Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

Help with routing VLANS

joemagjr
Occasional Contributor

Help with routing VLANS

I am trying to configure my switch to allow vlan2 (iscsi) to see traffic on the default vlan (vlan1) on the 2910al switch in order to access a NTP & DNS server.

We currently have a HP5406zl switch (connected to the backbone and this gets us out on the internet via a cisco router) configured with only a default vlan.

Default Vlan – all ports untagged (A1-D-24)
This primary switch connects (from port A5) to a HP2010al-48 switch (on port 47) that contains 3 vlans.

Vlan1 Default_vlan
192.168.1.109 (actual ip of the swicth)
Untagged Ports 12,15,17,19,21,23,25-36,38,40,42,44-48
Tagged Ports 2,6,10,41,43 (part of VLAN2)

Vlan2 – ISCSI
10.10.200.1
Untagged 1-12, 37,39,41,43
(ports 2,6,10,41,43 Nodes need to see traffic on VLAN1 in order to see a DNS and NTP server)

Vlan3 – Vmotion (this vlan is fine & needs to continue to be isolated)
10.10.100.1
Untagged 14,16,18,20,22,24

I think I need to turn on “ip routing” on the 2910al switch. How do I disable this ip-routing if this doesn’t work? What is the proper command through the CLi since I cannot do this in the GUI.

If I turn ip routing on, will this allow the assigned ports from VLAN2 to connect to the DNS & NTP servers that reside on the default Vlan in my current configuration? Does this create a huge amount of traffic on the network.

I also think that I need to set each VLANs proper gateway. Is the gateway the ip address that I have assigned to each VLAN? E.g., vlan 2 ip address 10.10.200.1 subnetmask 255.255.255.0 gateway setting (from the IP configuration screen in the GUI) 10.10.200.1

I also think all nodes connecting to it’s VLAN needs to have it's gateway properly assigned;
e.g., ISCSI SAN would have 10.10.200.1 as the gateway under it’s TCPIP settings.

Since VLAN1 is the default vlan on both switches and carry the same gateway settings (as well as all nodes that connect to both default vlans on each switch), do I need to reconfigure anything on the ports that connect the 2 switches (A5 and port 47)? Or do I need to create an whole new vlan on the 2910al and replace the default vlan with a whole new gateway? If I do this, how do I make sure that this new vlan can access the other switch?

I will be scheduling downtime to actually do this since this is all in production. I do not have any layer 3 switches that I can test this on.
2 REPLIES
Pieter 't Hart
Honored Contributor

Re: Help with routing VLANS

the following information can be found in many posts on this forum:

1) give each vlan an ip address (and put ports untagged in the vlan)
vlan 1
name "DEFAULT_VLAN"
untagged A1-A4
ip address 192.168.168.1 255.255.255.0
vlan 2
name "NEW_VLAN"
untagged A5-A9
ip address 192.168.0.1 255.255.255.0
exit

2) then enable routing
ip routing
(disable = "no ip routing")

3) if an external router is present add a default route
(eg internet router on default vlan with adress ".2")
ip route 0.0.0.0 0.0.0.0 192.168.168.2

4)
this router must also "know" the subnet behind the switch (a route back)
ip route 192.168.0.0 0.0.0.255 192.168.168.1

5)
hosts in default vlan must have 192.168.168.1 as default gateway
hosts in vlan-2 vlan must have 192.168.0.1 as default gateway
(both to the switch)
The switch redirects traffic to the external router if neccessary.

does this help?

(addjust ports and adresses for your situation)
EckerA
Respected Contributor

Re: Help with routing VLANS

Hi,

to turn on routing via cli

conf t
ip routing
wr mem

disable routing with

conf t
no ip routing
wr mem



the clients in vlan 2 needs to have the 10.10.200.1 as there gateway
the cisco router needs a route to vlan 2
ip route 10.10.200.0 255.255.255.0 192.168.1.109
whithout that route the dns and ntp server can't answer

caution... then you all systems on vlan 1 and vlan 2 can communicate..


hth
alex