Question

VLAN Routing


Hello,
I have problems when doing the vlan in the switches of the x440 G2 range. I want to do 3 vlan, for example from port 1 to 10 vlan1, from port 11 to 15 vlan 2 and from port 16 to 23 vlan 3. Port 24 wants it to connect my router. I have done the vlan but I can not configure port 24 to connect the router and have internet in the 3 vlan.
Can anyone tell me what commands I would have to put in order to make this small configuration?

Thank you

a greeting

14 replies

Userlevel 6
Hi!

You could simply make VLAN 3 with ports 16-24 (router and clients will be in same vlan).
Or make vlan 4 with IP from router's subnet, make vlan 3 with IP and enable ipforwarding in vlan 3 and 4.

Thank you!
Alexandre, thank you for answering.

But I have some doubt.

If I do what you tell me, will not I have internet only in vlan 3?

what I want is to have internet in all vlan connecting port 24 to the router.

Sorry for my English, but I'm using the Google translator😓.

Thank you
Userlevel 6
You written "I have done the vlan but I can not configure port 24 to connect the router and have internet in the 3 vlan."

If you need 3 vlans with Internet you have to make 4 vlans with IP addresses (3 client vlans and 1 vlan for router), VLAN 4 have to be with IP from router's subnet and then you have to enable ipforwarding on all vlans.

Thank you!
Userlevel 7
  • tag the 3 VLANs on the switch port#24 = VLAN trunk
  • configure a VLAN trunk on the router
  • configure 3 VLAN interfaces on the router
The command for the XOS is ...

configure add ports 24 tagged
configure add ports 24 tagged
configure add ports 24 tagged
Thanks again for your reply.

I created the 4 vlan that you told me.
The problem that I find now that when configuring the ip to the vlan, I have to have different ip for each of them, and I want to have the same ip for all the vlan.

I have put these commands:

create vlan sofia
create vlan miki
create vlan router
create vlan classroom

configure vlan sofia tag 20
configure vlan miki tag 21
configure vlan router tag 22
configure vlan classroom tag 23


configure vlan Default delete ports all

configure sofia add port 24 tagged
configure miki add port 24 tagged
configure router add port 24 tagged
configure classroom add port 24 tagged

configure vlan sofia add port 1-10 untagged
configure vlan miki add port 11-15 untagged
configure vlan classroom add port 16-23 untagged

save



configure ipaddress router 192.168.1.1/24
enable ipforwarding router
Userlevel 7
Why do you need different VLANs if all clients should have the same IP subnet ?!
To avoid seeing teams between different Vlan. For example, I have a vlan for security cameras, another vlan for a training room, etc.
I need to have the same gateway for all the vlan
Userlevel 7
What model/type is this router that you are talking about ?
The router that the operator installed me is a Microtik RB951. And the switch where I want to do the vlan is an X440 G2 24.

Thank you

regards
Userlevel 5
Hi Ingatel,

If you want to communicate devices between VLANs (sofia to router, miki to router, classroom to miki etc.) you need routing.
  1. You can pass those VLANs to Mikrotik so it will do the routing, for this scenario your XOS->Mikrotik port should be tagged in all the VLANs, nothing more on this side.
  2. You can also perform routing on EXOS, for that your XOS->Mikrotik port would be only in VLAN router, all VLANs have to have their IPs (from different subnets) and ipforwarding enabled ('enable ipforwarding'). This approach puts you probably in need of ACLs or Policy or PVLAN (translation mode) to limit communication between internal VLANs like CCTV-classroom etc. All this you can read further here: https://documentation.extremenetworks.com/exos_22.5/EXOS_User_Guide_22_5.pdf
You have to decide where you want to manage routing and inter-VLAN communication security settings: EXOS or Mikrotik?

Kind regards,
Tomasz
Hello
I do not have much idea of ​​how routing is done.
You can put me the commands that I would have to put on the xtreme switch. My router has the ip 192.168.1.1

Thank you
Userlevel 5
I don't have any EXOS right now in front of me but let's try two approaches:
A. Your switch is just to pass VLANs to Mikrotik which will route between VLANs and WAN by itself:

code:
create vlan sofia tag 20
create vlan miki tag 21
create vlan router tag 22 #?
create vlan classroom tag 23

conf def del po all

conf sofia add port 24 tag
conf sofia add port 1-10
conf miki add port 24 tag
conf miki add port 11-15
conf router add port 24 tag
conf class add port 24 tag
conf class add port 16-23


With this, your router should have VLANs 20-23 created and routing for them as well. And your VLANs shall not use the same subnet.

B. Your switch is a router between VLANs and Mikrotik ultimate gateway
code:
create vlan sofia tag 20
create vlan miki tag 21
create vlan router tag 22 #?
create vlan classroom tag 23

conf def del po all

conf sofia add port 1-10
conf miki add port 11-15
conf class add port 16-23
conf router add port 24 tag

conf sofia ip 192.168.20.1/24
conf miki ip 192.168.21.1/24
conf router ip 192.168.1.2/24 #assuming Mikrotik is 192.168.1.1 or else?
conf class ip 192.168.23.1/24

enable ipforwarding
conf iproute add default 192.168.1.1


Take care about potential security issues, without any ACLs or Policy those VLANs will be able to talk on L3.

Hope that helps,
Tomasz
Hello
thank you for answering.

We have configured the switch with the option you told us. I attached screen to you to see it.


Two things happen to us.
1º We still do not have internet in any of the vlan
2º We do ping between vlan, when we do not want that.

Thank you

regards
Userlevel 5
Hi,

Check pings:
  • XOS -> Mikrotik
  • Mikrotik -> EXOS
  • Devices -> EXOS IP in their corresponding VLAN
  • Devices -> EXOS IP 192.168.1.2
  • Devices -> Mikrotik IP 192.168.1.1 - here it will not work right now probably
  • Devices -> 8.8.8.8 - here it will not work right now probably
You will need static routes in Mikrotik with that approach.
Mikrotik sees only 192.168.1.0/24 network, it doesn't know where to put traffic destined to 192.168.23.0/24 for example, or it will push to its own default gateway what is something on the Internet side.
So in Mikrotik you need not to modify your Internet default gateway route, but add routes:
  • 192.168.20.0/24 -> 192.168.1.2
  • 192.168.21.0/24 -> 192.168.1.2
  • 192.168.23.0/24 -> 192.168.1.2
Let us know if it helped.

Regarding inter-VLAN communication, you have to work with ACLs or Policy. You would have to do this at Mikrotik with previous approach so somewhere it is to be done. Review those two mechanisms in EXOS User Guide. If you need assistance on that let us know.

Or... You could try VLAN Translation feature. I didn't see it often in deployments and I didn't try it yet but sounds relevant.
In EXOS User Guide it is described on pages 523-530 with some configuration examples. Then you might try this trickery with the same default gateway IP (Mikrotik) for all subscriber VLANs.

Kind regards,
Tomasz

Reply