• November 01, 2024, 01:33:50 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DGS-1210-48 vlan problem interconnectin to another switches.  (Read 11164 times)

TETRO999

  • Level 1 Member
  • *
  • Posts: 2
DGS-1210-48 vlan problem interconnectin to another switches.
« on: March 18, 2015, 06:53:13 AM »

Hi.

this is my actual situation:

i have two switches, DGS-1210-48 and an old HP ProCurve 2650. and it works... 'til now.
the old HP is dying, until now this was the main switch, with 4 static vlan. and gvrp enabled (disabled works too)
1... default management. port 48=tagged untagged ports=none
100... lan1, port 48=tagged untagged ports=10-20
101... lan2, port 48=tagged untagged ports=21-40
102... dmz, port 48=tagged untagged ports=1-9,41-47
port 48=Fortinet Firewall
port 15=dlink switch (no vlan defined)

what i need:
i need to replicate the 4 vlans in my d'link switch, connect a second switch...(another HP) with the same vlan's and all must be connected to the fortinet firewall for internet

this is my problem:

i've reviewed, watched, read as many manuals, webs, etc... as i can, but i'm not able to copy (and make it works) vlans to the dlink switch and connect a second switch.

i'm lost with asymmetric, pivd, tagged, etc...

really... i need help.
thanks in advance.
Logged

PacketTracer

  • Level 4 Member
  • ****
  • Posts: 441
Re: DGS-1210-48 vlan problem interconnectin to another switches.
« Reply #1 on: March 18, 2015, 03:56:45 PM »

Hi,

from your description unfortunately I can't see if you want to replace your old HP ProCurve 2650 (because you say it's dying) or if you want to leave it in place and expand it by plugging it to the D-Link switch and to another HP switch, while leaving the fortinet firewall connected to port 48 of your old HP switch.

Anyway, because this is a D-Link forum I will only focus on your question on how to replicate the 4 VLANs in your D-Link switch which is plugged to port 15 of your HP switch. You do this the same way as you connect your firewall to port 48, hence in your HP switch you have to apply the same configuration as for port 48 to port 15:

1... default management. port 15,48=tagged untagged ports=none
100... lan1, port 15,48=tagged untagged ports=10-14,16-20
101... lan2, port 15,48=tagged untagged ports=21-40
102... dmz, port 15,48=tagged untagged ports=1-9,41-47

Let's assume you use port 48 of the D-Link switch to connect to your HP switch (you didn't specify that, but you can easily adapt the following configuration to another port). Hence, you have to configure port 48 for the 4 VLANs 1, 100, 101 and 102 (all of them tagged) and can use ports 1-47 to subdivide them into three groups, where each group gets assigned one of the VLANs 100, 101 or 102 and all ports in these groups are untagged. If I take the same subdivision as defined for your HP switch, you would have to configure the Ports of your D-Link switch exactly the same way as your HP switch:

1... default management. port 48=tagged untagged ports=none
100... lan1, port 48=tagged untagged ports=10-20
101... lan2, port 48=tagged untagged ports=21-40
102... dmz, port 48=tagged untagged ports=1-9,41-47
port 48=HP ProCurve 2650

In the beginning all ports of your D-Link switch are configured for VLAN 1 untagged. In addition VLAN 1 is the management VLAN of your switch by default. Be aware that with the above configuration your D-Link switch will no more be configurable via ports 1 to 47, but only via port 48 and hence via your firewall only which is the only device attached to VLAN 1 (and can access the D-Link management interface indirectly only via your HP switch).

I assume you start the configuration from an admin computer attached to port 1 of your D-Link switch. To avoid losing connection to the switch in the first step port 1 will be excluded from any configuration changes and will be changed to VLAN 102 in the last step after you changed to your firewall to test administrative access to the D-Link switch.

You start the configuration from your admin computer according to the following steps:

  • Select Configuration > 802.1Q, leave Asymmetric VLAN Disabled and edit VLAN 1: Leave Port 1 (the port your admin computer is connected to) unchanged, that is: Untagged. Change port 48 to Tagged. Click "Apply"
  • Back to "IEEE 802.1Q VLAN Configuration" click "Add VID" to add VLAN 102. Enter VID=102, VLAN Name=dmz and set Ports 2-9 (not 1!) and 41-47 to "Untagged". This will remove these ports from VLAN 1 and assign them to VLAN 102. Set port 48 to "Tagged" and click "Apply"
  • Back to "IEEE 802.1Q VLAN Configuration" click "Add VID" to add VLAN 101. Enter VID=101, VLAN Name=lan2 and set Ports 21-40 to "Untagged". This will remove these ports from VLAN 1 and assign them to VLAN 101. Set port 48 to "Tagged" and click "Apply"
  • Back to "IEEE 802.1Q VLAN Configuration" click "Add VID" to add VLAN 100. Enter VID=100, VLAN Name=lan1 and set Ports 10-20 to "Untagged". This will remove these ports from VLAN 1 and assign them to VLAN 100. Set port 48 to "Tagged" and click "Apply"

Now change the switch address so that it fits to the IP address range defined for VLAN 1 by your firewall. After applying this change you will lose connection from your admin computer, hence change its address to a value that fits the IP address range defined for VLAN 1. After that you should be able to access the switch's administation interface from your admin computer again.

Now change to your firewall and check if you can access the administation interface of your D-Link switch. If (and only if!) successful you can decide if you want to leave port 1 of the D-Link switch as is (VLAN 1 untagged) as a backup admin port or if you really want to have exclusive access to the administration interface of your D-Link switch from your firewall only (and indirectly via your HP switch). In the last case, access the administration interface of your D-Link switch from your firewall, go to Configuration > 802.1Q, edit VLAN 102 and change Port 1 to untagged. This will remove Port 1 from VLAN 1 and assign it to VLAN 102.

Finally, if you want to replace your old HP switch by the D-Link switch, all you have to do is to unplug your firewall from port 48 of your HP switch and plug it to port 48 of your D-Link switch. All other devices have to be moved by plugging them to the same port number of the D-Link switch as they were plugged to the old HP switch before (assuming Port 1 being configured for VLAN 102 untagged.).

PT
 
« Last Edit: March 19, 2015, 03:52:49 PM by PacketTracer »
Logged

TETRO999

  • Level 1 Member
  • *
  • Posts: 2
Re: DGS-1210-48 vlan problem interconnectin to another switches.
« Reply #2 on: March 19, 2015, 01:33:35 AM »

thank you... it WORKS !!!

and FYI, the HP switch will be repaired, firmware upgraded and set up as backup/expand swtich.
Logged