Wired Intelligent Edge

Thanks to this community, I've now got my test network set up and have my vlans obtaining ip addresses from the correct scopes on my dhcp server.  My next step is to understand how to get inter vlan routing working on my HP 6108 l3 switch.  How do I go about enabling this and configuring any ACLS?

Thanks,

Michael

The 6108 will route between all connected networks.

If you give a VLAN interface an IP address, then the switch will become "connected" to the subnet that IP address belongs to.

As far as Access Lists go, the 6108 manual doesn't mention access lists (neither the Management and Configuration Guide nor the Advanced Traffic Management Guide). This doesn't mean it doesn't support them, you should check on the CLI to see if you have access lists available.

Having said that, access lists are not really a valid security mechanism - if you have two VLANs that are in different security zones, then you should ensure the switch is not routing for those VLAN's subnets and the subnets are trunked to a security device that can do proper security.

Ah, OK, so I should connect the VLAN trunk to our firewall and then restrict access that way?

IP routing is enabled but I can't ping the other PCs on the other VLANS.  Do I need to setup static routes or should the switch just take care of it?

All of the devices on your test network should point to their respective switch IPs as their default gateway. Verify with "ipconfig/all" and "route print" on windows. Also, disable the windows firewall, or at least enable the firewall rules to permit ICMP.

Dumb question but how do you set your router for example a netgear WNDR4500 router to point to the switche's IP as the gateway?

Eric meant all the network hosts should have their default gateway set to point to the layer-3 switch.

The router is a different thing. The router needs a route which identifies your internal subnet, and sends traffic for that subnet to the Layer3 switch.

All this is very easy to understand and plan if you start with a diagram:

 - draw a "cloud" representing each subnet you want to use: eg, 1 cloud for PCs, 1 cloud for servers, 1 cloud for voip handsets.

 - Now you need to give each cloud a "router" so that devices within the subnet have a means to communicate with devices in different clouds. The hosts call this router their "default gateway". Each cloud for hosts should have ONE router. Ideally, all the clouds thus meet up on your Layer3 switch. Your Layer3 switch is therefore "connected" to all these subnets can can route between them.

 - Now you need to worry about the routing you need between all your clouds and other places, eg, the Internet: eg, put a default route on the Layer3 switch pointing at your Netgear. For traffic to get back, you also need routes on your netgear pointing at the Layer3 switch for each of the subnets that exist on the Layer3 switch.

 - The connection between the Netgear and the Layer3 switch is a "cloud"/subnet consisting of just two addresses: one on the Netgear and one on the Layer3 switch. This point-to-point subnet should not have any hosts in it.