Hi David,

and thanks for replying,

in fact, it is not a simple Webserver  ;-)

it's an ESXi ( Ouchhh !! )

and even in the VLAN2 with another PC(windows 7)  i cannot access to the ESXi , only ICMP replies !

I don't know where is my issue....

thanks David for replying,

i still have my issue . . . .

don't know where it is ....

Karim,

Has it ever worked?

Is it listening on port 80?

;-)

Course yes !

Now, it is on VLAN 2 .

When i want to check with VLAN 1 ( with an adress on the VLAN1 ) it works without any problem ...But when i turn my conf into :

- ESX into VLAN2

- PC into VLAN1 :

it results with only ICMP functionning...

I can't understand...

Hey David,

i'm working on my issue...and now i can tell you that : ( considering i work on SG300-10 )

i have 6 VLAN's :

VLAN1 : 192.168.1.254

VLAN2 : 192.168.2.254

VLAN3 : 192.168.3.254

VLAN4 : 192.168.4.254

VLAN5 : 192.168.5.254

VLAN6 : 192.168.6.254

I have 10 ports : GE1 to GE10

All Ports are in TRUNK mode except the GE10 wich is in ACCESS mode.

i put GE1 to GE4 with 5 VLAN's on it like this :

1T,2UP,3T,4T,5T

and

GE10 with only : 1UP

on port GE2 : i plugged my ESXi server. with IP 192.168.2.1/24 gw : 192.168.2.254

i can access my ESX without any problem.

i modified my conf for port GE3 with this : 1UP,2T,3T,4T

Even i can ping my 2nd ESXi server , i can access any port of it...

So , my issue turn around : I CAN'T ACCESS ANY SERVICE WHEN I HAVE A VLAN TAGGED !

Can you help me solve this David ?

Thanks in advance,

regards,

Karim.

Karim,

With vlans, you can only be a member of one vlan (network).  You have to send your request to a layer 3 device and that will do the routing from one network to another one. 

With that in mind, all you have is whether your tagged or untagged.  If your the only device communicating on that port, make it an access port member of the vlan you want to be a member of.  If there is more than one (like a phone and a pc coming out the back of the device) you need one vlan untagged and the other tagged to separate the traffic.

The reason you cant access something when the port is tagged, is the port will only accept frames from that tagged vlan.  Meaning you have to be tagged before you get to the port.  If your not tagged, your untagged.  Most nic cards will let you go into the advanced settings and tag the nic card if you have to be tagged.

So look into your design and if your wanting to put just the server on a port, make it an access port member of that vlan and you will be able to communicate on that vlan.

As long as your gateway address for your nic card is set to the switches vlan ip address you should be able to go between vlans.

Hi Karim,

With the greatest of respect, I really get the idea that you need lots of help to understand how VLANing works.

If a PC is connected to a switch port that is a member of VLAN3 , in other words it starts with IP address 192.168.3.x and you want it to communicate with other IP hosts in the 192.168.3.x network.  If the PC has not has it's ethernet port modified to be a tagged member of VLAN 3 then the switch port should be a untagged member of VLAN3.

I think you are having much difficulty understanding how VLAN tagging works, configuring 1UP,2T,3T,4T on each port isn't working.  VLAN tagging and the whole idea of VLANs isn't a easy concept to grasp, so to help us.

• I need a DETAILED network diagram from you. The diagram should indicate the full IP address of the PC or server. It can be drawn on a piece of paper and scanned  or something simple like microsoft  paint,   (When I understand your network topology and addressing scheme I think between David Carr and myself we can suggest a VLAN configuration.)

• or to put it another way,  make a diagram showing the IP addresses of the PCs or Servers that you wish to use.
• show what switch ports you would like to connect these to.

• Did you have to do anything to the NIC cards on these PCs or servers  to specify a VLAN ID   or  have you just statically defines a IP address' on the PCs and servers ?

• Are you using DHCP server to allocate IP addresses for your IP hosts, please indicate in the diagram which device maybe a DHCP server ?

Again, use paint or some simple way to create the diagram,.  even a scanned piece of paper with a clear diagram would be good.

I think between David Carr and myself we can lead you in the right direction to a successful conclusion..

regards Dave

Hi David,

i'm a little bit disappointed to read this :

"With the greatest of respect, I really get the idea that you need lots of help to understand how VLANing works."

I've been working on VMware virtualization and drawing architecture (including network ones) since 2004 , and i DO understand what is VLAN, you can be sure of this.

I (try to) explain my issue on a very small cisco stuff ( SG300-10 ) ...

What you don't seem to understand, is that in a very normal configuration it doesn't work.

i continue investigating and i finally find the issue... : Problem on the hardware (tagging) , confirmed by Cisco guys in France and many engineer in my office...

So , i suggest before you gave lesson to people who are in need, that you think before you right, even it starts with a good willing....

Thanks for your understanding,

Regards,

Karim.

Hi Karim,

I don't know peoples expertise on this posting, I apologies that I may have worded my response ijn such a way that you took  offense.  Not my intention.

I could not figure from a description of 1UP,2T,3T,4T on each port how your devices were connected, my intention was to get a network diagram.. 

Apologizes for offending you, I suppose I was too direct in my request, but I'm glad your application is up and running.

Sincere Regards

Dave