How to enable vlan routing on Nortel 5520ERS

[manubz]

Hi guyz.

After unsuccesfull research, i come to you because i have a problem to enable vlan routing on a stack of 3x Nortel 5520ERS.

So, i have 3 VLAN : ( VLAN 2 & VLAN3) and the VLAN1(Default).

My switch has :
* 192.168.1.102 and is the interface of VLAN#1
* 192.168.2.1 is the interface of VLAN#2
* 192.168.3.1 is the interface of VLAN#3

ip routing is enabled on all the vlans and in the switch global configuration !

Problem is that i ping all Vlans interfaces but not computers connected on them.

So from 192.168.2.10 -----> 192.168.2.1 OK!
from 192.168.2.10 -----> 192.168.3.1 OK!
from 192.168.2.10 -----> 192.168.3.11 NOT OK !

You will find screens in attachment, like ip routing tables and various pings !

Thanks to you all, manubz.

(Sorry for my english, i'm french... )

 

[andy88]

A couple of things for you to check.

Have you got the PC's connected in the correct vlan?

Have you got the correct default gateway configured on the PC? It needs to be the IP interface of the vlan the pc is plugged into.

If you post the config i may be able to help more.

 

[manubz]

Hi, thanks for you reply !

Yes, my PC's are right connected in Vlan's.

All PC's in Vlan's have Vlan ip as gateway, for example 192.168.2.10 has 192.168.2.1 in VLAN#2 - 192.168.3.10 has 192.168.3.1 etc.

PC's can ping all Vlan ip interfaces but not PC's in others Vlan's :/


I will send the config tomorrow, i'm not @ work yet

 

[curtismo]

Make sure the each port's PVID is set to the primary untagged VLAN for that port.

 

[VinceWhirlwind]

PCs have their Windows firewall on.

 

[manubz]

Okay, thanks all for your replies , i will try theses solutions tomorrow !
@curtismo, i do not understand all about pvids, i have not a perfect english

@vince, maybe firewalls are enabled but computers in the same vlan can ping themselves.

See you tomorrow, thanks !

 

[manubz]

Hi !

So i have trying some solutions this morning, unsuccessful :/

I have installed Device Manager on my computer and turned on/off some options, i post a screen about informations on the vlans.

If some one could help me about my problem or need more informations, say it

Thanks !

 

[manubz]

Larger size img

 

[VinceWhirlwind]

Have you turned off Windows Firewall yet?

The last time somebody told me they had a "Network Problem", they gave me the same reply you just did, but it was still the Windows firewalls.

 

[manubz]

Hi,

I solved my problem;

So, when i was testing, i never said to my fortigate than VLAN2 & VLAN3 were connected to 5520.

Here, i made a static route on my fortigate like that : 192.168.3.0 ----> 192.168.1.102(IP 5520) and the same for VLAN2

There, all is working fine, from all my VLAN's i can access to my network and ping the fortigate

Now the problem is that VLAN2 & VLAN3 can't access to Internet :/

 

[VinceWhirlwind]

I don't understand - if the VLAN2 & VLAN3 router addresses are on your switch, your Fortigate should not have any interface in either of those two subnets?

The Fortigate has an interface in VLAN1?

The Fortigate has a default router pointing away from the switches towards the outaide world?
The fortigate has static routes for VLAN2 & VLAN3 subnets pointing at the VLAN1 interface on the switch?

 

[manubz]

Hi Vince !

- The Fortigate has an interface in VLAN1 : it's 192.168.1.1 (Internet GW)
- The Fortigate hasn't any interface in VLAN2 and VLAN3
- To join VLAN2 and VLAN3, the fortigate has a static route pointing on the VLAN1 interface on the switch

 

[andy88]

To get vlan 2 & 3 access to the internet, you have to add a default route on the switch pointing to the fortigate

ip route 0.0.0.0/0 192.168.1.1 1

 

[manubz]

Hi Andy,

I made a default route for Internet, but it was the Fortigate who didn't allowed my networks 192.68.2.X to go on Internet

Now I have an other question, i made a vlan for a a company who must connect to our network to have access to a server.
They have a fiber on one of our 5520 and i would want to know if it was possible to deny all the access excepting on this server.

It would be like that :

VLAN93 (192.168.93.X) ----> 192.168.93.1 -----> 192.168.1.99 (Server they have to join)

So, is there any routing policies to allow only 192.168.1.99 routing on Vlan3 ?

Thanks