I have been searching these forums for a while, but can't find the answers to 2 questions. 1. How to allow inter-vlan comms? 2. Why certain machines can't access the internet?
I have an sge2000 (firmware 126.96.36.199, boot version 1.0.0.05) switch configured to layer 3 mode. I have setup 3 VLANs:
VLAN1 - management vlan - ip address 192.168.1.254/24
VLAN2 - frontend vlan - ip address 172.16.1.254/24
VLAN3 - frontend storage vlan - ip address 172.16.2.254/24
I have 1/g1 plugged into a draytek vigor 2950 - internet gateway ip 192.168.1.1. This port has no specific set-up (default vlan 1 untagged).
I have one workstation (ip address 172.16.1.15/24 gateway 172.16.1.254) plugged into 1/g3. This port is set-up as vlan 2 untagged access mode.
I have an esxi 4 server plugged into 1/g6. The esxi servers (with a ubuntu webserver virtual machine - 2 interfaces one in vlan 1 and one in vlan 2) virtual switch is set up to tag vlan2 and vlan3. This switch port is set-up as general mode vlan 2 and vlan 3 both tagged.
I have set-up one static route on the switch:
1. destination ip -> 0.0.0.0, mask -> 0.0.0.0, next hop -> 192.168.1.1
I have set-up two static routes on the draytek:
1. destination ip -> 172.16.1.0 mask -> 255.255.255.0, gateway ip -> 192.168.1.254
1. destination ip -> 172.16.2.0 mask -> 255.255.255.0, gateway ip -> 192.168.1.254
Phew. Now that is out of the way. At first I could not get access to the internet from the workstation or webserver. Bizarly if I create an acl with 1 rule but don't bind it to any ports I get access to the internet and the rest of the 192.168.1.x network from the workstation.
But for some reason I cannot access the internet from the webserver!!
I can ping the webserver from the workstation however and vice versa.
So the first question is why/how can I get internet access from the webserver?
Second question how do I get access from vlan2 to vlan3?
I have seen some posts say the default behaviour of the sge2000 in layer 3 mode is to allow intervlan comms but I simply can't ping the webserver vlan3 interface from the workstation (vlan2 ip address).
Please help this is driving me bonkers for 2 days.
Thanks in advance