Solved: Home Lab Help

bsantomauro · ‎12-09-2019

Hello everyone. So, I am reaching out for a little help as I have kind of run into a wall. Before I get started this is for a home lab environment. I use my home network as testing environment to help me learn for certifications, experience, etc. I am an IT professional and sometimes get equipment from my job that I can take home and integrate into my home network. My network setup is very simple:

Internet --> Firewall (pfSense) --> Nexus 3048 --> Other switches and devices

The Nexus trunks to some other switches (mostly Ubiquiti Unifi) and also has servers connected into it. I have a dual interface port channel between the pfsense and my nexus for the vlan routing which pfSense is currently doing. I just got a Nexus 3064-X. I want that to act as a core switch. What I am trying to build:

Internet --> pfSense --> Nexus 3064-X --> Nexus 3048 and other switches

The Nexus 3064-X would do all the routing and just send internet traffic to pfSense. All the other switches including the 3048 would trunk into the 3064.

I started configuring this. I am trying to setup OSPF to learn more about it. I know normally there would be other routers in an OSPF setup but I am just trying to do this with the one 3064. I configured OSPF but I am getting no routes showing up whether the 3064 is connected with the rest of the network or not. I am thinking I configured something wrong. I am still researching this myself but I figure I would post here and upload my configs/some show commands and maybe someone will see something glaringly wrong with my setup. Can this be done with only one OSPF router?

I must admit I am kind of new to NX-OS. Most of what I work with is Catalyst so I am pretty familiar with IOS. I have also never built something like this from the ground up so it’s my first time for that. Thank you for your help and time.

Georg Pauwen · ‎12-10-2019

Hello,

indeed. If you use that one switch as a layer 3 switch for inter-Vlan routing, with all SVIs configured on that switch, you don''t need a routing protocol (you probably need a static default route pointing to the outside though). In any case, you don't need OSPF.

View solution in original post

Georg Pauwen · ‎12-10-2019

Hello,

in short, for OSPF to work, you need at least two routers. You won't see any OSPF routes if you use just one router, because the routes you potentially see come from the other OSPF (neighbor) routers. That is the way it actually works for all routing protocols, whether it is RIP, IGRP, EIGRP, OSPF, or BGP. In order to exchange routes, you need a router to exchange routes with.

bsantomauro · ‎12-10-2019

Hi Georg,

Thank you for your reply. That makes sense. For the routing protocols, I will have to use lab simulation (packet tracer, etc.) to practice those. I should still be able to do inter-vlan routing though with the one 3064 right? I should just have to disable OSPF feature and make sure the vlan interfaces are configured and then the setup I was trying to build should work minus the OSPF part, correct?

Georg Pauwen · ‎12-10-2019

Hello,

indeed. If you use that one switch as a layer 3 switch for inter-Vlan routing, with all SVIs configured on that switch, you don''t need a routing protocol (you probably need a static default route pointing to the outside though). In any case, you don't need OSPF.

bsantomauro · ‎12-10-2019

OK great. Thank you Georg. I work on that later when I get home from work.

Georg Pauwen · ‎12-11-2019

Hello,

you need to implement NAT on whatever device is facing the Internet. Which device is that in your home lab, that is, which device lets you ping 8.8.8.8 ? Post the config of that device.

bsantomauro · ‎12-11-2019

Hi Georg,

Sorry for the late reply. The device that connects directly to the internet is the pfSense Firewall. The internet connection comes into pfSense WAN interface. Then the LAN interface connects to the 3064-X Core Switch. I have Outbound NAT rules in the pfsense for the vlan networks that the core switch is routing to allow them out the WAN address. The core switch can ping 8.8.8.8. The other switches and devices in my network can not. The core switch configs are above in my first post. The only thing i changed in them was I took out the OSPF configurations otherwise its the same. Do I need nat configurations on the core too? I have the default route on the core pointed at the LAN address of the pfsense firewall. The pfSense's default route is the WAN gateway. Thank you for your help.

bsantomauro · ‎12-11-2019

Hi Georg,

I think I figured it out. So when I was testing this what I was doing was disconnecting the cables that were connected to pfSense as a port channel for the vlan routing. I never disabled the vlan interfaces though. This was leaving routes in pfsense's routing table for those vlan interfaces in addition to the static routes I created. I believe this was causing a routing conflict. Also, I had to setup a firewall rule to allow my internal networks out. After changing that I am online now for about 40 minutes with no issue. The vlan routing is also working correctly from what I see. Thank you again for all your help with this.

Georg Pauwen · ‎12-12-2019

Hello,

good to hear that you got it resolved !