VLAN Routing

I posted awhile back on another group explaining my situation. We are trying to bring together two very large networks. So here is the situation.

I have a church I'm trying to help out with a network topology. They have a school and a rectory they want to connect via fiber.

However, the school wants to continue with their outbound internet connection and DHCP server. The rectory also wants to continue with their outbound internet connection and DHCP server.

Consolidation is NOT a possibility.

I'll attach the router config log and a simple diagram of our current setup. But we've decided that we will create 2 VLANs and setup routes between the two internally, on a single Dell Powerconnect 6224 that is supposed to have Layer 3 routing capability.

So before deploying this. We've setup a mock network within our office consisting of 2 Linksys WRT54G routers, 2 computers and 1 Dell Powerconnect 6224 switch. We have setup 2 VLANs and placed 1 PC and 1 router in each VLAN and are attempting to allow the PCs to communicate via routing through each VLAN.

We'll call them VLAN 10 and VLAN 20

On the Dell 6224 we can ping every item on the diagram from the console.

On the VLAN 10 router, we were able to log into the web configuration and ping from it to IP address set to VLAN 20 after we applied a static route to the router from VLAN 10 to VLAN 20.

On the Dell 6224, we have been unable to set the static routes that you can see below in the config. It reports no errors however the route does not appear in the list when typing the command "Show IP route static." We do see a "connected" route.

On the VLAN 10 computer, we have been unable to ping the VLAN 20 computer which is the goal in this scenario. We have set a route on the VLAN 10 router for 192.168.1.0 /24 with a router of 10.0.0.2.

We know we can do this in 5 minutes with a linux box. Perhaps there is some trick to forwarding packets on the 6224?

Here is the .gif of the network diagram:

formatting link
Thanks ahead of time,

Nick

!Current Configuration: !System Description "Dell PowerConnect" !System Software Version 1.0.0.27 ! configure vlan database vlan 10,20 exit stack member 1 1 exit ip address 192.168.2.1 255.255.255.0 ip https server interface vlan 10 routing ip address 10.0.0.2 255.255.255.0 exit interface vlan 20 routing ip address 192.168.1.6 255.255.255.0 exit

--More-- or (q)uit

ip routing ip route 10.0.0.100 255.255.255.255 10.0.0.1 ip route 192.168.1.100 255.255.255.255 192.168.1.1 username "admin" password 05a671c66aefea124cc08b76ea6d30bb level 15 encrypted ip ssh server ! interface ethernet 1/g1 switchport access vlan 10 exit ! interface ethernet 1/g2 switchport access vlan 10 exit ! interface ethernet 1/g13 switchport access vlan 20 exit ! interface ethernet 1/g14 switchport access vlan 20 exit

--More-- or (q)uit

exit

console#

Reply to
Bowman.NicholasW
Loading thread data ...

I posted awhile back on another group explaining my situation. We are trying to bring together two very large networks. So here is the situation.

I have a church I'm trying to help out with a network topology. They have a school and a rectory they want to connect via fiber.

However, the school wants to continue with their outbound internet connection and DHCP server. The rectory also wants to continue with their outbound internet connection and DHCP server.

Consolidation is NOT a possibility.

I'll attach the router config log and a simple diagram of our current setup. But we've decided that we will create 2 VLANs and setup routes between the two internally, on a single Dell Powerconnect 6224 that is supposed to have Layer 3 routing capability.

So before deploying this. We've setup a mock network within our office consisting of 2 Linksys WRT54G routers, 2 computers and 1 Dell Powerconnect 6224 switch. We have setup 2 VLANs and placed 1 PC and 1 router in each VLAN and are attempting to allow the PCs to communicate via routing through each VLAN.

We'll call them VLAN 10 and VLAN 20

On the Dell 6224 we can ping every item on the diagram from the console.

On the VLAN 10 router, we were able to log into the web configuration and ping from it to IP address set to VLAN 20 after we applied a static route to the router from VLAN 10 to VLAN 20.

On the Dell 6224, we have been unable to set the static routes that you can see below in the config. It reports no errors however the route does not appear in the list when typing the command "Show IP route static." We do see a "connected" route.

On the VLAN 10 computer, we have been unable to ping the VLAN 20 computer which is the goal in this scenario. We have set a route on the VLAN 10 router for 192.168.1.0 /24 with a router of 10.0.0.2.

We know we can do this in 5 minutes with a linux box. Perhaps there is some trick to forwarding packets on the 6224?

Here is the .gif of the network diagram:

formatting link
Thanks ahead of time,

Nick

!Current Configuration: !System Description "Dell PowerConnect" !System Software Version 1.0.0.27 ! configure vlan database vlan 10,20 exit stack member 1 1 exit ip address 192.168.2.1 255.255.255.0 ip https server interface vlan 10 routing ip address 10.0.0.2 255.255.255.0 exit interface vlan 20 routing ip address 192.168.1.6 255.255.255.0 exit

--More-- or (q)uit

ip routing ip route 10.0.0.100 255.255.255.255 10.0.0.1 ip route 192.168.1.100 255.255.255.255 192.168.1.1 username "admin" password 05a671c66aefea124cc08b76ea6d30bb level 15 encrypted ip ssh server ! interface ethernet 1/g1 switchport access vlan 10 exit ! interface ethernet 1/g2 switchport access vlan 10 exit ! interface ethernet 1/g13 switchport access vlan 20 exit ! interface ethernet 1/g14 switchport access vlan 20 exit

--More-- or (q)uit

exit

console#

Reply to
Bowman.NicholasW

"Very large" networks would usually be thousands, or tens of thousands of hosts...

Keeping things separate is usually best. You might setup the routing such that each net has a secondary (higher metric) route out though the other. It might even do that automatically if you use RIP.

It might be best to use RIP and turn on dynamic routing on the hosts.

The routing tables on the hosts, the PCs and WRT54Gs need to have an entry pointing to the Dell for each net, or else the WRT54G needs to forward data to the Dell.

For the WRT54G this is in the Setup/Advanced Routing tab.

Set Operating mode to Router instead of Gateway. The allows you to turn on RIP (most likely only for LAN/Wireless). Also turn RIP on for the Dell, in which case it should start sending out RIP packets telling other routers (and hosts with RIP enabled) where it can route to and how direct the route is (how many hops).

I don't know the Dell 6224 at all, but the commands don't look right. It would be usual for a router to automatically include routes between its own ports. You need static routes to reach other routers. The problem is that the WRT54G doesn't know about the Dell, and it is the default route for the PCs.

Another way is to put a static route on each of the PCs pointing to the Dell as a route to the other net. For W2000 something like:

route -p add 10.0.0.0 mask 255.255.255.0 192.168.1.6 metric 1

and

route -p add 192.168.1.0 mask 255.255.255.0 10.0.0.2 metric 1

on the appropriate machines.

Otherwise, if you turn RIP on on the WRT54Gs, Dell, and the hosts, they will pick up dynamic routes to the appropriate routers.

If you have more questions, comp.protocols.tcp-ip is better for routing questions.

-- glen

Reply to
glen herrmannsfeldt

The Dell will create ARP entries for these, since these subnets are local, so that's why you won't see these routes. I bet you'll see ARP entries for these if you do a "show arp". Connected routes (and ARPs) have a higher precedence than static routes.

You need to do the same thing that you did on the VLAN 20 router that you did on the VLAN 10 router. You need to add a static route for the VLAN 10 subnet that points to the Dell. That is because the default gateway on the host in the VLAN 20 network will be pointing to the VLAN 20 router which won't know how to forward to the VLAN 10 subnet unless you add a route for it.

Anoop

Reply to
anoop

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.