1 Reply Latest reply on Feb 5, 2018 4:23 PM by hogle

    Migrating from NV3458 to NV5660 configuring VLANs

    hogle New Member

      How does one implement VLANs in the NV5660 carrier class router? I have discovered that sub-interfaces are required for layer 3. After creating sub-interfaces, I've assigned IP addresses and used ce-vlan-id to identify Vlans. In the NV3458 and other routers/switches one would define a Vlan with an IP address as such:

       

      interface vlan 127

        description DMZ1 zone

        ip address  192.168.127.1  255.255.255.0

        ip access-policy DmzVlan127

        no shutdown

       

      That syntax is not available on the NV5660. Instead, I now have sub-interfaces, actually 3 sub interfaces, under a physical interface. Each sub handles a different Vlan as follows:

       

      interface gigabit-eth 0/3

        description Trunk Vlan 1 124

        no shutdown

      !

      !

      interface gigabit-eth 0/3.1

        description LAN Vlan 1 Private subnet 125

        ce-vlan-id 1

        ip address  192.168.125.2  255.255.255.0

        ip access-policy InsideVlan1

        no awcp

        media-gateway ip primary

        no shutdown

      !

      interface gigabit-eth 0/3.2

        description LAN Vlan 124 Guest subnet 124

        ce-vlan-id 124

        ip address  192.168.124.1  255.255.255.0

        ip access-policy GuestVlan124

        no awcp

        media-gateway ip primary

        no shutdown

      !

      interface gigabit-eth 0/3.3

        description LAN Vlan 127 homer VPN

        ce-vlan-id 127

        no ip address

        no awcp

        no shutdown

      !

       

      Notice above there is no IP address on 0/3.3. The gateway IP address for Vlan 127 is on another interface (192.168.127.1).:

       

      interface gigabit-eth 0/4.1

        description DMZ1 Vlan 127 subnet 127

        ce-vlan-id 127

        ip address  192.168.127.1  255.255.255.0

        ip access-policy DmzVlan127

        no awcp

        media-gateway ip primary

        no shutdown

       

      The above interface, 0/3.3, does not work. Everything else in my config seems to work. I want Vlan 127 traffic on the 0/3.3 interface to pass through the 192.168.127.1 gateway address. If I also place that IP address on the 0/3.3 sub-interface I get an error message. The NV5660 does not allow defining Vlan globally as in previous routers. It seems to only allow ce-vlan-id to be used. Clearly the idea of "carrier" router is different than standard NV routers. I'm wondering maybe the concept of EVC fits into this? How does one have one IP gateway address for a Vlan when the Vlan appears on two or more physical or sub interfaces? Where does a common "ip access-policy DmzVlan127" fit into the config?

        • Re: Migrating from NV3458 to NV5660 configuring VLANs
          hogle New Member

          Solution: Aggregate the interfaces of each VLAN external to the NV5660 or NV4660. This can easily be accomplished with a layer 2 switch.

           

          Given the few ports on these routers, it actually makes practical sense to only bring each VLAN into the NV5660 router once.  This is probably better use of router and switch resources.

           

          I will mark this as solved. If anybody has another solution feel  free to post.

          1 of 1 people found this helpful