- Posts: 20
- Thank you received: 0
VLAN routing on various hardware.
- floppyraid
- Topic Author
- Offline
- Junior Member
-
15 years 1 month ago #32473
by floppyraid
VLAN routing on various hardware. was created by floppyraid
greetings.
ive got a few Linksys SGE2000P's in layer 2 mode with a Netgear GSM7312 L3 switch for the core.
The terminology for Linksys small business (rebranded as Cisco Small Business) doesnt always precisely match with Cisco terminology-- much less does Netgear match either of them-- but my concern isnt really involved in any of that as I've already pretty much figured out the differences.
My question is this-- I've got the GSM7312 configured with the same VLANs (300, 400, etc) as the edge switches, and packets are flowing as intended. only the GSM7312 'assigns' L3 information (IPs, etc) to the various VLANs. my question is, what would be yalls advice on the best options to bring DNS/DHCP/etc connectivity from the servers I would like to isolate in their own VLAN?
my main reason for uncertainty is that our connection to the net comes in over a T carrier, and the CSU/DSU is attached to a win server doing ras and web filtering, so, essentially all vlans will need to be able to communicate with this system, alongside it is another system (our DC) doing DNS and DHCP--- this netgear L3 switch does support passing DHCP information through VLANs, but what would be better for this situation? To use that, or, to multihome the DC and/or the RAS box into every VLAN physically, or, to cross my fingers and hope that the netgear can correctly handle all L3 routing for ~150 nodes?
thanks ahead of time
ive got a few Linksys SGE2000P's in layer 2 mode with a Netgear GSM7312 L3 switch for the core.
The terminology for Linksys small business (rebranded as Cisco Small Business) doesnt always precisely match with Cisco terminology-- much less does Netgear match either of them-- but my concern isnt really involved in any of that as I've already pretty much figured out the differences.
My question is this-- I've got the GSM7312 configured with the same VLANs (300, 400, etc) as the edge switches, and packets are flowing as intended. only the GSM7312 'assigns' L3 information (IPs, etc) to the various VLANs. my question is, what would be yalls advice on the best options to bring DNS/DHCP/etc connectivity from the servers I would like to isolate in their own VLAN?
my main reason for uncertainty is that our connection to the net comes in over a T carrier, and the CSU/DSU is attached to a win server doing ras and web filtering, so, essentially all vlans will need to be able to communicate with this system, alongside it is another system (our DC) doing DNS and DHCP--- this netgear L3 switch does support passing DHCP information through VLANs, but what would be better for this situation? To use that, or, to multihome the DC and/or the RAS box into every VLAN physically, or, to cross my fingers and hope that the netgear can correctly handle all L3 routing for ~150 nodes?
thanks ahead of time
- floppyraid
- Topic Author
- Offline
- Junior Member
-
15 years 4 weeks ago #32478
by floppyraid
in other words
lets say VLAN "A" is 192.168.1.0/24, gateway set to 192.168.1.1
lets say VLAN "B" is 192.168.2.0/24, gateway set to 192.168.2.1
lets say VLAN "C" is 192.168.3.0/24, gateway set to 192.168.3.1
inside of VLAN "A" are the servers. the box doing RAS with the T-carrier going directly to it is 192.168.1.2. DNS and DHCP is done by the DC which is 192.168.1.3.
the L3 switch/router is 192.168.0.1 and it is pointing to 192.168.1.2 for its gateway.
so, when a host in VLAN "B" or "C" starts broadcasting a DHCP request, lets say the L3 switch is set to relay it to 192.168.1.3, how would the DC know to reply with an IP from the pool that would be appropriate to either VLAN "B" or "C"?
the only thing that comes to mind (aside from, instead of using relaying, simply adding extra NICs in the DC for each VLAN, or, an 802.1q NIC) would be setting MAC reservations in each DHCP pool for each client- but what if that client wants to take their laptop from one place in the building to a different one- if the wall ports themselves are locked into differing VLANs? (one workaround would be to have duplicate MAC reservations in differing address scopes/pools--- but im not even entirely sure that is possible in win server dhcp, in whatever else im not thoroughly knowledgeable in windows server is most certainly included in the list)
Replied by floppyraid on topic Re: VLAN routing on various hardware.
just to cut down on broadcast traffic that the servers would otherwise just discard anyway. we have about 70 computers that mostly browse the web and occasionally access shared resources from the win server.1. What is your mootivation to isolate the server segment?
it will. at least it says it will. the thing that concerns me about using that feature is that the server providing DHCP doesnt have an 802.1q NIC, since im using L2 and L3 VLANS, how would the server know what pool/subnet to give a lease from in reply to the hosts DHCP request?2. Are you sure that NetgearL3 will not pass DHCP relay / helper???
in other words
lets say VLAN "A" is 192.168.1.0/24, gateway set to 192.168.1.1
lets say VLAN "B" is 192.168.2.0/24, gateway set to 192.168.2.1
lets say VLAN "C" is 192.168.3.0/24, gateway set to 192.168.3.1
inside of VLAN "A" are the servers. the box doing RAS with the T-carrier going directly to it is 192.168.1.2. DNS and DHCP is done by the DC which is 192.168.1.3.
the L3 switch/router is 192.168.0.1 and it is pointing to 192.168.1.2 for its gateway.
so, when a host in VLAN "B" or "C" starts broadcasting a DHCP request, lets say the L3 switch is set to relay it to 192.168.1.3, how would the DC know to reply with an IP from the pool that would be appropriate to either VLAN "B" or "C"?
the only thing that comes to mind (aside from, instead of using relaying, simply adding extra NICs in the DC for each VLAN, or, an 802.1q NIC) would be setting MAC reservations in each DHCP pool for each client- but what if that client wants to take their laptop from one place in the building to a different one- if the wall ports themselves are locked into differing VLANs? (one workaround would be to have duplicate MAC reservations in differing address scopes/pools--- but im not even entirely sure that is possible in win server dhcp, in whatever else im not thoroughly knowledgeable in windows server is most certainly included in the list)
I don't know what you just said but I like it. Can you elaborate on it some?3. My initial brief answer is to denote the RAS to just RAS use it in a DMZ / front end segment, use a crossover from that to the DC in a rear segment, and put your clients in the middle. Or multihome as you said over a trunk from the server.
I like the first two, but I don't think that the last is possible ;( if we had money, I wouldn't be using this netgear.4. Overcoming your VLAN issues is a matter of isolated testing / research and / or buying alternate switches.
Time to create page: 0.117 seconds