Menu
What's new
By:
Filters Better Search

Elimating redirects/hairpining by using L3 switch as gateway?

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

B

bassplayerchris

Occasional Visitor
Hi -

I have the following topology:

jDULlXl.png


Two networks, with the wired span hanging off a Cisco SG300, cable router running OpenWRT and DHCP and a separate Wireless LAN (routed so that I can control traffic flow between wired lan and wireless devices). On the wired side the router has a route for the 192.168.2.0/24 network that points to the WAN port of the wireless (192.168.1.3)

The problem is that traffic from the wired side to the wireless side tends to hairpin through the router (192.168.1.1) because that is what the wired clients receive as their default gateway.

I was playing around with the L3 routing on the SG300and it occurred to me that the functionality wouldn't work in the general sense unless it was possible to point at the cisco as the gateway for the various networks it knows of.

So I've tried getting the DHCP server to serve up the SG300s IP as the 'default gateway' and all seems to be good apart from adding a few ms of latency. My question is whether there is a better way of doing this? The only alternates I can think of is having the DHCP server push out static routes (which not every wired client accepts), or to use ICMP redirects (which by default Linux - running on the servers - suppresses)
 
If you are going to use the Cisco SG300 switch in L3 mode it will need to be the gateway for all local LAN traffic. The router will end up being the default gateway for the L3 switch for all unknown traffic which is going on the internet.

You need to move DHCP to the L3 switch. Turn off DHCP on the router. Connect the router to the L3 switch on a created VLAN say 10. Add 1 access port to VLAN10, plug the router into the L3 switch on VLAN10. Add an IP address 192.168.10.1/30 to the router. Add the IP 192.168.10.2/30 to the L3 switch. Set routing statements on the router to point to 192.168.10.2 for all you local LANs on the switch. The router should have no VLAN networks defined to it which will force the L3 switch to do the routing for all the local LANs. Set the default gateway on the L3 switch to point to 192.168.10.1(router) for all unknow traffic. This will allow the router to route all your local traffic to the internet and back.

If you look back in my threads I wrote about my setup to do this on a SG300 L3 switch a few years ago. I first set it up using the management VLAN but then wrote a second thread to move the router over to it's own VLAN. I prefer the router running in it's own VLAN.

Reading what you are doing does not sound right to me. Use my method. It works. What I wrote above was to setup the interaction between router and L3 switch. You still need to create VLANs with IP networks for each VLAN for your local networks.

My wireless is setup this way where I have assigned a SSID for my guess network and a SSID for my regular network. To do this you create trunk ports on the on L3 switch and connect your wireless APs. The correct DHCP IP address will be handed out for each wireless SSID.
 
Last edited:
coxhaus said:
Reading what you are doing does not sound right to me. Use my method. It works. What I wrote above was to setup the interaction between router and L3 switch. You still need to create VLANs with IP networks for each VLAN for your local networks.
Click to expand...

Okay - so essentially you suggest that I create a separate network for the router using VLAN separation - which I can understand, as it will make it functionally cleaner.

I don't see why I need to move DHCP though - after all DHCP relay is a thing -- so presumably I can use that instead -- the other reason to keep it on the router, is so that DNSMASQ on the router can continue to be used as local DNS (and will also resolve the wired hostnames).
 
As long as your router can handle multiple DHCP scopes when the networks don't exist on the router you should be fine. I know my way will work using Microsoft's DHCP server and DHCP relay.

I guess you know there is no DHCP for the router VLAN as it is a point to point connection. Just hard code the 30 bit IP addresses.
 
Last edited:
coxhaus said:
As long as your router can handle multiple DHCP scopes when the networks don't exist on the router you should be fine. I know my way will work using Microsoft's DHCP server and DHCP relay.

I guess you know there is no DHCP for the router VLAN as it is a point to point connection. Just hard code the 30 bit IP addresses.
Click to expand...

Yes that should work fine - as I can spec dnsmasq for multiple scopes. Thanks for helping me think this through.
 
You must log in or register to reply here.

Similar threads

C
New Cisco L3 switch
Replies
8
Views
966
coxhaus
C
D
VLAN Config Query using pfSense and Unifi
Replies
18
Views
1K
awediohead
A
L
Very Slow SMB over over RT-AX58U
Replies
15
Views
849
DJones
D
M
Simple Trunk on GT-AXE16000 help
Replies
6
Views
288
mbze430
M
Blackmagic
Using two routers with a switch
Replies
7
Views
1K
drinkingbird
drinkingbird

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 758 (members: 21, guests: 737)
Top