Header Only - DO NOT REMOVE - Extreme Networks

iproute if only using L2


Userlevel 1
Hi,

I would like to put an example to every one and see what their thoughts are.

- configure vlan DATA add ports all untagged
- configure vlan DATA ipaddress 192.168.0.1 255.255.255.0

Now we have a router attached with Default Gateway 192.168.0.254

Do we need to add the following for packets to traverse?

- configure iproute add default 192.168.0.254

Thanks

21 replies

Userlevel 6
If this vlan is only for L2 forwarding no route is needed, the vlan will forward on l2 and does not look at its routing table.
Userlevel 1
Do we need to add the iproute command for remote access?
Userlevel 3
You will need the route to access the management of the switch device remotely
you not need it for clients on that network to operate successfully.
asside: ipforwarding does not need to be enabled
Userlevel 6
If you want to acces the switch from another subnet you need to add that route yes.
Userlevel 1
why do we need to add this for remote access if we connect to the VLAN interface created?
Userlevel 6
You only need that route if you telnet from anotther subnet (not 192.168.0.0/24) to the switch at 192.168.0.1.
Userlevel 3
The Switch its self does not know how to get to any other subnet than 192.168.0.0/24 ,
does not know how to return the traffic, that's why to need a route for to manage the switch remotely ( helps to always think about both directions separately )
Userlevel 1
would the switch not use the dynamic default gateway if we are managing remotely (ie from the internet)
Userlevel 6
If there is no route in the routing table the switch cannot reach that route. There is no magic dynamic route we can learn if traffic is coming in from another subnet.
Userlevel 1
so its basically working at Layer3.

If we want remote access on the VLAN interface the switch needs a default gateway for that Interface.
Userlevel 1
Destination Gateway
#d 192.168.0.0/24 192.168.0.1 1 U------um--f-

Then what is the use of dynamic routes? Would this be use if we were doing VLAN routing?
Userlevel 6
Dynamic routing protocols are only needed if you want to route between vlans and advertise/receive these routes from or to other routers.
I see you have enabled routing on the vlan but that is not needed if this is only an L2 vlan.
Userlevel 1
Is the dynamic route not created when we create an interface?

We dont use routing, we only use remote access.

Its working at L2
Userlevel 6
When you configure the IP address on a vlan the route to that subnet of the vlan itself will be created. Only when you want to reach subnets outside your local subnet (not 192.168.0.0/24) you need a static route. The route to the local subnet is a direct route (this is where the #d stands for).
Userlevel 3
No a route is created but only for the local subnet, how can the switch know about other networks ? if must a) we add a static route b) run a dynamic routing protocol like ospf. the route in the table you see is just the device saying " I have this local network connected me ", as a complete side if you ever have all the in the interfaces in a vlan go down the route disappears ( correctly ) .
Userlevel 1
so when the VLAN interface is created the direct iproute is also created and this is added if we want to use VLAN routing correct?

why would an iproute be created with the gateway as the VLAN interface?

Im basically only concerned about remote access - so for every remote access that we want to connect to the VLAN interface we need to specify the default gateway?
Userlevel 6
It all depends from where that remote access is done, from another subnet.
You can compare it to a PC needing a default gateway but it does not route traffic itself.

You only need 1 default gateway.
Userlevel 1
one default gateway for each VLAN interface?
Userlevel 7
Skimming through this thread, it sounds like there's some confusion around the roles played by a default gateway and a router.

In the diagram below, the switch has three L3 VLANs configured with IP forwarding. It also has a default gateway defined. The default gateway is used for all unknown routes, such as those that would lead to the internet. The PC and Printer are in their own separate VLANs, with each device's default gateway configured to point to the switch/router IP. If other PCs in the same subnet (192.168.1.0/24) want to talk to each other, they don't need a default gateway. But if they need to print or get out to the internet, it must be configured.



The default gateway on the switch only needs to be for an "external" network - one where another device knows the routes for other things. In this case, it's going to be the internet gateway. The switch knows the routing information for all directly connected interfaces (the PC and Printer networks) and we don't need to configure default routes on the switch for those - that's not an option, nor is it necessary.

The routing happens in the switch (in this case, because of IP forwarding) for all directly connected routes. Those are listed in
code:
show iproute
.

In this case, if you want "remote access" from within the PC subnet (192.168.1.0/24), you wouldn't need any default route configured on the router. But, if you are on a different subnet - one not local to the router - you would have to configure the default gateway to point to an interface on a different router that knows how to get back to you.

I hope this is helpful!

-Drew
Userlevel 1
Great job drew,

by the way where do you get your network icons from they are cool!

Thanks
Userlevel 7
Great job drew,

by the way where do you get your network icons from they are cool!

Thanks
Thanks!
I put that diagram together in Visio 2013. They're part of the the default network component shapes.

Reply