I currently have a Layer 2 switch configured with my inbound internet
connection on it. For this case, we will say it has an assigned ip
address of
192.168.0.2/30

I have a second switch which is Layer 3 which is connected to the L2
switch via 1000BaseT and will have an available ip pool of
192.168.9.1/24. How do I make the Layer 3 switch route all traffic to
the Layer 2 switch. I cannot connect the L3 switch directly to the
provider because of the lack of a Fiber module in the switch.

Thanks,

JJ

In article <1143604723.848258.36650@v46g2000cwv.googlegroups. com>,
Curious Joe <joebob.johnson@gmail.com> wrote:
>I currently have a Layer 2 switch configured with my inbound internet
>connection on it. For this case, we will say it has an assigned ip
>address of
>192.168.0.2/30

>I have a second switch which is Layer 3 which is connected to the L2
>switch via 1000BaseT and will have an available ip pool of
>192.168.9.1/24. How do I make the Layer 3 switch route all traffic to
>the Layer 2 switch. I cannot connect the L3 switch directly to the
>provider because of the lack of a Fiber module in the switch.

You cannot have the layer 3 switch "route" the traffic to the
layer 2 switch. The IP address of the layer 2 switch is strictly
for management purposes.

The ISP will have given you an IP address that your outgoing traffic is
to be routed to. Configure your layer 3 switch to route to that IP.
The layer 3 switch will ARP for that IP address, and the layer 2 switch
will pass on that ARP to all of its active ports [in the same VLAN] and
the layer 2 switch will convey the ARP reply back to the layer 3
switch. The layer 2 switch will be effectively transparent to the
layer 3 activity.

Just to ensure I understand you correctly.

ISP Router IP=38.99.211.1/30
L2 Switch IP=38.99.211.2/30
L3 Switch IP=38.101.8.129/25 & 38.101.8.1/24

I should set the default route in the L3 switch to 38.99.211.1 and do
nothing with the L2 switch?

In article <1143627319.884847.64860@u72g2000cwu.googlegroups. com>,
Curious Joe <joebob.johnson@gmail.com> wrote:

>Just to ensure I understand you correctly.

Please quote context. Few of us use googlegroups as our usenet
interface, so the previous messages are not "right there" for us
to refer to.


>ISP Router IP=38.99.211.1/30
>L2 Switch IP=38.99.211.2/30
>L3 Switch IP=38.101.8.129/25 & 38.101.8.1/24

>I should set the default route in the L3 switch to 38.99.211.1 and do
>nothing with the L2 switch?

Refreshing the context: your ISP router is connected via fibre
to your L2 switch, which is connected via copper to your L3 switch.

Your L3 configure is slightly puzzling. Do I deduce correctly
that your ISP routes all of 38.101.8/24 to you, and that you
then break half of that off, 38.101.8.128/25 for some purpose?
If so, then the slight puzzle is what you do with the other half.

Would I be correct in figuring that this is a completely new
connection which you have never had working before? I suspect that
because not many routers would allow you to configure overlapping
subnets for interfaces -- your 38.101.8.129/25 interface overlaps
your 38.101.8.1/24 interface. What was your intention about this?


As I am not sure exactly what you want to do, the below will not
be an absolute recipie: it's a recipie for what I think it is
most -likely- that you want to do.

1) Remove 38.101.8.129/25 from your L3 switch.
2) Remove the IP address from your L2 switch, leaving it unnumbered for
now.
3) Add the new interface 38.99.211.2/30 to your L3 switch.
4) Add a default route (0.0.0.0 0.0.0.0) with destination
38.99.211.1 to the interface created in step 3
5) connect the interface of step 3 to your L2 switch via a cable
6) connect the ISP fibre to the L2 fibre module

At this point, internet traffic should start working. But now you
need to take further steps in order to be able to manage to L2 switch.

Rather than my listing off the various L2 management possiblities, I will
ask another series of details which will allow me to determine which
approach to suggest:

- Do you have another L2 switch that is connected to your LAN,
distinct from the L2 switch that has the fibre module?

- Is your only L2 switch the one that has the fibre module, with
you having it do double-duty as your LAN switch and your
connection to the ISP?

- Where is your security layer? Which device is acting as your
network firewall, and where is it in this topology?

- Does your L3 switch support IEEE 802.1Q VLANs? Does it allow
you to create different interfaces (with different IPs) attached
to different VLANs on the same physical interface?

- Does the L2 switch that you mentioned support 802.1Q VLANs?

- What kind of security is available on the management of the L2 switch
that you mentioned? Can it be configured to only accept management
connections from a set of IP addresses? Can it be configured to
only accept SNMP from a set of IP addresses? Can it be configured
to only accept management from a particular interface?

- If the L2 switch has essentially no security itself, then to
what extent do you need to be able to manage it? Do you need to
run MRTG or Optiview or something like that to pull statistics from
it and/or control it, or would it be acceptable to do all
configuration and information work through its serial port?

Walter,

I appreciate the immensly. I am currently only allocated the
second half of the 38.101.8 network. I have 129+. I have the entire
/24 on the 38.101.9 network. Based on your suggestions above, I have
configured a VLAN20 on the interface that connects from the L3 to L2
and assigned it an ip 38.99.211.2/30. I have removed all IP addresses
from L2. I have also set a default route on my L3 to 38.99.211.1. I
can now connect to the internet from the L3. As far as L2, I do not
need anything from it. I only have it in the system because it
afforded me a fairly inexpensive fiber module. So Port 26 is the fibre
connection and Port 25 is the copper to L3. I can do all of my
monitoring and MRTG on L3. With that said, I think the configuration
that you suggested will work for me.

Thanks again for your ,

JJ