Solved: Route Traffic Between Three Subnets...

stownsend · ‎10-06-2010

I have three Subnets

10.1.x.x Head Quarters

10.2.x.x Remote Office A

10.6.x.x Remote Office A Training Lab

HQ and Remote Office A are Currently Connected via VPN.

10.2.x.x and 10.6.x.x is connected via a Netopia 910, its failing.

We are getting a 100mb Ethernet Line between HQ and Remote Office A.

I'm looking for a way to get traffic between the three Subnets. Now that HQ and Remote Office A are on a 100MB line, I sill want to keep them in seperate Subnets so Active Directory can do its thing about where users are Located.

I was not sure if I should

get two 1921 routers One in HQ and One in Remtoe Office A

Single 1921 in Remote Office A

Another VLAN solution

I would like the Hardware in the HQ office, though If it makes more sense to have it at Remote Office A that is fine.

All LAN segments are Gigabit.

The Traning Lab has MultiCast Packets, so they need to be snuffed at the Router/VLAN Switch.

Any Suggestions would be appreciated!

Thanks,

Scott<-

joe.lazzaro · ‎12-21-2010

A layer 3 switch is both a switch (layer 2) and a router (layer 3) combined. The SG300 is a layer 3 switch.

The SG300 help file is probably referring to it's operation in layer 2 mode. If you simply create VLANs on the SG300, hosts in one VLAN will have no connectivity to hosts in the other. There is no router to facilitate that communication.

It's not until you enable layer 3 mode and actually create the Layer 3 interfaces for each VLAN (think router) that hosts in different VLANs will be able to talk. Each layer 3 interface will likely become the default gateway for that network.

The SG300 supports static routing, but no dynamic routing.

View solution in original post

Calin C. · ‎10-10-2010

Hello Scott,

If you can afford I would suggest 2 Cisco routers (or L3 switches), one in HQ and one in Remote location. Establish a connection between these 2 routers and configure an IGP (OSPF, EIGRP...) and route your subnets through it. This configuration will also help if you need to configure multicast traffic.

Cheers,

Calin

stownsend · ‎12-21-2010

I'm still working on this and thought I had a Solution, though I still think I might be missing something...

You mentioned a Layer 3 Switch, So I looked and found the SG300 series (SRW2008-K9)

The Spec Sheet says:

• Advanced network management capabilities: As managed switches, the Cisco 300 Series lets you use a variety of advanced features to control traffic over your network. Features include:

– Static routing/Layer 3 switching between VLANs: This capability allows you to segment your network into separate workgroups and communicate across VLANs without degrading application performance. As a result, you can manage internal routing with your switches and dedicate your router to external traffic and security, helping your network run more efficiently.

So that seems like I can define three IP VLANs and route between them? Then looking at the help file for the SG300 I see:

VLAN Roles  
VLANs function at Layer 2. All VLAN traffic (Unicast/Broadcast/Multicast) remains within that VLAN. Devices attached to different VLANs do not have direct connectivity to each other over the Ethernet MAC layer. Devices from different VLANs can communicate with each other only through Layer 3 routers. An IP router, for example, is required to route IP traffic between VLANs if each VLAN represents an IP subnet. 
The IP router might be a traditional router, where each of its interfaces connects to only one VLAN. Traffic to and from a traditional IP router must be VLAN untagged. The IP router can be a VLAN-aware router, where each of its interfaces can connect to one or more VLANs. Traffic to and from a VLAN-aware IP router can be VLAN tagged or untagged.

Which Implies I need another Router to route the VLANs?

Can I not do what I want with just the SG300?

joe.lazzaro · ‎12-21-2010

A layer 3 switch is both a switch (layer 2) and a router (layer 3) combined. The SG300 is a layer 3 switch.

The SG300 help file is probably referring to it's operation in layer 2 mode. If you simply create VLANs on the SG300, hosts in one VLAN will have no connectivity to hosts in the other. There is no router to facilitate that communication.

It's not until you enable layer 3 mode and actually create the Layer 3 interfaces for each VLAN (think router) that hosts in different VLANs will be able to talk. Each layer 3 interface will likely become the default gateway for that network.

The SG300 supports static routing, but no dynamic routing.

stownsend · ‎12-22-2010

So then I guess I'm just not seeing where to kick it into Layer3 Mode. )-:

I'm used to the CLI interface on other Routers/ASA equipment. I didn't think a Switch would be that hard to figure out.

After a bit of Googling I found that you have to connect to the Switch via Serial Cable and then there is an option to put it into Layer 3 Mode.

Hopfully now I can add the IP Interfaces for each VLAN.

Thanks!

stownsend · ‎12-22-2010

That did the Trick. Not sure why they made it so you can only change the switch to Layer3 Mode while connected to the Console Port. I was looking alover for it in the WebInterface.

Nothing in the Quick start guide or the Help in Layer2 Mode.

Thanks everyone.

joe.lazzaro · ‎12-22-2010

If you found any of the responses helpful, please rate