VLAN - what am I missing?

nutcase

nutcase

nutcase

Soldato
Joined
18 Oct 2002
Posts
7,622
Location
SX, unfortunately
Having a bit of a brain fart here. Flat network, trying to add a VLAN. Created on switch, created an interface for it (VLAN 1 interface is 10.0.11.251 and VLAN 20 interface is 10.0.12.251). Switched on DHCP helper to point to the DHPC server (10.0.11.13) and have added a 10.0.12.x scope to the DHCP server.

Two ports on switch set to be access for VLAN 20. If I connect a device, it does not pick up an IP. If I give it a static, I can ping both 10.0.12.251 and 10.0.11.251 but nothing else on the 10.0.11.0 network.

I've obviously missed something but what? :(
 
I know nothing about networks and shouldn't even post but do you need to do.something firewall / NAT related to allow traffic from the 12 subnet on to the 11 subnet where the DHCP Server lives?

And doesn't it defeat the point of a vlan if you're only using one in this manner?
 
Have you set sub net's for each vlans?

Say 255.255.0.0 for 10.0.11 and 255.255.252.0 for 10.0.12 (for example)
 
I guess that looks right, I'm assuming that's the switch.

Is the (for eg) DHCP server's gateway the vlan interface for vlan 1 (10.0.11.251?) or something else? If it's something else does that device have a route to point 10.0.12.0/24 to 10.0.12.251?
 
Yes that's a grab from the switch GUI.

he DHCP is on 10.0.11.x and the vlan interface is indeed 10.0.11.251 (both vlan interfaces are on the same switch).
 
Point gateway of devices on vlan 1 to vlan interface of vlan 1.
Point gateway of devices on vlan 20 to vlan interface of vlan 20.

Default route on switch to the ISPs gateway.

Or

Add a route on 10.0.11.10 to route 10.0.12.0/24 via 10.0.11.251 (I think).
 
I don't think I can do the "or" - router not in our control.

I've added the static route in my above picture, set a device on VLAN 1 to use 10.0.11.251 as it's default gateway and no internet :( If I set the DG to 10.0.11.10 it has internet access. So the static route is not working?
 
Hm... ISPs router may need a route back to the vlan interface.

Think you're gonna need a route on the ISPs gateway back to the switch vlan interface 1.

Can you ping cross network (10.0.11.x to 10.0.12.x) when a device on either side has the gateway set to it's applicable vlan interface?

Might not be right though, someone else may have an alternate suggestion.
 
I can now ping inter-vlan yes. When I say I can't access the ISP router at present I can - it's a temporary draytek thing - the real one is being switched over to on Tuesday. I've added a static route on the router:

Destination IP Address 10.0.12.0
Subnet Mask 255.255.255.0
Gateway IP Address 10.0.11.251

From Tuesday I won't have access though (guess I could request it if it does turn out to be required)

But no difference at present :(
 
Hmm, it's that entry on the Draytek that is allowing the inter-vlan communication. If I disable it, I can no longer ping from VLAN 20 to VLAN 1 nor communicate with the DHCP server. So I need that route on the Switch somehow?
 
Sounds like whatever you're pinging in VLAN 1 is pointing at the draytek for its gateway, not the vlan interface on the switch, removing the route on the draytek will break inter-vlan routing in that instance because it doesn't know how to route back to 10.0.12.x

So, example.

Computer 1 (vlan 1):

ip 10.0.11.50
subnet 255.255.255.0
Gateway 10.0.11.251

Computer 2 (vlan 20):

ip 10.0.12.50
subnet 255.255.255.0
gateway 10.0.12.251

Ping 10.0.12.50 from computer 1, works?
Ping 10.0.11.50 from computer 2, works?

The switch should do all the routing for both vlans and then its default route should be the draytek for anything else (the internet), the draytek then needs to know where the gateway is for each subnet so network traffic goes in the same way it comes out otherwise things won't work.
 
You must log in or register to reply here.
Back
Top Bottom