Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1922
Views
0
Helpful
7
Replies

VLAN tag handling through default routes

Go to solution
bluepill
Level 1
Level 1

‎03-21-2017 02:04 PM - edited ‎03-08-2019 09:51 AM

Hi,

I'm not well versed in VLAN networking so I have a very simple question (I hope).  Unfortunately my Google skills are letting me down as well; so I'm hoping that one of the learned people on this forum can spare a few moments to assist me.

I have a SG300 (layer 3 mode) in a SOHO environment.  It has some vlans configured to segregate internal networks.  There is a single Internet connection with a service provider router attached.  The service provider router supports vlans.

I have configured the SG300 to provide DHCP to each of the vlan subnets and set the default route for the connected devices to be the SG300's vlan interface IP address.  I set the SG300 to have a default route to the service provider router IP address.

For example:

SG300, vlan 1, IP=10.1.1.254/24, no DHCP

SG300, vlan 2, IP =10.1.2.254/24, DHCP tells all devices that 10.1.2.254 is default route

service provider router IP = 10.1.1.1/24

SG300 default route = 10.1.1.1

SG300 trunks vlans 1 and 2 to the interface that the service provider router is connected to

My question is about whether the SG300 will maintain the vlan tags from my devices even though the default route is on a different vlan and IP subnet.

For example:

Will a packet from an access port assigned to vlan 2 be tagged as vlan 2 when it hits the service provider router; or will it be tagged as vlan 1?

Thanks

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bluepill

‎03-22-2017 05:33 AM

Part of your confusion is that you are mixing layer 2 processes and layer 3 processes. You have configured the connection between the SG300 and the service provider as a trunk which is for layer 2 processes. Then you configured a default route on the SG300 and made the SG300 the gateway for vlan 2. This is about layer 3 processing. So what is happening is that the host connected in vlan 2 sends it packet to the SG300 in vlan 2. The SG300 makes a layer 3 forwarding decision to forward the packet to the service provider in vlan 1 (inter vlan routing) and so there is no vlan 2 tag.

I question why you configured the connection between SG300 and service provider as a trunk. Is the service provider really expecting to receive traffic on multiple vlans? And is the service provider expecting to do inter vlan routing for you? If so then the service provider needs to be the gateway device for vlan 2.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Dennis Mink
VIP Alumni
VIP Alumni

‎03-21-2017 03:12 PM

Yes it will be tagged to VLAN 1 when the packet goes to your ISP. Because you configured it to do that (access port in vlan 1).

does that help?

Please remember to rate useful posts, by clicking on the stars below.

0 Helpful

Go to solution
bluepill
Level 1
Level 1
In response to Dennis Mink

‎03-21-2017 11:47 PM

Thanks Dennis, your answer does help.  It confirms that the SG300 is doing what it is meant to.  

What I don't understand is the relevance of the access port.  I thought that when a packet enters the access port it will be assigned the vlan that the port is configured as; in my example vlan 2.  The packet should then exit the switch on the trunk port that can support both vlan 1 and 2.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bluepill

‎03-22-2017 05:33 AM

Part of your confusion is that you are mixing layer 2 processes and layer 3 processes. You have configured the connection between the SG300 and the service provider as a trunk which is for layer 2 processes. Then you configured a default route on the SG300 and made the SG300 the gateway for vlan 2. This is about layer 3 processing. So what is happening is that the host connected in vlan 2 sends it packet to the SG300 in vlan 2. The SG300 makes a layer 3 forwarding decision to forward the packet to the service provider in vlan 1 (inter vlan routing) and so there is no vlan 2 tag.

I question why you configured the connection between SG300 and service provider as a trunk. Is the service provider really expecting to receive traffic on multiple vlans? And is the service provider expecting to do inter vlan routing for you? If so then the service provider needs to be the gateway device for vlan 2.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
bluepill
Level 1
Level 1
In response to Richard Burts

‎03-23-2017 04:42 AM

Thanks for taking the time to go through this.  It certainly is helping my understanding of what the SG300 will do in this circumstance.

I configured the trunk to the service provider router because it supports vlans and has firewall functionality that I want to use for controlling traffic between the vlans.  I'm now looking into the ACL functionality of the SG-300 to see if I can use it instead.

Thanks again for the assistance

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bluepill

‎03-23-2017 05:15 AM

I am glad that my explanation was helpful. Thank you for using the rating system to mark this question as answered. This is a good discussion and I think it may be beneficial to other readers in the forum.

It may well be that you have a choice to make. If the service provider firewall does support multiple vlans, and if the service provider is willing to process multiple user subnets providing inter vlan routing and other firewall protections then you may very well want to configure your switch to operate as a layer 2 switch, with multiple vlans, and with a trunk connecting to the service provider, but not doing layer 3 routing on your switch. Check with the service provider to verify that they are willing to provide those services. Or you can choose to continue to do the inter vlan routing on your switch and to use access lists to provide controls on user traffic.

HTH

Rick 

HTH

Rick
0 Helpful

Go to solution
bluepill
Level 1
Level 1
In response to Richard Burts

‎03-23-2017 02:04 PM

Do you happen to know if my switch configuration will be reset if I change from layer 3 mode to layer 2 mode?

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to bluepill

‎03-23-2017 07:59 PM

My experience is mostly with larger switches based on Cisco IOS and I have less experience with the SG switches. So my answer is based mostly on what IOS switches do and what I believe that SG switches should logically do. Basically the answer is that no your entire config will not be reset if you change from layer 3 mode to layer 2 mode. There are some things that will be reset. If you have configured some static routes they would probably be removed when you change from layer 3 to layer 2. When you change from layer 3 to layer 2 your configured default route (ip route 0.0.0.0 0.0.0.0) will stop working and may go away and should be replaced by a configured default-gateway. But most of the things that you have configured should still be there after you change from layer 3 to layer 2.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card