Hey all, wondering if anyone can help. I am experimenting with a layer 3 manageable 48 port switch. Ive created 40 vlans. the first 40 ports on the switch are their own Vlan with ip addresses 192.168.1.1, 192.168.2.1 192.168.3.1 and so on. Their is a firewall which has a fixed ip of 192.168.100.254 Basically I need all traffic to be forwarded to 192.168.100.254 which is the firewall, which is then connected to the outside internet. Ive been having problems setting up the routing tables and what not to get this working though. Can anybody offer some help? Thanx

What are you using to handle the routing? What type of swtich is this? Is the firewall in a VLAN? What is doing your NAT with regard to external (internet) access? What you're doing by first creating 40 VLAN's and then applying them to 40 ports (one each) is creating a whole lot of extra work for youself. Had it been me, I would have created two VLAN's, applied them to two separate ports (one each) and then got it working knowing that if I solved the routing for the two VLAN's, I'd have it solved for any number of VLAN's.....

It is a Netgear layer 3 switch, fraid I dont have the model number I shall get it tomorow for reference. The firewall is in a Vlan itself also, with the ip 192.168.100.254 The firewall will be handling the Nat, basically all traffic from the switch needs to go through the firewall to get to the outside internet. Apologies as im not too knowledgable when it comes to routing. The switches config page handles the routing, you can add default and static routes but ive been having problems getting it to work. My understanding is that any device on the 192.168.1.0 subnet for example needs to have its gateway as 192.168.1.1 which is the ip of the port that it is connected to, i would then obviously have to add paths for each subnet; 192.168.2.0 3.0 4.0 etc etc. Ive tried adding a routing path from 192.168.1.0 to 192.168.1.1 but with no luck (Think i received an error message from the switch config) Any help is appreciated. Thanks.

I suspected you were using the switch to do the routing....it's a layer 3 switch after all. The layer 3 switches we use where I work are capable of doing all the aspects of VLAN'ing including the routing. However, most of ours is done by routers and our core switches. I'm not familiar with netgear equipment. It's not necessary for me to know your equipment as long as they behave in a similar fashion, and they should. I asked mainly because if it was one I was familiar with, it would make it easier to help. We have a "management VLAN" in our network that all switches are on. All switches are assigned and IP on the management VLAN as their IP address. They communicate with each other, and pass all traffic around on that VLAN. I suspect a part of the problem is, you have multiple VLAN's configured on a single switch, with each port as a gateway (correct me if I'm wrong) and the client is plugged into the port. This adds to the complexity of the setup of the single switch and to be honest, I've never tried anything like this. Luckily, I have all the equipment I need to lab different scenarios here at work. I even have one linux and one UNIX based PC sitting in my office to use for routing as well as a Cisco 2600 and a 2800 router and all the switches I need. It would be a LOT simpler if you had two or more switches to work with. To be honest, I've never tried to do anything like this with a single switch. I realize this hasn't been a lot of help to you and I apologize, again, I've never tried to do this on a single switch. If I were to try, I would start very small, with three VLAN's at the most, a management and two others. If you can get traffic to pass from the two client VLAN's to the management VLAN, you're pretty much done right. But you still require gateways for each VLAN and that's what stumps me. How to make multiple gateways on a single switch to support multiple VLAN's. If I get some time today, I'll talk to my coworker and my boss and grab a layer 3 switch and see if I can't make it work and report back. But I warn you, don't hold your breath, we're in the middle of 3 projects right now and I don't have a lot of free time. With a bit of luck, somebody who has done a similar setup on a single switch will post on this string with some better help for you. I would definately scale your setup back and start with a minimal setup. Once you can get it working for 2 or 3 VLAN's it will be no problem to add the rest.

Don't know how many users you have but if you use a /24 mask on the subnet that will give 252 usuable host addresses per subnet . Each vlan will have a subnet assigned such as 192.168.1.0/24 and that can be say vlan 1 . If you only have 48 ports you don't need more than a couple of vlans at most , 1 for the users and maybe 1 for the connection to the internet . Don't know how netgears work but on cisco boxes if the subnets are defined and ip routin is on it knows about all connected subnets and all you would have to do is set a default static route pointing to the far end address of your internet connection .

Thankyou very much for the replies and the help. Just an update, I have been trying to configure these VLans and the routing for them for the past couple days with no luck, and I have decided not to use them. Instead i have simply assigned an ip address to each port 192.168.1.1 192.168.2.1 192.168.3.1 and so on, all the way to 42. Port 48 however is 192.168.100.1 and this has a watchguard firewall attachted to it. So far its working fine, and the other ports have internet access, however i need to block the ports from talking to each other except for port 48 with the watchguard firewall. So today i set up some ACL's (access control lists) that only permitted traffic from 192.168.1.0 to 192.168.100.0 this is working fine and only the port and the firewall port can talk to each other, however I loose internet access by doing this :( Im not too sure as to what I should try next to resolve this. Any help is much appreciated.