5 Replies Latest reply on Jul 11, 2014 6:19 AM by coriumintl

    Routing Question

    coriumintl New Member

      So we want to implement routing on a per building case, except have WiFi be the same Vlan/Subnet across 3 buildings.

       

      Our connections current are a fiber run between to buildings that share a parking lot and we have a point to point wireless bridge (a 2.4 Ghz and a 5 Ghz link) for a half mile run to our other building. Also our internet links are in B50, we have a link in B52 though since we plugged in the wirless bridge, we just backhaul everything to B50.

       

      to make it easier to explain things, B50 is the center spoke, B51 is connected to B50 via Fiber, and B52 is connected to B50 by the Wireless bridge. B50 has a Netvanta 1544 being in charge of all vlan's in B50 and B51. all 3 buildings also have Netvanta 1534's at the center of the building star.

       

      for routing example sake, let's say that 2.253 is the Vlan interface on the 1544 in B50, 3.253 is on the Netvanta 1534 in B51, and 4.253 is on the 1534 in B52

       

      So far we have the 2 WiFi bridges connected on access ports on their own vlan in a /28 subnet from the 1534 in B50 to the 1534 in B51 so our routing in B50 and B51 references the opposing side's Vlan interface.

       

      Changing the ports on the 1534 in B50 and B52 which the wireless bridge is plugged in from access to trunk (while defaulting to the Vlan which is a /28 subnet would allow vlan routing? do i need to keep the /28 subnet between B50 and B52?

       

      What should my route look like to keep the 3.253 traffic in B51 unless trying to get to the other vlan's in B50 and or B52.

       

      Thanks, and I hope this doesn't sound too confusing.

        • Re: Routing Question
          cj! Beta_User

          Hi coriumintl:

           

          Perhaps this article will help clear up combined routing and bridging in AOS:  Configuring Bridging in AOS  I haven't studied your question carefully, but maybe this will get you started. 

           

          CJ

            • Re: Routing Question
              coriumintl New Member

              Well, we are using a Ubiquity airMAX NanoStation in bridge mode for our wireless bridge. Also we are not using any Adtran Routers, only 1544 and 1534 switches. That leads me to believe that I won't be doing any AOS bridging, and should just flag the ports where the airMAX is plugged in as trunk which will bring up layer 2.

               

              However I think I figured out what needs to happen.

               

              If I used VLAN. 1 default as a managment VLAN and gave each of my 15XX switches VLAN interfaces on that vlan, I could then decentralize my routing per building.

               

              So that will give me something like:

              • In B50 I'll have the 1544, with 192.168.1.254 and the 1534 will have 192.168.1.253
              • In B51 the 1534 will have 192.168.1.252
              • In B52 the 1534 will have 192.168.1.251.

               

              So then the local building subnets could be:

              • The 1534 in B50 will be responsible for 192.168.100.0/24
              • The 1534 in B51 will be responsible for 192.168.200.0/24
              • The 1534 in B52 will be responsible for 192.168.300.0/24

               

              So my static routes on the 1544 in B51 would have:

              • 192.168.100.0/24 with gateway of 192.168.1.253 (The B50 1534)
              • 192.168.200.0/24 with gateway of 192.168.1.252 (The B51 1534)
              • 192.168.300.0/24 with gateway of 192.168.1.251 (The B52 1534)

               

              Each 1534 will have a static route of 0.0.0.0 to the gateway of 192.168.1.254 (The 1544 in B50).

               

              Provided that above is correct, I was having trouble wrapping my understanding around the need for the common VLAN which each of the 15xx's needed to have an interface on.

                • Re: Routing Question
                  jayh Hall_of_Fame

                  Think of the common VLAN as the backbone between the buildings.  It interconnects all of the routers.  Each building VLAN then connects users on their own building VLAN.

                   

                  coriumintl wrote:

                  So that will give me something like:

                  • In B50 I'll have the 1544, with 192.168.1.254 and the 1534 will have 192.168.1.253
                  • In B51 the 1534 will have 192.168.1.252
                  • In B52 the 1534 will have 192.168.1.251.

                   

                  So then the local building subnets could be:

                  • The 1534 in B50 will be responsible for 192.168.100.0/24
                  • The 1534 in B51 will be responsible for 192.168.200.0/24
                  • The 1534 in B52 will be responsible for 192.168.300.0/24

                   

                  So my static routes on the 1544 in B51 would have:

                  • 192.168.100.0/24 with gateway of 192.168.1.253 (The B50 1534)
                  • 192.168.200.0/24 with gateway of 192.168.1.252 (The B51 1534)
                  • 192.168.300.0/24 with gateway of 192.168.1.251 (The B52 1534)

                   

                  Each 1534 will have a static route of 0.0.0.0 to the gateway of 192.168.1.254 (The 1544 in B50).

                   

                  Provided that above is correct, I was having trouble wrapping my understanding around the need for the common VLAN which each of the 15xx's needed to have an interface on.

                   

                  You're going to have a bit of trouble configuring 192.168.300.0/24.  :-)

                   

                  Here's what I would do:

                   

                  Don't use VLAN 1, or use it just for management.

                   

                  VLAN 50 - 192.168.50.0/24 - Users in building 50

                  VLAN 51 - 192.168.51.0/24 - Users in building 51

                  VLAN 52 - 192.168.52.0/24 - Users in building 52

                   

                  VLAN 100 - Backbone connecting buildings - 192.168.100.0/24

                   

                  VLAN 100 is the only VLAN spanning buildings.

                   

                  In building 50, your users have a gateway of 192.168.50.254 on VLAN 50

                  In building 51, your users have a gateway of 192.168.51.254 on VLAN 51

                  In building 52, your users have a gateway of 192.168.52.254 on VLAN 52

                   

                  The router in building 50 has the address 192.168.100.50 on VLAN 100

                  The router in building 51 has the address 192.168.100.51 on VLAN 100

                  The router in building 52 has the address 192.168.100.52 on VLAN 100

                   

                  Routes as follows (routing takes place on VLAN 100 and on each individual building router between VLANs):

                   

                  Building 50:

                  ip route 0.0.0.0 0.0.0.0 [internal address of firewall]  ! (Note 1)

                  ip route 192.168.51.0 255.255.255.0 192.168.100.51

                  ip route 192.168.52.0 255.255.255.0 192.168.100.52

                   

                  Building 51:

                  ip route 0.0.0.0 0.0.0.0 192.168.100.50

                  ip route 192.168.52.0 255.255.255.0 192.168.100.52

                   

                  Building 52:

                  ip route 0.0.0.0 0.0.0.0 192.168.100.50

                  ip route 192.168.51.0 255.255.255.0 192.168.100.51

                   

                  Note 1:  Firewall internal can be on its own VLAN in this model, coming from an access port on the building 50 router.  If firewall internal is on VLAN 100, then you can change the default routes from buildings 51 and 52 to point directly to the firewall. 

                  • Re: Routing Question
                    Employee

                    coriumintl -

                    I went ahead and flagged the "Correct Answer" on this post to make it more visible and help other members of the community find solutions more easily. If you don't feel like the answer I marked was correct, feel free to come back to this post to unmark it and select another in its place with the applicable buttons.  If you have any additional information on this that others may benefit from, please come back to this post to provide an update.  If you still need assistance, we would be more than happy to continue working with you on this - just let us know in a reply.

                     

                    Thanks,

                    Noor

                      • Re: Routing Question
                        coriumintl New Member

                        yeah, I ran into a road block which we ended up deciding to not implement this routing scheme as it's complicated beyond our desire to support.

                         

                        Ultimately we found that replacing our old 4500g switch with the 1544 improved our network in that the 4500G was aging, incompatible on some level with the rest of the adtran infrastructure we have deployed, or inadequate in it's capabilities for the increased size of our network after the phone system implementation.

                         

                        Thanks to all for the assistance!