3 Replies Latest reply on Sep 16, 2014 8:12 AM by cj!

    VLAN routing to internet

    ksingh New Member

      Hello everyone!

       

      I am currently setting up a new network and wanted to make sure it is being done in the best way as this is my first time working on a NetVanta 1234P and I am having issues with routing

       

      The client I am setting up for is a building with 100 different offices in it, each office would like there own SSID and have there own subnet, IP address scheme being used is 172.16.1-100.0 /24 (3rd octet increments for each client/subnet). The device which will be managing the wireless is a Rukus ZoneDirector 1000, I have already created 100 SSIDs in it as well as VLANs 1001-1100.

       

      The Switch that is being used is a Adtran Netvanta 1234P, I have already created the 100 different vlans (1001-1100) but found a limitation of assigning IP addresses to those VLAN interfaces, seems like I am only able to assign up to 15 IPs to virtual interfaces (please correct me if I am wrong..).

       

      Essentially what i am looking for is routing to work for each SSID which is on its own VLAN, I have set the ports to which the Zonedirector and APs connect to as trunked. As of now, I am unable to hit my WatchGuard IP from any of the trunked ports, is there something I missing here?

      Drawing1.jpg

       

      As an example, here is vlan 1001:

      Switch(config)#ip default-gateway 10.128.19.1

      Switch(config)#int vlan 1001

      Switch(config-intf-vlan 1001)#ip add 172.16.1.1 255.255.255.0

      Switch(config-intf-vlan 1001)#no shut

        • Re: VLAN routing to internet
          cj! Beta_User

          Hi ksingh:

           

          NetVanta 123X switches support 255 active VLANs (Layer 2), but only 16 Layer 3 IP interfaces.  The NetVanta 1600-series switches are full-blown Layer 3 with support for 256 Layer 3 interfaces, and I highly recommend checking out that line to address switching between all of your VLANs at full wire speed.  123X and 1600 switches can be mixed so that your Layer 2 domains are extended to endpoints and APs to cover required port counts at a lower cost, while leveraging a 1600 switch (or two for redundancy) at the core for inter-VLAN traffic.

           

          In either model, I believe you should enable routing and use a static default route (avoid default gateway) when you wish to use Layer 3 switching:

           

          !

          no ip default-gateway

          !

          ip routing

          !

          ip route 0.0.0.0 0.0.0.0 10.128.19.1

          !

           

          Looks like a fun project!  Best,

          Chris

          • Re: VLAN routing to internet
            mtharris Employee

            The 1234P is our Layer 3 lite switch meaning it only supports 16 static networks so it will not be able to support the application as you have described.  If the Watchguard firewall supports VLANs then it may support VLAN interfaces, 802.1Q encapsulation with sub-interfaces.  At that point you would just configure each office as an access port on the 1234P and assigned to the appropriate VLAN then configure the Ethernet port between the 1234P and the Watchguard as a VLAN trunk interface and let the watch guard handle everything.

             

            We do have the 1544 which is a full layer 3 switch that may be a better option if the Watchguard can't be configured as you need it to.