Solved

Vlans and switch route to Internet

Posted on 2011-03-15
9
1,454 Views
Last Modified: 2012-05-11
I'm not sure if this is a problem or a misconfiguration but I could do with some help please.

We have a HP A5120 SI 3 layer switch setup with 2 Vlans,  Vlan 1 172.18.4.2/23 and Vlan 2  172.18.20.2/22 the switch trunks to a Sonicwall TZ210 for internet access.  

The Sonicwall has two subinterfaces 172.18.4.1/23 and 172.18.20.1/22 for both subnets, I can ping the switch interfaces and Sonicwall subinterfaces from the Vlans.  

The problem I'm having is with the default route for internet access. What should this be??

If I add the following 2 routes only one route shows as active and that specific Vlan has Internet access, if I remove one off the static routes then the remaining route becomes active.

What I need is both routes to be active so both Vlans can access the internet at the same time.

Static routes
0.0.0.0 0.0.0.0 172.18.4.1
0.0.0.0 0.0.0.0 172.18.20.1

I tried adding the Sonicwalls primary interface 192.168.100.1 as the default static route but the switch couldn't see the network, I assume the Sonicwall dropped the packets as per design.  

Any help/advise would be grateful as to how i can get both Vlans to share an internet connection.
Thanks
0
Comment
Question by:HatchIT
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 9

Expert Comment

by:fcontrepois
ID: 35139592
try the following

remove ip config on the router

on the switch create a new interface with ip 192.168.1.2/24
on the router create an interface with ip 192.168.1.1/24

on clients put the L3 switch as the default gateway
on the L3 switch put the 192.168.1.1 as the default gateway

bye
0
 
LVL 8

Expert Comment

by:jimmyray7
ID: 35139757
If I recall the TZ series don't support VLAN tagging, so you'll either have to do what fcontrepois said or put the uplinks on different switch ports and plug them into two interfaces on the sonicwall (i.e. LAN 1 goes from port 1 on switch to X0 on TZ210, LAN 2 goes from port 2 to X2 on TZ210).

0
 
LVL 1

Author Comment

by:HatchIT
ID: 35139854
The latest SonicOS 5.8 now supports Vlan tagging on the TZ210 so both Sonicwall subinterfaces are tagged accordingly X0:20 and X0:50

Thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 6

Expert Comment

by:RKinsp
ID: 35140028
You do not need static routes on the switch for this if the VLANs extend to the Sonicwall. What you need is to set the default gateway on your computers for the Sonicwall's IP's.

You might as well disable IP Routing on the switch, i really don't see the need to add another VLAN to it (192...).

0
 
LVL 1

Author Comment

by:HatchIT
ID: 35140272
We looked at that option but we wanted the switch to do the routing between vlans so if anything happend to the Sonicwall the clients could still communicate across the vlans. We want the the Sonicwall to do just internet and vpn access going forward.
0
 
LVL 6

Accepted Solution

by:
RKinsp earned 500 total points
ID: 35140375
Even if you have IP Routing enabled on the switch, it doesn't matter because of your default gateway. If you set the default gateway on your computers to 172.18.x.1, the packet will go go the Sonicwall because the VLAN is extended all the way there.

If you want to route locally, you have to remove the 172.18.x.x networks from the Sonicwall like fcontrepois said on the first post and create the 192.168.1.x network on the switch.

Important concept to remember is that a packet will only hit a Router Interface if it does not have the destination IP on the same VLAN, so by extending the Layer 2 all the way to the Sonicwall, your pretty much eliminating the need for Layer 3 on the switch.

-RK




0
 
LVL 1

Assisted Solution

by:HatchIT
HatchIT earned 0 total points
ID: 35140616
RK, I think you hit the nail on the head, it all makes sense, Thanks.
0
 
LVL 6

Expert Comment

by:RKinsp
ID: 35140733
Thanks Hatchit !

I think you might want to consider giving credit to fcontrepois as well. He didn't go into detail, but I think he meant the same thing on his first post.

Sincerely,
RK
0
 
LVL 1

Author Closing Comment

by:HatchIT
ID: 35174558
RK, I think you hit the nail on the head, it all makes sense, Thanks
0

Featured Post

Don't Miss ATEN at InfoComm 2017!

Visit booth #2167 to see the  new ATEN VM3200 32 x 32 Modular Matrix Switch. Other highlights include the VE8950 4K HDMI Over IP Extender, VS1912 12-Port DP Video Wall Media Player  and VK2100 ATEN Control System. Register now with Free Pass Code ATEN288!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Do you have a computer or other electronic gear that is attached to a rat nest of cables, or alternatively have your cables all bundled nice at neat?  If so then read this post to sidstep common pitfalls. When I was a student at DeVry University,…
This article will step through configuring a SonicWALL appliance to utilize an internal DHCP server for Global VPN Client (GVC) hosts.  There are times when using an external (external to the SonicWALL) DHCP server, such as Windows Servers, isn’t pr…
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question