cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
hogle
New Contributor III

Migrating from NV3458 to NV5660 configuring VLANs

How does one implement VLANs in the NV5660 carrier class router? I have discovered that sub-interfaces are required for layer 3. After creating sub-interfaces, I've assigned IP addresses and used ce-vlan-id to identify Vlans. In the NV3458 and other routers/switches one would define a Vlan with an IP address as such:

interface vlan 127

  description DMZ1 zone

  ip address  192.168.127.1  255.255.255.0

  ip access-policy DmzVlan127

  no shutdown

That syntax is not available on the NV5660. Instead, I now have sub-interfaces, actually 3 sub interfaces, under a physical interface. Each sub handles a different Vlan as follows:

interface gigabit-eth 0/3

  description Trunk Vlan 1 124

  no shutdown

!

!

interface gigabit-eth 0/3.1

  description LAN Vlan 1 Private subnet 125

  ce-vlan-id 1

  ip address  192.168.125.2  255.255.255.0

  ip access-policy InsideVlan1

  no awcp

  media-gateway ip primary

  no shutdown

!

interface gigabit-eth 0/3.2

  description LAN Vlan 124 Guest subnet 124

  ce-vlan-id 124

  ip address  192.168.124.1  255.255.255.0

  ip access-policy GuestVlan124

  no awcp

  media-gateway ip primary

  no shutdown

!

interface gigabit-eth 0/3.3

  description LAN Vlan 127 homer VPN

  ce-vlan-id 127

  no ip address

  no awcp

  no shutdown

!

Notice above there is no IP address on 0/3.3. The gateway IP address for Vlan 127 is on another interface (192.168.127.1).:

interface gigabit-eth 0/4.1

  description DMZ1 Vlan 127 subnet 127

  ce-vlan-id 127

  ip address  192.168.127.1  255.255.255.0

  ip access-policy DmzVlan127

  no awcp

  media-gateway ip primary

  no shutdown

The above interface, 0/3.3, does not work. Everything else in my config seems to work. I want Vlan 127 traffic on the 0/3.3 interface to pass through the 192.168.127.1 gateway address. If I also place that IP address on the 0/3.3 sub-interface I get an error message. The NV5660 does not allow defining Vlan globally as in previous routers. It seems to only allow ce-vlan-id to be used. Clearly the idea of "carrier" router is different than standard NV routers. I'm wondering maybe the concept of EVC fits into this? How does one have one IP gateway address for a Vlan when the Vlan appears on two or more physical or sub interfaces? Where does a common "ip access-policy DmzVlan127" fit into the config?

0 Kudos
1 Reply
hogle
New Contributor III

Re: Migrating from NV3458 to NV5660 configuring VLANs

Solution: Aggregate the interfaces of each VLAN external to the NV5660 or NV4660. This can easily be accomplished with a layer 2 switch.

Given the few ports on these routers, it actually makes practical sense to only bring each VLAN into the NV5660 router once.  This is probably better use of router and switch resources.

I will mark this as solved. If anybody has another solution feel  free to post.