- Integrated Systems
- About Us
- Integrated Systems
- About Us
07-06-2012 11:34 PM - edited 07-06-2012 11:42 PM
Is my vlan/inter vlan theory correct?
I have a 2650 (J8165A) and am keen to tryout VLANS and get my feet wet in my Lab. From what I understand, this is a Layer2 switch.
Currently, everything will connect to a router to get to the net. If I place this on VLAN100, and clients on VLAN100, there should be no extra configuration required. Lets say this network is in a 10.0.1.x range.
VLAN200 is in a 10.0.2.x range. Right now the devices only need communicate between eachother, there is also a server on this subnet handing out DHCP. If I put a device in this VLAN that may need to access resources or the internet which is on VLAN100, I need to route between VLANS. I get that part, and from what I understand, the 2650 can do ip routing. From what i've read however, it enables routing over the entire switch (bacause it cant do acl's).
First question is, once 'ip routing' is enables, does this mean that any port that can see vlan100 and 200 automatically route if required?
Second question is that from my reading, this changes all the default gateway info. Currently, the switchs 'default gateway' value is the current gateway (on VLAN100). Does this mean that with the routing turned on that each vlan interface needs a IP and that IP becomes the gateway for it's members? What would the switches default gateway need to change to?
Eg; Everything on VLAN100 now needs to be told via DHCP that the gateway is actually 10.0.1.254 (vlan100 interface ip) and the same for 200 (10.0.2.254)? Will the switch then send all that data to the real gateway automatically?
Also, the switch has a IP in the VLAN100 DHCP pool (provided by the router). Does this need to change? Should I be creating another VLAN just for the router?
Just trying to get around the basics in my head before I go ahead and try to spend hours working out mistakes. It looks like it's pretty easy to configure from the 'menu' command.
07-10-2012 01:45 AM
Re: Is my vlan/inter vlan theory correct?
> From what i've read however, it enables routing over the entire switch
If routing is enabled on the switch, the switch routes between all VLANs that have an IP address. If you do not want a certain VLAN to participate in routing, you must not assign an IP address to it, connect an external router to one of the ports that are untagged member in that VLAN and use the external router. But essentially you are right, either a VLAN is routed completely (if it has an IP address) or not at all (if it has no IP address).
> First question is, once 'ip routing' is enables, does this mean that any port that can see vlan100 and 200 automatically route if required?
What do you mean by "a port can see a VLAN"? A port can be an untagged member of exactly one VLAN and additionally be a tagged member of multiple VLANs. The question is, if the VLAN that the port is member of has an IP address or not (see above).
> Second question is that from my reading, this changes all the default gateway info.
Well, actually you need more than just one default gateway, see below.
> Does this mean that with the routing turned on that each vlan interface needs a IP and that IP becomes the gateway for it's members? What would the switches default gateway need to change to?
What do you mean by "vlan interface"? I must admit, that I did not have a look into the 2650 manual (because I did not find it). Did you come up with this term or is this an HP-specific term? Do you mean "an interface/port that is member of a vlan" or do you mean some kind of virtual interface that owns certain properties and represents the VLAN as a whole?
Anyway, I try to explain what you need in my words and hopefully that answers your question.
To keep things simple in the start, lets assume you only have two VLANs 100 and 200 and that all ports are only untagged members of either one of the both VLANs (no tagged members, no 802.1Q).
The VLAN 100 gets the IP address 10.0.1.254 and netmask 255.255.255.0, VLAN 200 gets the IP address 10.0.2.254 and netmask 255.255.255.0.
The external router that connects to the internet has the IP address 10.0.1.1 and is attached to VLAN 100 on the switch. This means the external router need an IP address from the VLAN and that IP address must be different from the switch's IP address.
On the switch you have to manually configure one route, namely a route with destination 0.0.0.0, netmask 0.0.0.0 and gateway address 10.0.1.1. This replaces the default route on the switch, and tells the switch to use the external router (10.0.1.1) for all destinations that are not reachable through one of the switch's own ports. You do not need to add routes for inter-VLAN routing manually, because this is done by the switch automatically.
Clients that are connected to VLAN 200 are easy. The default gateway is 10.0.2.254. This is the switch's IP address for VLAN 200.
Clients that are connected to VLAN 100 are a little bit more complicated, because there are actually two routers on that VLAN. The first route has destination 10.0.2.0 netmask 255.255.255.0 and gateway 10.0.1.254. This tells the clients on VLAN 100 to use the switch's IP address as a gateway, if the want to communicate with clients from VLAN 200. The second route has destination 0.0.0.0 netmask 0.0.0.0 and gateway 10.0.1.1. This tells the clients on VLAN 100 to use the external router for all other destinations.
The reason why clients in VLAN 100 and clients in VLAN 200 are not symmetrically configured, is that the external router is connected to VLAN 100, too. This means, clients in VLAN 100 can directly reach the external router, while clients in VLAN 200 must always use the switch as their gateway.
You must set the routes on your external router, too. First you need a route with destination 10.0.1.0 netmask 255.255.255.0 and gateway 0.0.0.0. This tells your external router, that IPs from 10.0.1.0/24 can be reached directly. The second route has destination 10.0.2.0 netmask 255.255.255.0 and gateway 10.0.1.254. This tells your external router that clients from 10.0.2.0 can be reached through the switch acting as a router.