Configuring the Switch (Router)
DISCLAIMER! This document is nothing more than the musings of the author as he attempts to perform the stated tasks. Conclusions and approaches
may very well be incorrect, inefficient, or otherwise outside of professionally accepted best practices. Use this document at your own risk! In this
document, screen outputs will be presented in green. Where keyboard input is required, the prompt will be in bolded red. # means you should be at the
super user prompt, $ means you should be at an unprivileged user prompt. Do not include these prompts in your input! The command to be typed will be
shown in blue.
# ls -al
means you type ls -al at the super user prompt.
Ok, so it isn't a router, rather a layer 3 switch. It just sounds better calling it a router because that is exactly what it is going to do in our network.Before we begin, I want to give a shout out to Shamikka Fenstermaker. She is our network administrator and took the time out of her busy schedule what with taking care of her family, working AND getting her Master's Degree to assist me in configuring my switch.
I also used the following document from CISCO regarding configuring vlans on a 3550 switch: http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml
The switch configuration is quite simple. We define virtual lans (VLANS), assign an IP address to them, assign a vlan to a port and connect our device. It is very simple except the devil is in the details!
This document is not attempting to teach you how to configure a switch which requires more instruction than we can provide in this document. We will just describe our interfaces and vlans and the configuration we need on individual computer systems to make it all work.
The first thing I needed to do was configure my external router to my ISP to handle the routes I needed. By default, it only routed 192.168.1.x back to me. I needed it to route 192.168.x.x internally, so I used the ADVANCED ROUTING tab on my Linksys RT31p2 as follows:
The purpose of the above is to route any traffic destined to the 192.168.x.x network to the gateway at 192.168.1.10.
Here is the snippet from my layer 3 switch config that makes it all work. We will only show the relevant parts as showing 23 unused ports and multiple examples of the vlan config is redundant. I also enabled ssh, set up AAA, etc. I'm not including those details here as it is beyond the scope of this document.
# sho run
!
ip subnet-zero
ip routing
!
interface FastEthernet0/1
no switchport
ip address 192.168.1.10 255.255.255.0
!
interface FastEthernet0/23
switchport access vlan 115
switchport mode dynamic desirable
!
interface Vlan115
ip address 192.168.15.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.1
The important things to learn in the layer 3 switch config are:
You need ip routing
Your outbound interface (in our case, FastEthernet0/1, needs the 'no switchport' and is set to an ip address/netmask inside of our parent network (192.168.1.x)
Our ip route is global and points to the network address of our external router.
I did not have to modify anything on the local systems in the 192.168.1.x network. The change was on the boundary router (from me to my isp) and properly configuring the layer 3 device.
You need ip routing
Your outbound interface (in our case, FastEthernet0/1, needs the 'no switchport' and is set to an ip address/netmask inside of our parent network (192.168.1.x)
Our ip route is global and points to the network address of our external router.
I did not have to modify anything on the local systems in the 192.168.1.x network. The change was on the boundary router (from me to my isp) and properly configuring the layer 3 device.
On my local Debian box, I have two ethernet adapters. Eth0 is pointed to my commercial isp, and eth1 is pointed to my consumer isp. I had to adjust the routing on this box only, so that I could work on the network while still allowing my connection to the commercial isp. Here is my /etc/network/interfaces file for that box (commercial isp information is masked).
auto lo
iface lo inet loopback
# The primary network interface
auto eth0
allow-hotplug eth0
iface eth0 inet static
address xx.xx.xx.140
netmask 255.255.255.248
network xx.xx.xx.136
broadcast xx.xx.xx.143
up route add default gw xx.xx.xx.137
down route del default gw xx.xx.xx.137
auto eth1
iface eth1 inet static
address 192.168.1.101
netmask 255.255.240.0
network 192.168.0.0
broadcast 192.168.15.255
up route add -net 192.168.0.0 gw 192.168.1.1 netmask 255.255.240.0
down route del -net 192.168.0.0 gw 192.168.1.1 netmask 255.255.240.0