How do I configure a VLAN to act solely as a routing VLAN for the other vlans to use for routing purposes?

  • 0
  • 2
  • Question
  • Updated 4 years ago
  • Answered
  • (Edited)
Hello All,

I am working on two x460-G2 switches that are stacked. We desire to have 4 vlans, each with a separate IP Space, and create a 5th Vlan, that acts as a routing VLAN which will have a port that is a link to our core routing device. Our idea is instead of having all the devices do its routing through the core device, it can go through the 5th Vlan to do all the routing. What is the best way to go about this? I am unsure if there is a way to create virtual interfaces on the port that is connected to the core device. To my understanding each vlan needs to have its own gateway, hence, the thought of having virtual interfaces on that port that is linked to the core device. Or is it better to create static routes on each vlan to route it correctly to the core device. Or am I completely off? Help is much appreciated.


Thanks!
Photo of Nieko Adams

Nieko Adams

  • 122 Points 100 badge 2x thumb

Posted 4 years ago

  • 0
  • 2
Photo of Jarek

Jarek

  • 2,398 Points 2k badge 2x thumb
Hi,

if X460 act as a default gateway for the hosts in 4 vlans, and you have 1 vlan to core:
- create vlans
- set an IP address on every vlan
- enable ipforwarding for those vlans
- configure default gateway
- configure on core routing for address space on X460

example config:

create vlan "lan1"
configure vlan lan1 tag 104
configure vlan lan1 add ports 1-4 untagged
create vlan "lan2"
configure vlan lan2 tag 105
configure vlan lan1 add ports 5-8 untagged
create vlan "lan3"
configure vlan lan3 tag 106
configure vlan lan1 add ports 9-12 untagged
create vlan "lan4"
configure vlan lan4 tag 107
configure vlan lan1 add ports 13-16 untagged
create vlan "toCORE"
configure vlan toCORE" tag 110
configure vlan lan1 add ports 24 untagged

# configure ip address
# you must set routing on core for those networks via 10.0.0.2
configure vlan lan1 ipaddress 192.168.1.1/24
configure vlan lan2 ipaddress 192.168.2.1/24
configure vlan lan3 ipaddress 192.168.3.1/24
configure vlan lan4 ipaddress 192.168.4.1/24
configure vlan toCORE ipaddress 10.0.0.2/30

# this address is on core site, our default gateway
configure iproute add default 10.0.0.1

# enable ipforwarding
enable ipforwarding vlan lan1
enable ipforwarding vlan lan2
enable ipforwarding vlan lan3
enable ipforwarding vlan lan4
enable ipforwarding vlan toCORE

--
Jarek
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Nieko

A couple of thoughts There is nothing wrong with your design and Jerek provided the commands above.  One thing to note is that you will need to make sure that the core switch has routes for all four of the user VLANs.  That can be either using static in the core or using a route protocol like OSPF or RIP.  Tagging the VLANs down tot he core maybe easier to configure as the core router knows of all of the routes but there are of course limitations to that as well.

If you don't want to have the four user VLANs talking to each other and just to the core then you will need ACLs at the 460 to block that traffic.

Hope that helps. let us know if you have any other questions

P