This post is more than 5 years old
5 Posts
0
25791
ISP / Public IP Routing with PowerConnect 6248p
My ISP said I needed a Level 3 switch; I have a couple of Dell 6248P's.
I get a single IP in the range 216.2.69.x/30 and a default gateway.
I ALSO get 5 (usable) IP's in the range 216.2.234.X/29. I have 3 public web servers with separate IP's I need to host on the Internet (they are firewalled/DMZ'd through Microsoft's TMG).
My ISP expects me to route my public IP's 'through' the 216.2.69.X gateway. Not just switch the 5 usable IP's, I have to route them.
Can I do this with a single Dell 6248p?
VLAN tagging wouldnt' work, I don't think, as who knows if whatever web site we're surfing too, or whatever customer is looking at our public IP's, would support vlan tagging.
Can I do a 'physical segmentation' on say 4 of the ports then setup a route from
216.2.69.1 => 216.2.234.64, 65, 66?
and
216.2.234.64, 65, 66? => 216.2.69.1
with the 6248's routing?
If the Dell PowerConnect 6248 cannot do this, can anyone recommend a router that can?
Thanks,
== John ==
tom_minerd
5 Posts
1
November 17th, 2011 10:00
I'm making some assumptions here, so If I'm wrong, please correct me. Here's how you should configure the 6248 and this is just an example. The ports you use may be completely different. Just make the substitutions as necessary and you should be fine:
Create a VLAN 10 and VLAN 20
enable
config
vlan database
vlan 10,20
exit
Assign an IP address to VLAN 10
interface vlan 10
ip address 216.2.69.1 /30
exit
Assign an IP address to VLAN 20
interface vlan 20
ip address 216.2.234.65 /29
exit
enable routing globally
ip routing
Go into an interface that you are connecting to the ISP and put it in access mode for VLAN 10
interface ethernet 1/g1
switchport mode access
switchport access vlan 10
spanning-tree disable
exit
Go into the interface or interfaces you will use for your servers. If you are connecting the servers directly to the 6248 you would do the following:
interface range ethernet 1/g2-1/g4
switchport mode access
switchport access vlan 20
spanning-tree disable (but only if you are connected directly to the servers)
exit
Configure a default route to get to the ISP from the internal public addresses
ip route 0.0.0.0 0.0.0.0 216.2.69.2
If your ISP is .69.1 and you are .69.2, your last route statement needs to point to .69.1 instead of .2.
I hope this makes sense.
jgwinner
5 Posts
0
November 17th, 2011 10:00
Thanks Tom
So basically I have to burn an IP (the .65 in your example) for the router?
Also, I don't have to put a route in, the switch does it automatically? I guess that was the part that was stumping me. I thought I would setup a route to tell it that 216.2.234.65, 66, 67 etc. goes to 216.2.69.2 and vice versa. The switch figures that all out on it's own?
Of course, I would have to set the default gateways properly, that's easy. I just wasn't sure how the routing would work from the ISP (i.e. if the 6248 would know to deliver 216.2.234.65, 66, 67 via 216.2.69.2).
I also would assume I set this up as an untagged vlan, or at least remove the tag when broadcasting, as clearly the Internet isn't going to vtag any packets coming in :) and of course that's not the same as a default vlan, as I'll segregate the ports for this VLAN. Have to read up on how to do that but it seems straight forward.
== John ==
tom_minerd
5 Posts
1
November 17th, 2011 10:00
It appears that you could do this, but you would only be configuring two different VLANs on the 6248. One VLAN would be configured with an IP address of 216.2.69.1 or .2 if the ISP is going to use .1. Whatever the ISP is going to use, just use the other available IP address and assigned it under the VLAN of your choosing. The of course you put a port in access mode for that VLAN.
On the other VLAN, you assign 216.2.234.65 /29 (can't use 64 since it is the network IP) and then connect your servers to ports that will be in that VLAN in access mode as well, using the other IP addresses on your servers. Since both VLANs are directly connected and you have turned on routing globally on your 6248, everything should work. Don't forget to configure the default gateway of course.
The only reason you have to route is because the IP address ranges you were assigned are in a different subnet, so what the ISP is telling you makes perfect sense.
Let me know if this works for you.
jgwinner
5 Posts
0
December 8th, 2011 12:00
Thanks Tom! Worked like a champ.
After thinking about it, I had to use an IP in the switch, as that's the IP that is the default gateway on the servers, so something has to be there to route it.
== John ==
PowerConnect48
41 Posts
0
February 6th, 2015 04:00
I have the same scenario. I noticed that the port you'd connect into the ISP, you created a VLAN. Since my ISP doesn't give me a VLAN to connect into,does the VLAN number even matter? Would the ISP router just ignore it?