SteveJ-007
asked on
How to configure VLAN Routing?
HI Everyone,
I am planning the configuration of a new network using 4 new switches and using a layer 3 Dell powerconnect 6224 to route between the different VLANs and the external network but I am not entirely sure about how to set up the intra vlan routing etc and was hoping that someone could give me a few pointers.?
Basically I am ok at to create the VLANs etc on the switches and from what I have read that I need to enable IP routing on the layer 3 switch using the "enable ip routing" command but I am unsure about setting the default gateways etc.
I am planning on using a gateway appliance and want all outbound traffic to go through this device. Do I set the IP address of the gateway appliance as the default gateway for all of the VLANs etc or do I create a default route on the layer 3 switch?
I was under the impression that I cannot configure a default gateway that is on another subnet so I am wondering what the best approach is in this situation.
Any assistance in helping me clarify this process would be most appreciated.
I am planning the configuration of a new network using 4 new switches and using a layer 3 Dell powerconnect 6224 to route between the different VLANs and the external network but I am not entirely sure about how to set up the intra vlan routing etc and was hoping that someone could give me a few pointers.?
Basically I am ok at to create the VLANs etc on the switches and from what I have read that I need to enable IP routing on the layer 3 switch using the "enable ip routing" command but I am unsure about setting the default gateways etc.
I am planning on using a gateway appliance and want all outbound traffic to go through this device. Do I set the IP address of the gateway appliance as the default gateway for all of the VLANs etc or do I create a default route on the layer 3 switch?
I was under the impression that I cannot configure a default gateway that is on another subnet so I am wondering what the best approach is in this situation.
Any assistance in helping me clarify this process would be most appreciated.
ASKER
Hi mds-cos,
The Gatway appliance that I was planning to use was is a Zxel Zwall USG 1000 UTM appliance.
I would prefer that the Power connect did all the VLAN routing and from what I understand form your post I think that I will create a default route to this device and then configure the default gateway of the VLANS to have the powerconnect switch as their default gateway.
What I am unsure of is the the actual configuration of the default gateway ports e.g.
suppose I have VLAN 1 and VLAN2 with ip address ranges of 192.168.1.0/24 and 192.168.2.0/24 for clients that are on those specific VLANs would I just configure the default gateway to be 192.168.1.0 and 192.168.2.0 or would I actually assign an IP address to one of the ports on the powerconnect switch for each VLAN etc 192.168.1.1 192.168.2.1 and configure them as the default gateway.
I understand that I can create a default route on the powerconnect switch to an interface but I was unsure about what value I would use for the different vlans as default gateways,
any assistance in helping me resolve these issues will be most appreciated
The Gatway appliance that I was planning to use was is a Zxel Zwall USG 1000 UTM appliance.
I would prefer that the Power connect did all the VLAN routing and from what I understand form your post I think that I will create a default route to this device and then configure the default gateway of the VLANS to have the powerconnect switch as their default gateway.
What I am unsure of is the the actual configuration of the default gateway ports e.g.
suppose I have VLAN 1 and VLAN2 with ip address ranges of 192.168.1.0/24 and 192.168.2.0/24 for clients that are on those specific VLANs would I just configure the default gateway to be 192.168.1.0 and 192.168.2.0 or would I actually assign an IP address to one of the ports on the powerconnect switch for each VLAN etc 192.168.1.1 192.168.2.1 and configure them as the default gateway.
I understand that I can create a default route on the powerconnect switch to an interface but I was unsure about what value I would use for the different vlans as default gateways,
any assistance in helping me resolve these issues will be most appreciated
Hi SteveJ-007,
The IP addresses (192.168.1.1 & 192.168.2.1) would actually be assigned to the vlan itself - basically virtual ports within the layer 3 switch. Your workstation's gateway ip should point to these addresses. Ports should be assigned to their respective vlans, but not assigned ip numbers.
Then within the layer 3 switch, you should have default routes for destination IP addresses 0.0.0.0 that point to the internal side (internal nat address) IP address of your Zxel Zwall device (192.168.254.1 in the graphic).
Make sure that the internal nat address in the Zwall is in a different network IP than your 2 vlans and that it matches the IP on the switchport it is connected to. So you will basically need 3 vlans (including the one that goes to your Zwall) within your layer 3 switch. See the Graphic - IP numbers are listed to show matching networks.
SteveJ-007.jpg
The IP addresses (192.168.1.1 & 192.168.2.1) would actually be assigned to the vlan itself - basically virtual ports within the layer 3 switch. Your workstation's gateway ip should point to these addresses. Ports should be assigned to their respective vlans, but not assigned ip numbers.
Then within the layer 3 switch, you should have default routes for destination IP addresses 0.0.0.0 that point to the internal side (internal nat address) IP address of your Zxel Zwall device (192.168.254.1 in the graphic).
Make sure that the internal nat address in the Zwall is in a different network IP than your 2 vlans and that it matches the IP on the switchport it is connected to. So you will basically need 3 vlans (including the one that goes to your Zwall) within your layer 3 switch. See the Graphic - IP numbers are listed to show matching networks.
SteveJ-007.jpg
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That is another issue that you did not address in your original question. Do you want the two vlans to talk to each other? If you do, you would need to set that up in the routing table if the layer3 switch - as mds_cos mentions above.
Otherwise they would be basically 2 networks sharing an internet connection.
Otherwise they would be basically 2 networks sharing an internet connection.
ASKER
Great thanks a lot for the detailed response it is a lot of help.
If the PowerConnect is going to be your main router for VLAN routing (which is how I read your question), and the "gateway appliance" is something like a firewall, the PowerConnect would be the default gateway for all of your devices -- again the correct VLAN IP for the specific VLAN segment the device is on. Then set the routes on the PowerConnect itself so that it uses the firewall as the default route (0.0.0.0 / 0). This way IP traffic to any network segment it does not "know about" will get sent to the firewall. You must remember to configure appropriate routes in the firewall as well back to the VLAN's with the PowerConnect as the next hop gateway.