Ethernet Switches & Routers

Brocade FastIron - Routing Inter-VLANs

by gfcm on ‎04-21-2011 12:15 AM (3,541 Views)

Background information

Since the Switch is layer 2 device, it cannot forward frames between VLAN, to allow communication  between VLANs you need a Layer 3 device as described on the following diagram. So to allow Inter VLAN routing, a router is used to forward frames between VLANs.

Equipment used

  • FastIron FCX that runs FCXR07100a.bin (Router)
  • FastIron FCX that runs FCXS07100a.bin (Switch)

Network Diagram

Routing_Inter-VLANs.png

Configuration

  • Router (inter-VLAN)

!

vlan 10 name user_vlan10 by port

  tagged ethe 1/1/10
  router-interface ve 10
!

vlan 20 name user_vlan20 by port

  tagged ethe 1/1/10
  router-interface ve 20
!

vlan 30 name user_vlan30 by port
  tagged ethe 1/1/10
  router-interface ve 30
!

ip route 0.0.0.0 0.0.0.0 172.27.10.1

!

interface ethernet 1/1/20

  ip address 172.27.10.2 255.255.255.0

!
interface ve 10
  ip address 192.168.10.1 255.255.255.0

!
interface ve 20
  ip address 192.168.20.1 255.255.255.0

!
interface ve 30
  ip address 192.168.30.1 255.255.255.0
!

  • Switch

!
vlan 10 name user_vlan10 by port
  tagged ethe 1/1/10
  untagged ethe 1/1/1
!
vlan 20 name user_vlan20 by port
  tagged ethe 1/1/10
  untagged ethe 1/1/2
!
vlan 30 name user_vlan30 by port
  tagged ethe 1/1/10
  untagged ethe 1/1/3
!

Verify

As soon as you create the router-interfaces and apply an IP address on it, a new route will be added to your routing table as you can see below.


FastIron# show ip route
Total number of IP routes: 5 avail: 11997 (out of max 12000)
B:BGP D:Connected R:RIP SSmiley Frustratedtatic OSmiley SurprisedSPF *:Candidate default
  Destination    NetMask          Gateway       Port       Cost  Type
  0.0.0.0        0.0.0.0          172.27.10.1   1/1/20     1     S

1 172.27.10.0    255.255.255.252  172.27.10.1   1/1/20     1     D

2 192.168.10.0   255.255.255.0    0.0.0.0       v10        1     D
3 192.168.20.0   255.255.255.0    0.0.0.0       v20        1     D

4 192.168.30.0   255.255.255.0    0.0.0.0       v30        1     D

!! Important !! Please make sure that the device connected to the Internet has a route to each of your internal subnet.

Comments
by sducharme
on ‎05-10-2011 09:25 AM

This is something I am trying to implement in our organization.  I have tried your config (changed vlans and IPs to match what we are using) on our FCX switches/routers but with no luck.

My routing table looks different especially the Gateways;

Total number of IP routes: 5, avail: 11995 (out of max 12000)
B:BGP D:Connected  R:RIP  SSmiley Frustratedtatic  OSmiley SurprisedSPF *:Candidate default
        Destination     NetMask         Gateway         Port       Cost   Type
        0.0.0.0         0.0.0.0         172.16.8.20     1/1/1      1      S
1       10.0.6.0        255.255.255.0   0.0.0.0         v6         1      D
2       172.16.8.0      255.255.252.0   0.0.0.0         1/1/1      1      D
3       172.16.80.0     255.255.252.0   0.0.0.0         v20        1      D
4       172.16.84.0     255.255.255.0   0.0.0.0         v30        1      D

Any help/ideas would be appreciated.

by gfcm
on ‎05-10-2011 11:57 AM

Indeed, the gateway should be equivalent to the ve ip address configured.

Could you please tell me what router code are you currently running?

Furthermore, could you please share your configuration or at least part of so that we can ensure everything is configured correctly.

Thanks.

by sducharme
on ‎05-10-2011 12:11 PM

Code: FCXR07001b


Current configuration:
!
ver 07.0.01bT7f3
!
stack unit 1
  module 1 fcx-48-port-management-module
  module 2 fcx-cx4-2-port-16g-module
!
!
!
!
vlan 1 name DEFAULT-VLAN by port
!
vlan 2 name VMotion by port
!
vlan 3 name iSCSI by port
!
vlan 4 name Public by port
!
vlan 5 name Wireless by port
!
vlan 6 name Security by port
tagged ethe 1/1/10
router-interface ve 6
!
vlan 7 name POS_DSL by port
!
vlan 8 name Net_Management by port
!
vlan 20 name Voice by port
tagged ethe 1/1/10
router-interface ve 20
!
vlan 30 name Server by port
tagged ethe 1/1/10
router-interface ve 30
!
vlan 99 name Quarantine by port
!
!
!
!
!
!
!
!
!
!
aaa authentication web-server default local
boot sys fl sec
enable super-user-password .....
no ip dhcp-client auto-update enable
ip route 0.0.0.0 0.0.0.0 172.16.8.20
!
username ******* password .....
route-only
snmp-server community ..... rw
router ospf
!
router rip
!
interface ethernet 1/1/1
ip address 172.16.8.44 255.255.252.0
!
interface ve 6
ip address 10.0.6.1 255.255.255.0
!
interface ve 20
ip address 172.16.80.1 255.255.252.0
!
interface ve 30
ip address 172.16.84.1 255.255.255.0
!
!
!
!
!
!
!
!
!
end

by gfcm
on ‎05-10-2011 11:16 PM

Please remove the route-only command and check the behavior.

To create any type of VLAN on a Brocade Layer 3 Switch, Layer 2 forwarding must be enabled.

When Layer 2 forwarding is enabled, the Layer 3 Switch becomes a Switch on all ports for all

non-routable protocols.

by sducharme
on ‎05-11-2011 06:57 AM

With the route-only command removed there is no difference.  Anything else I can try?

by
on ‎05-11-2011 02:21 PM

You should move this to a normal post.

You have only created VE's on three of the subnets - you need a routing interface to route .

The VE's that you do have on Vlan's 6, 20 and 30 are all taged on 1/1/10 and these are in your routing table.

You should be able to ping each of the VE on the Fastiron from the fastiron - what is the device connected to 1/1/10?

by sducharme
on ‎05-11-2011 02:51 PM

1/1/10 is connected to another switch like the above diagram.  We are trying to copy this at our place of work to route traffic between vlans.

by
on ‎05-11-2011 03:01 PM

Ok so on the second switch (the one not holding the VE's) can you ping 172.16.84.1 and 172.16.80.1?

You should be able to.

Then if you connect two clients to ports that untaged (one on VLAN 20 and one on VLAN 30) you should be able to ping each other as long as the gateway on each client is set to the VE for that vlan's ip address.

e.g. client on VLAN 30 has an ipaddress of say 172.16.84.10/24 and gateway of 172.16.84.1

by gfcm
on ‎05-12-2011 12:16 AM

There was a mistake in the post, after verification your gateways 0.0.0.0 for the virtual interfaces are right. It works this way.

As mschipp already answered, on your switch, you must tag the port connected to the router for every VLAN that is supposed to reach the router (vlan6, vlan 20, vlan 30 in your case) for inter-vlan communication. Then the clients connected to the switch in VLAN 20 will be able to ping clients in VLAN 30 if you set their gateways correctly.

It should work with your configuration.

To make sure everything works as expected, on your switch, you should untag a port in vlan 20 and another port in vlan 30. Then connect a laptop to the port in vlan 20 and another equipment to the port in vlan 30.

Configure correctly the ip address, netmask and gateway for each equipment:

Ex: client on VLAN 30 with ip addr 172.16.84.10/24 and gateway of 172.16.84.1

      client on VLAN 20 with ip addr 172.16.80.10/22 and gateway of 172.16.80.1

Ensure inter-vlan communication works, then you can go furher.

by
on ‎05-12-2011 01:25 AM

sorry from his config VLAN 20 is a /30 not a /22 so he would need to change to mask for VLAN 20 to allow more then 2 hosts - unless it is ust a test.

by gfcm
on ‎05-12-2011 01:44 AM

"ip address 172.16.80.1 255.255.252.0" is a /22 with host address range

by
on ‎05-12-2011 01:55 AM

Sorry, right you are - long day here is Oz. my slow brain saw 255.255.255.252 - time to start drinking.... 

by sducharme
on ‎05-12-2011 12:01 PM

Thanks alot guys .

It is working.  Great help.

Another question...  Is it possible to route traffic to the default VLAN (VLAN 1) from these vlans (6, 20, 30)?

by stephen.wong
on ‎05-16-2011 09:35 PM

Important !! Please make sure that the device connected to the Internet has a route to each of your internal subnet.

How to make the the device has a route to each or my internal subnet

by gfcm
on ‎05-17-2011 05:03 AM

Hello Stephen,

You should configure static route  for each subnet on your internet router. and on our example use 172.27.10.2 as gateway.

Ex

internet router:

ip route 192.168.10.0 255.255.255.0 172.27.10.2

by Prasun
on ‎09-11-2015 07:48 AM

Hello All,

 

               I am using FCXR08030b and FCXS08030b based router and switch (icx6610). I have read the above document and have done the same.

I am using two switch one as switch(A) and one as router(B).The gateway  in router is a server ethernet port or unmanagable switch(C).

Now I can ping C from B(router) and B(router) from A(brocade switch) , but can't reach C(172.27.10.1) or outside from A(192.168.x.y) i.e. client pc. 

 

 

How to connect C from A?