10-11-2006 10:47 AM - edited 03-05-2019 12:11 PM
Hello,
I'm trying to configure switches to add a vlan. I currently have a flat (default VLAN 1) with two 3750 connecting two locations A and B via a trunk. Address space is 10.1.1.0 class C consisting of clients an servers and the default gate is the firewall 10.1.1.2 in location A.
Location A 3750 - 10.1.1.73
Location B 3750 - 10.1.1.74
I want to create a new VLAN at Location A with 172.16.1.0/24 for new devices (avaya voice pbx). I understand I should create a new VLAN in A, assign SVI, and let 3750 in A do the routing from VLAN 1 to 2. However I'm not sure how the default gateway gets assigned. All servers and clients have the default gate of 10.1.1.2 and I guess the AVAYA will forward all packets 172.16.1.1.
Thanks
10-11-2006 11:01 AM
Hi
As per u r understanding u r right.create the new vlan.create the SVI and assign the ports in the new vlan i.e avaya.u need to define in avaya default gateway as SVI IP Address created in 3750.As 3750 is layer 3 capable it will take care of intervlan routing.
Thanks
Mahmood
10-11-2006 11:09 AM
Hi,
You are correct for the most part with one exception. As the existing gateway is set to firewall, which doesn't route traffic out the same interface it received traffic on (or) does not do ip redirects, your inter-vlan routing would fail. Hence, PCs/Servers need to have the default gateway set to 3750_A switch's SVI IP of 10.1.1.73 for inter-vlan routing to work. Configure a default route on 3750_A to point to the firewall.
If you aren't using DHCP and won't be able to change the gateway on all clients then you could use the 10.1.1.2 as the SVI IP on 3750_A switch and give the firewall a different address.
HTH
Sundar
10-11-2006 01:01 PM
Thanks. Do I need to add this static route in 3750_A or is it not necessary?
ip route 0.0.0.0 0.0.0.0 10.1.1.2
10-11-2006 01:13 PM
Yes, you do need it as any unknown traffic would be routed over to the firewall.
HTH
Sundar
10-11-2006 02:12 PM
Ok. I applied the route and it appears the packets flow to the firewall and out to the internet from VLAN 1 but not from the newly created VLAN 2. Inter-VLAN is working fine. Is there something else needed in switch config on Location A? Or is this a routing issue with the firewall?
Thanks for assistance.
fred
10-11-2006 02:29 PM
Fred,
You need a route for the newly created subnet in the firewall. In addition to that, check the NAT and ACL rules on the firewall to allow traffic from the newly created subnet to get out.
HTH
Sundar
10-12-2006 07:39 AM
thanks. will do
10-11-2006 11:07 PM
Hi
in addition to sunder post one thing i would suggest is that make sure u r firewall has the appropriate routes and it is configured in vlan 1 as per u r topology.
Thanks
Mahmood
10-12-2006 07:46 AM
i created per sundar a static route in the firewall
route add 172.16.1.0/24 10.1.1.73
My only other question is this.
Do clients in VLAN1 need the switch (10.1.1.73) as the default gate or leave it as the firewall (10.1.1.2) and let the firewall redirect packets destined for VLAN2 back to the switch?
10-13-2006 02:14 AM
Hi
As u said that u r switch is multilayer switch the gateway for u r vlan 1 clients will be ip address of u r SVI vlan 1 and gateway for u r vlan 2 will be svi of vlan 2.
the switch will have a default route pointing to firewall.
the firewall will a route pointing to vlan 1 svi for both the subnets.
Thanks
Mahmood
10-13-2006 10:42 AM
As I stated earlier, the default gateway on the client has to be pointing to 10.1.1.73 as firewall doesn't redirect packets. Read my earlier post for more info.
HTH
Sundar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide