Hot Downloads

Welcome, Guest
Username: Password: Remember me

TOPIC: quick VLAN routing question

quick VLAN routing question 6 years 10 months ago #32627

  • floppyraid
  • floppyraid's Avatar
  • Offline
  • Frequent Member
  • Posts: 20
  • Karma: 0
lets say I have a L3 switch routing 4 VLANs

VLAN 1 is 192.168.10.0/24, the switch's virtual interface is 192.168.10.254 inside this vlan
VLAN 2 is 192.168.20.0/24, the switch's virtual interface is 192.168.20.254 inside this vlan
VLAN 3 is 192.168.30.0/24, the switch's virtual interface is 192.168.30.254 inside this vlan
VLAN 4 is 192.168.40.0/24, the switch's virtual interface is 192.168.40.254 inside this vlan

there is only one 'router' going out from this switch to the net, and lets say it is in VLAN 1 and it's address is 192.168.10.1

when configuring that router, is there a difference if I use the following static route:

192.168.20.0 255.255.255.0 192.168.10.254

instead of

192.168.20.0 255.255.255.0 192.168.20.254

?

either way, the packet gets to the L3 switch, but in one case it gets there via the VLAN interface inside of VLAN 1, and in the other case, it gets there via the VLAN interface inside of the VLAN for which the traffic is destined anyway. what im trying to figure out is, will this make any difference at all? especially in terms of broadcast packets?

if it makes no difference, then is it safe to say that the following static route would be optimal?

192.168.0.0 255.255.0.0 192.168.10.254
The administrator has disabled public write access.

Re: quick VLAN routing question 6 years 10 months ago #32633

  • novembre
  • novembre's Avatar
  • Offline
  • Frequent Member
  • Posts: 58
  • Karma: 0
Do you have a diagram? I don't understand. My assumption is that the multi-layer switch you are referring has hosts or switches from each VLAN connected to it.

What are you trying to achieve with you static routes? Why are you routing them to the switches configured address (*.254) when the hosts are directly connected? If directly connected, then those subnets will be in the routing table already.

Why not just have a default route to 192.168.10.1?

[edit: wrong IP address]
The administrator has disabled public write access.

greetings 6 years 10 months ago #32644

  • floppyraid
  • floppyraid's Avatar
  • Offline
  • Frequent Member
  • Posts: 20
  • Karma: 0
"Why not just have a default route to 192.168.10.1? "

In the L3 switch I do have a default route pointing to that address (the router).

that way the L3 switch knows that 'if the destination address of this packet does not match anything on this internal network, send it to 192.168.10.1 to be routed to the net'

but

192.168.10.1 is a windows RAS box, with one NIC connected to a t-carrier line and one NIC connected to the internal network.

*without* the static route that points traffic destined for 192.168.20.0 or 30.0 or 40.0 to the L3 switch (192.168.10.254), the RAS box tries to push that reply packet out of the interface connected to the t-carrier line.

so, for example.

workstation in VLAN 3 ----> Layer 3 Switch ----> RAS box in VLAN 1 ----> Internet

without the static route on the RAS box, i can ping from the Workstation to the RAS box, but I never get a reply---- because the RAS box sends the reply out the interface that it naturally tries to speak with outside (because the RAS box doesnt know 192.168.30.0/24, it only knows 192.168.10.0/24)

if I add the static route of

192.168.30.0 255.255.255.0 192.168.10.254

to the RAS box, the ping replys come back to the workstation in VLAN 3

my question is this though:

instead of having multiple static routes pointing back from the RAS box to the L3 switch, is it safe to add one hefty static route back, like this one:

192.168.0.0 255.255.0.0 192.168.10.254
The administrator has disabled public write access.

Re: quick VLAN routing question 6 years 10 months ago #32647

  • novembre
  • novembre's Avatar
  • Offline
  • Frequent Member
  • Posts: 58
  • Karma: 0
oh ok I thinking about this in the other direction - yeah it would work fine assuming you don't capture any hosts which can't be found with a more specific route on your layer 3 switch, else it will just loop between the switch and router. Just check the route table on your router to understand what it is doing with routes in the 192.168/16 subnet. You could also use /18 but I'd just use the multiple /24 subnets you already have. With only a small amount of static routes it keeps things obvious and makes it easier to troubleshoot. If you end up with to many static routes just fire up an IGP.
The administrator has disabled public write access.
Time to create page: 0.077 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup