[nflug] Inter-VLAN routing help!

David J. Andruczyk djandruczyk at yahoo.com
Sat Jul 28 17:35:01 EDT 2007 

sorry for the delay  but here's my view.

My knowledge is all cisco specific so you'd need to
look into dells docs for the conversions.

Setup  a port on an upper level swtich (preferrable
something near the root of the network, assuming a
cross-connected (redundant paths) spoked network
design, , setup a port as "switchport mode trunk"
 (vlan trunking to pass multiple vlans on that one
port), and have a linux router with VLAN support and
creted two vlan interfaces,  one for VLAN1 and one for
VLAN200, and setup routing via that..

Way back when I did networking, for one of the large
ones I co-setup/administered,  we had a 6509 blade
switch at the core, with a multiple level gigabit
ethernet  distribution switches in the facility
followed by 24-48 port end switches leading to the
users machines. (large network,  about $400,000 worth
of equipment at the time, serving about 3000 ports)

The core switch had a router blade that was able to
handle all the inter vlan routing  but the theory is
the same,  a virtual interface was created with
switchport mode trunk, set to not filter any vlans.
(you can setup VMPS filters or whatever they called
them to limit vlan propogation), then created vlan
interfaces in the router. (int vlan1,  int vlan200),
and setup the routes/firewall rules as needed.

NOTE: this is a simplistic method and glosses over a
LOT of there details.  I'm not up on Dell's switches
and their terminology, and vlan capability,  but the
concepts are similar.


--- Mark Musone <mmusone at shatterit.com> wrote:

> Darin, David, et al..
> 
> Ok, so here's the dealio, to start out, I'll keep
> things simple. we have new
> Dell 6248 switches,
> And my goal is to try and have a "Management VLAN".
> I've got a dozen or so
> switches and to give each switch an IP address for
> management purposes on my
> Production Lan seems silly to me for a number of
> reasons:
> 
> 1. I'd be wasting at least a dozen IP's if not more
> (more likely around 50
> Ip's when you also count in other managed devices)
> 2. I'd be wasting precious physical ports
> 3. security security security. To put a switch
> management interface on a
> production network is just silly. Why would anyone
> want to put a core switch
> on the same subnet as 200+ other production servers.
> 
> So, here's my plan..give the switch an ip address of
> 10.10.10.1 on VLAN1
> All the ports on the switch will be assigned to
> VLAN200 on network
> 192.168.1.0
>   
> Now we've got 2 VLAN's (networks), one that all
> ports are assigned to, and
> one that is "internal only"
> 
> The goal is to setup vlan routing however so that
> machines on VLAN200
> (192.168.1.x) can access the VLAN1 ip address
> (10.10.10.1). 
> 
> In the old days, a compromise would be to make port1
> on the switch on VLAN1,
> and hook up a router to port1 and another port on
> VLAN200, and route between
> them. Easy sneezy. However it would be using up 2
> ports, not to mention
> dedicating a router (or at least 2 router ports) for
> just a "silly"
> management network..
> 
> Why go through all that when ideally, the switch is
> a router and I _should_
> be able to setup inter vlan routing...
> 
> Make sense? Except it aint working :( and frankly
> I'm not 100% sure where to
> even start..
> 
> Mark
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> -----Original Message-----
> From: nflug-bounces at nflug.org
> [mailto:nflug-bounces at nflug.org] On Behalf Of
> David J. Andruczyk
> Sent: Wednesday, July 25, 2007 9:36 AM
> To: nflug at nflug.org
> Subject: Re: [nflug] Inter-VLAN routing help!
> 
> what do you want to know?
> 
> Is this all on Cisco equipment, or some other
> environment (i.e. virtual environment).
> 
> --- Mark Musone <mmusone at shatterit.com> wrote:
> 
> > Hi all,
> > 
> >  
> > 
> > I'm wondering if anyone here has any experience
> with
> > inter-VLAN routing,
> > layer 3 switching, and VLAN trunking..
> > 
> > I've got a roadblock that I just can't seem to get
> > past and I'd love to pick
> > someone's brain..mine's about fried!
> > 
> >  
> > 
> > Thanks in advance,
> > 
> > Mark
> > 
> >  
> > 
> > > _______________________________________________
> > nflug mailing list
> > nflug at nflug.org
> > http://www.nflug.org/mailman/listinfo/nflug
> > 
> 
> 
> -- David J. Andruczyk
> 
> 
>  
>
____________________________________________________________________________
> ________
> Park yourself in front of a world of choices in
> alternative vehicles. Visit
> the Yahoo! Auto Green Center.
> http://autos.yahoo.com/green_center/ 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
> 
> _______________________________________________
> nflug mailing list
> nflug at nflug.org
> http://www.nflug.org/mailman/listinfo/nflug
> 


-- David J. Andruczyk


       
____________________________________________________________________________________
Sick sense of humor? Visit Yahoo! TV's 
Comedy with an Edge to see what's on, when. 
http://tv.yahoo.com/collections/222

More information about the nflug mailing list