Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Inter VLAN Routing with single Internet Gateway

This is a pretty simple configuration.  I have six Cisco 300 Series switches in Layer 2 mode.  They are all connected using ports in Trunk mode.  These Trunks are tagged members of all VLANS.

I have one 300 series in layer 3 mode with IP address assigned to each VLAN.

I would like to use one Internet gateway for multiple VLANS.  This gateway has numerous IP ports that forward to internal ip addresses on various machines.

All i9nternal clients use their respective VLAN IP as their default gateway.

The Layer 3 switch is connected to one of the Layer 2's using a Trunk that is a tagged member of all of the VLANS.

I understand how traffic routes from a client to its respective VLAN gateway.  Where I am confused is how it routes from there to the Internet gateway?

Internet gateway is 192.168.1.1

VLAN IP's are 192.168.2.1, 192.168.3.1, etc...

Should the Internet Gateway be patched into the Layer 3 switch or one of the Layer 2's using a separate "Internet" VLAN?

Any help would be appreciated.

9 REPLIES
Bronze

Inter VLAN Routing with single Internet Gateway

Hi TekNecks,

Add the static route in SG300 switch (Layer 3) with next hop as your internet gateway.

regards

Moorthy

New Member

Inter VLAN Routing with single Internet Gateway

Should the port with the gateway patched in be configured as a Trunk with tagged membership in all VLANS or as a General with untagged membership?

I am thinking General with untagged, since the gateway is not VLAN aware, nor is it Cisco.

Bronze

Inter VLAN Routing with single Internet Gateway

It should be Trunk with Tagged membership

Cisco Employee

Re: Inter VLAN Routing with single Internet Gateway

No you should not trunk or tag the port from your "router" to the SG switch.

Your router is: 192.168.1.1

Your SG300 is: 192.168.1.2 on VLAN interface 1 (VLAN1)

on your SG300 configure the other VLANs and assign them to appropriate ports, keeping in mind that the single connection from the SG to the router is VLAN1.

The default route configured on the SG will be 0.0.0.0 0.0.0.0 => 192.168.1.1

NOW!!! this is the kicker. You have to be able to let your router know or it must understand that you have multiple networks behind it. You will have to tell the router that for 192.168.2.0 next hop is 192.168.1.2 and so on for each other VLAN on your SG300. If you are not able to do this on your router then only VLAN 1 will be able to route to the internet.

Hope this helps.

*edit: changed mistake on addressing

New Member

Re: Inter VLAN Routing with single Internet Gateway

Your answer is exactly correct. I managed to get this working.

Thanks for your input

--

Michael Kohn

Chief Teknologist | TekNecks.com

New Member

Inter VLAN Routing with single Internet Gateway

What if I want UPnP working for all the VLANs?

Cisco Employee

Re: Inter VLAN Routing with single Internet Gateway

If you have a network large enough to justify the use of VLANs, I would highly advise against the use of UPnP in your environment. It is a huge hole that can be exploited easily and is a known exploit in use today.

My recommendation would be to configure port trigering or ACL rules for required services in your network. Do not use UPnP to auto configure the router. Keep those advertisement at layer 2.

Message was edited: clarifying wording

New Member

Re: Inter VLAN Routing with single Internet Gateway

Regarding getting stuff like all the VLANs' computers to show up under Windows Explorer > Network, is it sufficient to configure InterVLAN Multicasting?

How exactly does IGMP fit in here?

Cisco Employee

Re: Inter VLAN Routing with single Internet Gateway

remember that broadcasts / multi-cast are never propogated past a router including a switch when is running L3. On the switch you should be able to create rules to allow protocols such as NetBIOS to discover other computers.

keep in mind that the protocols you are trying to forward are going against how routing is designed and you may need to get creative with ACL rules in order to acheive your goal.

3322
Views
10
Helpful
9
Replies