+ Post New Thread
Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
Wired Networks Thread, Static default route question in Technical; Yes, the two ISP routers are XTM510 Watchguards. I'm trying to avoid using the Watchguard as the gateway IP in ...
  1. #16

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Yes, the two ISP routers are XTM510 Watchguards. I'm trying to avoid using the Watchguard as the gateway IP in VLAN 52, 53 addresses. If I do that, I have internet connectivity on those VLANs, but then the Watchguard is doing the routing for these VLANs.

    I'm starting to think that the 5406 will not do what I want it to. In the GUI interface, I found a spot to enter a default gateway and it looks like it will route all VLAN traffic to that 192.168.60.1 gateway regardless of the VLAN source.
    I opened a case with HP network support as well. I wonder what they will come up with?
    I also want to start looking at PBR - Policy Based Routing. Maybe that's my ticket?

  2. #17

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    15
    So which interface(s) have the IP address for 192.168.52.1 and 192.168.53.1 ? I'm a bit confused here maybe a network diagram would help if you have one.

  3. #18

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Drawing1.jpg


    Sorry, I'm a bit rusty in Visio, but there it is.

  4. #19

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by Destinova View Post
    Sure - with the caveat that this is Cisco syntax - I've not done much work with HP gear at layer 3.

    The "old way" or router on a stick using subinterfaces on your router for each vlan:

    interface GigabitEthernet0/0
    description Inside1
    no ip address
    duplex full
    speed 1000
    media-type rj45

    interface GigabitEthernet0/0.1
    encapsulation dot1q 1 native
    ip address 192.168.60.2 255.255.255.0 (not sure of what mask you wanted here...)

    interface Gigabitethernet0/0.52
    encapsulation dot1q 52
    ip address 192.168.52.2 255.255.255.0

    interface GigabitEthernet0/0.52
    encapsulation dot1q 53
    ip address 192.168.53.2 255.255.255.0

    etc.

    Each vlan uses these addresses as it's default gateway.

    Alternatively, and the current recommended way - at least in the Cisco world - is to have a layer 3 switch as your gateway - this way inter-vlan routing is not hairpinning on the router. This just uses layer 3 vlan interfaces rather than subinterfaces:

    interface vlan 1
    ip address 192.168.60.2 255.255.255.0
    no shut

    interface vlan 52
    ip address 192.168.52.2 255.255.255.0
    no shut

    interface vlan 53
    ip address 192.168.53.2 255.255.255.0
    no shut

    Then whatever routing protocol you want and advertise those routes to your router (of course you need to run the same protocol on the router to advertise your WAN links)

    router ospf 1
    network 192.168.60.0 0.0.0.255 area 0
    network 192.168.52.0 0.0.0.255 area 0
    network 192.168.53.0 0.0.0.255 area 0

    Static routes can also be used if you want to specify a different path for specific traffic.
    How does this configuration allow for traffic bound for the internet to be routed based on source VLAN though? It seems this is just a simple router on a stick configuration used for inter-VLAN routing? Am I missing something?

  5. #20

    Join Date
    Jan 2009
    Posts
    109
    Thank Post
    3
    Thanked 21 Times in 16 Posts
    Rep Power
    15
    Yes, that's correct. I was under the (incorrect) impression that's what he was looking for. With the diagram I realize there's an actual second physical router, which tosses things back to PBR.

  6. Thanks to Destinova from:

    Mehmet (4th June 2012)

  7. #21

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by Destinova View Post
    Yes, that's correct. I was under the (incorrect) impression that's what he was looking for. With the diagram I realize there's an actual second physical router, which tosses things back to PBR.
    Oh right. You scared me there for a minute! Thought I was missing something!

  8. #22

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    Any one know the CLI syntax for configuring PBR? I can't seem to find much info on it on the web. I know that I have to upgrade the firmware on the 5406 since the current one does not support PBR.

  9. #23

    Join Date
    Jun 2012
    Location
    Canada
    Posts
    10
    Thank Post
    0
    Thanked 0 Times in 0 Posts
    Rep Power
    0
    I contacted HP support with this. This is part of the e-mail response:
    "Thank you for contacting HP Networking Support.

    The switch does not support the creation of different static routes based upon VLAN ID. Different static routes can be configued with metrics, which serve to specify an integer value that is associated with the route. It is used to compare a static route to routes in the IP route table from other sources to the same destination.

    Another parameter that can be set for static routes is the distance. This specifies the administrative distance to associate with a static route. If not specified, this value is set to a default of 1. For more on this topic, refer to “Administrative Distance” on page 5-10 of the "Multicast and Routing Guide" at http://bizsupport2.austin.hp.com/bc/.../c02610033.pdf

    The option supported by the HP Switches is Equal Cost Multipath for Static Routes, as described on page 5-30 of the same Guide. The prerequisite for ECMP is the deployment of OSPF, which is also described in the Routing Guie, beginning with page 5-46."

    Thanks to all for all the help and suggestions.

  10. #24

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by sosmrttech View Post
    I contacted HP support with this. This is part of the e-mail response:
    "Thank you for contacting HP Networking Support.

    The switch does not support the creation of different static routes based upon VLAN ID. Different static routes can be configued with metrics, which serve to specify an integer value that is associated with the route. It is used to compare a static route to routes in the IP route table from other sources to the same destination.

    Another parameter that can be set for static routes is the distance. This specifies the administrative distance to associate with a static route. If not specified, this value is set to a default of 1. For more on this topic, refer to “Administrative Distance” on page 5-10 of the "Multicast and Routing Guide" at http://bizsupport2.austin.hp.com/bc/.../c02610033.pdf

    The option supported by the HP Switches is Equal Cost Multipath for Static Routes, as described on page 5-30 of the same Guide. The prerequisite for ECMP is the deployment of OSPF, which is also described in the Routing Guie, beginning with page 5-46."

    Thanks to all for all the help and suggestions.
    Based on the requirements you have given I can't see how this information is of any use.

  11. #25

    Join Date
    Jun 2012
    Location
    Manchester
    Posts
    12
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    Create a new VLAN on the HP switch and connect router2 to that VLAN. Give Router2 an IP of 192.168.255.1/255.255.255.252 and the HP switch 192.168.255.2 / 255.255.255.252. Configure a static default route on the HP switch to point to Router2's IP address. That will route all VLANs via Router2.

    Leave Router1 connected to VLAN1 and set all devices on VLAN1 to use Router1 as its default gateway (it sounds like that's what you already have).

    Put a static route on both routers to point each one back to the rest of the LAN via the HP switch's address on the relevant VLAN, so Router1 would have a static route pointing 192.168.0.0 / 255.255.0.0 to 192.168.60.2. Router2 would have a static route pointing 192.168.0.0 / 255.255.0.0 to 192.168.255.2.

    You'll also need to enable IP redirects on the routers and HP switch if they support it.

  12. #26

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by gaiacraig View Post
    Create a new VLAN on the HP switch and connect router2 to that VLAN. Give Router2 an IP of 192.168.255.1/255.255.255.252 and the HP switch 192.168.255.2 / 255.255.255.252. Configure a static default route on the HP switch to point to Router2's IP address. That will route all VLANs via Router2.

    Leave Router1 connected to VLAN1 and set all devices on VLAN1 to use Router1 as its default gateway (it sounds like that's what you already have).

    Put a static route on both routers to point each one back to the rest of the LAN via the HP switch's address on the relevant VLAN, so Router1 would have a static route pointing 192.168.0.0 / 255.255.0.0 to 192.168.60.2. Router2 would have a static route pointing 192.168.0.0 / 255.255.0.0 to 192.168.255.2.

    You'll also need to enable IP redirects on the routers and HP switch if they support it.
    Would this not result in ALL inter-VLAN traffic having to go through one of the two routers? In which case I would be concerned about the links becoming congested - or am I mistaken? I am not too sure about the validity of this design, but you probably know more than I do... just sounds to me like something which wouldn't be the recommended practice.

  13. #27

    Join Date
    Jun 2012
    Location
    Manchester
    Posts
    12
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    No, they would just be gateways. However I do see where I was unclear.

    The only connection between the network and Router2 would be on the new VLAN, so the existing VLANs configured on Router 2 would be removed and the HP switch would now be the router for ALL VLANs - it would adopt the IP addresses we removed from Router2.

    As the static route on the HP switch is just a default route it would only route traffic to destinations where a valid route doesn't already exist on the HP switch. In turn, the HP switch would only send traffic to external networks to Router2.

  14. #28

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by gaiacraig View Post
    No, they would just be gateways. However I do see where I was unclear.

    The only connection between the network and Router2 would be on the new VLAN, so the existing VLANs configured on Router 2 would be removed and the HP switch would now be the router for ALL VLANs - it would adopt the IP addresses we removed from Router2.

    As the static route on the HP switch is just a default route it would only route traffic to destinations where a valid route doesn't already exist on the HP switch. In turn, the HP switch would only send traffic to external networks to Router2.
    I'm confused. When devices on VLAN 1 ARP for their gateway, which devices MAC address will they receive?

  15. #29

    Join Date
    Jun 2012
    Location
    Manchester
    Posts
    12
    Thank Post
    0
    Thanked 1 Time in 1 Post
    Rep Power
    0
    As I said, all devices on VLAN1 would have Router1 set as their default gateway, so ARP would resolve the MAC of Router1 (We're not using proxy-arp where the clients don't have a gateway configured). In order to allow devices on VLAN1 to see devices on the other VLANs they need to know how to get to them, but as they're not using the router which deals with the other VLANs (the HP switch) as their default gateway they have to rely on Router1 to tell them (via the static route we configured and IP redirect). IP Redirect will tell the clients to use the IP address on the HP switch directly instead of routing traffic via Router1.

    This explains a little...
    Explanation of ICMP Redirect Behavior

    Make sense?

  16. Thanks to gaiacraig from:

    Mehmet (7th June 2012)

  17. #30

    Join Date
    Apr 2012
    Location
    London
    Posts
    67
    Thank Post
    10
    Thanked 3 Times in 3 Posts
    Rep Power
    5
    Quote Originally Posted by gaiacraig View Post
    As I said, all devices on VLAN1 would have Router1 set as their default gateway, so ARP would resolve the MAC of Router1 (We're not using proxy-arp where the clients don't have a gateway configured). In order to allow devices on VLAN1 to see devices on the other VLANs they need to know how to get to them, but as they're not using the router which deals with the other VLANs (the HP switch) as their default gateway they have to rely on Router1 to tell them (via the static route we configured and IP redirect). IP Redirect will tell the clients to use the IP address on the HP switch directly instead of routing traffic via Router1.

    This explains a little...
    Explanation of ICMP Redirect Behavior

    Make sense?
    Aha! That is clever!

    Well, clearly I have a lot to learn.

SHARE:
+ Post New Thread
Page 2 of 2 FirstFirst 12

Similar Threads

  1. 3com 2952 and default route
    By zeux in forum Wired Networks
    Replies: 14
    Last Post: 30th September 2011, 03:47 PM
  2. Default Gateway Question
    By farquea in forum Wireless Networks
    Replies: 9
    Last Post: 19th April 2011, 12:51 PM
  3. ISA 2006 - proxy/default gateway question
    By pantscat in forum Windows
    Replies: 11
    Last Post: 24th November 2008, 05:04 PM
  4. another routing question
    By RabbieBurns in forum *nix
    Replies: 9
    Last Post: 13th May 2008, 03:46 PM
  5. Dumb (?) Routing Question
    By ANiceEnglishman in forum Wireless Networks
    Replies: 5
    Last Post: 26th May 2006, 12:04 PM

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •