Newbie ProCurve 3500yl VLANS and Internet Access

[magellan99]

Hi all,

Just go this nice POE box….

Here’s what I need to do….

I will have two VLANs (default) and Vlan 101

How do I route both of the VLANs so they can get internet access via my Firewall/Router…?
Let’s say I plug the Internet access/router into port #24

What are some of the next steps…?

Thanks in advance

Magellan99

 

[cajuntank]

To enable routing on the switch, all you have to do is enable
"ip routing" at the config prompt. The VLANs you specify will need ip addresses assigned to them, so when you do turn on ip routing, they will route.
The 3500, if your using as your core switch, will have a default route:
ip route 0.0.0.0/24 "the ip address of your firewall/router"
The firewall/router will then need to know about subnets you have on your LAN and provide a back route to them via the 3500 (again, assuming your using as your main core layer 3 switch).
So in your example of only 2 VLANS, let's say VLAN1 you assign a ip address of 192.168.1.1 on a standard Class C network, so mask would be 255.255.255.0; your firewall (if your also putting it in VLAN1, might be 192.168.1.2; your VLAN2 interface might have a ip address assigned 192.168.2.1 so then with the ip routing statement in the config, the two VLANs route between each other automatically. The firewall/router in this example would need to know how to get to 192.168.2.0, so there will be a route to that subnet via 192.168.1.1 and it already knows how to get to 192.168.1.0 as it is already a part of that network.

Hope that helps.

 

[magellan99]

thanks cajuntank for your prompt reply

pls clarify:

I have port #24 connected to the firewall/router. Do I need to place this on a separate VLAn as well, VLAN e.g, 201, so a total of three vlans.

how does te ip route command know that Port #24 is my Interent Access point?

Clarify #2

Don't quite follow, "the router need to know about the subnets..."

this is a cable modem, that I am getting the Interenet access, and I don't believe there are config settings that I have access. What to do...?

sorry for all these newbie questions

thanks in advance

magellan99

 

[cajuntank]

That's up to you on if you want to define another VLAN for the "Internet" traffic. The port is by default on VLAN 1 until you untag it for another VLAN. The ip routing command just enables layer 3 interfaces defined on that switch to be able to talk to each other. Again, layer 3 interfaces being VLANs interfaces you create on this switch that have ip addresses assigned to them. Above that, you tell the switch about any other routes that it needs to know about. So in my example previously used, 192.168.1.1 assigned to the VLAN1 interface is of course in the 192.168.1.0 subnet. 192.168.2.1 ip addressed on VLAN 2 interface is in the 192.168.2.0 subnet. With ip routing enabled, these two networks can talk to each other via the switch. Since you do have multiple networks now defined on your LAN, you now have to tell your switch how to get to networks it does not already know about, thus you will need a default route statement on your switch that says ip route 0.0.0.0 0.0.0.0 192.168.1.2 (just used this ip as an example of what your firewall/router might be addressed). Your firewall/router will need a route to get to the 192.168.2.0 subnet, so you would have a route to 192.168.2.0 via 192.168.1.1
Adding other VLANs will cause additional routes to be created on the firewall/router, but this was just a simple example to show you the concept.