LAN Routing
cancel
Showing results for 
Search instead for 
Did you mean: 

IP Routing between vlan's - Aruba 5406

 
Highlighted
New Member

IP Routing between vlan's - Aruba 5406

Hi all!

I have a location with a 5406 as a coreswitch.
The switch currently has about 60 vlan's and is just running with default gw and no ip routing at the moment.

We suddenly have a need to do intervlan routing between two vlan's. And only those two vlan's.
Is there a way of doing this without affecting the rest of the vlan on the switch?

VLAN 50 - 10.50.0.0/24 (clients vlan) has a firewall as gw 10.50.0.1/24

VLAN 60 - 10.60.0.0/24 (server vlan) needs to be routed to vlan 50 to get internet access and client in vlan 50 needs to be able to access the servers.

VLAN 100-150 - Misc, not to be routed but should go through each vlan's gw (other devices).

So i could basically just add an ip on the switch in each vlan and run ip routing, but then i would have to do that on all vlan's and then create acl's to contain the traffic??

Or is there some way of doing routing just on vlan 50 <-> 60 without affecting the others?

 

Been some time since i've done something like this, maybe i wrong..

1 REPLY 1
Highlighted
Honored Contributor

Re: IP Routing between vlan's - Aruba 5406

Hi! Is your firewall probably performing the IP routing (AKA it owns the SVI) for every and each of your VLANs or what? you say only you have 60 VLAN Ids and no ip routing is enabled...thus...somewhere - your gateway - should manage those VLAN Ids...and having the ownership of SVIs is the device that could perform routing yet.

If so you gateway could be used too (isn't it yet?) as the device which will perform routing and access control (via ACLs/Policies) between/among your VLAN Ids....otherwise those VLAN Ids are pretty much isolated each others.

Supposing instead that you want to force the IP Routing for just few VLAN Ids to happen on the Switch (being way faster and without bottlenecks) while for the other VLAN Ids it will continue to be performed by the gateway...it should be possible by assigning SVIs at switch level and enabling IP Routing...but, once done, you (a) have to ensure hosts for those VLANs the routing is happening on the switch to poing at SVI assigned on the Switch (removing eventually the very same SVI from the Gateway), (b) then you will need also to add a Route of Last Resort (Destinations 0.0.0.0/0.0.0.0 via Gateway) so packets for other VLANs or external destinations must go to the gateway (it will then route them) and (c) you need to instruct your Gateway via static routes how to reach VLANs that are routed by the switch.

Example with an Host on VLAN 60 that need to speak with an Host on a VLAN routed by the gateway (e.g. VLAN x) and viceversa:

Host on VLAN 60 -> SVI on Core (routing to gateway via RoLR to Gateway for VLAN x as destination) -> SVI on Gateway (routing to destination back to the Core switch as Layer 2 since the GW is on a directly connected VLAN probably) -> Host on VLAN x.

Host on VLAN x -> SVI on Gateway (routing to destination via Core) -> SVI on Core -> Host on VLAN 60.

As you see is asymmetrical because different hosts connected to the same switch use different routers to have their packets routed.