Comware

 View Only
last person joined: 2 days ago 

Expand all | Collapse all

InterVLAN routing with DHCP on layer 3 switch

This thread has been viewed 16 times
  • 1.  InterVLAN routing with DHCP on layer 3 switch

    Posted Feb 28, 2022 12:56 AM
    I'm trying to setup InterVLAN routing on a Layer 3 switch (HP1920) with DHCP behind my pfSense box.

    My setup is following:

    pfSense with VLAN30 + VLAN40
    VLAN30 - 10.10.30.1/24 - Gateway:10.10.30.2
    VLAN40 - 10.10.40.1/24 - Gateway:10.10.40.2
    =>connected to HP-switch through a trunk port which obtains 10.10.30.2(VLAN30) and 10.10.40.2(VLAN40) as IP-addresse for those 2 VLAN-interfaces.

    Clients connected to the HP Switch and obtained IP through DHCP:
    Client1 on VLAN30 - 10.10.30.10
    Client2 on VLAN40 - 10.10.40.10

    The routing table on the HP-switch is following:
    10.10.30.0 255.255.255.0 Direct 0 10.10.30.2 Vlan-interface30
    10.10.40.0 255.255.255.0 Direct 0 10.10.40.2 Vlan-interface40


    The goal is to use the Layer3 switch to route VLAN30 and VLAN40 without pfSense.

    I did manage to accomplish this by manually setting up the IP-addresses on the clients to
    10.10.30.10/24 GW:10.10.30.2 (Address of VLAN30 interface on the HP swith manually added in pfSense) and
    10.10.40.10/24 GW:10.10.40.2 (Address of VLAN40 interface on the HP swith manually added in pfSense)


    The problem is, that when I enable DHCP, the correct IP-addresses are obtained, but the gateway is set to 10.10.30.1 on all VLAN-interfaces on the switch!
    So, the routing is obviously done by pfSense.

    I seem to miss some basics in either pfSense or HP switch, so what am I doing wrong ?

    pfSense is acting as DHCP-server, do I need to do DHCP-relay on the HP switch in order it for work properly ?

    P.S. Do I need to do any additional static routing on HP switch as it seems it's already routing the correct networks ?

    ------------------------------
    xx xx
    ------------------------------


  • 2.  RE: InterVLAN routing with DHCP on layer 3 switch

    EMPLOYEE
    Posted Feb 28, 2022 01:13 AM
    I am not an pfsense expert, but since that device is your DHCP server, check this doc - https://docs.netgate.com/pfsense/en/latest/services/dhcp/ipv4.html Your firewall probably is configured as DHCP server in VLAN 30 and 40. Each DHCP Server instance in respective VLAN defines the range of IP addresses assigned to clients as well as options like DNS servers, gateway etc. You need to set 'Gateway' IP addressses in each pool to be IP of 1920 in respective VLAN in order to inform your clients which device to use as default gateway.

    Found one article with screenshots of pfsense interface - https://subscription.packtpub.com/book/networking_and_servers/9781789532975/1/ch01lvl1sec12/configuring-pfsense-as-a-dhcp-server , check the step 2, that is the page with Gateway option. Change it for VLAN 30 to '10.10.30.2' and for VLAN 40 to '10.10.40.2' then release and renew IP addresses on client hosts. Check if they got new gateway and verify if this time routing works as you want.

    ------------------------------
    Ivan Bondar
    ------------------------------



  • 3.  RE: InterVLAN routing with DHCP on layer 3 switch

    Posted Mar 03, 2022 09:32 PM

    Thanx for the effort of locating and pointing to the right section of pfsense documentation , Ivan - that particular issue is working now! 

    However, I'm not entirely sure how the VLAN-routing in HP-switches or this particular switch is implemented - are IP-routes between all VLANs automatically created upon "connection" aka creation, as it seems so ? 

    • In that case, how would one actually segment network by VLANs cause, as I understand, hosts on different VLANs (in theory) are per default denied any communication outside their VLAN (and broadcast domain) ? 
      How would fx I accomplish following use case ?
       - VLANx has access to Internet, but no other VLANs
      - VLANy has no access to Internet, but has access to VLANz
      - VLANz has access to Internet and to VLANy

      Additionally, while waiting for approval here, I posted at the pfSense forum and received following general network topology recommendation mentioning term called transit network:


    Apparently, it's not recommended to have any hosts on this so-called transit network, which is in my case would be the link between pfsense (acting as a an external router and fw + DHCP/DNS and else).  I still don't get the point of it, and esp. whether this concept is related to general networking of pfSense only.
    Do you recognize this topology recomendation or have any comments on it ?


    ------------------------------
    xx xx
    ------------------------------



  • 4.  RE: InterVLAN routing with DHCP on layer 3 switch

    Posted Mar 11, 2022 04:32 PM
    Up

    ------------------------------
    xx xx
    ------------------------------