Ok.. I think I mostly get it.. So in my test configuration, I have the switch sitting on the bench.
In the main office, we use internal IP's of 10.0.x.x In the remote office, we use internal IP's of 10.3.x.x I have set up VLAN 100 to be the main office VLAN and it has ports ge.1.2-48. I set the IP address for this VLAN to 10.5.0.50 255.255.0.0 VLAN 200 is the remote location VLAN and it has a single port: ge.1.1. I set the IP address for this VLAN to 10.6.0.60 255.255.0.0 Granted I am sure there is a better way to set up the VLAN subnets, but I am testing and trying to keep it easy and simple for now. My laptop is connected to VLAN 200 and my desktop to VLAN 100. I read through the CLI configuration guide and I am a bit confused. How would I express the "route" command properly to allow routing between the two VLANs? Would it be something like this? Route 10.0.0.0 255.255.0.0 10.6.0.50 I am interpreting this command as "route all traffic originating from 10.0.x.x through 10.6.0.50 (VLAN 200 interface IP)" Route 10.3.0.0 255.255.0.0 10.5.0.50 Same as above but reversed. Am I correct in this or am I totally off base? Thanks, Michael From: Nick Allen [mailto:[email protected]] Sent: Wednesday, May 23, 2012 3:44 PM To: Enterasys Customer Mailing List Subject: Re: [enterasys] B3 Routing between VLANs Sorry - not familiar with the Cisco range and thought a 2921 was a L2 switch. I now realise it's a router. So both should work - you could use the 2921 to implement the transit VLAN, or you could use your 'Edit' idea and therefore not create a transit VLAN. As for broadcast traffic, unlikely though it is, a faulty NIC, or a badly behaved or configured app (e.g. Symantec Ghost used improperly) in the remote site's VLAN could flood your WAN link with broadcast traffic - effectively a Denial of Service, making accessing either site from the other one impossible. Arguably a broadcast that generates more than 75Mbps of traffic may also also have rendered your switches at the remote site unusable anyway - particularly if you only have 100Mbps to the desktop - making the fact that they can't use the WAN link a bit moot. Given the option, personally I'd probably route it but you may choose not to for simplicity and never have a problem. There's plenty of far more experienced people than me on here, so maybe they'll add other comments. N. On Wed, May 23, 2012 at 10:53 PM, Michael Paul <[email protected]<mailto:[email protected]>> wrote: Hi Nick.. Just to clarify, what should work fine? The original idea or the edit? :) Please excuse my ignorance, I am rather new to this field.. Why is the broadcast traffic over my WAN link a downside? Isn't the point of broadcast traffic to advertise or locate network resources? Thank You, Michael From: Nick Allen [mailto:[email protected]<mailto:[email protected]>] Sent: Wednesday, May 23, 2012 2:42 PM To: Enterasys Customer Mailing List Subject: Re: [enterasys] B3 Routing between VLANs Makes sense to me Mike and should work fine. A downside is that any broadcast traffic at your remote site will also be broadcast over your WAN link. Hugo's solution - which creates a VLAN solely for the point-to-point link (a transit VLAN) but which requires L3 capable devices at both ends would contain those broadcasts within the local VLAN's at each site. On all our point-to-point links, we use a subnet with a mask of 255.255.255.248 (/29) which gives you 6 useable IP's on that VLAN. It's tempting to be frugal and go for a 255.255.255.252 (/30) which only gives you 2 useable (one for each end), but if you ever add WAN optimisation devices, then it may require an IP in that subnet. N. On Wed, May 23, 2012 at 9:55 PM, Michael Paul <[email protected]<mailto:[email protected]>> wrote: Hi Hugo.. Thank you for the information. Your post reminded me that I forgot to include something important in my question. On the Main office side I have the B3 switch and a Cisco ASA-5510. On the remote location side I have a Cisco 2921 and a Cisco ASA-5505. I have no L3 switch at the remote location. My idea was to set up one of the Cisco 2921 ports to connect to the WAN link and set up the VLAN and routing between the 2 locations on the B3 switch located here in the main office. Essentially, I want the B3 to "see" the WAN connection as just another VLAN Ethernet connection. Setting up the routing in the B3 will join the 2 networks as if they were one. Since the remote location internet connection will now be routed through the main office, I no longer need to worry about firewalls, internet routing, etc at the remote site. Does that make sense? Edit: I just realized that I may not even need to use the 2921. The supplier of the WAN link has told me that the link will be an untagged VLAN. Since the 3Com L2 switches at the remote location support VLANs, all I would really need to do would be to connect the WAN connection to a switch at the remote location and configure the port for the VLAN. Then configure the port on the B3 for the VLAN and then routing between the 2 VLANs and then both VLANs should be able to freely communicate. Does this make more sense? Thank You, Michael From: [email protected]<mailto:[email protected]> [mailto:[email protected]<mailto:[email protected]>] On Behalf Of Hugo Veiga Sent: Wednesday, May 23, 2012 1:14 PM To: Enterasys Customer Mailing List Subject: Re: [enterasys] B3 Routing between VLANs Hi, Let's say for example that you have a enterasys core, this will work with any other equipment that is L3 capable. And this is the logical topology: Enterasys Core "fe.1.1" ----------------------300 mile (untagged frames)----------------------"fe.1.1" B3 Let's say that you have the IP's 192.168.0.0/16<http://192.168.0.0/16> in the B3 You should do P2P routing between your core and the B3. So in the core you create a vlan 1000 and put it untagged in the port that connects to the operator. In the core: Set port vlan fe.1.1 1000 modify-egress interface vlan 1000 ip address 10.0.0.1 255.255.255.248 no shutdown Create a route like this: Route 192.168.0.0 255.255.0.0 10.0.0.2 In the B3: Set port vlan fe.1.1 1000 modify-egress Create the same vlan: Interface vlan 1000 Ip address 10.0.0.2 255.255.255.248 No shutdown Create a route like this: Route 0.0.0.0 0.0.0.0 10.0.0.1 Create all the other vlans you want in the B3 and create the interface vlan for them, the gateway for the computers. This should do the trick. Best regards, Hugo Veiga 2012/5/23 <[email protected]<mailto:[email protected]>> Hi, I have not used a B3... but usually, you go into router mode, configure vlan interfaces, assign them IPs, don't forget "no shutdown", etc. Or what are the specific problems that you are expecting with your setup? On 23-May-12 18:45, Michael Paul wrote: > > I have a B3 switch that I need to enable routing between VLANs. > --- To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected]<mailto:[email protected]> and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> -- This e-mail is intended only for the named person or entity to which it is addressed and contains valuable business information that is proprietary, privileged, confidential and/or otherwise protected from disclosure. If you received this e-mail in error, any review, use, dissemination, distribution or copying of this e-mail is strictly prohibited. Please notify us immediately of the error via e-mail to [email protected]<mailto:[email protected]> and please delete the e-mail from your system, retaining no copies in any media. We appreciate your cooperation. * --To unsubscribe from enterasys, send email to [email protected]<mailto:[email protected]> with the body: unsubscribe enterasys [email protected]<mailto:[email protected]> * --- To unsubscribe from enterasys, send email to [email protected] with the body: unsubscribe enterasys [email protected]
