Unsolved
This post is more than 5 years old
1 Rookie
•
49 Posts
0
7475
How to decide on VLAN or ROUTING design
I'm in a scenario with the Dell 6224 where I thought the flexibility of configuring the device would allow me to configure this switch to do it all.
Our WAN provider will be providing us with a PURE Layer 2 Q in Q network where they will be encapsulating our VLAN information into another VLAN for distribution to other sites. For the sake of this discussion, we'll say 3 sites in total. In reality, its many more in the future.
I was able to get the 6224 Routing between multiple VLAN interfaces and acrossed a test TRUNK configured to allow VLAN access by the member VLAN's. This scenario is forcing me into utilizing ACL's in order to secure the VLAN's which i'm finding to be not the most manageable option.
My other option was to leave the switches as PURE LAYER 2 devices, homing them back to 2 or 3 dedicated routing devices in order to do all of the intervlan routing. This option doesn't allow the sites to work independantly and presents issues if one of our main routing links goes down.
Given a PURE LAYER 2 service from a service provider, how would others suggest to configure the switches for roughly 3-5 VLANs in total? I was hoping I would be able to create a Layer 3 routing service on the switch while leaving the VLAN's alone & secure at the Layer 2, but I'm finding that Routing must be enabled globally on the switch in order to get this traffic flowing.
Any suggestions and or follow-up questions would be greatly appreciated...digging for solutions.
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
July 3rd, 2012 17:00
Hello jimbennin
Here are some ideas/information based on what you have provided:
Rather than enabling ip routing at a global level you can enable routing at a VLAN level, for example:
console(config-if-vlan15)#routing
If you enable routing on VLAN15 then interfaces on vlan 15 will be able to route to other VLANs. The other VLANs would not be able to route to VLAN15 though, unlesss routing was enabled on them as well. This would allow you to cut off VLANs from the network if necessary. If you do not enable routing on the specific VLAN it will not be able to communicate with the others.
If you would like to provide more information on what you are trying to do then I will see what I can come up with.
Thanks
sketchy000
6 Posts
0
July 3rd, 2012 19:00
Before digging too deep on your design options, check with your provider how they are delivering that circuit. Many are built off of Cisco infrastructures, which require your endpoint to be a Cisco switch using VTP.
jimbennin
1 Rookie
1 Rookie
•
49 Posts
0
July 9th, 2012 14:00
How do I enable Inter VLAN routing without enabling routing globally on the switch?
I'm basically running into a situation where I was intending on utilizing the Routing functionality of the 6224 to pass traffic on a Layer 2 WAN provided by a local WAN / Fiber optic provider. My VLAN's will be associated with different subnets and I will have no more than 5 VLAN's to start with. Am I expecting too much from the 6224?
One thought I had was giving/assigned my WAN provider a VLAN/Subnet provisioning several Static Routes for the various traffic types.
jimbennin
1 Rookie
1 Rookie
•
49 Posts
0
July 9th, 2012 15:00
What is VRRP utilized for?
DELL-Daniel My
Moderator
Moderator
•
6.2K Posts
0
July 9th, 2012 15:00
My above statement regarding VLAN routing is incorrect. I tested VLAN routing and it does not work without routing enabled globally.
If you do not want the VLANs to be able to communicate with each other then I suggest that you use Access Control Lists to restrict traffic. Here is a nice article by Cisco on how to accomplish it:
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_configuration_example09186a008009478e.shtml#howto
It is under the section titled: Isolation Between Two Layer 3 VLANs
If it is okay for the VLANs to communicate with each other then you can simply enable ip routing at a global level.
VRRP is redundancy. It allows you to configure failover switches. You can configure one switch as the master and the other as a standby. If the master stops responding to the heartbeat request from the standby then the standby will become active and go into a master state. If the master comes back online and starts responding to heartbeat requests then the other switch will go back to a standby state.
Thanks
jimbennin
1 Rookie
1 Rookie
•
49 Posts
0
July 11th, 2012 17:00
OK...got a good network model working between 3 switches using 3 different VLAN's tied together with a Layer 2 switch.
Next question...is it possible to set static routes at the VLAN level? Right now I've got STATIC routes configured at the Switch Global level, but it would be ideal that once you enable routing on the VLAN and set the IP Interface you could then set static routes at that level giving more granular control over network flow.
DELL-Willy M
802 Posts
0
July 11th, 2012 19:00
It is not possible to set up static routes at the VLAN level. You can set up static routes for a subnet that is associated with a particular VLAN. However, the switch should be aware of the route since it is internal and a "known" connection.