How to route between VLANs using a Layer 3 switch.
sup...@eriworld.com
device on a different VLAN.
Just to test things and get them to work, currently, I have two Dell
Powerconnect 6024 switches on my desk. I will call them S1 and S2. S1
is connected to our internal LAN. S2 is connected to S1 via a trunk
port on each switch and nothing else. I have some ports set up to be
on VLAN 10 and some to be on VLAN 20. I have IP Addresses assigned to
both VLANs on each switch as follows:
S1:
VLAN 10, 192.168.0.40
VLAN 20, 192.168.1.1
S2:
VLAN 10, 192.168.0.32
VLAN 20, 192.168.1.2
On S1, Port 24 is set up as a Trunk port with VLAN 10 & 20 both added
to it. It is connected by a cable to Port 1 on S2, also configured as
a trunk port with both VLAN 10 & VLAN 20 added to it.
Initially, I was trying to set up static routes using an white paper on
Dell's web site,
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_38.pdf.
However, I received a reply from a Dell tech/engineer indicating that
this paper is misleading and that the Layer 3 switch (Powerconnect
6024) would automatically route between directly connected networks.
I am trying to test this by simply pinging the ip addresses of VLAN 20
from a computer connected to a port that is on VLAN 10. All I can get
is "Request timed out".
For example, my computer is connected to port 15 on S1 & has the IP
address, 192.168.0.103. I can ping 192.168.0.40, the IP address of
VLAN 10 on S1 with replies and I can ping 192.168.0.32, the IP address
of VLAN 10 on S2 and get replies. I cannot, however, get replies when
I ping 192.168.1.1 or 192.168.1.2, which is VLAN 20 on S1 & S2,
respectively.
This summarizes my issue. I will follow this with replies to this
message that contain more information.
If anyone is familar with configuring VLANs using Layer 3 & Layer 2
switches, please help.
Thanks,
Mike
eriworld
describes a different configuration than the one I descirbed in my
original post here. I have since simplified it to that configuration
since I posted this.
**********Beginning of post**********
I am having trouble understanding how set up static routes to access
one VLAN from another. We have a Dell Powerconnect 6024, Layer 3
managed switch and two Dell Powerconnect 3348, Layer2 Managed switches.
I am working from an article on Dell's web site called "What is VLAN
Routing?" It is "PowerConnect Application Note #38". It is available
at the link,
http://www.dell.com/downloads/global/products/pwcnt/en/app_note_38.pdf.
I believe I understand everything in the article, except for two lines
on page 4, step 4, in which the static routes are set up. They are as
follows:
Dell-6024(config)# ip route 10.10.0.0 255.255.255.0 10.10.0.2
Dell-6024(config)# ip route 10.20.0.0 255.255.255.0 10.20.0.2
These are the routes defined on the 6024, Layer 3 switch. There are
two basic things I don't understand in these statements. First, the
destination network and the gateway to get to the destination network
are on the same subnet in each case. My limited understanding of
static routes tells me that, in order to grant access to another
subnet, an IP address for one interface of a router must be in the same
subnet as the computers that need access to the other subnet. In other
words, in order for a computer with an IP address of, say, 10.10.0.5 on
the 10.10.0.0/24 subnet to access the computer 10.20.0.5 on the
10.20.0.0/24 subnet, I thought the following route would be required,
ip route 10.20.0.0 255.255.255.0 10.10.0.2
where 10.20.0.0 255.255.255.0 is the destination subnet and 10.10.0.2
is the router interface on the same subnet as the 10.10.0.5 computer.
In this article, the 10.10.0.2 gateway or "next hop" is on the same
subnet as the destination subnet, 10.10.0.0 255.255.255.0. I don't
understand this. Could the fact that ports 23 & 24 on the 6024 are
defined as Trunk ports have anything to do with this? Could these
lines be a couple of typeos in which the destination subnets are each
on the wrong line in this document?
The second thing I don't understand is what entities in this article
are assigned the 10.10.0.2 and 10.20.0.2 IP addresses. Are these IP
addresses assigned to the appropriate 3348 switches? VLAN 10 & VLAN 20
are assigned 10.10.0.1 & 10.20.0.1, respectively, on the 6024 switch.
So, they can't be the VLAN IP addresses on the 6024 switch.
I have tried varoius scenarios for creating static routes. I tried
setting the gateway addresses to be the VLAN addresses on the 6024
switch, but I got an error saying I can't use an IP address assigned to
the device. I tried setting them to the VLAN IP addresses assigned on
the 3348 switches and this didn't work either. In all cases, I tried
defining static routes with the gateway address on the opposite
subnet, as well as on the destination subnet. I tried placing a
computer on each subnet and pinging the other computer, as well as
pinging the IP addresses assigned to the VLANs on the switches, all
without success. Do I need to enable ECHO on the switches?
Thank you for any information you can provide.
eriworld
************Tech's reply*************
The whitepaper is a bit misleading. The 6024 will automatically route
between directly connected networks. If the only devices you are using
are the 6024 and two 3348s, you would not need to configure static
routes.
To route between the VLANs, you would simply need to bind the ip
addresses of the different networks to their respective VLAN, configure
the uplinks between the switches to trunk the necessary VLANs, and
configure the client ports on each switch as access mode ports in their
VLAN. When a port goes active that is a member of a VLAN, the VLAN
interface will also be brought up. Once the VLAN interface is up, that
network will be seen as directly connected and will be seen in the
routing table (show ip route).
*********End of Tech's reply**********
After a few more messages back and forth, I posted the following:
**************My last post on Dell's Forum**********
I have simplified the configuration. Now, I have two 6024 switches. I
am trying to use the Layer 3 capabilities of one, which I will call S1,
and only the Layer 2 capabilities of the other one, which I will call
S2.
My workstation is connected to Port g15 on S1. It is also connected to
S2 via a Serial cable.
I have set up Port g24 of S1 to be a trunk port with VLAN 10 & VLAN 20
binded to it. It is connected by a cable to Port g1 of S1, which is
also a trunk port with VLAN 10 & VLAN 20 binded to it.
********Configuration of S1*********
Using Telnet to connect to S1, the following shows that Port g24 is in
Trunk mode and has VLAN 10 & 20 added to it.
console# show interface switchport ethernet g24
Port : g24
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan Name Egress rule Port Membership Type
---- -------------------------------- ----------- --------------------
1 1 Untagged System
10 10 Tagged Static
20 20 Tagged Static
The following shows that 192.169.0.40 is binded to VLAN 10 and
192.168.1.1 is binded to VLAN 20 on S1.
console# show ip interface vlan 10
Proxy ARP is disabled
IP Address Type Directed
Broadcast
----------------------- --------- -----------
192.168.0.40/24 static disable
console# show ip interface vlan 20
Proxy ARP is disabled
IP Address Type Directed
Broadcast
----------------------- --------- -----------
192.168.1.1/24 static disable
The following shows that 192.168.0.0/24 & 192.168.1.0/24 are directly
connected subnets on S1.
console# show ip route
Maximum Parallel Paths: 4 (4 after reset)
Codes: C - connected, S - static, R - RIP, O - OSPF, E - OSPF external
C 192.168.0.0/24 is directly connected
vlan 10
C 192.168.1.0/24 is directly connected
vlan 20
C 192.168.10.0/24 is directly connected
vlan 1
The following shows that Port g15, to which my workstation is
connected, is a member of VLAN 10.
console# show interface switchport ethernet g15
Port : g15
Port Mode: Access
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 10
Port is member in:
Vlan Name Egress rule Port Membership Type
---- -------------------------------- ----------- --------------------
10 10 Untagged Static
********Configuration of S2*********
Using HyperTerminal on a Serial cable connection between my worstation
and S2, the following shows that Port g1 is in Trunk mode and has VLAN
10 & 20 added to it.
console# show interface switchport ethernet g1
Vlan Name
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan Name Egress rule Port Membership Type
---- -------------------------------- ----------- --------------------
1 1 Untagged System
10 10 Tagged Static
20 20 Tagged Static
The following shows that 192.169.0.32 is binded to VLAN 10 and
192.168.1.2 is binded to VLAN 20 on S2.
console# show ip interface vlan 10
Proxy ARP is disabled
IP Address Type Directed
Broadcast
----------------------- --------- -----------
192.168.0.32/24 static disable
console# show ip interface vlan 20
Proxy ARP is disabled
IP Address Type Directed
Broadcast
----------------------- --------- -----------
192.168.1.2/24 static disable
The following shows that 192.168.0.0/24 & 192.168.1.0/24 are directly
connected subnets on S2.
console# show ip route
Maximum Parallel Paths: 4 (4 after reset)
Codes: C - connected, S - static, R - RIP, O - OSPF, E - OSPF external
C 192.168.0.0/24 is directly connected
vlan 10
C 192.168.1.0/24 is directly connected
vlan 20
C 192.168.11.0/24 is directly connected
vlan 1
********End of Configuration Information*********
In your first reply to my initial request, you wrote, "The 6024 will
automatically route between directly connected networks. If the only
devices you are using are the 6024 and two 3348s, you would not need to
configure static routes."
Currently, I still cannot get a device on one subnet/VLAN to ping a
device on the other subnet/VLAN and get a reply. In this
configuration, I am using the VLAN interfaces, themselves, as the
"devices" in question. For example, on S1, VLAN 10 is 192.168.040 & on
S2, it is 192.168.0.32. VLAN 20, on S1, is 192.168.1.1 & on S2 it is
192.168.1.2. From a DOS prompt on my workstation, which is connected
to a port on VLAN 10, I cannot get a reply if I ping 192.168.1.1 or
192.168.1.2. That is, I cannot get a reply from a device on another
subnet, regardless of which switch it is on.
I think I am trying to do something simple. But, I am overlooking
something obvious.
Any help you can provide would be greatly appreciated.