https://community.extremenetworks.com/t5/extremeswitching-exos-switch/multiple-vlan-s-setup-and-internet/m-p/49940#M13327 Since you're running private IPs on all your vlans, I would:<BR /> - connect a NAT firewall (Cisco ASA, Palo-Alto, Linux,...) with one Ethernet port in one of your VLANs and the other Ethernet port connected to your Internet provider<BR /> - tell the switch that the default route is <I><BR /> - tell the firewall the network routes via the IP of your switch<BR /> - the firewall's default gateway would be the ISP's router address<BR /> <BR /> Of course you can get fancy and run OSPF on the firewall to play nice with OSPF on your 670s<BR /> <BR /> I do not think that the 670s do address translation (but I might be wrong), so I don't think that you can hook your Internet provider's connection straight into the 670s.<BR /> <BR /> I hope I didn't misunderstand your problem/question,<BR /> <BR /> Frank<BR /></I> Wed, 25 May 2016 14:01:00 GMT Frank 2016-05-25T14:01:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/multiple-vlan-s-setup-and-internet/m-p/49939#M13326 We have a setup with 2 X670 switches with 4 VLAN's (OR1-4). I want to hook this setup to the internet and have access from all 4 vlan's to internet and still be able to access all the 4 vlans. <BR /> <BR /> How can this be done? <BR /> <BR /> VLAN setup (first switch)<BR /> Name VID Protocol Addr Flags Proto Ports Virtual<BR /> Active router /Total ----------------------------------------------------------------------------------------------- Backbone_1 101 192.168.200.1 /30 -f------mop------------------ ANY 1 /1 VR-Default Default 1 ------------------------------------------------- ANY 0 /0 VR-Default Local_1 4091 192.168.100.1 /32 -fL-----mop------------------ ANY 0 /0 VR-Default Mgmt 4095 10.0.0.1 /8 ----------------------------- ANY 0 /1 VR-Mgmt OR1 11 192.168.11.1 /24 -f------mop-T---------------- ANY 9 /36 VR-Default OR2 12 192.168.12.1 /24 -f------mop-T---------------- ANY 0 /11 VR-Default<BR /> My xsf (first switch)<BR /> <BR /> configure snmp sysName "Switch_A" configure sys-recovery-level switch reset configure vlan default delete ports all create vlan "Backbone_1" configure vlan Backbone_1 tag 101 create vlan "OR1" configure vlan OR1 tag 11 create vlan "OR2" configure vlan OR2 tag 12 create vlan "Local_1" enable loopback-mode vlan Local_1 enable sharing 48 grouping 48 algorithm address-based L2 lacp configure vlan Backbone_1 add ports 48 untagged configure vlan OR1 add ports 1-24 untagged configure vlan OR2 add ports 25-47 untagged configure vlan Mgmt ipaddress 10.0.0.1 255.0.0.0 configure vlan Backbone_1 ipaddress 192.168.200.1 255.255.255.252 enable ipforwarding vlan Backbone_1 configure vlan OR1 ipaddress 192.168.1.1 255.255.255.0 enable ipforwarding vlan OR1 configure vlan OR2 ipaddress 192.168.2.1 255.255.255.0 enable ipforwarding vlan OR2 configure vlan Local_1 ipaddress 192.168.100.1 255.255.255.255 enable ipforwarding vlan Local_1 create stpd s11 configure stpd s11 mode dot1w configure stpd s11 default-encapsulation dot1d configure stpd s11 add vlan OR1 ports 1-24 dot1d configure stpd s11 ports link-type edge 1-24 edge-safeguard enable bpdu-restrict recovery-timeout 60 configure stpd s11 tag 11 enable stp s11 create stpd s12 configure stpd s12 mode dot1w configure stpd s12 default-encapsulation dot1d configure stpd s12 add vlan OR2 ports 25-47 dot1d configure stpd s12 ports link-type edge 25-47 edge-safeguard enable bpdu-restrict recovery-timeout 60 configure stpd s12 tag 12 enable stp s12 configure ospf add vlan Backbone_1 area 0.0.0.0 configure ospf add vlan OR1 area 0.0.0.0 passive configure ospf add vlan OR2 area 0.0.0.0 passive configure ospf add vlan "Local_1" area 0.0.0.0 passive configure ospf area 0.0.0.0 priority 10 enable ospf configure igmp 60 10 1 2 enable igmp snooping "OR1" fast-leave enable igmp snooping "OR2" fast-leave enable ipmcforwarding vlan "Backbone_1" enable ipmcforwarding vlan "OR1" enable ipmcforwarding vlan "OR2" enable ipmcforwarding vlan "Local_1" configure sharing 48 lacp activity-mode active configure vlan OR1 dhcp-address-range 192.168.1.31 - 192.168.1.201 configure vlan OR1 dhcp-options default-gateway 192.168.1.1 enable dhcp ports 1-24 vlan OR1 configure vlan OR2 dhcp-address-range 192.168.2.31 - 192.168.2.201 configure vlan OR2 dhcp-options default-gateway 192.168.2.1 enable dhcp ports 25-47 vlan OR2 configure pim add vlan "Backbone_1" sparse configure pim add vlan "OR1" sparse passive configure pim add vlan "OR2" sparse passive configure pim add vlan "Local_1" sparse passive configure pim crp vlan "Local_1" "rp-list1" 30 configure pim cbsr vlan "Local_1" enable pim<BR /> <BR /> <BR /> Wed, 25 May 2016 13:21:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/multiple-vlan-s-setup-and-internet/m-p/49939#M13326 Erwin_van_Hoof 2016-05-25T13:21:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/multiple-vlan-s-setup-and-internet/m-p/49940#M13327 Since you're running private IPs on all your vlans, I would:<BR /> - connect a NAT firewall (Cisco ASA, Palo-Alto, Linux,...) with one Ethernet port in one of your VLANs and the other Ethernet port connected to your Internet provider<BR /> - tell the switch that the default route is <I><BR /> - tell the firewall the network routes via the IP of your switch<BR /> - the firewall's default gateway would be the ISP's router address<BR /> <BR /> Of course you can get fancy and run OSPF on the firewall to play nice with OSPF on your 670s<BR /> <BR /> I do not think that the 670s do address translation (but I might be wrong), so I don't think that you can hook your Internet provider's connection straight into the 670s.<BR /> <BR /> I hope I didn't misunderstand your problem/question,<BR /> <BR /> Frank<BR /></I> Wed, 25 May 2016 14:01:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/multiple-vlan-s-setup-and-internet/m-p/49940#M13327 Frank 2016-05-25T14:01:00Z