VLAN Query - General Discussion (Retired/Read Only) - TechCenter Extras - Dell Community

VLAN Query

TechCenter Extras

TechCenter Extras
Dell Technical solutions information on various topics, hosted on the Dell TechCenter IT community platform

VLAN Query

  • Hi Guys,

    I'm playing around with splitting up my existing flat LAN into a couple of separate VLANs. I seem to have everythign workign and routing as I want but I am having issues with interent connectivity. Quick rundown of the LAN:

    1x PowerConnect 6248 (Layer 3)
    4x 5448's (Layer 2)

    Existing Lan (now vLAN99) 192.168.0.x/24
    SnapGear Sg580 Firewall is the Main Gateway on this vLAN

    New vLANs
    10.0.10.x/24 - gateway - virtual interface set on 6248
    10.0.11.x./24 - gateway - virtual interface set on 6248
    10.0.12.x./24 - gateway - virtual interface set on 6248

    I have 4 port trunks (LAG +LACP) from each 5448 to the 6248 - Each 'trunk' is tagged on each VLAN I need to route down through. All existing servers and workstations are set to vLAN99 and it all works perfect, no matter which switch you are plugged into. Great start. I setup IP-Helper on the 6248 and pointed it at our DC. I also setup 3 new DHCP scopes to match the new subnets. I can set ports on any switch to be vLAN10, or vLAN11 or vLAN12 and they get the correct IP assigned to them. I can see the new leases. The PC's hit the servers fine, mapped drives, print etc - awesome

    But they don't get the internet!

    They can resolve IP's fine. I can drop to cmd prompt, ping any web address and its resolving the IP it needs to go to - no responses though. They can ping their respective gateway (the virtual interface on the 6248), they can ping the SnapGear firewall at I can get onto the Snapgear and ping back to the subnets Gateway fine. Something just isn't quite right and its driving me nuts!

    Any help and or advice is greatly appreciated ;)
  • Also, just to clarify it in my mind. TAGGED and UNTAGGED ports. From all my reading you TAG ports you want multiple vLANs to access.

    So my Trunks (LAGs) are TAGGED in each vLAN I need to access those trunks.

    The servers need their ports set to 'general' and TAGGED for each vLAN you want to access those ports and UNTAGGED for its native vLAN?? ie my DC is in vLAN99 so in that vLAN its UNTAGGED but in vLAN12 its TAGGED so that PC's in vLAN12 can access it?? This is how it is currently set and my laptop in vLAN12 can hit the server and access DHCP, shares etc fine - just no net access.

    I have my Firewall in vLAN99 and UNTAGGED on that vLAN but TAGGED in vLAN10, vLAN11 and vLAN12.

    All my PC's are set to 'Access' regardless of which vLAN they are in, and whatever vLAN they are in they are set to 'UNTAGGED' ie all PC's in vLAN12 are set to UNTAGGED.

    Is this correct?