• November 26, 2020, 08:30:42 AM
Welcome, Guest. Please login or register. Registration is free.
Did you miss your activation email?

Author Topic: Design principles for link between router and switch  (Read 2412 times)

0 Members and 1 Guest are viewing this topic.

Offline amr45

  • Rookie
  • **
  • Posts: 3
Design principles for link between router and switch
« on: August 18, 2015, 02:47:03 PM »
Hi,

I am new to the forums and Nortel switching. I come from the Cisco camp, and I have some questions about fundamental design principles with Nortel switching.

What I am wondering about is how to correctly design and configure a link from a Nortel Ethernet routing switch to a router/firewall. The general way to do this in a Cisco environment would be to set the port on the switch as “routed interface” (an L3 port with an IP address) and set an IP address (on the same subnet) on the port on the router. You would then configure a default route on the switch pointing to the router, and on the router you would setup static routes to each subnet/VLAN on the switch. The advantage to this type of design is that the switch handles routing between subnets/VLANs (instead of the router handling routing between subnets/VLANs, aka router-on-a-stick); configuration complexity is minimized; and convergence times are significantly reduced or eliminated (no STP convergence delays and no delays from dynamic trunking or link aggregation convergence). It seems that the idea of a “routed port” (the no switchport command) is exclusively a Cisco concept.

In practice I have setup a Baystack with a few VLANs and SVI’s (IP addresses for each VLAN), a trunk port going to my firewall, and a default route to one of the VLAN interfaces on my firewall. The inside interface of my firewall is set to “VLAN” mode and I have IP addresses configured on the firewall for each VLAN. I also have static routes configured on the firewall to each subnet/VLAN on my switch. This configuration seems to work as long as hosts are set with a default gateway of the VLAN interface of the firewall. So this is in essence router-on-a-stick, because the firewall is doing all of the routing between VLANs at that point.

Is there a way to setup the switch so that it is handling all of the routing between VLANs and the router it merely acting as a gateway to the Internet? Or is there another way that is considered “best practice”?

Thanks for the help in advance.


Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: Design principles for link between router and switch
« Reply #1 on: August 18, 2015, 03:16:16 PM »
Hi there amr45.

Yeah, on Nortel/Avaya switches it is the VLAN's that are assigned the IP addresses.  Then the VLAN's are added to the ports.  Of course you could have a VLAN on just one port which would be the same as setting a single port to route.

The simple way to have the switch do the inter-VLAN routing is simply to turn on the routing engine and put IP addresses on the VLAN's on the switch.  Any VLAN that is local to the switch with an IP address it will know how to route to.  The issue is sending to the Internet.  That requires a default route.  Create another VLAN and make the switch something like 192.168.100.10 and the Internet router 192.168.100.1.  Set a default route of 0.0.0.0/0 on the switch and point it to 192.168.100.1 as the next hop.  So if a packet hits the switch going to say 67.88.90.3, well that's not a local subnet so the switch sends it on to the default gateway to be processed and fired out to the Internet.  Of course you need to put the static routes on the Internet router to go back to 192.168.100.10 for any of the subnets on the switch. 

Or just use the RIP-2 routing protocol on the switch and Internet router as RIP doesn't require a license to use.  Enable RIP-2 on all the VLAN's on the switch and disable them sending or receiving except for the VLAN that connects the switch to the Internet router.  Turn on RIP-2 on the Internet router and broadcast the default route.  Now everything knows how to get everywhere else.
« Last Edit: August 18, 2015, 03:18:22 PM by Telair »

Offline amr45

  • Rookie
  • **
  • Posts: 3
Re: Design principles for link between router and switch
« Reply #2 on: August 19, 2015, 10:30:10 AM »
Hi Telair,

Thanks for the reply.

I'm pretty sure I'm following you, but to be sure I have a basic example below of how I think what you described above would be accomplished. So let's say I'm going to configure port 24 on my ERS as the link to the router (router IP set to 192.168.60.1).

 vlan create 60 name "RTR-Uplink" type port
 vlan members remove 1 24
 vlan members add 60 24
 vlan port 24 tagging unTagAll
 interface vlan 60
 ip address 192.168.60.2 255.255.255.252 2
 ip route 0.0.0.0 0.0.0.0 192.168.60.1 1

Would that be the correct way to setup the switch? Are there any other best practices for this scenario (i.e. disable STP and LLDP, etc).

Really appreciate the help.

Offline Telair

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 965
Re: Design principles for link between router and switch
« Reply #3 on: August 19, 2015, 11:40:19 AM »
Since you can't loop the port you might as well shutdown STP on that port.  LLDP doesn't hurt anything so I tend to leave it on.  Oh, don't forget to set DHCP helper addresses on the other VLAN's that need to route to get DHCP addresses.  Otherwise that looks to be about right.  Make sure to use up-to-date code on your switch as there were some known issues with DHCP relay in older code across a number of switch models.

Offline amr45

  • Rookie
  • **
  • Posts: 3
Re: Design principles for link between router and switch
« Reply #4 on: August 20, 2015, 10:14:26 AM »
Good to know. I feel confident in my design/configuration now. Thanks so much for your help!