VLANs & Subnetting

[timbrigham]

I need a little help getting my network set up, namely the configuration for the layer 3 switch.
I?m trying to configure a Netgear GSM7312 Layer 3 switch to create different subnets based on which port the user is on.
Port/Range
0.1/10.0.1.x
0.2/10.0.2.x
0.3/10.0.3.x
? and so on.

The documentation says it?s possible to do this, but I have no idea how. Can anyone explain to me what I need to do?

Also, at the current time the network is in the 192.168.x family so I can?t connect to anything there. I do however have two separate machines on separate ports assigned static ip addresses (10.0.1.1 switch, .2 machine 1, .3 machine 2). The core vlan setting that comes on the switch is supposed to allow any port to communicate with any other port (I think, based on what I?ve read), but for some reason I?m not being able to ping the machines from one another, just the switch. Any idea what?s going on?

 

[Agamar]

Sounds like the VLAN is blocking your ping from network to network. To be able to ping through to another VLAN, I believe you will have to have a router or switch that supports VLAN routing (A layer 3 switch should).

What you are trying to do is very possible. I have the same sort of setup here, except I have a core switch that supports vlan routing. I have all cicso equipment, but Netgear should be comparable in setup.

 

[ITJunkie]

What are the default Gateway settings on your PC's?
By the looks of what you have in your last paragraph, machine 1 & 2 should have their gateways set to 10.0.1.1 (assuming their assigned IP's are 10.0.1.2 & 10.0.1.3).

How many ports do you have assigned to each subnet/vlan?

 

[timbrigham]

The switch I?m using does support VLAN (it was one of the qualifying criteria).
At current, I?m just using the default vlan, which contains all 12 ports and doesn?t tag any of them. Configuring the vlans correctly and figuring out a way of creating the subnets based on the physical location on the switch is what I?m trying to do.

The machines I?ve been working with apparently had ping blocked by a group policy in place where I work, so I?ve been booting from a livecd distro (the Gentoo install cd) and I?ve been able to ping any machine from any other machine.

Also, this switch does support vlan routing.

My testing has gotten a little more complex now that I know it?s working between the ports on the layer 3.

I have two machines connected to an unmanaged switch, which connects to the layer 3 switch. I have a third machine which connects to the layer 3 switch directly.

I shouldn?t be getting any traffic reaching the third machine when I create traffic between the first two machines, but I am. What do I need to configure to do this?

 

[spidey07]

by default all ports are in the same VLAN. That is a layer2 network.

So having a hub connected to one port and a PC to another is still the same layer2 network. they will all communicate at layer2 without any routing involved.

Maybe if you had a network diagram it would be easier to help. With a clearly draw diagram at layer 2 and 3 it should be straight forward to do what you want.

Also keep in mind that it is very unusual to have a single host on a layer3 link. That is usally what vlans are for.

for example - ports 1-12 are in VLAN 1.
Ports 12-24 are in VLAN 2
VLAN 1 has a default gateway defined on the switch itself as 10.0.0.1/24
VLAN 2 has a default gateway defined on the switch itself as 10.0.10.1/24
Routing is enabled.
PCs in vlan 1 have a /24 mask and gateway of 10.0.0.1
PCs in vlan 2 have a /24 mask and gateway of 10.0.10.1

You're all set.

 

[Rogue]

What spidey07 said is dead on and spelled out pretty well. Think of the separate VLANs as physically separated switches. In order for them to talk, there MUST be a router interface someone between them.

 

[timbrigham]

Thanks guys. That's what I needed to know.
I've never actually worked out a network diagram in the way you suggested. I have no training in networks beyond what I've learned myself, so this has been a lifesaver. Don't want to wait a few months more before I can get this done to get to the workshops.