I want to use a L3 Switch -- Nortel Accelar 1200 switch to split my network into smaller blocks. The IP block I have is xxx.xxx.xxx.128/255.255.255.128.
So in the Switch I created 2 VLANs, connected one of the VLAN -- VLAN1 to the outside world (DMZ port of my firewall), and connect a PC to another VLAN -- VLAN2. Now in the VLAN2, the PC can go out, but can't be accessed from out side of the switch. Please see the following detailed configuration:
I connected the Switch to the DMZ port of my firewall (the firewall set up in routing mode), and the IP configuration of the DMZ is:
xxx.xxx.xxx.129/255.255.255.128
in VLAN1, the IP configuration is xxx.xxx.xxx.131/255.255.255.224
in VLAN2, the IP configuration is xxx.xxx.xxx.225/255.255.255.224
The PC connect to the VLAN2 is set up as xxx.xxx.xxx.226/255.255.255.224, GW: xxx.xxx.xxx.225
The default gateway of the Switch is xxx.xxx.xxx.129 -- 0.0.0.0/0.0.0.0 xxx.xxx.xxx.129
Now for the PC in VLAN2, it can reach outside world. But from outside world we can't reach the PC.
To test the routing inside the switch, I connected another PC to VLAN1 and set up IP as: xxx.xxx.xxx.132/255.255.255.224, GW: xxx.xxx.xxx.131. Then from this PC, I can ping the PC in VLAN2. That means the routing inside the Switch is working.
Please advise what else I need to config to fix this problem.
Thanks a lot!!