This is a pretty simple configuration. I have six Cisco 300 Series switches in Layer 2 mode. They are all connected using ports in Trunk mode. These Trunks are tagged members of all VLANS.
I have one 300 series in layer 3 mode with IP address assigned to each VLAN.
I would like to use one Internet gateway for multiple VLANS. This gateway has numerous IP ports that forward to internal ip addresses on various machines.
All i9nternal clients use their respective VLAN IP as their default gateway.
The Layer 3 switch is connected to one of the Layer 2's using a Trunk that is a tagged member of all of the VLANS.
I understand how traffic routes from a client to its respective VLAN gateway. Where I am confused is how it routes from there to the Internet gateway?
Internet gateway is 192.168.1.1
VLAN IP's are 192.168.2.1, 192.168.3.1, etc...
Should the Internet Gateway be patched into the Layer 3 switch or one of the Layer 2's using a separate "Internet" VLAN?
Any help would be appreciated.
No you should not trunk or tag the port from your "router" to the SG switch.
Your router is: 192.168.1.1
Your SG300 is: 192.168.1.2 on VLAN interface 1 (VLAN1)
on your SG300 configure the other VLANs and assign them to appropriate ports, keeping in mind that the single connection from the SG to the router is VLAN1.
The default route configured on the SG will be 0.0.0.0 0.0.0.0 => 192.168.1.1
NOW!!! this is the kicker. You have to be able to let your router know or it must understand that you have multiple networks behind it. You will have to tell the router that for 192.168.2.0 next hop is 192.168.1.2 and so on for each other VLAN on your SG300. If you are not able to do this on your router then only VLAN 1 will be able to route to the internet.
Hope this helps.
*edit: changed mistake on addressing
If you have a network large enough to justify the use of VLANs, I would highly advise against the use of UPnP in your environment. It is a huge hole that can be exploited easily and is a known exploit in use today.
My recommendation would be to configure port trigering or ACL rules for required services in your network. Do not use UPnP to auto configure the router. Keep those advertisement at layer 2.
Message was edited: clarifying wording
remember that broadcasts / multi-cast are never propogated past a router including a switch when is running L3. On the switch you should be able to create rules to allow protocols such as NetBIOS to discover other computers.
keep in mind that the protocols you are trying to forward are going against how routing is designed and you may need to get creative with ACL rules in order to acheive your goal.