VLAN using different 3COM switches in different subnets

[CircleTilde]

Hi

I've been assigned the task of getting straight internet access to a certain range of ports on a switch. I was told that using a VLAN would be the best solution. So I've done some research and am thoroughly confused. We don't use any VLAN's in our current network setup, and all of the switches that we use are different models of 3COM or Cisco, so the VLAN language is different for each switch.

So what I think that I've done is created a VLAN with ID of "6" on the 3COM 2952 switch, and used the ports 1-16 for that VLAN. I believe that I have them TAGGED, and the rest of the ports for that VLAN are non-members. Then I used the default VLAN 1 and did sort of the opposite, except I didn't have them TAGGED, I set them to UNTAGGED.

Next on the other switch, a 3COM 2948, I created VLAN 6 on there, and pointed it to just 1 port (10) and connected an ethernet cable from that port to our external internet switch (8-port). Looking at the settings on that 8-port managed switch, I found out that I can set up VLANs there as well.

Basically I'm wanting to wall off the first 16 ports on that first switch, and give direct access to the internet. I don't want any computers connected to those ports to see the rest of our network, nor do I want our network to see those computers, however I still want management capabilities.

What am I doing wrong? Do I need to set up a VLAN on EACH switch in between? I read about trunking and think I tried doing it, but there's not much reliable help on the internet regarding the same type of situation that I'm in.

I posted an attachment of a layout of our network segment. As of right now, I can manage the first switch from anywhere, and can only see things connected to ports 17-52.

 

[VinceWhirlwind]

First thing is "untagged"/"tagged" on 3COM means "access"/"trunked" on the Cisco.

So, you want the switch<-->switch interfaces to have "tagged" VLANs on them, and ports 1-16 on your "edge" switch must have the internet VLAN "untagged".

I can't access your link, but what I think this means for you is this:
- create VLAN 6 on your internet switch and assign all interfaces to that VLAN as "untagged".
- create VLAN6 on your 2948 and assign interface 1 as VLAN 6 "untagged", and assign the uplink interface to the 2952 to have VLAN 6 "tagged"
- create VLAN 6 on your 2952 and assign interfaces 1-16 as VLAN 6 untagged, and the uplink interface to the 2948 to have VLAN 6 "tagged".

 

[CircleTilde]

Thanks for your reply!

Here's a different link to the layout. I thought the previous one was public access.

Let me try your suggestion and see if that gets results.

 

[VinceWhirlwind]

Ah, let me re-phrase it:

- create VLAN 6 on your internet switch and assign the uplink interface to the 2948 to have VLAN 6 "tagged"
- create VLAN6 on your 2948 and assign interface 1 as VLAN 6 "tagged", and assign the uplink interface to the 2952 to have VLAN 6 "tagged"
- create VLAN 6 on your 2952 and assign interfaces 1-16 as VLAN 6 untagged, and the uplink interface to the 2948 to have VLAN 6 "tagged".

 

[CircleTilde]

Will assigning the uplink interface to the 2952 on the 2948 cause issues with the rest of the network?

The 2952 and the 2948 don't actually connect to each other, since they are a couple of miles apart distance-wise. I placed in the picture the VLAN 6 connection to show the path that I was intending to create.

That being said, will I need to change anything on the siwtches/routers connecting between the two?

 

[VinceWhirlwind]

Yes, everything in the path has to have VLAN 6 and has to have VLAN6 assigned as a tagged VLAN to the interfaces VLAN6 needs to go in and out.

 

[SYQUEST]

VinceWhirldwind is correct! The VLAN info has to be propagated on the up links and connecting links, otherwise how will the switches know where they are? Even if they only pass through them, they need to know.

....JIM....