I'm tring to configure this switch to do something similar to source routing.
Basically, I want to tell each VLAN to go to a different default gateway.
A client on VLAN 100 with IP 10.100.0.x goes to the Internet on 10.100.0.1
A client on VLAN 110 with IP 10.110.0.x goes to the Internet on 10.110.0.1
I found this in the switch's console:
SGE2010P# set system ?
mode Ip Routing support
policy-based-vlans Policy Based Vlan Switching (advanced Switching policy)
Would "policy-based-vlans" do anything to help?
Is there any way of doing this with the SGE?
If not, how else do you think I could accomplish this?
Not sure I fully I understand what you are asking, when these client's get their IP addresses from a DHCP server, won't the server also be informing them of their default gateway? This is usually a standard config for DHCP server scopes.
A client on network 10.100.0.x will have a default gateway (DFG) of 10.100.0.1
A client on network 10.110.0.x will have a DFG or 10.110.0.1
Andrew Lee Lissitz
Yes, the clients' default gateway will be the switches' interfaces.
I'm talking about routing on the switch.
I want the switch to route each VLAN's Internet (Quad Z's) to a different gateway.
That way I can have a separate Internet connection for each VLAN and maintain Inter-VLAN routing on the switch.
Yes, as you have seen the switch can easily route between VLANs and also have static routes entered for remote networks. Not exactly what you are looking to do ...
Also the static routes on the SGE switch are not aware of network failures and can produce black hole routing if the next hop becomes unavailable.
You mentioned dual routers, are the dual routers set up for load balancing as well as redundancy? If so, any thoughts on keeping the switch as a L2 switch and then do routing and redundancy on the routers? Not sure how far along you are in the network design.
Thinking out loud here..., but I am wondering if each router could have both VLANs terminate on them via trunking links to the switches. You could then run HSRP for both VLANs and have redundancy between the routers.
Any thoughts on a redesign?
Another options might be to install a Catalyst 3560 and use PBR to route based on incoming subnet / VLAN. You could also run DHCP server on the 3560. In addition, your PBR configs could be redundant and can prevent black hole routing. In short, you would use the address tracking feature of PBR to modify the next hop address if the primary one goes down.
Does this make sense? HTH,
Andrew Lee Lissitz
I'm not really looking for WAN redundancy.
Just separate INet links for each VLAN.
I can't afford a real router so what I've been doing is:
Modem ---> RVS4000 ---> Switch (VLAN 1)
Modem ---> RVS4000 ---> Switch (VLAN 100)
With my current setup I have one of the RVS routers doing Inter-VLAN routing but I don't like that.
I really want the switch to do the VLAN stuff and the RVS routers just to provide NAT/Firewall/etc.
No reason why PBR couldn't be implimented into the SGE...
From what I've seen of the CLI...it runs IOS-Like software and for what I paid for it...you know.
I'm totally open for a redesign but I'm not made of money.
Real Cisco stuff is way too expensive.
All I got is a couple of RVS's and the SGE2010P.
Ok, I understand.
Humm ... I do not see any options via CLI to assist with any fault tolerant static routing; nothing with PBR or address tracking. Only static routes, and this will not accomplish what you are asking for.
Furthermore, the RVS4000s do not support WAN interface tracking and WAN port failover so this network is limited in the failover / redundancy capabilities.
I think the solution you are currently working might be the best one since you have dual RVS4000s. Is there are problem with the current design? Are applications working correctly? If you are experiencing problems, we should explore this a little bit as well.
Thinking out loud again ...
If the network is not too big, have you considered collapsing the two VLANs into just one? With a POE switch, are you running VoIP? I know it is suggested to always place VoIP on it's own VLAN and configure QoS on the links and uplinks ...
If you combined the VLANs into one, you would have to configure QoS for all ports to ensure that your VoIP or other mission critical traffic was able to function with a lot or a little traffic. No matter the conditions, the switch would ensure that QoS policies are enforced.
With one VLANs, the clients would recieve two default gateways each.
Do please respond and let me know your thoughts. Thanks
The solution I have right now works but is far from ideal.
It allows for virtually no expansion and the equipment seems to fall short on the more advanced features I require.
The whole reason I wanted to start doing some advanced routing here is so I can slap a few more modems in the mix.
Basically, I want to start expanding or at least laying the ground work to allow it.
The reason I have two VLANs now is one is a server network and the other is a client network
(Hence the two modems)
However, like I said, I want to expand.
At this point I'm not really concerned about load balancing or failover on the WAN side.
I really just want to get dedicated modems to the various networks.
Some thoughts on my expansion:
Maybe put wireless on it's own modem.
Another modem for the server network.
I may look into VoIP in the future (not now) and I would want a dedicated modem for that as well.
I read your post and this line stood out:
"It allows for virtually no expansion and the equipment seems to fall short on the more advanced features I require"
This is one of the biggest difference in small biz gear and traditional Cisco. Your comment pretty much sums it up ...
Flexibility, converged, auto failover, nerd-knobs galore, growth, expansion, etc ... all of these reasons for moving a little upstream with your product choices. I understand this is not always possible / desired ...
I would suggest to stop buying the RVS4000. I would suggest for you to consider the SA500 series. You can find a QLM on the SA500 by checking this link: https://www.myciscocommunity.com/docs/DOC-9188
A few things off the top of my head that the SA500 will do for you in the mean time.
1) intervlan routing
2) Advanced Firewall
3) SSL VPNs
4) IPS to protect your servers
5) If you want, spam and web protection
and the biggest one ...
6) Auto failover or load balancing multiple links. This is key, really big IMO ... especially as you add new services / apps, and your network is biz critical.
When you look to adding voice or future apps, the SA500 will still be a valid product. It has a SIP ALG, so if you decide to go with a hosted VoIP offering or a SBCS offering, you are good.
There is some and expansion with this product.
I like that SA520...
- 4 port
- 2nd wan
It seems like a perfect upgrade.
It's about the price of two RVS's but it may be do-able.
This thing runs IOS?
If so that's a plus as well...
Only thing is, I would still need multiple SA's becuase I will be getting more than two modems in the future
(SGE switch doesn have PBR)
...like all the other Linksys/Cisco SMB stuff
No console port either...still, it's pretty good.
Just out of curiosity,
Is there a comparable upgrade to my SGE2010P as well?
There is not an upgrade to the SGE series switches and still be within the small business products. Comparable or upgrade products would be the traditional Cisco products.
It is a good thing to have a POE switch in your network though, and you can configure QoS on this switch for when / if you add VoIP and other apps that require QoS.