I have attempted various manipulations of the previously mentioned config lines on all 3 switches, but once I disable the routes from the FortiGate to the first switch, I can no longer communiate with anything on the other VLANs.įor management purposes, I am trying to use 10.10.0.1, 10.10.0.2, and 10.10.0.3 for the 3 switches (there will also eventually be other items on that network such as iLO controllers). I will also keep the routes in the firewall to the first swtich for the purpose of otside traffic coming in as well as allowing clients on the SSL VPN (which is handled by the FortiGate) to access resources on all VLANs. I am looking to set this up so that if the firewall were to become unavilable, evertyhing could still talk across the VLANs. However, what I would like to do, is setup the first switch so that it would now handle the routing for all of the VLANs. This works well in practice, as I can reach devices on 3 of the VLANs that I have already setup from devices connected to any of the 3 switches. This appears to cause all traffic to run out to the FortiGate (192.168.16.1), where there are routes setup pushing traffic back to the first switch (192.168.16.252) when neccessary. Right now all 3 switches have the following 3 lines in their configurations: Currently, the network is flat, but I am trying to deploy VLANs. The router then sends the unicast traffic to the switch, which forwards it out the port where the destination device is connected.Ĭlick the Play button in the figure to view how legacy inter-VLAN routing is accomplished.Įven though there are many steps in the process of inter-VLAN routing, when two devices on different VLANs communicate through a router, the entire process happens in a fraction of a second.I've got 3 HP/Aruba 2920 switches and a FortiGate firewall.
Configure legacy inter vlan routing mac#
The destination device responds back to the router with its MAC address, which the router then uses to frame the packet. If the router determines that the destination network is a locally connected network, as is the case with inter-VLAN routing, the router sends an ARP request out the interface physically connected to the destination VLAN. The router compares the destination address to entries in its routing table to determine where it needs to forward the data to reach its final destination. When the frame arrives at the router, the router removes the source and destination MAC address information to examine the destination IP address of the packet. When the router sends its ARP reply back to the source device, the source device can use the MAC address to finish framing the packet before it sends it out on the network as unicast traffic.īecause the Ethernet frame has the destination MAC address of the router interface, the switch knows exactly which switch port to forward the unicast traffic out of to reach the router interface for that VLAN. When the source device has determined that the packet must travel through the local router interface on the connected VLAN, the source device sends out an ARP request to determine the MAC address of the local router interface. The IP address of the router interface on the local subnet acts as the default gateway for the sending device. The default gateway is the route that the device uses when it has no other explicitly defined route to the destination network. Devices use their default gateway as the Layer 2 destination for all traffic that must leave the local subnet. The source device examines the local routing table to determine where it needs to send the data. When the destination IP address has been determined to be on a remote network, the source device must identify where it needs to forward the packet to reach the destination device.
![configure legacy inter-vlan routing configure legacy inter-vlan routing](https://www.networkstraining.com/wp-content/uploads/2020/01/cisco-nexus-inter-vlan-routing.jpg)
The source device accomplishes this by comparing the source and destination IP addresses against the subnet mask. The routing process requires the source device to determine if the destination device is local or remote to the local subnet. In this configuration, network devices can use the router as a gateway to access the devices connected to the other VLANs.
![configure legacy inter-vlan routing configure legacy inter-vlan routing](https://s3.studylib.net/store/data/008332439_1-127576e489d966a124b09e115a2d5feb.png)
By configuring the IP addresses on the physical interfaces, network devices connected to each of the VLANs can communicate with the router using the physical interface connected to the same VLAN. Each interface is also configured with an IP address for the subnet associated with the particular VLAN to which it is connected. The router accomplishes the routing by having each of its physical interfaces connected to a unique VLAN. Legacy inter-VLAN routing requires routers to have multiple physical interfaces.