3Com Baseline 2426 VLANS

[apersoncalledsmit]

Hi,
I am trying to setup a 3Com Baseline 2426 switch for an office that rents out office space. They have a DrayTek router for the internet connection that is connected into port 26 and a shared printer in port 25.
I need to create a separate VLAN for each office so PC’s in each office can only see each other, the shared printer and have access to the shared internet connection. The DrayTek is setup to assign IP addresses using DHCP.
I have created the following on the switch
VLAN 2 – Tagged Ports 1,2,25,26
VLAN 3 – Tagged Ports 3,4,25,26
The problem I have is that all devices can see each other, do I need to set the ports that the PC’s are connected to as untagged VLAN members and leave the shared printer and internet connection ports as tagged in each VLAN? I think the default VLAN 1 may be causing the issue but not sure.
Any help is greatly appreciated.
Thank you

 

[SYQUEST]

The Baseline 2426 switch is Layer 2 only! For routing between VLANs you must use Layer 3 devices. If your DrayTek has full Layer 3 routing capabilities, than you can configure a routing table to accomplish this, by creating a route for each VLAN to the Internet and shared printer.

I am not familiar with DrayTek. You will need to read the documentation for your router. In the event that the DrayTek won't fill your needs, you may need to replace it with something else, like a Fortigate or Juniper Networks router.

....JIM....

 

[VinceWhirlwind]

If the Draytek supports it, you create each VLAN on the Draytek and configure the default GW for each subnet on each VLAN on the Draytek.
You then have to configure the ethernet port on the Draytek to be a .1q trunk, with all VLANs tagged, and then patch that to a port on your 3COM which is configured exactly the same.
Then, you assign each port on the 3COM as untagged in the appropriate VLAN for the device you are patching to that port.

It's not immediately clear why you need VLANs when your entire network consists of one 24-port switch.

 

[SYQUEST]

It is very clear why he wants VLANs. If Vincewhirlwind read the beginning of the post, you would see he wants his tenants to have separate LANs, since the landlord is providing Internet service with the office rentals. Hence VLANS, to serve their needs!

....JIM....

 

[apersoncalledsmit]

Thank you both for your help. If all devices were on the same subnet as the Draytek and the printer would this remove the need to use layer 3 to route between the VLANS? So make the Draytek and printer ports members of all VLANS.

 

[SYQUEST]

Unfortunately, VLANs don't work that way. A VLAN is a LAN unto itself, like a private circuit or path (virtual). It may share the same physical path and bandwidth, but is isolated to itself and the ports that are assigned to the specific VLAN(s). To get a better idea about this functionality, you might want to read the manual on the Baseline 2426 switch, especially chapters 7 and 8. If you don't have the CD that came with the switch, you can download the documentation from the 3COM website. If that explanation is lacking, you can use a search engine to find info about VLANs on the web.

With the requirements you expressed, the only way to communicate between VLANs and the Internet is with a Layer 3 device(s) in order to maintain the separateness . Sharing the network printer among VLANs is a special case, and would require special routing for all the VLANs in order to work.

....JIM....

 

[apersoncalledsmit]

Thanks for all your help Jim, i'll have a look through the documentation.