Unsolved
This post is more than 5 years old
6 Posts
0
14637
September 2nd, 2010 23:00
Internet Routable IPs with VLANS on 6248
Hi
I have 2 x /20 internet routable blocks and want to break them down into a 254 address (/24) subnet per vlan so folks who are working on machines (which are only communicating internally) have broadcasts confined to that subnet/vlan.
I have a Vyatta router as my edge router using BGP to the Provider. It has two interfaces, one going to the internet provider, the other going to port 3 on my 6248
I have set the default route to the internal interface of vyatta (10.10.10.21/24) , and have tried a number of settings for port 3 (creating a VLAN, assinging an address, creating static routes etc..) but think i am missing something and am looking for some info.
Main question is: How do i setup the 6248 VLANS to communicate with the edge router out to the internet? Should it be just a trunk? uplink? do i need to setup ospf on/between 6248 and the vyatta router, or does the 6248 know how to route all vlan traffic out a single interface on a single subnet bound for a router interface?
So far I have set up 3 vLANs with ip addresses and masks, and have assigned ports to these vlans and connected machines to those ports, i can ping the VLAN gateways and two machines on the same VLAN can communicate as expected.
There is a diagram here (its just a pdf using some free hosting site): http://www.filedropper.com/question_2
ANY help would be much appreciated...THANKS
VLAN 10
176.160.25.1 255.255.255.0
Ports assigned: g23
Server 2: 176.160.25.65 255.255.255.0
VLAN 20
67.175.32.1 255.255.255.0
Ports assigned: g35
Server 3: 67.175.32.123 255.255.255.0
VLAN 30
176.160.24.1 255.255.255.0
Ports assigned: g14 ,g48
Server 1: 176.160.24.25 255.255.255.0
Server 4: 176.160.24.26 255.255.255.0
(some ip numbers have been altered to protect the innocent!)
petesmith46
6 Posts
0
September 2nd, 2010 23:00
just a point of clarification
where i said "I have set the default route to the internal interface of vyatta (10.10.10.21/24)..."
it should have read, "On the 6248 i have set the default route to 10.10.10.21/24 (that of the internal interface of vyatta)"
Cheers!
bh1633
909 Posts
0
September 3rd, 2010 14:00
At a high level:
your servers need to have their default gateways set to the IP address of the appropriate vlan on the 6248 (172.160.24.1, 172.169.25,1, etc)
the vyatta needs to have routes to the subnets on the 6248 it is not directly connected to. (route add 172.160.24.0 mask 255.255.255.0 10.10.10.21, etc. )
the 6248 needs to have a default route to the vyatta (10.10.10.21)
the 6248 needs to have routing enabled globally and on each of the vlan interfaces.
Post your config if this is not enough information.
petesmith46
6 Posts
0
September 3rd, 2010 14:00
Thanks so much - ill give it a shot.
so no OSPF, just need to setup static routes on Vyatta and default on 6248? as well as routing enabled gloablly and on each VLAN
How do i configure the port to the vyatta on the 6248? trunk? access? general? Do i need to have it on any of the VLANs i have created? (172.160.24.0/24 for example?)
Do you know if i am going to have a problem using the private 10.10.10.0/24 address space between 6248 and vyatta if someone on the internet wants to access server 172.160.24.25?
Thanks again
petesmith46
6 Posts
0
September 3rd, 2010 15:00
cheers
Ill try it all... :-)
-Pete
bh1633
909 Posts
0
September 3rd, 2010 15:00
so no OSPF, just need to setup static routes on Vyatta and default on 6248? as well as routing enabled gloablly and on each VLAN
BH: Yes.
How do i configure the port to the vyatta on the 6248? trunk? access? general? Do i need to have it on any of the VLANs i have created? (172.160.24.0/24 for example?)
BH: since the port to the vyatta is only carrying a single vlan, I would set it to an access port. This will set the port to transmit and receive untagged traffic in the vlan for 10.10.10.x.
Do you know if i am going to have a problem using the private 10.10.10.0/24 address space between 6248 and vyatta if someone on the internet wants to access server 172.160.24.25?
BH: the internet will never even know about the 10.10.10.x network since you are just using it to transition to the 172.160.x.x networks.
Thanks again
BH: you are welcome
petesmith46
6 Posts
0
September 3rd, 2010 22:00
Ok so still not quite right..
My servers can ping their respective gateways fine, and talk to each other on the same Vlan. I'm just not getting how to set up the port going to the vyatta internal interface.
So i have created a vlan (vlan100) and have assigned port g3 to it as an untagged access port. I have a cable from this port (g3) connected to the in internal interface (eth1) of Vyatta (which is set to 10.10.10.21/24). Should i assign an ip address to vlan100 or not? something like 10.10.10.22/24 so its on the same subnet as the internal interface of the Vyatta?
I may have mentioned that i have a single default route set to the internal interface of the vyatta router. Is that right? do i need a static route per vlan? or something else
How should my VLAN membership pages look?
Right now i have it as
port 3 (connected to vyatta internal) assigned to vlan 100
port 23 (connected to Server 2) assigned to vlan10
port 35 (connected to Server 3) assigned to vlan20
ports14 and 48 (connected to Servers 1 and 4) assigned to vlan30
Should each of the vlans also have have port g3 assigned to it as well as the ports the servers are on?
I would like to be able to ping the internal vyatta interface from a server if possible, but right now i can only ping the vlan gateway. If i can get to the internal interface of vyatta from a server i should be golden. (because i have proven that i can get to the internal interface of the vyatta from the internet...if i briefly switch it to an internet routeable address(ping only)... i know you mentioned adding routes to vyatta and i will do so, but surely the internal interface should respond to pings even those routes are not defined?
Thanks!!!!
-Pete
bh1633
909 Posts
0
September 5th, 2010 05:00
This would be easier if you posted your config file.
You need an ip address on vlan 100 and all the vlans need to have routing enabled. Please post your config if this does not work.
petesmith46
6 Posts
0
September 7th, 2010 19:00
Im all set now - Thank you very much for your help
:-)