• Advertisement

complex VLAN Routing in an SFE2000 Switch

Linksys, Netgear, ect. Webbase configurations for switches or layer 2 devices.

complex VLAN Routing in an SFE2000 Switch

Postby Guest » Thu Aug 04, 2005 11:40 pm

VLAN

 

 

Gday All,

 

We have a central site, with 6 regional sites.

Each regional site is connected to the same ISP, and the traffic is divided by them using a distinct VLAN for each site and at each regional site is a simple router that handles DHCP etc.

Normal routing works fine, if we just use a single VLAN, the routing works, but it is the multiple VLANs where we have issues.

 

In the central site we have a simple router that has all of the regional LAN/Routes configured and its WAN port is connected to a SFE2000P switch on port E9.

Port E9 is an Untagged member of VLAN’s 1006-1009.

Port E11 of the switch is Trunked and is connected to the ISP’s Cisco routerPort F0/0.

Port E11 is a Tagged member of VLAN’s 1006 thru to 10011.

We are attempting to route to the various regional sites and this fails, UNLESS the corresponding port has a PVID for that regional VLAN :

For example:

Regional1 has a VLAN of 1006 and an IP of 10.10.10.70

Regional2 has a VLAN of 1007 and an IP of 10.10.10.60

Port E9 is set to PVID 1006

If we ping from the local router to 10.10.10.70 it works perfectly.

If we ping from the local router to 10.10.10.60 it fails, and the ARP table of the local router does not show an entry of the Regional2 router MAC address.

 

If we set Port E9 to PVID 1006

Then if we ping from the local router to 10.10.10.70 it FAILS.

If we ping from the local router to 10.10.10.60 it  works perfectly, and the ARP table of the local router shows an entry of both the Regional1 and 2 router MAC addresses.

 

 

 

For Internet access:

Port E12 is also Trunked to the same Cisco Router (port F0/1) and is a member of VLAN 1012

Ports E19-E24 are in Access Mode and members of VLAN1012.

The internet works perfectly, and is not an issue.

 

So it would seem that the Trunking is working, but the VLAN routing is not.

I understand that traffic is not broadcast between VLANs but, as this is a "Layer3" switch why does it not learn the IP/VLAN if it knows the MAC/VLAN?

 

Any suggestions?

 

Rgds Ben

Guest
 

Advertisement

Re:complex VLAN Routing in an SFE2000 Switch

Postby Guest » Fri Aug 05, 2005 12:43 am

If the "simple router" is a VLAN aware router, then traffic for VLAN 1006-1011 on the link between the SFE2000 (port E9) and the "simple router" at the central site will have to be VLAN tagged,  the ports on both side of the link will have to be configured as tag member of VLAN 1006-1011, and each VLAN on the "simple router" will have to be configured with the IP subnet corresponding to the VLAN.

 

If the "simple router" is a traditional router, not a VLAN aware router, then you will have to connect the router with the SFE2000 using 6 Ethernet links.   Each port on the SFE2000 that connects to the router carries traffic of a VLAN untagged.   Each port on the simple router will have be configured with an IP subnet that corresponds to the VLAN on the corresponding SFE2000 port on the other side.

 

"We are attempting to route to the various regional sites and this fails, UNLESS the corresponding port has a PVID for the regional VLAN".  It fails because your simple router sends only untagged packets either because it is not a VLAN aware router, or is misconfigured if it is VLAN aware router.  Either cases, the SFE2000 will only forward untagged packets include broadcast ARP requests to the VLAN corresponding to the PVID you configure for port E9 on the SFE2000.

 

This is not a SFE2000 unique issue or solution.  This is the only proper way that you can configure L3 (in this case IP) routing between VLANs.

Guest
 

Re:complex VLAN Routing in an SFE2000 Switch

Postby Guest » Fri Aug 05, 2005 12:56 am

Gday Allyu,

Thanks for your response.

The "Simple" routers are not VLAN aware, otherwise we would not have needed the SFE2000 in the central location.

 

I have managed to get this working by a lot of trial and error and finally configured an IP adress for each of the VLANs directly on the SFE2000.

ie for VLAN1 I configured an IP address in the SFE2000 and a corresponding /30 Subnet so effectively there was only 2 hosts (the regional Router and the SFE2000 VLAN IP). I repeated this for each VLAN, and then configured a Route for each regional VLAN as well.

Once this was done, it all worked as I expected.

 

But this still seems to be an overly complex configuration.

If I was using physical switches instead of VLANs, and I connected a physical cable from each Regional switch into the Central switch, ARP would work simply, and learn that the IP/MAC for Regional1 was via Portx. So it surprises me that a similar "Virtual" configuration can not be configured in the Switch.

I had (mistakenly) assumed that placing ports in the same VLAN, also bridged those VLANs using IGMP snooping.

 

Rgds Ben

Guest
 

Re:complex VLAN Routing in an SFE2000 Switch

Postby Guest » Fri Aug 05, 2005 1:04 am

If I understand you correctly you basically configure the SFE2000 to function as a switch and as a VLAN aware router with static routes to each regional subnet,  absorbing the routing function of your "simple router".   This is possible for SFE2000 supports IP routing with static routes.  Theoretically, this is the equivalence of VLAN aware router case in my earlier response.   If it works for you without the need of the "simple router".  That is great

Guest
 

Re:complex VLAN Routing in an SFE2000 Switch

Postby Guest » Fri Aug 05, 2005 1:04 am

Actually, its not, becuase while the "Simple" routers we have are pretty basic, they are much better than the SFE2000, in that they provide more information, Wireless, DHCP, DNS etc. In addition, for monitoring, we now have two completely diffrent device types to monitor, instead of one, so have had to duplicate all of the vairous laerts etc. The outcome to this is that it has cost us (not the client) many hours of work, for no gain in functionality/useability.

If we had known prior to this, exactly what capability the SFE2000 had, and how it worked, we may have designed the WAN differently, but now we are stuck with a very complicated solution for a very simple problem.

The Local Router, now forwards to the Switch, which then forwards to the Regional routers. All of which need their own settings, and routes etc.

After calling the Linksys support 3 times(2hrs, 15 mins, 5 mins) and being told they would "discuss" it with colleagues, and call me back (which never happened), it is clear that this was not as simple a task as I would have imagined. The reason for a helpdesk is to get help. All I needed was. "Sorry, you can bridge VLANS on this device, you will need to configure the Layer 3 Routing within the device".

 

So while I will close this request, Im still not happy with the outcome.

Address resolution and broadcasting should be easy on a Layer3 device so I don understand why IRB is not a feature of this switch.

 

Rgds Ben.

Guest
 



  • Advertisement


Similar topics


Return to Small Business Switches

Who is online

Users browsing this forum: No registered users and 1 guest