This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.Inter Vlan /Routing
This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
@AshleyNL, the problem I see in this config is that you let DHCP assign the IP (192.168.2.122 in your example) to the VIF for VLAN 10.
How can you assure that the clients in VLAN 10 use the correct default gateway if the DHCP server assigns another IP to the switch's VIF, e.g. due to a reboot of the router after a power failure?
Please always use static IPs, do NOT use DHCP for switches or other routing gear. You wouldn't use DHCP for your router IP, would you? 
Unfortunately I have no T2600G, but only T1600G as a core switch, but regarding Inter-VLAN routing it is pretty similar.
I did configure a testbed; simplified topology is as follows:
- My laptop is in VLAN 2, connected to the Office switch (TL-SG2008), which in turn is connected to the core switch port 1/0/1.
- A router is in VLAN 10, connected to the PoE switch (T1500G-10PS), which in turn is connected to the core switch port 1/0/2.
- An OC200 EAP controller resides in VLAN 2, connected to the PoE switch.
The Interface config in T1600G-28TS is as follows (I use .250 for switches just to be consistent):
Routing table:
Static IP config of my laptop:
Ping from laptop 192.168.1.7 to the switch VIFs 192.168.1.250, 192.168.2.250 and 192.168.30.250 as well as to the router 192.168.2.254 works:
$ ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=3.650 ms
^C
--- 192.168.1.254 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.650/3.650/3.650/0.000 ms
$
Of course, ping from the router 192.168.2.254 to my laptop 192.168.1.7 works, too:
router # ping 192.168.1.7
PING 192.168.1.7 (192.168.1.7): 56 data bytes
64 bytes from 192.168.1.7: seq=0 ttl=64 time=0.582 ms
64 bytes from 192.168.1.7: seq=1 ttl=64 time=0.448 ms
^C
--- 192.168.1.7 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.448/0.515/0.582 ms
router #
What doesn't work (IMO b/c the Office and PoE smart switches can't do Inter-VLAN routing itself):
- Ping from the router VLAN 10/192.168.2.254 to the OC200 VLAN2/192.168.1.46, both connected to the same PoE switch,
- Ping from laptop VLAN 2/192.168.1.7 to the router VLAN 10/192.168.2.254 if the laptop is connected to the PoE switch directly.
Thus, if I don't made an error in the testbed's setup, this means that tagged traffic with VID 2 arriving on core switch port 1/0/2 from the PoE switch won't get routed to VLAN 10 back over the same port to the PoE switch. In my experience, it will be forwarded only to VLAN 10 over other ports including port 1/0/1 to the Office switch. This differs from Inter-VLAN routing done on a true router, which can route traffic from one VLAN to another one over the same physical port/different virtual ports.
I'm not sure whether this behavior of T1600G is intentional or whether it is a bug in the firmware. Maybe, more experienced users can comment on this.
What I can't test at the moment is the default gateway (the static default route from the core switch to the router) b/c the core switch is currently in use here for much more devices as shown in the test setup.
Usually I use a router-on-a-stick topology for Inter-VLAN routing, but only reason I do so is that T1600G V1 doesn't have a built-in DHCP server (V3 does, but V1 not), so I need the router's DHCP server anyway. If I would have a T2600G or a T1600G V3, I would only route traffic destined for the Internet to the router over a transit VLAN as suggested in post #8, thus not placing the router in any VLAN used by other clients and not using the router's DHCP service at all. But that's just my preference, YMMV.
I suggest to set up and test routing first, then set up and test the switch's default gateway, then configure the switch's DHCP servers, then check Internet connectivity last, always step-by-step.
Hope this helps you.