Solved

VLan routing - Only works when switch is default gateway

Posted on 2012-03-29
9
686 Views
Last Modified: 2016-11-23
I have a Dell PowerConnect 6224 routing between VLans, however the devices on the vlans can only access each other if the switch is set as the default gateway.  

How can I make it so the vlans can access anything on subnets assigned to the others?  

vlan1 = management vlan (not routable)
vlan2 = lan
vlan3 = replication

I want vlan 2 and 3 to be able to be able to communicate without having the switch as the gateway.  Thanks!
0
Comment
Question by:readymade
  • 5
  • 4
9 Comments
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
ID: 37783125
Assuming that your VLANs are mapped to different IP subnets, they will need some gateway to communicate.  What other gateway device do you have available?

The high-level answer is that you probably need to enable some routing protocol on your network, so that your other (default) gateways are aware of this router between these two subnets.  Probably OSPF would be best for internal routing.

Some additional info on subnets and gateway IP addresses would be helpful, if you need additional guidance.
0
 

Author Comment

by:readymade
ID: 37783150
This is a layer 3 switch, so I shouldn't need a router right?  Maybe I need to create routes on the switch?  It has this capability.  If so, what route?

Lan gateway = 192.168.33.1   255.255.248.0  (firewall)

VLan 2 subnet = 192.168.32.0  255.255.248.0
VLan 2 interface ip = 192.168.33.24  255.255.248.0

VLan 3 subnet = 192.168.66.0  255.255.255.240
VLan 3 interface ip =  192.168.66.1  255.255.255.0

Thanks!
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
ID: 37783295
A layer 3 switch *is* a router.

So your firewall/network border router is 192.168.33.1, which is part of the 192.168.32.0/21 subnet.  This device is plugged into a port on VLAN2 (or it isn't working).

The default gateway for hosts on VLAN3 should be 192.168.66.1 (the VLAN3 interface on the switch).

The default gateway for hosts on VLAN2 should be 192.168.33.24 (the VLAN2 interface on the switch).

Then you add a default route to the switch for 0.0.0.0 0.0.0.0 to 192.168.33.1.  NOTE: This is *not* the same thing as the default gateway for the switch.  It's part of the routing table.

In this configuration, all cross subnet traffic flows to the switch for Layer 3 routing (route once, switch thereafter - that's what makes a layer 3 switch).  All traffic bound for unknown subnets heads out to the firewall/network border router.

Make sense?
0
 
LVL 6

Expert Comment

by:netjgrnaut
ID: 37783301
...and I wonder about your VLAN1 (not routable).  What do you mean by that?  No default gateway on the VLAN1?  I'd question that design, but perhaps that's another topic...
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:readymade
ID: 37783529
Great info Netjgrnaut.  Makes total sense now.  Very, very helpful.

Dell switches don't allow routing on the management vlan.  Not sure what that's all about.  So you can either create new vlans and get rid of the management vlan or just leave it with 1 port.  I decided to leave it.  Don't like deleting things.

Ok I was hoping not to have to change the default gateway of all the devices on my lan.  It's ok on the vlan3 as it won't have many devices.  Is there a way so I don't have to change all those devices?
0
 
LVL 6

Assisted Solution

by:netjgrnaut
netjgrnaut earned 500 total points
ID: 37783559
Well, VLAN3 won't be able to communicate with anything using the firewall as a default gateway - even the firewall itself - because they're on different subnets.

VLAN2 could use the firewall as a default gateway, but you would need to configure either a routing protocol (such as OSPF) between the switch and the firewall - or a static route from the firewall to 192.168.33.24  (VLAN2 switch interface) for network 192.168.66.0  255.255.255.240.

Aren't you using DHCP to hand out addresses?  That should make the change easier.

As for the management VLAN1, I suppose so long as you can connect to the switch on one of the other interfaces for management from your workstation, it's all academic.
0
 

Author Comment

by:readymade
ID: 37783598
I don't mind making vlan3 gateway the switch.  It can then route to the edge firewall.

As for Vlan2.  If I create the static route from the firewall to the switch, will that then route all traffic to the switch, or just traffic looking for 192.168.66.x?  

We have a lot of servers, printers, etc.  DHCP will only help a little.
0
 
LVL 6

Accepted Solution

by:
netjgrnaut earned 500 total points
ID: 37783647
As for Vlan2.  If I create the static route from the firewall to the switch, will that then route all traffic to the switch, or just traffic looking for 192.168.66.x?  

Just traffic looking for 192.168.66.0/21.

The static route should look something like this:
net: 192.168.66.0  mask: 255.255.255.240  gw: 192.168.33.24  metric: 5

The rest of the traffic sent to the firewall will take the default route (to the Internet).

You'll still need the 0.0.0.0 0.0.0.0 192.168.33.1 route on the switch, so that VLAN3 traffic not bound for 192.168.32.0/21 can find a route to the Internet as well.
0
 

Author Closing Comment

by:readymade
ID: 37783961
Great info.  Thanks for all the help!
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Let’s list some of the technologies that enable smooth teleworking. 
If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now