HPE Community
Switches, Hubs, and Modems
1759133 Members
3211 Online
108879 Solutions
New Discussion юеВ

New VLAN & Router Setup on 5308xl

 
SOLVED
Go to solution
Forrest Baker
Advisor

тАО12-08-2008 05:05 PM

тАО12-08-2008 05:05 PM

New VLAN & Router Setup on 5308xl

I have some gaps in my understanding of how to best accomplish our goals and I hope you can help.
We have have a 5308xl switch that we want to support all our subnet routing instead of our Cisco router. The Cisco router has several networks defined and the first IP of each network assigned to an interface as the default gateway for clients.
The 5308xl switch has all our servers connected to it, a fiber connection from all our outlying desktop switches, and then an uplink connection to our Cisco router for Internet access.
Here is what I think I need to do:
1.) create a separate VLAN for each subnet, 200 thru 209, with the cisco router uplink being it its own subnet.
2.) assign an IP address to each VLAN, the client gateway IP the clients are using.
3.) assign all the VLANs as tagged members to the fiber connection port.
4.) enable IP routing
5.) set a default route pointing to the cisco router.

Does that seem right and the best way to approach this?
I read somewhere it is not possible to have a VLAN with multiple IPs assigned - otherwise I would have the one VLAN with all the network gateway addresses in order to support all clients.

Thank you in advance for your advice.
Forrest
0 Kudos
22 REPLIES 22
Marco Wessel
Valued Contributor

тАО12-08-2008 07:18 PM

тАО12-08-2008 07:18 PM

Solution

Re: New VLAN & Router Setup on 5308xl

>Does that seem right and the best way to approach this?

Squarely, yes.

> I read somewhere it is not possible to have a VLAN with multiple IPs assigned - otherwise I would have the one VLAN with all the network gateway addresses in order to support all clients.

Nope, what you've described is perfectly ok. In fact, it's the entire point of routing in switches -- to route between VLANs.

As for the default route-- remember to set a route to 0.0.0.0 rather than use ip default-gateway. The former works with routing enabled, the latter does not.

Forrest Baker
Advisor

тАО12-09-2008 04:10 PM

тАО12-09-2008 04:10 PM

Re: New VLAN & Router Setup on 5308xl

Thanks Marco, but I have a couple other questions as well.

It seems there is a limit of 8 VLANs on the 5308xl switch - so I evidently can't create a VLAN for every subnet. But I did read I can assign up to 8 IP addresses to a VLAN, so I could represent multiple networks on one VLAN right?
Then create a separate VLAN for the Cisco router Internet uplink and a separate VLAN for all the servers directly connected to the 5308 switch.
Maybe I'm making this all too complicated, but I'm a little fuzzy on tagged or untagged VLANs.
If I have a VLAN for the Cisco uplink, a VLAN for the servers using the 200 network, and a third VLAN for all the other client networks of 201 - 209; then do I have the fiber port as an untagged member of the server VLAN? and the client VLAN as a tagged for that port? and no tagging for the Cisco uplink VLAN as that is addressed via the ip route?

Thanks for your help,
Forrest
0 Kudos
Marco Wessel
Valued Contributor

тАО12-09-2008 05:03 PM

тАО12-09-2008 05:03 PM

Re: New VLAN & Router Setup on 5308xl

The 5300 series can handle up to 256 VLANs, in fact. I have no clue why, but this is a setting which, on most switches, defaults to 8. Issue a 'max-vlans 256' command and reboot it. (This is the first thing I do when configuring a new switch, btw.)

With that out of the way, you can do exactly as you described in your first post. Multinetting (more than one subnet per vlan) isn't recommended vor various reasons. The best (and simplest) is just to have one subnet == one vlan.

Probably you indeed do not need to tag your port to the cisco. As for the other ones, that depends on whether or not you have vlans mixed on the switches they connect to. If you do, you must tag, otherwise that isn't required but recommended anyway for possible future requirements.

Just to be sure you understand-- tagging is just a way of sending traffic for more than one vlan over a single connection. It does this by inserting between the ethernet frame header and data an extra header, called a tag, that says 'this frame belongs to this vlan number'.

Forrest Baker
Advisor

тАО12-18-2008 11:52 AM

тАО12-18-2008 11:52 AM

Re: New VLAN & Router Setup on 5308xl

Okay, thanks. I have increased the max vlans to 256 and will proceed as originally planned with a vlan for each subnet.

All desktop switches connect up to this one 5308 server room backbone switch via a single gig fiber link. We have network clients with IP assignments from the different subnets all connected back to the server room switch. I only have VLANs assigned to this 5308.
I've been doing some testing and the subnet routing seems to be working just fine (meaning I can ping across subnets), but I can't get out to my edge router to access the Internet.

Here is what I have setup for VLANs:

VLAN200 (primary) Ports: A1-A15 untagged (200 is for server and switches)
VLAN186 Ports: A2-A7 untagged
VLAN187 Ports: A8-A14 untagged

VLAN186 and VLAN187 tagged to Port: A16

Port A1 has the connection for the router uplink. Should I have a separate VLAN for it?

The 5308 switch has an IP ADDR of 134.39.200.92 and Gateway 134.39.200.96 which is the IP ADDR of the Internet router.

I created a static route: IP ROUTE 0.0.0.0 0.0.0.0 134.39.200.96
but my 186 and 187 clients can't get out.

Here is what the 5308xl switch shows for ip routes:
Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 134.39.200.96 1 static 1 1
127.0.0.0/8 reject static 0 250
127.0.0.1/32 lo0 connected 0 0
134.39.186.0/24 VLAN186 10 connected 0 0
134.39.187.0/24 VLAN187 20 connected 0 0
134.39.200.0/24 VLAN200 1 connected 0 0

Any ideas?
Thanks, Forrest
0 Kudos
KSimpson
Frequent Advisor

тАО12-18-2008 01:08 PM

тАО12-18-2008 01:08 PM

Re: New VLAN & Router Setup on 5308xl

IS interface A1 connected to the router to go out to the internet.

I didnt see A1 tagged. If I understand what you are doing, you need to tagged A1 so the traffic can get out of the 5308 and to the router.
0 Kudos
Forrest Baker
Advisor

тАО12-18-2008 01:46 PM

тАО12-18-2008 01:46 PM

Re: New VLAN & Router Setup on 5308xl

yes, A1 is connected to the Internet router.

I did not have A1 tagged, but do now and still can't get out to the Internet from any subnet.

I think my ip route is correct. Do I need to do anything with RIP?

Also, if I have one physical port on the 5308 that connects clients from all different subnets - don't I need that port untagged in all my subnet VLANs? But I can't have it untagged in more then one VLAN.

My primary goal is to have this 5308 switch handle all subnet routing for the network instead of our Internet router.

Please advise or reference to a really good doc would be very much appreciated.
thank you, Forrest
0 Kudos
KSimpson
Frequent Advisor

тАО12-18-2008 02:26 PM

тАО12-18-2008 02:26 PM

Re: New VLAN & Router Setup on 5308xl

Also, if I have one physical port on the 5308 that connects clients from all different subnets - don't I need that port untagged in all my subnet VLANs? But I can't have it untagged in more then one VLAN.


-- Yes. A port can only be untagged on 1 vlan and then any uplink ports will need to be tagged.

My primary goal is to have this 5308 switch handle all subnet routing for the network instead of our Internet router

-- Are you using RIP? Go to each vlan and assign it and IP Address and enable RIP on each vlan.

Vlan XXX
ip address "your IP"
ip rip "your IP"




Ip routing is enabled and an vlan has a ip, the traffic on that vlan will route.

When I said tagged A1, i though the 5308 was doing layer 2. So I dont think A1 will need to be tagged since the 5308 will have a route out that port the the internet router ip address.
Marco Wessel
Valued Contributor

тАО12-18-2008 02:59 PM

тАО12-18-2008 02:59 PM

Re: New VLAN & Router Setup on 5308xl

Your IP route is correct and you don't necessarily need RIP (though it might help out a bit, more on why later.)

Probably you can even get to the edge router, but the dge router has no idea how to get back: after all, it is the know-all-end-all routing resource and if it doesn't know about a destination, it should forward it onto the interwebs.

So on your cisco, you should add a route back to the network through the 5308.

RIP might help you with this because it'll set those routes for you. Though really in a static situation it's not very necessary to use it.

Having the cisco in your VLAN 200 with your servers is ok, putting it in a vlan of its own is fine too. I do this stuff in separate VLANs, but really it's essentially a matter of preference.
Forrest Baker
Advisor

тАО12-18-2008 04:14 PM

тАО12-18-2008 04:14 PM

Re: New VLAN & Router Setup on 5308xl

Okay, the routing makes more sense now - and I'll add the route on the Cisco back to the 5308. If I do create a separate VLAN for the cisco-uplink A1 port, all the other subnet VLANs would need to tag that port right?

The routing between subnets seems to be working well in my test environment - I have the default gateway IP for each subnet assigned to the appropriate VLAN and now have RIP running as well. But I don't understand how port-based VLANs will work on the 5308 (our server room backbone switch) when all network connections from our LAN connect to the 5308 by a single fiber link. I can't physically connect network clients from each subnet to the appropriate VLAN ports. They all connect through the same fiber port. How do I have the 5308 serve as the gateway and subnet router for all networks?
Forrest
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.