Routing to a DHCP wan address

  • 0
  • 1
  • Question
  • Updated 2 years ago
  • Answered
I am new to configuring extreme switches and have no idea if this is even possible, but here is what I would like to do. I have an extreme networks summit x460-24T

What I would like to do is use it to route several vlan networks to a WAN/ internet network, the only catch is the WAN network ip address is assigned via DHCP.

Example

VLAN 100 WAN100 tag 100 IP address assigned by DHCP.

VLAN LAN101 tag 101 192.168.1.1/24

VLAN LAN102 tag 102 192.168.2.1/24

VLAN LAN103 tag 103 192.168.3.1/24

VLANS 101,102,103 should not be able to talk to each other, but should be routeable to the WAN/internet. Additionally I would assign a DHCP range to each of the 3 lan vlans for clients to be able to get an ip address. 

Ideal I would also like to be able to port forward certain ports from the WAN to a specific up on one of the LAN vlans. 

I appreciate any guidance that could be offered. 

In the end this would represent a connection to charter internet, with the 3  LANvlans being 3 separate wireless networks, with some wired components on each one. 

thank you
Photo of Dan OReilly

Dan OReilly

  • 80 Points 75 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Dorian Perry

Dorian Perry, Employee

  • 2,300 Points 2k badge 2x thumb
Hi Dan,

You should be able to the IP address of that you would like to use as a default route after the IP has been assigned to the WAN VLAN.

"configure iproute add default <IP-ADDRESS>"

Example:
  • The WAN VLAN is assigned 10.0.0.2/24
  • You can then configure the default gateway with command:
"configure iproute add default 10.0.0.x"

Also, make sure there is a route back configured through the WAN VLAN to VLANs LAN101-103.
Photo of Curtis Parish

Curtis Parish

  • 3,332 Points 3k badge 2x thumb
The  problem  is the IP address of the default gateway will be assigned  via DHCP so this will not work. 
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Curtis, "Private Vlan" could address the issue when you want to block the communication among vlans 101-103 and have only communication with vlan 100 (acting as the GW assigned dinamically).

However, using the gateway IP assigned with dynamic IP can be challenging since you cannot add a default gateway based on the interface/Vlan.

Maybe some scripting to identify an DHCP OFFER and then set the switch default gateway automatically.
Photo of Brandon Clay

Brandon Clay, Escalation Support Engineer

  • 13,086 Points 10k badge 2x thumb
If the DHCP server sends the correct option, EXOS will install a default route based off of this. One caveat is that the switch will need to get the IP address from DHCP before you can enable IP forwarding on that VLAN.
(Edited)
Photo of Dan OReilly

Dan OReilly

  • 80 Points 75 badge 2x thumb
Thanks for the suggestions. I think the easiest way may be for me to just spring a few $ for a static IP. I am getting close but I think I am missing a piece. Here is what I have so far

configure vlan default delete ports all
configure vr VR-Default delete ports 1-30
configure vr VR-Default add ports 1-30
configure vlan default delete ports 3-30
create vlan "LAN101-MG"
configure vlan LAN101-MG tag 101
enable loopback-mode vlan LAN101-MG
create vlan "LAN102-LM"
configure vlan LAN102-LM tag 102
enable loopback-mode vlan LAN102-LM
create vlan "LAN103-GS"
configure vlan LAN103-GS tag 103
enable loopback-mode vlan LAN103-GS
create vlan "WAN100"
configure vlan WAN100 tag 100
configure ports 24 preferred-medium copper
configure vlan Default add ports 1-2 untagged
configure vlan LAN101-MG add ports 24 tagged
configure vlan LAN101-MG add ports 5-10 untagged
configure vlan LAN102-LM add ports 24 tagged
configure vlan LAN102-LM add ports 11-16 untagged
configure vlan LAN103-GS add ports 24 tagged
configure vlan LAN103-GS add ports 17-22 untagged
configure vlan WAN100 add ports 3-4 untagged
configure vlan Default ipaddress 192.168.100.20 255.255.255.0
configure vlan LAN101-MG ipaddress 192.168.1.1 255.255.255.0
enable ipforwarding vlan LAN101-MG
configure vlan LAN102-LM ipaddress 192.168.2.1 255.255.255.0
enable ipforwarding vlan LAN102-LM
configure vlan LAN103-GS ipaddress 192.168.3.1 255.255.255.0
enable ipforwarding vlan LAN103-GS
configure ipforwarding originated-packets require-ipforwarding
configure vlan LAN101-MG dhcp-address-range 192.168.1.50 - 192.168.1.254configure vlan LAN101-MG dhcp-lease-timer 604800
configure vlan LAN101-MG dhcp-options default-gateway 192.168.1.1
configure vlan LAN101-MG dhcp-options dns-server 8.8.8.8
enable dhcp ports 5-10, 24 vlan LAN101-MG
configure vlan LAN102-LM dhcp-address-range 192.168.2.50 - 192.168.2.254
configure vlan LAN102-LM dhcp-lease-timer 604800
configure vlan LAN102-LM dhcp-options default-gateway 192.168.2.1
configure vlan LAN102-LM dhcp-options dns-server 8.8.8.8
enable dhcp ports 11-16, 24 vlan LAN102-LM
configure vlan LAN103-GS dhcp-address-range 192.168.3.50 - 192.168.3.254
configure vlan LAN103-GS dhcp-lease-timer 604800
configure vlan LAN103-GS dhcp-options default-gateway 192.168.3.1
configure vlan LAN103-GS dhcp-options dns-server 8.8.8.8
enable dhcp ports 17-22, 24 vlan LAN103-GSconfigure iproute add default 192.168.100.1



Currently I can plug into a port and get a dhcp address. (keep in mind here I am using the default vlan for testing purposes nothing is on the WAN vlan yet.) I can ping the ip of the switch192.168.100.20, from the main network, I can communicate with the switch at that IP address. 
If I try to ping external to the switch from the switch though plugged into one of the lan vlans I get nothing. I am guessing that I need some kind of routeing statement on the default gateway to route traffic back to the vlans but am not sure what that should look like. 

At this point all the vlans can communicate with each other. I will work on an access list once everything is working, unless a VR is the way to go but am unsure what that configuration would look like too.

any help is much appreciated. Thank you
(Edited)
Photo of Henrique

Henrique, Employee

  • 10,302 Points 10k badge 2x thumb
Hi Dan, you can use a transit (L3) vlan between the 2 switches.

See below an example that might help (using static routes):

SW1----------- SW2 (Core)

SW1 vlans:

Vlan_A: 192.168.10.1/24 (only local ports, not the uplink)
Vlan_B: 192.168.11.1/24 (only local ports, not the uplink)
Transit_vlan: 192.168.100.1/30

SW2 vlans:

Vlan_C: 192.168.20.1/24 (only local ports, not the uplink)
Vlan_D: 192.168.21.1/24 (only local ports, not the uplink)
Transit_vlan: 192.168.100.2/30

SW1 config:

- Create and apply IP and ports to all 3 vlans
- enable ipforwarding
- Create a default route to SW2: config iproute add default 192.168.100.2

SW2 config:

- Create and apply IP and ports to all 3 vlans
- enable ipforwarding
- Create specific routes to SW1 LANs pointing to SW1 transit_Vlan: 
           config iproute add 192.168.10.0/24 192.168.100.1
           
config iproute add 192.168.11.0/24 192.168.100.1

Hope it helps