How to do Port Specific VLAN + Routing
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-26-2016 02:23 PM
I need to configure routing between two VLANs with the same Port Specific VLAN, something like this:
(SwitchA)10.1.1.1-------tag 100------10.1.1.2(SwitchC)192.168.1.2-----tag 100------192.168.1.1(SwitchB)
How can I do this?
Here is the options that I tried so far:
1- Two VLANs with port specific VLAN. Limitation: Can't enable ipforwarding with this option.
2- Using policies, here is the policies of one of SwitchC's ports, another two would be needed:
Policy applied in the ingress direction:
entry port1-ingress { if {
vlan-id 100;
} then {
permit;
replace-vlan-id 802;
}
}
Policy applied in the egress direction:
entry port1-egress { if {
vlan-id 802;
} then {
permit;
replace-vlan-id 100;
}
}
This somehow didn't work. I don't know why.
There's an option that I thought about but haven't tried it yet:
Using four VLANs:
- Two VLANs with whatever tag but configured with port specific VLAN 100 in the ports connected to the other switches. Those VLANs will have no ip address and learning disabled.
- Two VLANs with ip addresses, each one connected via cable untagged to one of the anterior VLANs.
I think this third option should work but wouldn't be an elegant solution.
Any ideas?
Thanks
(SwitchA)10.1.1.1-------tag 100------10.1.1.2(SwitchC)192.168.1.2-----tag 100------192.168.1.1(SwitchB)
How can I do this?
Here is the options that I tried so far:
1- Two VLANs with port specific VLAN. Limitation: Can't enable ipforwarding with this option.
2- Using policies, here is the policies of one of SwitchC's ports, another two would be needed:
Policy applied in the ingress direction:
entry port1-ingress { if {
vlan-id 100;
} then {
permit;
replace-vlan-id 802;
}
}
Policy applied in the egress direction:
entry port1-egress { if {
vlan-id 802;
} then {
permit;
replace-vlan-id 100;
}
}
This somehow didn't work. I don't know why.
There's an option that I thought about but haven't tried it yet:
Using four VLANs:
- Two VLANs with whatever tag but configured with port specific VLAN 100 in the ports connected to the other switches. Those VLANs will have no ip address and learning disabled.
- Two VLANs with ip addresses, each one connected via cable untagged to one of the anterior VLANs.
I think this third option should work but wouldn't be an elegant solution.
Any ideas?
Thanks
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-28-2016 01:20 AM
Well one thing you can do is create vlan 100 and put a primary and secondary IP on it, and both ports in vlan 100.
It will route correctly, unicasts will be forwarded out each learned port appropriately but broadcasts will be heard. may cause a little bandwidth congestion, but it should work in your scenario.
It will route correctly, unicasts will be forwarded out each learned port appropriately but broadcasts will be heard. may cause a little bandwidth congestion, but it should work in your scenario.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-28-2016 01:20 AM
I can't let the devices in the same layer 2 domain because they exchange duplicate information using a proprietary layer 2 protocol among each other.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-27-2016 05:43 PM
The middle switches are actually DWDM management cards with very limited capability, to change the VLAN tag would ve very traumatic (have to reboot 200+ cards over the system). I am trying to avoid this.
Today I have routers doing this, I would like to exchange them to extreme switches which already work as components for other networks. Sure, I could use two switches, but then I would be exchanging 1 old router to two new extreme switches, not very smart design.
Today I have routers doing this, I would like to exchange them to extreme switches which already work as components for other networks. Sure, I could use two switches, but then I would be exchanging 1 old router to two new extreme switches, not very smart design.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎04-27-2016 05:43 PM
That's actually a great idea, thanks!
