1

IPforwarding enabled on all the three VLANs.

So, the switch would route the traffic between VLAN 10 and VLAN 20 to take care of the printer and file shares connectivity requirement.

And the switch would route the traffic between VLAN 10 and VLAN 30 and also between VLAN 20 and VLAN 30 to take care of the internet connectivity.

Hope this helps!

If I misunderstood the requirement, please clarify!
GTM-P2G8KFN