As your network grows, you may have decided to use VLANs to improve network performance and/or network security. VLANs are a Layer 2 technology and are supported on many Layer 2 switches, such as the TPLINK TL-SG2216, TRENDnet TEG-160WS, and the NETGEAR GS108T.
A best practice with VLANs is to use different network addresses for devices in each VLAN. For example, you might use IP address ranges, also known as subnets, such as 192.168.1.0 for devices in VLAN 1 and 192.168.2.0 for devices in VLAN 2, and so on. One of the challenges with using a Layer 2 switch and VLANs with different subnets is your router needs multiple LAN interfaces or has to support VLAN tagging and trunking so you can route between VLANs.
This is where a Layer 3 switch comes in handy. A Layer 3 switch can perform IP routing tasks as well as Layer 2 tasks such as VLANs. Moreover, a Layer 3 switch can typically route faster than a router, improving network performance. Futher, since the Layer 3 switch can route between VLANs, you can use a basic router that doesn't support VLANs.
In this article, I'm going to walk you through setting up a network with three VLANs, each using different subnets, and configuring a Layer 3 switch to route between those subnets. I'm going to use a basic small network router that doesn't support VLANs, the Linksys WRT310N, and the recently reviewed NETGEAR M4100-D12G Layer 3 switch.
Before I do my configurations, I find it best to plan what I'm going to do. Write down how many VLANs you're going to use, the numbers for each VLAN, and the IP address range (subnet) you're going to use for each VLAN. Within each subnet, identify the addresses that will be used for the default gateway and DNS server(s). Also, determine if you're going to use DHCP or static addressing in each VLAN.
Below is a chart with the details of my plan. I've set up three VLANs, identified my VLAN IDs, subnets, default gateway IPs, and DNS IPs. I choose these subnets and VLAN IDs as my network is already using the 192.168.199.0 subnet on VLAN 1. The IP address of 192.168.199.254 was not used, so I'm going to use that as a VLAN interface address on the Layer 3 switch. VLAN 7 and 8, along with the 192.168.7.0 and 192.168.8.0 subnets were also not in use on my network, thus they are available for me to use for this test. With this chart, I can now configure the network.
|VLAN ID||Subnet||Default Gateway/VLAN Interface IP||DNS|
Before you configure the Layer 3 switch, create static routes in the gateway router to each of the new subnets. In this example, my gateway router uses a LAN subnet of 192.168.199.0, so I need to create static routes on the router to the 192.168.7.0 and 192.168.8.0 subnets.
Static Routes on a Router
Note, some Layer 3 switches may support using routing protocols such as RIP or OSPF. If that's the case, you might be able to enable the routing protocol on both the router and switch, and the routes will automatically be discovered. The M4100 does not support routing protocols, so I manually entered static routes.
Log into your Layer 3 swtich management interface. The first step on the Layer 3 switch is to enable IP routing. On the M4100, IP routing is disabled by default. Enabling it is just a click as shown below.
Enable IP Routing
Create the VLANs on the Layer 3 switch and assign ports to each VLAN. As you can see below, I've added VLANs 7 and 8.
I've also assigned ports to each VLAN...
... and set the PVID on the ports to match their VLAN ID.
Note, I set the switch ports as untagged members of each VLAN as I'm not connecting to another VLAN aware device, thus I don't need to use VLAN tagging.