Wired Intelligent Edge

 View Only

  • 1.  Default Gateway

    Posted May 12, 2016 11:33 AM

    Hi,

    I have got a 2920 switch and it has got 3 vlans

    Vlan 10 10.0.10.0 255.255.255.0

    Vlan20   10.0.20.0 255.255.255.0

    Vlan 30    10.0.30.0 255.255.255

    and everything is ok. I am stuck that how all these Vlan would forward the traffic to my router 10.0.10.254?

    Could you please guide me?

     

    Thanks,



  • 2.  RE: Default Gateway

    Posted May 12, 2016 11:16 PM

    You need to add all 3 VLANs to the interface that connects to the router.

    Then on the router you need to add all 3 VLANs to the interface that connects to the switch.

    A maximum of 1 VLAN can be untagged.

    If the VLAN is tagged on one end, it has to be tagged on the other end as well.

    The router will (presumably) need a VLAN interface configured for each VLAN. Depending on the kind of router, this could be a sub-interface on the router interface connecting to the switch.



  • 3.  RE: Default Gateway

    Posted May 13, 2016 07:42 AM

    Thanks Vince. Is my default gateway 10.0.10.254 on the switch enough to forward the internet traffice for all my VLANs to my ASA without a tag port?



  • 4.  RE: Default Gateway

    Posted May 15, 2016 08:10 PM

    Yes, your 2920 can have IP routing enabled and you can use it as a layer-3 switch.

    Its function will therefore be
     - inter-VLAN routing between the 3 subnets
     - routing between the subnets and the ASA

    So what you need is to put the default gateway/router address for each subnet on the swith VLAN interface for that subnet.

    Then, you need to create a 4th VLAN, eg,
    VLAN99 10.0.99.0/24
    Then put 10.0.99.2 on your switch VLAN99 VLAN interface.
    Then put 10.0.99.1 on your ASA interface that the switch is patched to.
    Then you need to put a default route on the switch: 0.0.0.0/0 --> 10.0.99.1
    Then you need to put routes on your ASA, eg: 10.0.0.0/16 --> 10.0.99.2



  • 5.  RE: Default Gateway

    Posted May 16, 2016 05:11 AM

    Thanks. I have enabled the IP Routing and still confused on this issue on default gateway.

    When I enter the command show ip and I get the Vlans ip address.

    PC | Manual                    192.168.5.254 255.255.255.0 No No
    Voice | Manual                192.168.10.254 255.255.255.0 No No

    I think these are the gateway for Vlans ip addresses. I have configured the DHCP scope for each Vlan and change router IP address to Vlan ip address for example workstations   router ip on the DHP would be 192.168.5.254 and Voice router scope on the windows dhcp would be 192.168.10.254. 

    I would require to add  these subnets on the Asa

    object network obj_PC
    subnet 192.168.5.0 255.255.255.0

    object network obj_Voice
    subnet 192.168.10.0 255.255.255.0

    Please correct me if I am wrong?

    Thanks,



  • 6.  RE: Default Gateway

    Posted May 16, 2016 07:43 PM

    Sounds good.

    Your DHCP server presumably sits on the Data VLAN,o you will also need DHCP forwarding on the other VLANS to send DHCP requests in the Voice VLAN to the Data VLAN.

    I guess the ASA will need to know about the networks for 3 reasons:
     - routing back to them
     - NATing for them
     - rules for passing traffic for them



Related Content