17
edits
Changes
Created page with " ==Summary== In this example, we will show how to manage VLAN-to-VLAN communication while only using a manageable TSW device. A switch, by default, operates at Layer 2 of the..."
==Summary==
In this example, we will show how to manage VLAN-to-VLAN communication while only using a manageable TSW device. A switch, by default, operates at Layer 2 of the OSI model, which means it forwards data frames based on MAC addresses within a single broadcast domain. VLANs (Virtual LANs) allow for the logical segmentation of this broadcast domain, creating separate broadcast groups to enhance security and manage network traffic more effectively.
However, devices in different VLANs cannot communicate directly. This is where interVLAN routing is required. InterVLAN routing allows devices in different VLANs to exchange data packets by forwarding them through a Layer 3 device, usually a router or like in this case a layer 2 switch with some of the layer 3 functionalities.
==Setting up VLANs==
In this example, we will be setting up Tag-Based VLANs. This method lets us assign different VLANs to a single switch port, giving us more flexibility with our network layout.
===Tag based VLAN setup===
To create a VLAN follow all the steps below:<br>
*Access your device via ''WebUI'' by typing your switch private IP in your browser.<br>
*Next, navigate to '''Network → VLAN''' <br>
*Now you will need to create 2 new VLAN’s by entering VLAN name (for example: ''VLAN2'' and ''VLAN3'') and clicking [[File:Add_Button.png#filelinks|40x70px]] <br>
*Press “Edit” button on your newly created VLAN instance.<br>
*Assign your VLAN ID to your preferred port (I have used port 2 for this example)<br>
[[File:Network intervlan tsw212 VLAN Creation.png|border|class=tlt|900x800px]]
===Creating VLAN interfaces===
Navigate to '''Network → Interfaces'''<br>
Add a new instance, by entering your preferred name and pressing the [[File:Add_Button.png#filelinks|40x70px]] button.<br>
A new window for your interface configuration will pop up:<br>
#Make sure you enable you interface.<br>
#For a protocol select – ''Static''.<br>
#Select the VLAN you are making your interface for.<br>
#Enter the IPV4 address of your choice (IP addresses of your VLAN subnets have to be different).<br>
#Enter your preferred subnet mask for your IPV4 address (for example: if you have subnet 192.168.20.0 enter subnet mask 255.255.255.0).<br>
[[File:Network intervlans tsw212 Interface Creation VLAN2.png|border|class=tlt-border|700x700px]]
==Setting up DHCP servers==
To set up DHCP servers for your created VLANs head to '''Network -> DHCP''' and add new instance by selecting your created ''VLAN interfaces'' and clicking [[File:Add_Button.png#filelinks|40x70px]] button.
[[File:Network_intervlan_tsw212_DHCP_Creation.png|border|class=tlt-border]]
In the pop up window make sure '''DHCPv4''' - ''enabled'' and '''DHCPv4''' mode is selected as ''Server''.
[[File:Network intervlan tsw212 DHCP Instancev2.png|border|class=tlt-border]]
==Static Routes==
Static routes have to be set for subnets to allow communication between the VLANs.<br>
*Head to the '''Network → Static Routes''' and create static routes for your ''VLAN subnets''.<br>
*Select ''interface'' – Your created VLAN interface (for example ''VLAN3('''1''')'';''VLAN2('''2''')'').<br>
*Enter the ''target IP address'' and ''netmask'' (the address of your VLAN subnet that you are trying to reach)<br>
*Enter ''IPV4-Gateway'' (the IP address of your VLAN interface which is used for leaving its network).<br>
Once the static routes are created click on '''Save & Apply'''.<br>
[[File:Network intervlan tsw212 static routesv3.png|border|class=tlt-border]]<br>
<table class="nd-mantable">
<tr>
<th>Field</th>
<th>Value</th>
<th>Description</th>
</tr>
<tr>
<td>Interface</td>
<td>static | dhcp | dhcp6; default: <b>static</b></td>
<td>The zone where the target network resides. </td>
</tr>
<tr>
<td>Target<span class="asterisk">*</span></td>
<td>ip4; default: <b>none</b></td>
<td>Destination network address.</td>
</tr>
<tr>
<td>IPv4-Netmask<span class="asterisk">*</span></td>
<td>netmask; default: <b>none</b></td>
<td>A netmask is used to divide an IP address into sub-networks (subnets). Combined together, the 'Netmask' and 'Target' values define the exact destination network or IP address to which this route applies.</td>
</tr>
<tr>
<td>IPv4-Gateway</td>
<td>ip4; default: <b>none</b></td>
<td>A gateway can be any machine in a network that is capable of serving as an access point to another network. Traffic that matches this route will be directed over the IP address specified in this field.</td>
</tr>
<tr>
<td>MTU</td>
<td>integer [68..9200]; default: <b>1500</b></td>
<td>Sets the maximum transmission unit (MTU) size. It is the largest size of a protocol data unit (PDU) that can be transmitted in a single network layer transaction.</td>
</tr>
<tr>
<td>Route Type</td>
<td>unicast | local | broadcast | multicast | unreachable | prohibit | backhole | anycast | -- custom -- ; default: <b>unicast</b></td>
<td>Selects route type. Each type specifies a different behavior for the route:
<ul>
<li><b>unicast</b> - most common type of route, simply describes a path to a destination.</li>
<li><b>local</b> - routes of this type are added to the 'local' routing table and used only for locally hosted IPs.</li>
<li><b>broadcast</b> - routes of this type are added to the 'local' routing table and used by link layer devices that support the broadcast address principle.</li>
<li><b>multicast</b> - used for distribution of multicast traffic.</li>
<li><b>unreachable</b> - sends an ICMP "unreachable" response to the source address when a request for a routing decision returns a "destination with an unreachable route type" message.</li>
<li><b>prohibit</b> - used to prohibit traffic to specified host or network. When a destination is prohibited, the kernel sends a 'Network is unreachable' response the source address.</li>
<li><b>blackhole</b> - packets that match this type of route are discarded without any response.</li>
<li><b>anycast</b> - provides a possibility to route incoming requests to multiple different network locations.</li>
<li><b>-- custom --</b> - does not use any of the predefined route types.</li>
</ul>
</td>
</tr>
</table>
==Testing InterVLAN routing==
Once the VLANs and static routes are set up, we can test the communication between VLANs by pinging end devices from different VLANs.
[[File:Network intervlan tsw212 test.png|border|class=tlt-border|500x700px]]