Keep in mind that, fundamentally, if two hosts are configured with IP addresses in different subnets those hosts will need to communicate through one or more routers with interfaces in their respective subnets in order to communicate. A "layer 3 switch" isn't anything more than a router with the ability to create virtual interfaces that are exposed to the broadcast medium of a VLAN.
re: #1 - To conceptualize VLANs, just imagine that the ports in each VLAN are a physically disperate switch. In a flaw-free VLAN implementation (where traffic can't "leak" between VLANs) that's the effective behavior-- each VLAN acts as a separate switch. ACLs applied at layer 2 will name only MACs (and, if the switch supports quasi-layer 1 ACLs, ports). Any ACLs naming IP addresses, TCP ports, etc, aren't layer 2 ACLs. (There may be switches that have "layer 2.5" functionality whereby they examine the payloads of IP packets without actually being able to route packets, but I'd be wary of such things.)
re: #2 - VLAN tags allow the traffic of multiple VLANs to be carried on a single port, typically called a "trunk". You can conceptualize them as virtually subdividing a connection between two devices into smaller "ports" that each carry the traffic for a single VLAN. There's nothing you can do with "trunking" that you couldn't do by using multiple non-trunked ports, but using trunk ports and tagging packets allows you to carry the traffic of multiple VLANs between physically disperate switches w/o using a large number of physical ports for inter-switch links.
re: #3 - Routing IP between different subnets (irrespective of VLANs-- it's typically convenient to have a 1:1 relationship between VLANs and subnets, but it's not required) requires a routing capability. If you need to route IP between different subnets then you need a router. It could be an embedded layer 3 entity in a switch, or it could be a "router on a stick". Anything that can route IP between different subnets is a router. re: ACLs - Like I said in #1-- I'd be wary of a device that did "quasi layer 3" functions. Either it's a router or it isn't.
A couple decent background questions:
The issue was this was found to be that by default Spanning-tree was enabled on the 2848 Layer2.
If I plugged another branded switch into the Layer 3 6248 and then the other switch into the 2848 it would work.
Going from the Dell to Dell would not work at all. Turning off STP on the 2848 solved this issue.
I have also found that using "spanning-tree portfast" in my config , on the 6248 ports in general mode is the way to go when getting a DHCP address, this shortens the time taken to get the address considerably while keeping things working.
Best Answer
Ethernet VLANs do nothing more than "partition" switches such that they act like multiple switches, with separate broadcast domains for each VLAN. (That is, broadcast traffic from one VLAN doesn't appear in another.)
If you're planning on doing port-based VLANs (that is, port X will be a member of VLAN 2, port Y will be a member of VLAN 3, etc) and you're looking to "map" the devices plugged-into the switch ports you can do that a few different ways. You're not going to see IP addresses in the
show bridge address-listbecause you're asking the switch to give you its layer 2 adjacency / bridging table, which will only contain MAC addresses (and ports).Obtain the MAC address from each device via OS mechanisms (
ipconfig /allon Windows,ifconfigon Linux, for example). Locate the device's MAC in the output of theshow bridge address-listcommand that you've already discovered.From a computer in the same IP subnet of the subject devices, PING each device and look-up the MAC address in your ARP table (using
arp -aon Windows, for example). Locate the device's MAC in theshow bridge address-listoutput.Pull cables and see who complains.
Presumably you're using a layer 3 switch (one the Dell PowerConnect 6200-series, 7000-series, or 8000-series) if you're assigning multiple IP addresses to VLAN interfaces. There's a chance you're not, though, and it's probably worth talking about.
If you're using a layer 2 switch (like the other PowerConnect models that I didn't list above) then the switch isn't capable of routing traffic between VLANs. The switch can be assigned a management VLAN and and IP address within the subnet you use in that VLAN, but the switch won't act as a router moving traffic between VLANs. If you're using a layer 2 switch you should still be able to PING it from a test device. Assign the switch's management VLAN number to the VLAN assigned to the port where the test device is plugged-in, assign a management IP address to the switch, and assign the test device an IP address in the same subnet. (I will caution that some of the lowest-end Powerconnect switches-- the 2000-series, I believe, don't allow you to change the management VLAN away from 1. These switches are best installed in dumpsters.)
A layer 3 switch is capable of acting as a router, receiving traffic from one VLAN and routing it to another. (You can think of a layer 3 switch as a layer 2 switch with a router that has a flexible number of interfaces hidden inside it.) If you're using a layer 3 switch you'll need to assign an IP address to a the VLAN interface for the VLAN where your test device is plugged-in and assign your test device an IP address within the subnet you used for the VLAN interface.
In my experience, the kind of scenario you're describing, with the inability to PING a switch, is typically caused by not having the test device and the switch configured for the same subnet (and not having a router that can move traffic between the subnets).