I'm hoping for some help. I'm a networking newbie, and after fighting with
it a few hours, I'm just not sure what to do. If anything I get the feeling that what I am trying to do is probably just dumb to begin with, so there is that.
I am hoping to be able to utilize layer 3 switching on my 6450, and use my existing Ubnt USG as my internet firewall / router.
What I have setup currently for testing is as follows.
On the USG, I have 2 new networks defined on the second LAN interface.
- VLAN 99 192.168.99.0/30 with the USG on 192.168.99.2. This is acting as my fallback network for the times that I inevitably break my SSH connection to help prevent me from having to venture to the basement with a console cable.
- VLAN 25, 192.168.25.0/24 USG listening on 192.168.25.2, DHCP server enabled, default gateway setup for 192.168.25.1
On the 6450:
I have the link between the USG and the 6450 on 1/1/1. This is tagged in VLAN 25 and VLAN99.
I have port 1/1/2 untagged in vlan 25, this is where i'm connecting my test machine. I have a helper-address set to the USG gateway for DHCP.
I have the default gateway set to 192.168.25.2
Code:
vlan 1 name DEFAULT-VLAN by port
router-interface ve 1
!
vlan 25 by port
tagged ethe 1/1/1
untagged ethe 1/1/2
router-interface ve 25
vlan 99 by port
tagged ethe 1/1/1
router-interface ve 99
!
interface ve 25
ip address 192.168.25.1 255.255.255.0
ip helper-address 1 192.168.25.2
!
interface ve 99
ip address 192.168.99.2 255.255.255.0
!
ip dns server-address 192.168.25.2
ip route 0.0.0.0/0 192.168.25.2
The issue I am having is, when configured like this, only one of my VLAN's on the 6450 is able to route outside the switch at any given point in time. Configured as shown above, my test device is able to access the internet, and the rest of my network (on the other USG lan port). DHCP works as expected, all is wonderful.
However, my VLAN99 can't access anything. For example, if I
ping google.com source 192.168.99.2
, I just get request timeouts. It is the same for anything I try to do when sourcing from the 99.2 address. If I switch the default gateway of the switch to be 192.168.99.1, my VLAN 99 is able to communicate to the outside world, but VLAN25 becomes effectively dead.
I'm just not sure how to configure things to have more than one VLAN functioning on my switch while using layer 3 switching. If I just use my USG as the default gateway for my laptop, everything works perfectly fine. My question is... am I trying to do something stupid? My reasoning for trying to do this is that I want to be able to do 10G switching across VLANs within my network and not be bottle-necked by the USG's 1gbe connection. I also want to continue using as much as the unifi stuff as I can, since it makes it easy to deal with IP reservations, and monitor traffic.