cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1709
Views
0
Helpful
27
Replies
Highlighted
Beginner

Static Routes With Next Hop As An Exit Interface Or An IP Address

I need to setup a simple L3 network. For now I will leave all devices on VLAN1 for simplicity until I have things working. Later I will add additional VLANS. Setup is straight structure. Sg300-10 are all in L3 mode currently

Router (192.168.1.1) connects to SG300-10 (192.168.1.4, port 1, in L3 mode)--> connects to  Sg300-10 (192.168.1.3, port 1, in L3 mode) --> connect to Sg300-10 (192.168.1.2, port 1, in L3)

 

I have all ports set to trunk currently

 

Question 1: Do I need to add any IPv4 routes?, or are the defaults sufficient?

 

Question 2: I will add the following VLANS, 1-Default, 2-Network, 10-internet devices, 22-guest, 100-voice. Will I need to change any IPv4 routes (above) when I do this? If so, what should they read.

 

Sorry about the newbie questions

27 REPLIES 27
Highlighted
VIP Mentor

Your picture and description is different.

 

Router (192.168.1.1) connects to SG300-10 (192.168.1.4, port 1, in L3 mode)--> 
connects to  Sg300-10 (192.168.1.3, port 1, in L3 mode) --> 
connect to Sg300-10 (192.168.1.2, port 1, in L3)

 

Is these devices located in different area of locations ? or same Comms room ?

 

 

Question 2: I will add the following VLANS, 1-Default, 2-Network, 10-internet devices, 22-guest, 100-voice. Will I need to change any IPv4 routes (above) when I do this? If so, what should they read.

 

Are you looking these VLAN to present all the Switches ?  If yes below example setup :

-  configure L2 Trunking allowing these VLAN in the Trunk

-  Subnet the 192.168.1.X to 5 or 6 subnets. ( Depends on your requirement and number of users)

     if more users start using full subnet for each VLAN/service, like  example 192.168.1.X  for defaul, 192.168.2.X -           Network and so on

- Configure all SVI interface  in router and enable routing ( what kind of router is this) ?

BB
*** Rate All Helpful Responses ***
Highlighted

BB:

 

Yes the  switches are located in different rooms.

Yes will add the VLANS to all the switches

 

Router is a Cisco RV320

 

Yes I will add all the VLANS as 192.168.2.x, 192.168.10.x ...

 

Do I need to add any specific IPV4 routes?

 

Not sure what you mean by configure all SVI interface, but will add the VLANs to the router

Highlighted
VIP Expert

Hello,

 

in addition to the other post, yes, you need static routes on all 4 routers. The SG300 doesn't even support RIP, so you need a static route for each network.

Highlighted

what should those specific routes be?

 

192.168.1.3, 

Mask 255.255.255.0

Type rejected or remote (I think it should be rejected but not sure)

 

192.168.1.4

Mask 255.255.255.0

Type...

etc

 

So one route for each switch to the next adjacent switch?

 

Does each switch need a route to the next adjacent switch?

Highlighted
Hall of Fame Guru

Am I correct in understanding that you have 3 layer 2 switches that are daisy chained to connect to a router (switch connects to switch, which connects to another switch, which connects to the router)? And am I correct in understanding that as you add new vlans on the switches that you will add vlan sub interfaces on the router? If you do this then you will get additional entries in the route table of the router which will be similar to the existing entry as being local directly connected routes. You will not need to create any further route entries in the router to communicate within your network. If you will be connecting this router to something to provide access to the Internet then you would need to configure a default route for that.

 

HTH

 

Rick

HTH

Rick
Highlighted

Almost correct. I have 3 Layer 3 switches not layer 2.

 

Yes I will add vlans. First starting on the switch and then add to each switch starting with the one closest to the router. 

 

The router connects to the internet via Dual WAN ethernet connection. Do I still  need to configure a default route then. If so what would that route look like.

Highlighted

Thank you for clarifying that the switches will operate in Layer 3 System mode. With these switches in Layer 3 System mode you can create a new vlan and assign an IP address and mask to that vlan. When you do this the switch automatically creates a route in its routing table (which it identifies as a local connected route) and enables routing between this new vlan and any other vlan configured on the switch with an IP address. This would enable routing between the vlans on the switch and you would not need the router to do inter vlan routing. Any switch configured in Layer 3 System mode with routing between vlans would need a default route configured and that default route should have the next hop as an IP address on the router. It is not clear to me whether you intend to configure Layer 3 System mode with inter vlan routing on each of the switches or on one of the switches. Can you clarify this?

 

As I have indicated, if the switches are doing inter vlan routing then the router does not need to interact with the individual multiple vlans. The router needs to interact with only a single vlan on the switches and so the connection between the router and the first switch does not need to be a trunk. It will be sufficient for that connection to be an access port in the native vlan on the switch and to be a simple routed interface on the router (and not have vlan sub interfaces). The router would need to have configured static routes for each of the new vlans and the router static route would have a switch interface in that vlan as the next hop.

 

The router will need to have a default route configured with the address of the provider device as the next hop.

 

The processing logic would work like this:

If a device in 192.168.1.0 wants to communicate with a device in 192.168.2.0 then the device would forward the packet to its default gateway (which would the the switch IP address in that subnet), the switch receives the packet and forwards to the device in 192.168.2.0 and there is no need for the router to be involved.

If a device in 192.168.2.0 wants to communicate with some device in the Internet then the device forwards the packet to its default gateway (which is the switch interface in that subnet), and the switch forwards the packet to the switch default gateway (which is the router). The router receives the packet and forwards to its default gateway (which is the ISP device). When the response comes back from the Internet then the router will use its static route for 192.168.2.0 to find the address to forward to, and the switch receives that packet and forwards to the device that initiated the traffic.

 

Note that for this to work that someone needs to do address translation. It could be your router or it could be the provider device. 

 

HTH

 

Rick

HTH

Rick
Highlighted

Yes I am intending inter VLAN routing on each switch (all three). I want to limit the network traffic from needing the router. I have added the VLANs to each of the switches.

 

The router is handing out the DHCP info so if I understand you correctly I can set the connection between the router and the first switch as an access on the default VLAN and since all the switches will do the inter VLAN routing.

 

Currently I think that inter VLAN routing is working. Not sure however if it is because I have it set up correctly of if the router is doing the work. Is there a way to do a trace to see if the router is involved int he process. If so what would be the best command to issue?

Highlighted

Thanks for the additional information. You tell us that you have created the new vlans on each switch. Did you configure an IP address for each vlan on each switch? And did you configure a default route on each switch? These would be needed to effectively enable routing on each of the three switches. Configuring routing on each switch, or on one of the switches, would prevent inter vlan traffic from going through the router.

 

Your mention of DHCP does add another consideration about how the router could be configured. You could configure as I suggested with the router to switch connection carrying a single vlan (not a trunk) using a routed port on the router and an access port in the native vlan on the switch. If you use this approach you would need to configure UDP Relay/IP helper on each switch to relay DHCP requests from the switch to the router. When a device in one of the vlans issues a DHCP request the switch would receive the request and would forward the request to the router. The router would send the DHCP response to the switch which would forward it to the client. In this approach you would be careful to be sure that the default router configured in each scope would use an IP address from one of the switches.

 

The alternative approach would be to configure the connection from router to switch as a trunk. On the router you would need to configure vlan sub interfaces with IP addresses for each subnet on the router. The switch port connecting to the router would be configured as a trunk carrying all of the vlans. In this approach when a device in one of the vlans issues a DHCP request the broadcast request would be received by the router and it would respond directly to the client. In this approach it is especially important that the default router specified in each scope would use an IP address from a switch and not use the IP of the router interface. This would assure that routing is done on the switch and not on the router.

 

The easy way to determine which is doing the routing will be to do a trace route from a device in one vlan to a device in the a different vlan. The trace route should receive two sets of responses. The response to the probe with TTL set to 1 should come from the device doing the routing, and the second response should have TTL set to 2 and come from the target. So look to see whether the first set of responses is from the switch or from the router.

 

HTH

 

Rick

HTH

Rick
Highlighted

Thanks so much for all your help.

I created the VLANs on each switch by going under VLAN management and adding a VLAN for four additional VLANs with IP addresses (ie 192.168.2.x fro VLAN 2 .... I enabled VLAN interface state and LinkStatus SNMP Traps.(see image) That is all I did on each switch. I left the default route as is on each switch. (See image). Is there something else I should have done? Lastly when I create a trace route from my computer (192.168.2.2) to another machine on another VLAN (192.168.1.101) these are the results. (see image). I am using your alternative setup right now with the trunk option.Screen Shot 2018-09-01 at 9.08.51 PM.pngScreen Shot 2018-09-01 at 9.10.50 PM.pngScreen Shot 2018-09-01 at 9.15.38 PM.png

Highlighted

Thanks for the information. There is at least one more thing that you should have done. If you want inter vlan routing to be enabled on each of the switches then each of the switches needs to have an IP address configured in each of the vlans. The IP address would be configured on the IPv4 Interface page in Layer 3 Sysem mode. So each switch needs an IP in vlans 10, 22, and 100. At this point I would suggest not configuring an IP address for these vlans on the router. This will help make sure that the router is not doing inter vlan routing.

 

Once you have configured the addresses on each switch I would expect that the IPv4 Routes page to have entries for each network as a Local Directly Connected network. This would enable inter vlan routing. If those Local Directly Connected entries are not created automatically then you may need to enter them manually (but I do really expect them to be created automatically).

 

If you are using the option to trunk all vlans to the router then I assume that you must have configured vlan sub interfaces on the router. And I am guessing that you configured IP addresses on the router vlan sub interfaces (you would need that for DHCP to work). And that means that at this point in time that the router is doing the inter vlan routing. When you get the switch addresses configured, and the Local Directly Connected routes created then routing should happen on the switches.

 

What is the default gateway configured on your computer at 192.168.2.2? As you implement inter vlan routing on the switch you will need to be careful that device default gateway is set to a switch IP and not to the router IP.

 

HTH

 

Rick

HTH

Rick
Highlighted

Richard:

 

Thanks again for all you help.

 

I think I have it almost done.

 

I have a linear arrangement of GW (192.168.1.1)--> SW (192.168.1.4)-->SW (!92.168.1.2)-->SW (192.168.1.3).

 

For the VLANS this is my config

VLAN 1: GW, switches and AP

VLAN2: network devices

VLAN10: Home automation devices

VLAN22: Guest

VLAN 100: Voice

 

***Because VLAN 22 is GUEST I do not need/want inter vlan routing just internet access***

 

The current IPv4 interface looks like this for switch 192.168.1.4 and similar for the other two switches. They have only VLAN 1 listed....

Screen Shot 2018-09-03 at 10.36.17 AM.png

 

I assume based on your reply that I need to add an interface for VLAN2, 10, and 100 and not 22 cuz it is a guest VLAN.

 

When I go to add a VLAN should I choose dynamic or static address and if static what should I input?

(I assume Mask is 255.255.255.0 and Length is 24)

Screen Shot 2018-09-03 at 10.39.43 AM.png

 

I choose static

 

Screen Shot 2018-09-03 at 10.44.01 AM.png

 

When I go to add the VLAN on the interface I get the following warning.

Screen Shot 2018-09-03 at 10.37.48 AM.png

 

I  choose ok

 

It tells me that the Entry already exists?

 

Screen Shot 2018-09-03 at 10.44.12 AM.png

 

 

Am I doing something wrong and should it be dynamic instead?

 

This is what I get when I add them add dynamic. The IP address seems weird for the VLANs

 

Screen Shot 2018-09-03 at 10.50.16 AM.png

 

Finally in response to your question about default gateway. The gateway is 192.168.1.1 (VLAN1) and 192.168.2.1,192.168.10.1, 192.168.22.1 and 192.168.100.1 for each of the respective VLANs. So the computer on 192.168.2.1 has gateway 192.168.2.1 as its gateway. 

 

Since computer 192.168.2.2 is attached to switch (192.168.1.4) are you saying that I should make its gateway 192.168.1.4? (Even though it  is a different VLAN?)

 

Highlighted

Thanks for the information. This response raises several issues. Lets start with the easy one which is the error when you attempt to configure an IP address for vlan 2. Most of what you did was correct. And I would suggest that the type should be static and not dynamic. (in fact I am surprised to see that it looks like the IP address for vlan 1 is dynamic, and I would suggest static for that one also). The problem with your effort is in the specific address that you used. You are configuring an IP address for vlan 2 but the address in the address field is 192.168.1.4, which is really the address for vlan 1. So when the switch attempts to save the config change it finds that this address does already exist. Try it again and specify 192.168.2.4 as the address.

 

Your comment that you do not want the Guest vlan to participate in inter vlan routing raises a bit of an issue. There are several alternatives that you could consider. One way to accomplish this would be to configure and apply Access Lists on each of the switches. The SG300 switch does appear to support these. This solution would be to use an Access List on vlan 22 of each switch and deny any traffic from vlan 22 to any other vlan on the switch (vlans 1, 2, 10, 100). This assumes that each switch is configured with an IP address in vlan 22 and that all devices in vlan 22 are configured with a default gateway which is the router IP address in vlan 22. The other alternative would be to not have any switch with an IP address in vlan 22. This would prevent any switch routing from vlan 22 to any vlan and from routing from any vlan to vlan 22. The router would have an IP address in vlan 22. The devices in vlan 22 would have the IP of the router as their default gateway. In this alternative you might also want to have logic on the router to prevent the router doing any routing from vlan 22 to any other of the vlans.  

 

If your computer is connected in vlan 2 then it should have a gateway address that is a switch address in vlan 2 (not the router address and not an address of any other vlan).

 

HTH

 

Rick

HTH

Rick
Highlighted

Ok so I changed things the way you said and changed the DHCP to static for VLAN1. So here is how the three switches look.

 

Switch IP 192.168.1.4

Screen Shot 2018-09-03 at 2.14.52 PM.png

 

Switch 192.168.1.2

Screen Shot 2018-09-03 at 2.23.09 PM.png

 

Switch 192.168.1.3

 

Screen Shot 2018-09-03 at 2.31.16 PM.png

Next issue we are discussing:

 

Guests only connect via WiFi. My AP have a guest wifi SSID that puts then on VLAN22 automatically. Currently the way things are working they cannot get access to the other VLANS cuz the router has isolated that VLAN. Things are working good so not sure I need to mess with this part

I think this is ok correct?

 

Last issue (I think): Correct Gateway

1. All devices receive their DHCP address from the router (192.168.1.1) Which has VLANS 2,10,22,100 assigned on it. I assume that because inter VLAN was working and this is the default for the router I am using when you create VLANS. Note VLAN 22 is a guest VLAN so it is isolated

2. Example to discuss:

    My computer connects via wifi and is assigned the following address 192.168.2.61, subnet 255.255.255.0 and router 192.168.2.1. The wifi it connects to has an ip of 192.168.1.5 and is connect to switch 192.168.1.4.(The switch has the above VLAN assignments).

 

Is this ok, or because the router is assigning a GW address of 192.168.2.1 (instead of 192.168.2.4) L3 is not working?

I can change my manual address to be obtained manually and set the GW to 192.168.2.4. Is this what you means or is it ok the way I have things.

 

Thanks again for all you help. I finally am starting to understand how this all works.

 

I have DHCP server status turned off on the switches

Have DHCP relay turned off on the switches

I have option 82 turned off on the switches

I have DHCP snooping turned off on the switches

 

 

Content for Community-Ad