Configuring Inter VLAN connectivity on NETGEAR PROSAFE L3 SWITCH

[zoheb]

I need to configure Netgear Prosafe FSM7226RS L3 switch (192.168.1.11).

DHCP is configured

VLAN is configured

192.168.1.10 is the current default gateway.

I have connected my PC to Netgear Prosafe through which it is further connected to 192.168.1.10 ( default gw )

We need to make inter-vLAN connectivity possible for all users to access data between all the vLANs.

In Route configuration under NETGEAR,default route is set as shown below :

When I try to add static route for inter-VLAN communication as shown above, I get following error

When I place Next Hop Address to 192.168.1.1, static route gets added successfully but there is no inter-VLAN connectivity.

Anyone can help me out here

Additional Info :

When I traceroute google.com , I get foll output

traceroute to google.com (209.85.175.147), 64 hops max, 52 byte packets

1 192.168.1.10 (192.168.1.10) 0 ms 0 ms 0 ms

2 192.168.1.2 (192.168.1.2) 1 ms 1 ms 1 ms

But ideal output should be as below (as my PC is connected to Netgear Prosafe through which it is further connected to 192.168.1.10 ( default gw ))

traceroute to google.com (209.85.175.147), 64 hops max, 52 byte packets

1 192.168.1.11 (192.168.1.11) 0 ms 0 ms 0 ms

2 192.168.1.10 (192.168.1.10) 1 ms 1 ms 1 ms

3 192.168.1.2 (192.168.1.2) 2 ms 2 ms 2 ms

[sc302 Veteran]

So your default route is 192.168.1.1

You say your gateway is 192.168.10

Which is the device that connects to the internet? The gateway of last resort should be your internet gateway. So according to what your default route is, it is 192.168.1.1

Your gateway on your pc's should be the local ip of the switch, the switch will then route where they need to go (to other vlans or to the internet across your gateway of last resort).

Draw a picture of all of your devices and how they connect with ips of said devices under the device names. make something up in paint. Either I am not understanding or you don't understand that things need to hop around to other devices on the network and you must make a path to them via routes.

[zoheb]

I had made n/w diag as reqd . . . .hope ths mit help every1 understand . .

pls ignore those vertical lines between router & firewall . .

[+BudMan MVC]

Ok first off your diagram makes no sense, you mention 3 different vlans

But seems you have 1 segment 192.168.1.0/24

And looks like you have the same vlan on both sides of your L3 switch? if the 192.168.1.0/24 is the vlan your FWs are in - then your other vlans would need to be on different actual networks, ie 192.168.2.0/24, 192.168.3.0/24, 192.168.4.0/24, etc.

And then your trying to route on your netgear in the same segment? Makes no sense at all! You don't have any vlans according to that diagram

[+BudMan MVC]

Ok -- here I was playing around with gliffy and did a quick drawing of how vlans would actually be setup!

See how each vlan is on its own network. Your layer 3 switch would then route between your Vlan connected to your Firewalls and the internet, not sure on that setup because your router ips and firewall ips don't really make a lot of sense - are you firewall bridges and those .10 and .11 addresses are really on your routers? Are the firewalls doing nat or routing between some other network you left off?

But how you get to the internet is not really an issue -- as long as you point your layer 3 switch to a router/firewall that will send the traffic to the internet its beyond the scope of this drawing.

Now your layer 3 switch would have an IP and interfaces connected to atleast 4 vlans, will call your vlan that goes to the internet vlan X. But your other 3 vlans would need to be on their own networks.

Your layer 3 would then ROUTE between your vlans, your different devices on each vlan would have a gateway setup to talk to the layer 3 IP in that vlan.

What your wanting to do with your netgear and your PC not sure, are you wanting to setup a 4th vlan? And then trunk that to your layer 3? Or just put in on your vlan 3??

[sc302 Veteran]

if you are trying to bridge your internet connections or have a fail over you are doing it all wrong. if you are trying to confuse network traffic or if you are trying to do it all wrong, you are doing it right.

You need a link balancer to be able to properly handle multiple links to the internet.

here is how to do it with pfsense

http://doc.pfsense.org/index.php/Multi_WAN_/_Load_Balancing

here are devices specifically made for this

http://www.barracudanetworks.com/ns/products/link_overview.php

http://www.amazon.com/Cisco-RV042-4-port-100-Router/dp/B0002I7288

http://www.cisco.com/en/US/prod/collateral/routers/ps9923/ps9924/data_sheet_c78-501223.html

[+BudMan MVC]

Yeah, I didn't want to touch what he is trying to do on the internet side -- because that made even less sense then his supposed vlan setup ;)

I would say we correct his understanding of a what a vlan is and how to set them up and route between them, then we can figure out what he is trying to do to the internet. As long as he can route to some gateway from his layer3 then his devices will get to the internet - then we can optimize that after he gets his lan figured out.

Other than the sake of just doing it I also wonder why he believes he even needs/wants vlans? How many clients do you have? What do you want to accomplish with the segmentation of your network?

[zoheb]

u guyz r not gettin me. . . ..lets get straight

192.168.1.10 is current default gw acting as L3 switch for all V-LANS

192.168.1.1 prim FW

192.168.1.2 backup FW

122.200.19.1 prim Router

122.200.22.1 backup Router

192.168.1.11 is temp IP given for netgear switch to configure which will be replace by 192.168.1.10

I need to replace current l3 switch with netgear L3 switch.

So, prior to that, i need to configure my l3 switch for inter vLAN connectivity.

coz it wasn't that easy, my seniors @ work gave me this as a project after brushing their hands on it.

ok, now considering the diagram, ignore that netgear switch and my PC connection. . . . . .how will I configure so as to replace my current L3 switch with netgear switch.

Hoping I am able convey wat m tryin to say . ..

[+BudMan MVC]

And what network segments are on your vlans?

As to not getting you -- your drawing clearly shows your netgear connected to vlan 3, not a replacement for the current l3 switch.

Here -- this should get you going

http://support.netgear.com/app/answers/detail/a_id/8896/kw/vlan%20routing/related/1

Layer 3 switches - Routing VLANs with shared access to the Internet using a Prosafe Router/VPN Firewall

How to configure Routing VLANs with shared access to the Internet

Your 192.168.1.11 address is the address connected to the vlan your firewall/routers are on - ie the internet. But you still need to configure the other vlans IP for the switch.

What are they currently? You need to give us the ip segments your different vlans are on currently, and then we can walk you through how to configure you new switch so you can just drop it in.

[zoheb]

  On 18/10/2011 at 13:08, BudMan said:

Your 192.168.1.11 address is the address connected to the vlan your firewall/routers are on - ie the internet. But you still need to configure the other vlans IP for the switch.

As I m workin in IT dept of my company . . . .our VLAN is @ 192.168.1.x range which includes firewall too.

Following will be appropriate figure i guess. . .besides there is router betwn firewall and internet.

[+BudMan MVC]

There you go thats more of a normal vlan type setup - but still not right, because from your last drawing the 192.168.1.0/24 vlan would be between core "L3 switch" and your firewall, ie your 192.168.1.1 and .2 FWs listed on your drawing.

So follow the instructions listed in the link I provided to netgear article.

edit: So you would need to assign IP on the l3 switch for each vlan, say 2.1 and 3.1 and 4.1 would be the gateways for each vlan to get off their vlan. The the switch would route traffic between the vlans or to the internet depending on the destination your trying to reach.