0

I have an office that has a layer 3 Dell switch in routing mode connected to both a Cisco router & a Dell Sonicwall.

The network has Vlan 1, 10, and 20.

The connection to the internet sits behind the Sonicwall.

The connection from the layer 3 switch to the Cisco router is in access mode for vlan 1.

The connection from the layer 3 switch to the Sonicwall is also in access mode vlan 1.

The default route on the layer 3 switch is to the Cisco router over Vlan 1.

The default route on the Cisco router is to the Sonicwall over Vlan 1.

My question is this, why does there need to be a route in the Sonicwall for the Vlans 10 & 20 to point back to the Layer 3 switch in order for network communication to work. Adding the routes at the Sonicwall allowed for inter vlan communication and outside internet access to work.

If I'm sitting on a computer that is connected to an access port 20 Vlan, how does my packet end up exiting the port connected to the Cisco router which is in access mode? Network diagram in simple design

Appreciate the assistance here everyone.

cabotek
  • 1
  • 1
  • If the sonicwall didn't have a route for those networks how would it know how to send it back? Every device on the Internet must know how to reach every other device. Either with a specific route, or via the default route. BTW, what is the point of that Cisco in your network if you have a layer3 switch? – Zoredache Jul 11 '19 at 06:02
  • That make sense. Agree, I walked into this network and also am seeing no real purpose for the cisco. On one note though, I thought if my traffic from my pc is connected to an access port vlan 20, how is my traffic being routed out an access port for vlan 1 to the cisco? – cabotek Jul 11 '19 at 06:31
  • `how is my traffic being routed out an access port` don't think it is hitting the Cisco, but without the full config switch, router, and firewall or at least the full route of each device it is hard for me to know what is going on. – Zoredache Jul 11 '19 at 07:42
  • - Dell switch static route: ip default-gateway 192.168.1.1 - Cisco router ip route 0.0.0.0 0.0.0.0 192.168.1.2 – cabotek Jul 11 '19 at 15:41
  • I didn't ask for the gateways. I said the **full** route tables. What you would get from a `show ip route` (Cisco). If you look at the **full** route tables of all the devices, it should be pretty obvious what is happening. – Zoredache Jul 11 '19 at 16:46

1 Answers1

1

Each VLAN is a separate layer-2 network = broadcast domain.

Traffic between layer-2 networks = IP subnets needs to be routed. This is what a router or a layer-3 switch does.

  1. A client (source) sends a routable packet to the (default) gateway, the L3 switch. The packet is encapsulated in an L2 frame addressed to the gateway.
  2. As a router, the switch decapsulates the packet out of the L2 frame.
  3. The switch consults its routing table and finds that the destination is locally connected to another VLAN.
  4. It forwards the packet to the destination VLAN: it ARPs the destination IP, encapsulated it in an L2 frame addressed to the destination and sends it out the port leading to that destination MAC.

The Sonicwall (or any other router) requires routes leading back through the L3 switch for those subnets it can't see by itself. Without those routes, the Sonicwall would use its default route, leading towards the Internet.

Zac67
  • 10,320
  • 2
  • 12
  • 32