Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Default Gateway

 
SOLVED
Go to solution
gazy007
Advisor

Default Gateway

Hi,

I have got a 2920 switch and it has got 3 vlans

Vlan 10 10.0.10.0 255.255.255.0

Vlan20   10.0.20.0 255.255.255.0

Vlan 30    10.0.30.0 255.255.255

and everything is ok. I am stuck that how all these Vlan would forward the traffic to my router 10.0.10.254?

Could you please guide me?

 

Thanks,

5 REPLIES 5
Vince-Whirlwind
Honored Contributor
Solution

Re: Default Gateway

You need to add all 3 VLANs to the interface that connects to the router.

Then on the router you need to add all 3 VLANs to the interface that connects to the switch.

A maximum of 1 VLAN can be untagged.

If the VLAN is tagged on one end, it has to be tagged on the other end as well.

The router will (presumably) need a VLAN interface configured for each VLAN. Depending on the kind of router, this could be a sub-interface on the router interface connecting to the switch.

gazy007
Advisor

Re: Default Gateway

Thanks Vince. Is my default gateway 10.0.10.254 on the switch enough to forward the internet traffice for all my VLANs to my ASA without a tag port?

Vince-Whirlwind
Honored Contributor

Re: Default Gateway

Yes, your 2920 can have IP routing enabled and you can use it as a layer-3 switch.

Its function will therefore be
 - inter-VLAN routing between the 3 subnets
 - routing between the subnets and the ASA

So what you need is to put the default gateway/router address for each subnet on the swith VLAN interface for that subnet.

Then, you need to create a 4th VLAN, eg,
VLAN99 10.0.99.0/24
Then put 10.0.99.2 on your switch VLAN99 VLAN interface.
Then put 10.0.99.1 on your ASA interface that the switch is patched to.
Then you need to put a default route on the switch: 0.0.0.0/0 --> 10.0.99.1
Then you need to put routes on your ASA, eg: 10.0.0.0/16 --> 10.0.99.2

gazy007
Advisor

Re: Default Gateway

Thanks. I have enabled the IP Routing and still confused on this issue on default gateway.

When I enter the command show ip and I get the Vlans ip address.

PC | Manual                    192.168.5.254 255.255.255.0 No No
Voice | Manual                192.168.10.254 255.255.255.0 No No

I think these are the gateway for Vlans ip addresses. I have configured the DHCP scope for each Vlan and change router IP address to Vlan ip address for example workstations   router ip on the DHP would be 192.168.5.254 and Voice router scope on the windows dhcp would be 192.168.10.254. 

I would require to add  these subnets on the Asa

object network obj_PC
subnet 192.168.5.0 255.255.255.0

object network obj_Voice
subnet 192.168.10.0 255.255.255.0

Please correct me if I am wrong?

Thanks,

Vince-Whirlwind
Honored Contributor

Re: Default Gateway

Sounds good.

Your DHCP server presumably sits on the Data VLAN,o you will also need DHCP forwarding on the other VLANS to send DHCP requests in the Voice VLAN to the Data VLAN.

I guess the ASA will need to know about the networks for 3 reasons:
 - routing back to them
 - NATing for them
 - rules for passing traffic for them