Hi all,
I have a question in relation to VLANs and routing that I hoped some of you could shed some light on. I am setting up a small network which includes
Basic ADSL Modem (192.168.1.1). PPPoE bridge mode.
Netgear Firewall (192.168.1.2). Firewall gets public IP and WAN settings from the modem.
Netgear fully managed Layer 3 switch (192.168.1.3)
4 VLANs running on the switch
- VLAN 1 (Routing only) on 192.168.1.x /24
- VLAN 10 (PCs) on 192.168.10.x /24
- VLAN 20 (NAS Storage) on 192.168.20.x /24
- VLAN 30 (Guest) on 192.168.30.x /24
NO Inter-VLAN routing between VLAN 30 and VLAN 10/20. The firewall is not VLAN aware so all VLANs are terminated at the L3 switch and then routed further up from there, through default VLAN 1. This also means that the firewall should be configured with static routes to reach back to the VLANs.
What is best practise in terms of routing between the L3 switch and the firewall? I am only using untagged VLANs as there is no trunking (since the L3 switch is the only VLAN device). Port no. 1, on the switch, connects to the firewall and is untagged for VLAN 1 with a PVID of 1.
The switch network config is
IP address: 192.168.1.3 /24
Gateway: 192.168.1.2
DNS: 192.168.1.2
So this establishes that the default route of the switch is towards the firewall. Static routes on the firewall are as follows: To reach address 192.168.0.0 /16 --> Next hoop is 192.168.1.3.
The switch gives DHCP to the various VLANs. So for example for VLAN 10, the DHCP information will look like this
Range: 192.168.10.x /24
Gateway: 192.168.10.1 (VLAN interface on the switch)
DNS: 192.168.10.1 (VLAN interface on the switch)
My question is: Will this be OK for clients in the various VLANs? Do I need to set the DHCP to different settings? I believe that because Gateway and DNS on the switch itself is pointing towards the firewall, then the switch will automatically route traffic that way, through VLAN 1. What I want to achieve is basically a trace route to Google, from for example VLAN 10, that looks something like this.
1st hop: 192.168.10.1 (VLAN interface on switch)
2nd hop: 192.168.1.3 (Switch IP)
3rd hop: 192.168.1.2 (Firewall)
4th hop: 8.8.8.8 (Google)
Do I need to setup additional static routes on the switch in order to achieve this?
Thanks so much for taking the time to read!
/Hopchen