I'm trying to configure switches to add a vlan. I currently have a flat (default VLAN 1) with two 3750 connecting two locations A and B via a trunk. Address space is 10.1.1.0 class C consisting of clients an servers and the default gate is the firewall 10.1.1.2 in location A.
Location A 3750 - 10.1.1.73
Location B 3750 - 10.1.1.74
I want to create a new VLAN at Location A with 172.16.1.0/24 for new devices (avaya voice pbx). I understand I should create a new VLAN in A, assign SVI, and let 3750 in A do the routing from VLAN 1 to 2. However I'm not sure how the default gateway gets assigned. All servers and clients have the default gate of 10.1.1.2 and I guess the AVAYA will forward all packets 172.16.1.1.
As per u r understanding u r right.create the new vlan.create the SVI and assign the ports in the new vlan i.e avaya.u need to define in avaya default gateway as SVI IP Address created in 3750.As 3750 is layer 3 capable it will take care of intervlan routing.
You are correct for the most part with one exception. As the existing gateway is set to firewall, which doesn't route traffic out the same interface it received traffic on (or) does not do ip redirects, your inter-vlan routing would fail. Hence, PCs/Servers need to have the default gateway set to 3750_A switch's SVI IP of 10.1.1.73 for inter-vlan routing to work. Configure a default route on 3750_A to point to the firewall.
If you aren't using DHCP and won't be able to change the gateway on all clients then you could use the 10.1.1.2 as the SVI IP on 3750_A switch and give the firewall a different address.
Ok. I applied the route and it appears the packets flow to the firewall and out to the internet from VLAN 1 but not from the newly created VLAN 2. Inter-VLAN is working fine. Is there something else needed in switch config on Location A? Or is this a routing issue with the firewall?
Thanks for assistance.
You need a route for the newly created subnet in the firewall. In addition to that, check the NAT and ACL rules on the firewall to allow traffic from the newly created subnet to get out.
in addition to sunder post one thing i would suggest is that make sure u r firewall has the appropriate routes and it is configured in vlan 1 as per u r topology.
i created per sundar a static route in the firewall
route add 172.16.1.0/24 10.1.1.73
My only other question is this.
Do clients in VLAN1 need the switch (10.1.1.73) as the default gate or leave it as the firewall (10.1.1.2) and let the firewall redirect packets destined for VLAN2 back to the switch?
As u said that u r switch is multilayer switch the gateway for u r vlan 1 clients will be ip address of u r SVI vlan 1 and gateway for u r vlan 2 will be svi of vlan 2.
the switch will have a default route pointing to firewall.
the firewall will a route pointing to vlan 1 svi for both the subnets.
As I stated earlier, the default gateway on the client has to be pointing to 10.1.1.73 as firewall doesn't redirect packets. Read my earlier post for more info.