3COm 4500 Inter Vlan routing newbie question 2

[eaperezh]

Hi,

I have a 3COM 4500 (26 port) swith and I already created vlans. I need assistance with the following.
Note:Vlan 1 has two adsl modems connecting me to internet
first adsl address 201.224.36.x
second adsl address 201.224.35.x
a- How to communicate vlan 2 with vlan 3?
b- How to communicate servers on vlan 4 (servers with real ip addresses) with vlan 1 so traffic can flow to/from internet?
c- I have a Cisco PIX 501 and I was thinking to connect the LAN part to the vlan 2 and the WAN part to the vlan 1 and then telling my users on vlan 2 that the gateway to internet is the PIX, so i secure my users while on the internet. That's why I need vlan 2 and 3 to communicate.

Suggestions?

****out of the box config with the folling added*******
vlan 1
port ethernet1/0/23 to ethernet1/0/24
vlan 2
port ethernet1/0/1 to ethernet1/0/2
vlan 3
port ethernet1/0/3 to ethernet1/0/4
vlan 4
port ethernet1/0/5 to ethernet1/0/6

interface vlan-interface 1
ip address 201.224.36.62 255.255.255.255

interface vlan-interface 2
ip address 192.168.2.254 255.255.255.255

interface vlan-interface 3
ip address 192.168.3.254 255.255.255.255

 

[SYQUEST]

From what I understand inorder for VLANs to communicate with one another you need a Layer 3 switch or a router to setup the paths.

Hope this helps!

....JIM....

 

[IRudebwoy]

The 4500 is a layer 3 switch. You should set the default gateway to the IP address of VLAN interface the host is connected to.

A: From what you provided, all hosts on VLAN 3 should have their gateway set to 192.168.3.254 and VLAN 2 host should have a gateway of 192.168.2.254. But there is one problem, the routing table will have routes to all VLAN segments and will route to all segments.

B: You should keep your internet servers on VLAN 1 to keep things simple.

C: That should work but you should remove the IP interface on VLAN 1 so no one will bypass the PIX (via the 4500 routing table)

Have Fun!

 

[eaperezh]

Thanks for all your help, I would like to post some other details in hope it will help others.
After dealing with this Layer 3 switch all weekend:

1- Create the VLANs and assign the ethernet port that will be needed per VLAN.
2- When you want to route between VLANs you must assign an ip address to the VLAN interface in order to function as a router for Inter-VLAN traffic. HOWEVER 3COM will not let you add an ip address to a VLAN interface and THEN add a corresponding route.
BAD EXAMPLE:
(assume you are a a 3COM switch prompt)
interface vlan 2
undo ip address
ip address 192.168.2.254
interface vlan 3
undo ip address
ip address 192.168.3.254
ip route-static 192.168.2.0 255.255.255.0 192.168.2.254
<ERROR> Invalid next hop address.

Now, why the error above occur, simple, because you assigned an ip address to the VLAN interface BEFORE creating a static route
CORRECT EXAMPLE:
interface vlan 2
undo ip address
interface vlan 3
undo ip address
ip route-static 192.168.2.0 255.255.255.0 192.168.2.254
ip route-static 192.168.3.0 255.255.255.0 192.168.3.254
interface vlan 2
ip address 192.168.2.254
interface vlan 3
ip address 192.168.3.254

So the difference is in the order of the instructions. It seems that 3COM does not support creating a first-time static route with an already assigned to a VLAN interface ip address.

And yes, you should not bind an ip address to the VLAN1 interface, otherwise it will be used to bypass the PIX.

Thanks

 

[SYQUEST]

Thanks eaperezh,

You deserve a star for this. I am going to print a copy for future reference. You might consider using this for an FAQ on the forum so other folks can reference it at any time.

It would sure help if 3Com would write better manuals or hire better tech writers!

....JIM....