HPE Community
Switches, Hubs, and Modems
1753672 Members
5315 Online
108799 Solutions
New Discussion юеВ

VLAN, IP Routing and one big mess

 
SOLVED
Go to solution
Mark Brand
Advisor

тАО02-21-2009 06:11 AM

тАО02-21-2009 06:11 AM

VLAN, IP Routing and one big mess

I want to start using VLANs on the switches.
I have a 5406 with two trunks going to two 4208 switches. I have turned on IP Routing on the 5406 and have verified that I can create a vlan and successfully route from 4208 and 5406. My problem is an initial poor design.

Everything has been plugged into the Default_VLAN on all three switches and every client and server (including the two 4208's) has the gateway of 10.10.10.4 , which is also the ip of the firewall's internal nic. The clients are dhcp with a 10.10.34.x scope. Everything is also under the 255.255.0.0 subnet. Obviously I'd like to create a server VLAN, and different divisional vlans but I know the Default_VLan isn't routable.

Is there anyway to do this in progressive steps? Can I move all servers/clients into another VLAN on all three switches without changing the default gateway on each device and still have connectivity between each device? Should that VLAN have an IP address? Then progressively change client & servers ip & gateway to reflect their new VLAN? Or am I stuck doing this all at one time? My plan is to use the 5406 as the routing switch or should I turn on routing on the 4208's also? As you can see, I'm stuck on the best opening steps or even the best design to take. I'm open to any advice.
0 Kudos
4 REPLIES 4
Igor Ybema
Advisor

тАО02-22-2009 03:47 AM

тАО02-22-2009 03:47 AM

Re: VLAN, IP Routing and one big mess

The default vlan can be used for routing without any problem. Routing only fails on the vlan which you defined as 'managent-vlan'.

But still, if you like to put everything in a defined vlan just create that new vlan, remove the ip-adres from the default vlan and config in in the new one. Then untag all ports for the new vlan (which will remove the default vlan from all ports also).

After that you can migrate your servers one by one to more new vlans.

In your case just use routing on the 5406.

I do recommend to create also a vlan which only contains your firewall and then route statictly default internet (0.0.0.0/0) over this vlan towards the firewall. You could use a /30 (255.255.255.252) for the firewall and the switch's router adres. In this case your switch will be your central router and the firewall is only used as border router towards the internet.

Mark Brand
Advisor

тАО02-23-2009 06:13 AM

тАО02-23-2009 06:13 AM

Re: VLAN, IP Routing and one big mess

Great! Thanks for the reply. I'll just assign a different VLAN as the management VLAN. I did a sh VLAN and the management vlan was blank, so I'm assuming it just defaults to the DEFAULT_VLAN?

Also, once another VLAN is assigned as the management vlan, should I still remove the ip address from the Default or since all my nodes are using 10.10.10.4 as the gateway, should I assign that ip to the Default VLAN or leave it as an unassigned ip Default_VLAN? Thanks again for the help.
0 Kudos
Igor Ybema
Advisor

тАО02-23-2009 11:35 PM

тАО02-23-2009 11:35 PM

Solution

Re: VLAN, IP Routing and one big mess

If you are planning that the 5406 will be your default gateway, then indeed install the 10.10.10.4 on the default vlan. And use something else (like 10.1.1.1 and 10.1.1.2) for your connection between firewall and switch. On your switch route default internet over the firewall. (ip route 0.0.0.0/0 10.1.1.1)


If you are not using a dedicated managent-vlan then you can just leave as it is. You can then manage your switch on 10.10.10.4.
Mark Brand
Advisor

тАО02-24-2009 01:58 AM

тАО02-24-2009 01:58 AM

Re: VLAN, IP Routing and one big mess

Sounds great. Thank you for all your help with this. I know I'm making VLans a lot tougher than they actually are. Thanks again for clearing things up.
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.