VLAN routing

[matt.standing]

I have two AVAYA ERS 4526GTX-PWR switches on two network sites that connected via fibre in a flat class C network.
The network has now grown sufficient to warrant routing between both sites and adding an additional DHCP server on the second site to service IP addressing.

I have 2 VLANS, VLAN10 for data and VLAN100 for VOIP. My question is how configure routing between the switches. From a little investigation on various forums I need to assign each vlan an IP address and then add the ip route command within each vlan.

When it comes to configure the vlans in the second site can I use the same vlans as on the first site or would I need to use different vlan numbers?

Thank you in advance.
Matt

[Telair]

Yes, you have the right idea.  First thing to do would be to turn on the routing engine.  Then each VLAN that needs to route needs an IP address associated with it.  Probably set DHCP forwarding for each VLAN as well to point to your DHCP server.  And make sure you are using newer code that fixed the DHCP forwarding bugs.  Then just define a new VLAN that exists between just between the sites and give each side an IP address on that VLAN.  I like to use .1 and .10 on interconnection networks and make the subnet in the 172.16.x.x subnet so if you traceroute it is obviously moving over a WAN link.  On small networks I like to use RIP-2 for routing instead of static routing, but it's up to you.  Each router/switch will know about it's directly connected subnets, it's just a matter of either turning on RIP-2 on the networks or adding static routes for the subnets at the other site and pointing them across the WAN.  Don't forget to add a default route or have a device advertising the default.

And yes, you can use VLAN 10 and VLAN 100 at each site as long as they have unique IP addresses associated with them.  So at site #1 you have VLAN 10 w/192.168.10.1/24 and VLAN 100 w/192.168.100.1/24.  At site #2 you have VLAN 10 w/192.168.11.1/24 and VLAN 100 w/192.168.101.1/24

[matt.standing]

Thank you Telair. It's refreshing to get a reply that is exactly the advice that is needed and simple to understand.

Kind regards,
Matt

[matt.standing]

So, I have had a read through the reply and constructed a couple of configs for the L3 switches at each end. I have an additional VLAN on both sides (11) for restricted visitor network access.
I have introduced a transport VLAN (2) between the two switches as suggested and enabled RIP. The two configs are attached, have I interpreted the advice correctly?


I need to find away to restrict VLAN 11 to route only to VLAN 11 between sites as this is a dedicated visitor network that can not touch any other network. I have read about access lists with CISCO switches but am not sure of the terminology with AVAYA ERS, am I getting warm with this?

As always, thanks in advance for any suggestions.

Matt

[matt.standing]

UPDATE:

I hope somebody can spot what I have missed out! I am trying to split an existing flat class c into 6 separate subnets:

Existing network:

192.168.1.0/24

New networks:

Site 1:

Has 1 Cisco 2960s core switch where the majority of network resources are connected.This is connected to an Avaya ERS 4526GTX-PWR.

192.168.1.0.24 for corporate PCs (VLAN 10 - 192.168.1.6)
192.168.2.0/24 for visitor network (VLAN 11 - 192.168.2.2)
10.0.1.0/24 for VOIP handsets (VLAN 100 - 10.0.1.1)

   
Site 2:

Has 1 Avaya ERS 4526GTX-PWR.

192.168.10.0/24 for corporate PC's (VLAN 10 - 192.168.10.2)
192.168.20.0/24 for visitor network (VLAN 11 - 192.168.20.1)
10.0.2.0/24 for VOIP handsets (VLAN 100 - 10.0.2.1)

The sites are connected via a fibre connection. The connecting ports on each AVAYA switch are members of the same transport VLAN, VLAN 172. Site one's VLAN 172 interface is 172.16.1.1/24 and site two's VLAN 172 interface is 172.16.1.2.

Routing and RIP (I have tried static routes but get the same results) is enabled on both AVAYA switches but I am having issues traversing VLANs. I can ping the interfaces of the VLANs each reciprocal site but can't ping any resources. I have attached a diagram that will hopefully help and some simplified configs.

I guessing that it may have something to do with tagging, if I set my PC up as a corporate pc on site 1 I can ping the VOIP VLAN but if I set my PC up with a VOIP IP address I can't ping resources on the corp VLAN.

I know I am close but just need some advice on the final part.