Switches, Hubs, and Modems
1747984 Members
5001 Online
108756 Solutions
New Discussion юеВ

8212zl IP Routing setup

 
SOLVED
Go to solution
Ron Havlen
Advisor

8212zl IP Routing setup

This will be long-winded. Our network started before the internet was incorporated, and so the internal ip structure didn't matter. The people at that time chose 199.199.199.x/24 as the structure. As time passed and more devices came into play, they changed to 199.199.x.x/16.
We got a decent router several years ago, though the same layer two switches. With internet router in place, it became possible for me to try to change the network structure to a private ip range, 172.29.x.x/16. I have slowly been switching, but most the network remains on 199.199.x.x.
Late last year we were able to upgrade our network, so now I have an 8212zl as a core switch with a few 2910al switches as distribution switches. It had to be a quick switch, so I pretty much retained the default setup of the 8212zl default_vlan 1 and just plugged all my devices in. So now with the new switches I have a mix of 199.199.x.x and 172.29.x.x on my network, still routing through my internet router (sonicwall 4060).
Now I need to invoke IP Routing on my 8212 switch. If you were me, knowing you could not take the network down for long as we are a hospital, how would you proceed? Some docs I've read indicate the two networks should be in separate vlans, which would mean going back and figuring out each device on each port. I could do that, but am hoping for something simplier.
The end result I am trying to acheive is to have my internal network IP routing happen on my switches, mostly the 8212, and not in my router.
What would the people here suggest?
Thank you for your help
Ron
22 REPLIES 22
Pieter 't Hart
Honored Contributor
Solution

Re: 8212zl IP Routing setup

Yes, best practice is to separate ip-subnets using vlan's and connect those vlan's using a router.

but i understand at this time you allready have two subnets on the same lan ?
this is called a "multinet".

No worries, but try to keep it temporary as it does not match current network desing.
you allready are migrating away from the 199.199.x.x., so it dies eventually.

you can configure the vlan-interface of your switch with a primary and secondary address, and enable routing.
the switch will route between the two subnets on the same interface.

but as you don't mention dividing the 172.29.x.x subnet in smaller net's, what routing do you really need?
do you eventually want each 2910-switch to have it's own subnet?
Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Thank you Pieter. I really don't envision having the 2910's on their own subnets, I'm really only figuring on just a single subnet throughout. We are a small facility, though just large enough to go over the 254 possible addresses in a 24 bit subnet. Rather than messing with figuring a smaller subnet, at the time the people that did it figured it was just easier to go to 16. Sure, a tremendous number of addresses we would never use, but simplier. Since that was done, the only things I've really done is to just separate certain types of equipment into mentally different sections of the address range. I did not want, nor at the time was I able to, actually create true subnets as at the time we didn't have a router that could route between the subnets. Our entire network has to always see everything else, there is no need here for a logical separation of departments, for example.

That will change, and when it does I will have to subnet smaller. I'll likely shrink the 172.29.x.x subnet that I hope to finish with to a much smaller range, as I'm really only using 10 different ranges in the third octet, and no where near that many addresses. But when that time comes, the devices I'll be adding won't need to be routed to this range, it will likely be IP phones and possibly some medical equipment that should never be part of my normal data network.

Anyway, back to what you had said. If I read you right, I can configure the same vlan-interface - let's say default_vlan_1, with both a primary and secondary address on the switch, and then no matter what port I have a particular device plugged into it will route properly?
Say port A1 has a device with a 199.199.197.1 address, and port A2 has a device with a 172.29.199.50 address. By having both a primary and secondary address on the vlan of the switch itself, with IP routing enabled, these will route correctly? If so, that appears rather easy.
Then I'll just have to make sure the 2910al switches also retain such ability. Although it is my understanding the 2910al switches are not themselves Layer 3 switches, as long as I make sure they can route back to the 8212zl I should be fine. Is that a correct take on your statement?
Again, thank you for your help.

Ron
Pieter 't Hart
Honored Contributor

Re: 8212zl IP Routing setup

almost richt.
the 2910's have no l3 functionality needed.
Only the 8212 does L3 function.

I assume all is now configured for a single vlan (the default-vlan vlan-1).
the 2910's have no nowledge if a packet belongs to the 199 or the 172 network,
They just forward both packets based on l2 information (mac-address).

The client sends an ARP request to determine the mac-adress of the destination.
- the ARP-request is forwarded to all ports in the vlan
- the correct host (8212) responds
- the switch fills its mac-adress table
- the client now knows
- subsequent communication is based on mac-adress and is only forwarded to the a single port.

for communication between subnets the client must be configured with a gateway..
her to the 8212 switches ip-adress (prim/sec) in the corresponding subnet.
- the client sends a packet to the gateway
- it uses ARP to determine the mac-adress of the 8212
- the 2910 and the 8212 learn the mac adresses involved and associate them to the ports used.
- The 2910 forwards the packet on L2 to the 8212.
- the 8212 routes the packet (l3) to the other subnet using the same interface!
- her again ARP is used to determine what port to send it out.
- it may be forwarded to the same or another 2810 on L2.
- and sent out to the destination port.
Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Thanks, Pieter, you are helping more than you know.

For all intents and purposes I do have it configured just as a single vlan. I do have other vlans, but that is only for the MSM765zl controller, and a couple vlans to basically completely separate a public internet that we allow to pass through our network. These vlans are not routed internally at all, they are completely separate.

Now I need to complicate matters a bit.

Currently I have my Sonicwall acting as my router. Therefore, the gateway addresses for both networks are on certain interfaces of the Sonicwall.

My gateway addresses are 199.199.199.254 and 172.29.199.254.

Currently, all my clients in the network have the gateway assignment of the appropriate IP range, so a client with an IP address of 199.19.196.10 has the gateway of 199.199.199.254, and the client with an IP address of 172.29.197.30 has the gateway of 172.29.199.254.

In both cases these go to the Sonicwall router, which is then routing all the internal network. However, the Sonicwall is also our Internet router. So if the request is outside these networks, the request goes to the appropriate place, whether it be to the Internet itself or to one of my VPN's. (we have a few outer offices on VPN, all are simple 192.168.x.x networks, 24 bit)

Now, since my Sonicwall is currently my internal and Internet gateway, and all my clients already have a gateway address assigned to them, I think I would have to find a way to assign the existing gateway addresses to the 8212zl, in order to not have to get to each client to change it. Then I would have to assign a different IP address to my Sonicwall, and have my 8212zl use that address as the Internet gateway, which would also do my VPN's.

First question is, do I have that scenario correct, and second question is, what is the best and quickest way to proceed? I can't have my network internally down hardly at all, other than a few minutes. Externally we can be down a short time on a weekend, but not for too long, a couple hours at most.

Thank you, I believe I am getting a lot figured out from you.

Ron
Pieter 't Hart
Honored Contributor

Re: 8212zl IP Routing setup

do your clients use DHCP to get ip-adres/gateway etc?

if so i would suggest :
- to leave the sonicwall as it is.
- configuring new adresses on the 8212.
- on the 8212 configure the sonicwall as gateway
this procedure requires more work, but is more predictable than moving the sonicwalls' address to the 8212 and can migration to the new gateway can be done in phases.

next,
- manually configure a client for the new gatewayadress of the 8212
- test routing using the 8212.

- finally modify the DHCP scope with the new gateway adress
- wait for the lease timers of dhcp to expire
or manually ipconfig/refresh on the clients
or reboot clients
- reconfigure all manual ip-config's (hosts not using dhp).
(no reboots should be necessary).

this can be different steps for 199 and 172 nets.


Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Yes, Pieter, many of my clients do use dhcp. The dhcp server currently has an address of 199.199.199.247 and distributes dhcp addresses in the 199.199.0.x range. Just the 254 possible addresses for now.

The 172.29.x.x range is all manual at this point. Someday I plan on switching the dhcp to the 172.29 range, but haven't gotten that far yet. While I've moved several printers and clients to the 172.29 manual range, my main servers are still 199.199.x.x, and I'm trying to be cautious.

So, looking at your suggestion, it looks like I should set a different IP on the 8212zl than what the gateway of my Sonicwall is, and set the Sonicwall as the gateway for the 8212, in both IP ranges.
At this point, my clients would still have the gateway of the Sonicwall, which should work exactly as it does now. Then I can test a single client with the 8212 as the gateway for the client.
Then set the dhcp gateway change. Then, as my clients start pulling new dhcp information, or in those cases where I have to manually change the gateway, the transition will be so smooth that no one will notice.
All this time my 172.29 range could remain exactly as it is, except for putting the address on the 8212. Then as I go to each client to change gateway, it just switches from one to the other without any disruption.

Hopefully I restated your suggestion correctly so that I fully understand it. Looks like my next step is to examine the command line, which I struggle with, so I can see about implimenting this.

Thank you for your help. Any further suggestions, including confirmation that I have the thoughts right, are appreciated.

Ron
Pieter 't Hart
Honored Contributor

Re: 8212zl IP Routing setup

your description of the steps seems to cover my suggestions.

>>> Someday I plan on switching the dhcp to the 172.29 range <<<
you can configure the server to issue 172.29.x.x adresses allready even if the server itself still has a 199.199.x.x adress!
that may put your migration a giant step ahead?

It's been a while since i've seen this on a multinet, so the configuration for this is not direcly popping up.
steps to look at are :
- At least you must create a second scope.
- you may need to combine both scoped into a "superscope"
- your dhcp-server may need a secondary address
- you may need to configure dhcp-relay/ip-helper on the router.
Ron Havlen
Advisor

Re: 8212zl IP Routing setup

Superb! I hadn't actually realized I could retain the server IP address yet distribute different range dhcp addresses. I will have to look into that. And you're right, it would definately put me several steps ahead.

Thank you for the confirmation. I'll likely be processing the 8212 changes in the next weekend or so, and I'll let you know the results.
Thank you for all your help.

Ron
Pieter 't Hart
Honored Contributor

Re: 8212zl IP Routing setup

http://technet.microsoft.com/en-us/library/dd759168.aspx
example-2 describes a superscope setup

ofcourse you do not use 192.168.1.0 and 192.168.2.0
but your scopes for your own networks 199.199.x.x and 172.29.x.x