Network Infrastructure Forums
Extreme / Avaya / Nortel => Extreme / Avaya / Nortel Ethernet Switching => Topic started by: cdrasmu on October 05, 2018, 03:12:11 PM
-
Hello, i am new to vlans.
I got a Avaya 3524GT and wanted to create 6 vlans.
VLAN1 with Servers and PFSENSE router which has a DHCP server and gives internet to all the PCs.
and say one VLAN for each floor.
VLAN2, VLAN3, ETC
I want every floor to get a DHCP IP, and that they cannot sea between each floor.
I followed the Mcnamaras VLANs and IP Routing on an Ethernet Routing Switch but could not get it to work.
Thank you
-
Hello.
Can you post your configuration?
Your requirements that you get DHCP IP from VLAN1 but the other floors cannot see each other may be in conflict.
To get DHCP to other VLANs you would require IP forwarding (routing) and DHCP Relay. Since all VLANs are on the same box, you may have to do some Access List magic to fulfill the requirement that each floor does not see the other.
-
Hello, maybe I explaine dmyslf incorrectly.
Every floor can see VLAN1 (which has the servers)
But every floor cannot see the other ones.
A config I tried is this one:
en
conf t
vlan configcontrol flexible
vlan create 2 name SERVERS type port
interface vlan 2
ip address 192.168.2.254 255.255.255.0
vlan members add 2 3
vlan members add 2 4
vlan create 10 name RED10 type port
interface vlan 10
ip address 192.168.10.254 255.255.255.0
vlan members add 10 5
vlan members add 10 6
vlan create 20 name RED20 type port
interface vlan 20
ip address 192.168.20.254 255.255.255.0
vlan members add 20 7
vlan members add 20 8
vlan members remove 1 3-8
ip routing
interface vlan 2
ip dhcp-relay
interface vlan 10
ip dhcp-relay
interface vlan 20
ip dhcp-relay
exit
ip dhcp-relay fwd-path 192.168.10.254 192.168.2.3 enable
ip dhcp-relay fwd-path 192.168.20.254 192.168.2.3 enable
-
Mmmh, I guess Vlan 1 has no port-members and please keep in mind that L3-Interfaces became active once minimum one single port gets active.
I assume that you did not remove Vlan 1 of any port, so your port-vlan-id (PVID) is still 1 (one)
So please try this:
conf t
vlan members 1 NONE
vlan ports 3-4 pvid 2
vlan ports 5-6 pvid 10
vlan ports 7-8 pvid 20
end
# Good luck
-
Looks like he did remove the ports from VLAN1.
vlan members remove 1 3-8
But with the configcontrol being flexible, the PVID would not have changed from the default of 1 as MatzeKS said.
Use show vlan interface info to check/verify the PVIDs of the ports after using the commands MatzeKS stated in his reply.
-
This is what I get
3524GT(config)# show vlan interface info
Filter Filter
Untagged Unregistered
Port Frames Frames PVID PRI Tagging Name
---- -------- ------------ ---- --- ------------- ----------------
1 No Yes 1 0 UntagAll Port 1
2 No Yes 1 0 UntagAll Port 2
3 No Yes 2 0 UntagAll Port 3
4 No Yes 2 0 UntagAll Port 4
5 No Yes 10 0 UntagAll Port 5
6 No Yes 10 0 UntagAll Port 6
7 No Yes 20 0 UntagAll Port 7
8 No Yes 20 0 UntagAll Port 8
9 No Yes 1 0 UntagAll Port 9
10 No Yes 1 0 UntagAll Port 10
11 No Yes 1 0 UntagAll Port 11
12 No Yes 1 0 UntagAll Port 12
13 No Yes 1 0 UntagAll Port 13
14 No Yes 1 0 UntagAll Port 14
15 No Yes 1 0 UntagAll Port 15
16 No Yes 1 0 UntagAll Port 16
17 No Yes 1 0 UntagAll Port 17
18 No Yes 1 0 UntagAll Port 18
19 No Yes 1 0 UntagAll Port 19
20 No Yes 1 0 UntagAll Port 20
21 No Yes 1 0 UntagAll Port 21
22 No Yes 1 0 UntagAll Port 22
23 No Yes 1 0 UntagAll Port 23
24 No Yes 1 0 UntagAll Port 24
25 No Yes 1 0 UntagAll Port 25
26 No Yes 1 0 UntagAll Port 26
3524GT(config)#
-
I also added global ip routing comand.
I can ping the gateway 192.168.10.254 but not the proxy/dhcp 192.168.2.2
Obviously, I do not get a DHCP address. I did this test with a manual IP address.
Thanks
-
Hi,
Your pfsense have a static route to the vlan 10 and 20? if not the packets are routed to default route (inet)
Regards,