Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

2626 vlan routing.

SOLVED
Go to solution
Stafford_3
Occasional Advisor

2626 vlan routing.

Hello all,
I have poured through the forums and web looking for the info I need but I'm getting lost in confusion.

My company installed a Mitel 3300 CX controller and voice services running over a converged network. I have set up 2 vlans default_vlan (vlan 1) in subnet 192.168.1.0 and PhoneSystem (vlan 2) in subnet 192.168.2.0.

We have 2 2626-PoE switches.
switch 1:
routing enabled (with one default added)
ip route 0.0.0.0 0.0.0.0 192.168.1.2

vlan 1
name "DEFAULT_VLAN"
untagged 1,5-26
ip address 192.168.1.5 255.255.255.0
no untagged 2-4

vlan 2
name "PhoneSystem"
untagged 2-4
ip address 192.168.2.5 255.255.255.0
qos priority 7
tagged 1,5-26

switch 2:

vlan 1
name "DEFAULT_VLAN"
untagged 1-26
ip address 192.168.1.6 255.255.255.0

vlan 2
name "PhoneSystem"
ip address 192.168.2.6 255.255.255.0
qos priority 7
tagged 2-26

The two switches are connected via port 25.

What I need to do is allow a host on vlan 2 to communicate with vlan 1, vlan 2 and have internet access.

I enabled routing on switch 5 and added a default route to the table. I tested internet access by changing a vlan 1 client default gateway to the ip of the switch (192.168.1.5) and that works fine. What entries do I need to make in the table to enable what I need here?

I appreciate any help with this, I'm fairly new to it.

-Thanks
12 REPLIES
Miika T
Valued Contributor

Re: 2626 vlan routing.

What I would do is to create additional vlan for your default router, let say it has an ip 192.168.3.1/24. Untag one port for this new vlan and give an ip to this vlan interface, let's say 192.168.3.2/24. Use default route 0.0.0.0/0 192.168.3.1. On vlan 1 devices, use 192.168.1.5 as default gw and on vlan 2 devices use 192.168.2.5 as default gw. Remeber to enable ip routing.

-Miika
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

Thanks for your resopnse.
I'm not sure I understand completely. Are you suggesting that I need to use another external router? If possible, i'd like to do the routing from within the switch. According to the docs, the 2626 will do "light intervlan layer3 and static routing". I'm new to routing and wanted to know what entries I need to add to the switche's table to allow intervlan routing. Using the attached diagram as a very basic model, I need the YA server to be able to communicate with both vlans (vlan1 and vlan2) and have access to the internet through a firewall on vlan1. The YA server provides phone applications and integration with users desktops and needs to be able to communicate with our MX controller, IP phones (vlan2) and workstations (vlan1).


I set a default route in switch 1 that directs traffic to the firewall for internet access and changed workstation Default Gateways to the Switch IP. No problems there.

Then to route traffic from 192.168.1.0 to 192.168.2.0, I tried setting a route like:
192.168.2.0/24 192.168.1.5
but an error says I can't use the switch IP as a gateway.

Am I even on the right track here or completely way off course?

Are there any sample routing tables I can look at that compare to what I want to do?
Matt Hobbs
Honored Contributor
Solution

Re: 2626 vlan routing.

When you enable IP routing on a 2600, it will automatically route any VLANs on the switch that have an IP address already set - no need to set static routes for them. These IP addresses are what you use for the clients default gateways.

In your current configuration, a client on VLAN1 with the default gateway of 1.5, should be able to talk to a client on VLAN 2 with the d.g. of 2.5.

If not, double check the clients default gateways and make sure no firewalls are enabled during testing.

The next hurdle you may hit is for VLAN2 getting internet access. You have already correctly set the default route to 192.168.1.2. If not already configured, you will also need to set a route on that device though so it knows where 192.168.2.x traffic should go - e.g. 'ip route 192.168.2.0 255.255.255.0 192.168.1.5'
Miika T
Valued Contributor

Re: 2626 vlan routing.

The additional router/vlan is only required, if you need to access other networks, internet for instance. If the routing happens only between the vlan's you described only enable routing on switch one and use default gw accoring to vlans. Test the setup on switch one, before going any further.

-Miika
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

I had over-complicated the intervlan routing. Apparently it was a lot easier than what I was thinking. Thank you Matt and Miika.

I now have connections between vlan1 and vlan2. Vlan1 has internet access. However, I also need one host on vlan2 to have internet access as well.

Adding 'ip route 192.168.2.0 255.255.255.0 192.168.1.5' does not work. The switch returns an error stating that "192.168.1.5 can not be switch IP address and route gateway at the same time"

From Mikka's comment to allow net access from vlan2, I need to set up another vlan and use that for routing?

Am I correct in my understanding of this:
vlan1 192.168.1.0
vlan2 192.168.2.0
vlan3 192.168.3.0 - firewall/internet

I'd change the internal firewall trusted ip to 192.168.3.2 and attach to the single vlan3 port (192.168.3.5)

then change the default route on switch-1 to point the vlan3 ip (192.168.3.5) 0.0.0.0 0.0.0.0 192.168.3.2

add a static route for vlan2 192.168.2.0 255.255.255.0 192.168.3.5

Or am I over-complicating this again? (Diagram attached)
Matt Hobbs
Honored Contributor

Re: 2626 vlan routing.

With this command "ip route 192.168.2.0 255.255.255.0 192.168.1.5", it needs to be added to the firwall/router (the syntax may be different), not the 2600's.
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

That did the trick Matt! Thank you for you guidance and help with this. My issues are resolved.
Matt Hobbs
Honored Contributor

Re: 2626 vlan routing.

Don't forget to assign points!

When you return to view the answer, please rate it by assigning points on a scale of 1-10. To assign points, simply login and click the dropdown points menu next to each reply. Use the following scale when rating a response:

N/A: The reply was a clarification to my original question
1-3: The answer didn't help answer my question, but thanks anyhow!
4-7: The answer helped with a portion of my question, but I still need help.
8-10: The answer has solved my problem completely! I'm a happy camper!

WHY SHOULD YOU DO THIS?
There are 3 reasons why we feel rating replies is such an important feature:

1.) Others have taken time to help you, so please give them credit for their help.
2.) Your rating will help your peers earn points toward their Forums status, and you will validate the quality of the solution you've received.
3.) Other readers will understand which answer best solved a problem, enriching the community knowledge being shared.
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

Already did...Thanks Again...!!
Matt Hobbs
Honored Contributor

Re: 2626 vlan routing.

Spoke too soon, thanks chief.
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

With the help of Mikka and Matt, I have received the answers I needed to resolve my posted questions.
Stafford_3
Occasional Advisor

Re: 2626 vlan routing.

A note to anyone stumbeling across this post looking for a similar solution. Just to clarify, a 3rd vlan was not necessary.

vlan1 members use switch ip for vlan1 as Default Gateway.

vlan2 members use switch ip for vlan2 as Default Gateway.

A default route was added to the switch (switch-1) using "ip route 0.0.0.0 0.0.0.0 192.168.1.2 (the ip of the next connected device between the switch and internet access point - in this case a firewall appliance)

A static route was added to the firewall appliance to allow vlan2 internet access using 192.168.2.0/24 as the destination net and 192.168.1.5 as the gateway.

See the attachment in my second thread entry for a basic network diagram reference.