Learning about VLANs

[brianl703]

I have two switches, a Nortel Networks Baystack 450T and a Cisco 2950, and I thought it'd be educational to configure a VLAN trunk port on each one, connect them, and set up two VLAN access ports.

I got it working. The VLAN access port for VLAN 2 on the Baystack is connected to the firewalled ethernet interface on my Linux machine which runs it's own DHCP server.

The VLAN access port for VLAN 2 on the Cisco is connected to my wireless access point.

VLAN 1 is connected to my broadband router and the unfirewalled interface on the Linux machine, as well as my 3 desktop computers.

I ran tcpdump on the firewalled interface (connected to VLAN 2) to make sure everything was working right (ie, traffic from VLAN1 not getting to that interface) and when I did a ping to a nonexistent local IP from my desktop machine I saw the ARP requeest. Uh oh...

..it turns out that the access port that the Linux machine's firewalled interface is on was a member of both VLANs, apparently a configuration that Cisco doesn't allow but the Baystack does.

I fixed that and did another ping to a nonexistent local IP and didn't see the ARP request so all is good.

I have to say, I like the user interface on the Baystack much better.

 

[Matt_S]

We use VLANs extensively here at my work. We have three different server environments, each with an internal network segment and a DMZ, an internet connection, a main lab, two office floors and a soon-to-be-connected remote office. Each has it's own segment and various segments are firewalled in different ways. We have one Cisco 4500 switch at the heart of it all with 3 firewalls and several T1 routers. It's amazing what that one Cisco will do and VLANs are the reason that's all possible without a dozen more pieces of network gear than we currently have. It's a very powerful box.

 

[Brons2]

You should be able to have multiple tagged VLANs on 1 port, but not multiple untagged ports. FYI on the newer Baystack (now Nortel) equipment, this would not be allowed either. Try a firmware upgrade for your 450T.

Think of a VLAN as a virtual Layer 2 network.

 

[brianl703]

Unfortunately Nortel doesn't make firmware updates available without a support contract.

Interestingly, even the latest revision of the manual for the Baystack 450 (which they do make available without a support contract, how nice) talks about how you can put an access port on multiple VLANs. The example shown has a network printer plugged into the access port, with two VLANs having access to it.

 

[toocrazy2yoo]

Quote:

---

Unfortunately Nortel doesn't make firmware updates available without a support contract.

---

Minimum buy-in, 5K I believe..

 

[brianl703]

I'm sure if they could get away with making you buy an activation code for your switch every year, they'd do it.