Re: intervlan routing between two networks on same site

baselzind · ‎07-31-2018

let us say there is two networks , left wing network and right wing network each with different vlan except vlan4 in common , both connected together through a access port "not a trunk" port of vlan 4 , i have a ip-camera in the left wing network and a camera-server in the right wing server , let us say camera-server vlan is 60 , most traffic between two networks is done through static routes.

-if i want to route ip-camera traffic in the left-wing to the camera server in the right-wing i need to set the camera port to vlan 60? or i can set any vlan?

-i already have a vlan interface 60 on the right-wing for camera server , do i need another vlan interface on the left-wing core? does the static route on the left-wing enough to route traffic from vlan 60 through the access port vlan 4? or i need a vlan interface 60 to throw traffic to interface vlan 4?

-a side question , usually with edge and core switches i find the edge switches layer 2 have a default-gateway to the managment vlan ip on the core switch while there is many vlans at the same time , so when traffic from other vlans need to reach unknown network it uses the default gateway which is on another vlan? does it get it traffic encapsulated within the managment vlan ?

Georg Pauwen · ‎07-31-2018

Hello,

post a schematic drawing of your topology. We need to see what layer 3 devices you have, and how they are connected to your switches...

Sergey Lisitsin · ‎07-31-2018

You can set any VLAN on the port, because your switches are connected by an access port, the VLAN domains are segregated. You need to make sure your VLANs for camera and camera server are both routable, i.e. have VLAN interfaces configured for them and any devices inside these VLANs use these VLAN interfaces as default gateways. Then you need to add static routes on both switches, pointing to the neighbour over VLAN 4 interface. Without a drawn topology, a lot of guessing is going in here, so you'd be better off posting your topolgoy.

vinod.agrahari · ‎07-31-2018

I am not sure if I understand this question correctly..but here is the fact

If two switch connected each other via default access port and two PC connected both end are part of vlan x and in same subnet ,will ping each other.

Now example - pc1 - 10.10.10.1 vlan 60 and connected on sw1 and pC2 - 10.10.10.2 vlan 60 and connected to SW2

Sw1 and SW2 connected via default access port.

Ping from pc1 and pC2 will work fine..so if I relate it with your example,it should be working fine

Richard Burts · ‎07-31-2018

The original post tells us a few things but does not tell us enough to be able to really understand the environment and not enough to be able to give really good answers. There are some important things that the original post does tell us:

1) there are two switches connected by access ports in vlan 4

2) there is a camera connected on one switch

3) there is a camera server connected on the other switch in vlan 60

There are important things that the original post does not tell us:

1) what vlan is the camera in?

2) are the switches layer 2 switches or are they layer 3 switches?

3) if the switches are layer 3 switches then is ip routing enabled?

Given the little bit that we do know there are several things that we can say about this:

1) if devices in two different vlans want to communicate then there must be a layer 3 device providing inter vlan routing to enable that communication.

2) since the camera server is in vlan 60 and the switches are connected by vlan 4 then we know that the camera is in a vlan different from the server and therefore there must be something providing inter vlan routing.

3) if the camera is in vlan 4 then traffic from the camera can get between switches and into the switch were the server is connected. There must be layer 3 inter vlan routing on that switch but not necessarily on the other switch.

4) if the camera is not in vlan 4 then there must be layer 3 inter vlan routing on that switch as well as the switch where the server is connected.

If the original poster provides clarification of these points then we might be able to provide better answers.

HTH

Rick

HTH

Rick

baselzind · ‎07-31-2018

thank you for the input as for the points
1-the camera is in vlan 60 as well , also the camera is connected to a layer 2 edge switch connected to the left wing core switch. but as the two right-wing and left-wing switches are connected by a access port are the vlans id beside vlan4 have any importance?

2-both switches are layer 3 , but as I said before camera in the left-wing is connected to a layer 2 switch which is in turn connected to the left-wing core switch

3-yes ip routing enabled

4-it is required that both the camera and the camer-server be in the same subnet therefore the camera cant be in vlan 4

Richard Burts · ‎07-31-2018

There are several things that we need to address. First to communicate between vlans there must be inter vlan routing. If something in vlan 60 want to get to vlan 4 then there must be inter vlan routing. Also you ask about a static route on the left switch. To have a static route it must be doing inter vlan routing.

Probably the most important thing in your post are the statements about the camera and the camera server being in the same subnet. In the environment that you describe it is not possible for the camera and the server to be in the same subnet. It is possible to have vlan 60 on the left switch and to have vlan 60 on the right switch. But that does not mean that they are in the same vlan or same subnet. If the connection between switches were a trunk then it would be possible to have the same vlan on both switches. But when the switches are connected by access ports then there must be different subnets for the vlans on the switches.

Also your original post asked about using default-gateway on the switch. Let me try to clarify that. Default gateway is used only when the switch operates as a layer 2 switch. default-gateway could be configured on a switch operating as layer 3 switch but it would not be used. Keep in mind that a layer 2 switch forwards frames using only layer 2 information. The gateway does not come into play as the switch forwards traffic received on one port out another port. The layer 2 switch needs a default gateway for any IP traffic originated by the switch itself but not for transit traffic.

HTH

Rick

HTH

Rick

baselzind · ‎07-31-2018

the camera and camera-server are in different vlan than vlan 4 which is the access port between the two switches , will the traffic traverse from vlan 60 to vlan 4 without intervlan routing?
if there is a static route in the left-wing for the camera saying if you want to go to vlan 60 go to vlan 4 ip on right-wing switch will that suffice without intervlan routing and vlan interface on the left-wing switch?

sivam siva · ‎07-31-2018

You told that two switches are connected with access port which is belongs to VLAN 4 , server connected in the Right wing VLAN 60 , now connect your camera in Left wing VLAN 4 , so the traffic can forward to Right wing and create VLAN 4 interface in Right wing Switch and enable the ip routing ( VLAN 60 interface is already created as you told ) then the traffic will route to VLAN 60 (camera server ) in that Right wing Switch.

paul driver · ‎08-01-2018

Hello

You have options but if the R switch supports multiple svi interfaces (L3)

1) Create a L3 vlan 60 and assign the camera server access port to that vlan

2) Apply a static route on Left switch to point to right switch for vlan 60 subnet

Or

1) Have the right switch perform intervlan routing - trunk the interconnet between L-R switch

2) Make sure L2 vlans are allowed to traverse the trunk between the two switches

In summary

The L host will realise R host destination address is on a different network, so it needs to communicate via its own default defined default gateway.

To do this it must know the L2 addressing of it D/G, (discovered by broadcast and unicast arp)

Once this is known the ip packet will be encapsulated by the L host with a L2 frame with known source/destination ip/mac address of itself, destination mac address of its D/G and L3 destination ip address of R host

Also within this frame will also be a dot1q vlan tag with defines what vlan the frame originated from.

This is then sent towards the switch where the frame is read and sent across the trunk

The R switch Svi 60 will then read the frame realise its for itself and strips off the frame.

The Ip header is then read and it will be seen that that R host is on a directly connected interface, At this point if router it doesn’t have the destination L2 addressing of the host it will also perform an arp for R host mac address.

Once this information is discovered Svi 60 will create/send another frame where its again read and switched toward R host.

Lastly R host checks the L2 header and sees that its for itself and strips it off
Checks the l3 header and sees that its for itself and strips it off
Checks dest port and proceeds to process the data.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul