Inter vlan routing with 2948G-L3 and 2950G-48-EI.

bohunter11 · ‎04-22-2010

Network:

TMG 192.168.1.1/24 This is the route out

Then have the L3 switch here

Then the layer 2 switch here

With vlan's 10 - 20 - 100 on it.

I only want to route the 10 - 20 vlans, the 100 vlan is a dmz that will go all the way back to TMG.

I want to have two subnets for my main internal network 192.168.1.0 192.168.2.0 /24

Also I have one dhcp server that will be on the 192.168.1 network, so I'll need that to work as well.

I know this is sort info but let me know what else you need and I will post it.

I don't need configs posted, I would like to learn how to do it myself.

If I could get the steps that I need to follw would be great.

Thank You

Bo Hunter

Giuseppe Larosa · ‎04-22-2010

Hello Bo,

for inter vlan routing on L3 switch you need to enable ip routing

ip routing

you need to define a L3 object named SVI (switched virtual interface) for each vlan that should be part of routed domain.

The L2 object vlan has to exist before

example

! create L2 object in vlan database

vlan 10

name vlan10

apply

exit

! create L3 object

int vlan 10

ip address 192.168.1.1 255.255.255.0

! very important you need to enable it:

no shut

if you don't want to route to or from the DMZ vlan it is enough to do not create the L3 object for it

For being able to use the DHCP above different vlans

all other L3 objects of vlan different from vlan where DHCP server is connected need the command

int Vlan X

ip helper-address 192.168.1.Y

that is the DHCP server ip address this is called DHCP relay function and converts unroutable DHCP broadcast requests to routable packet with IP destination = DHCP server and provides in internal field gateway the ip address of multi layer switch interface that received the original packet.

The DHCP server by examining the GW field can pick up a free IP address from the correct IP address pool

Hope to help

Giuseppe

bohunter11 · ‎04-22-2010

Thanks Giuslar,

Questions inline.

giuslar wrote:

Hello Bo,

for inter vlan routing on L3 switch you need to enable ip routing

ip routing

you need to define a L3 object named SVI (switched virtual interface) for each vlan that should be part of routed domain.

This SVI is on the L3 switch?

The L2 object vlan has to exist before

example

! create L2 object in vlan database

vlan 10

name vlan10

apply

exit

This is done on the L2 switch.

! create L3 object

int vlan 10

ip address 192.168.1.1 255.255.255.0

! very important you need to enable it:

no shut

Is this on the L3 switch? if so the 2948G-L3 has sub interfaces.

Thank You

Bo Hunter

Giuseppe Larosa · ‎04-23-2010

Hello Bo,

I may have been out of context in my example sorry for that

the C2948G-L3 may have a routing engine and so your notes apply: if internal trunk is seen as a port-channel on routing card and so instead of SVI you need to configure port-channel subinterfaces.

in this case it is like a C6500 in Hybrid mode with a L2 supervisor and MSFC with L2 vlan to be configured on L2 switch and corresponding port-channel subinterface configured on the routing engine.

a L2 trunk connects to external L2 switch as needed.

Hope to help

Giuseppe

bohunter11 · ‎04-23-2010

Thanks Qiuslar,

Ok,

So on the 2950 L2 switch do I need to configure a port as a trunk? say port 0/1

Then link that port to the port on the 2948-L3 that is configured with the port-channel sub interfaces? say port 1

Then on the L3 switch plug the ISA firewall internal interface (192.168.1.1) in say port 3. Does this port need anything configuring?

Also, does the ISA firewall internal nic need to be on a different subnet?

Thank You,

Bo Hunter