×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SG500 InterVLAN Routing Issue

Answered Question
Aug 11th, 2012
User Badges:

I would like to communicate between VLAN's on my switch configuration but unfortunately I can't do the following:

- ping between vlans (my default gateways on each host are correct)

- from a VLAN that is not the native VLAN 1 i can not access the internet router on port 1 but can from the native VLAN.

I noticed that via the CLI, I can see the routes created as ports are activated.  for example:

S  0.0.0.0/0          [1/1] via  192.168.1.1  0:13:10              vlan 1

C  192.168.1.0/24     is directly connected                        vlan 1

C  192.168.30.0/24    is directly connected                        vlan 30

C  192.168.40.0/24    is directly connected                        vlan 40

Unfortunately I can not see them in the Web UI for the switch.  I understand that they are supposed to be automatically updated in the UI.

also...Show arp output:


  VLAN    Interface     IP address        HW address          status

--------------------- --------------- ------------------- ---------------

vlan 1     gi1/1/1    192.168.1.1     e0:5f:b9:0c:c6:d6   dynamic

vlan 1     gi1/1/9    192.168.1.4     f4:ce:46:fe:d7:0d   dynamic

vlan 1     gi1/1/10   192.168.1.91    f4:6d:04:41:e7:a6   dynamic

vlan 30    gi1/1/14   192.168.30.11   00:04:4b:17:34:a3   dynamic

vlan 40    gi1/1/8    192.168.40.92   00:d0:b7:6b:49:14   dynamic


Any suggestions on what setting to adjust to get this working?

Thanks,

Roger

Correct Answer by Tom Watts about 5 years 6 days ago

Hi Roger, the switch has handled the intervlan routing completely. The issue you're experiencing is the second and third subnet has no path back to the switch. When the traffic is egress from the switch port, it will make it to the router. However, the router does not know how to send it back to the switch as it doesn't know where that subnet belongs. So, this means you need to configure the router with the trunk and tags or add a static route on the router directing the 192.168.30.x and 192.168.40.x traffic to the vlan interface of the switch.




-Tom

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Tom Watts Sun, 08/12/2012 - 08:08
User Badges:
  • Green, 3000 points or more

Hello Roger, we need more information about your router.


What is your network topology?

Is your router aware of VLAN and capable of trunk/tagging?

Is your router aware of the subnets?

Is your router capable of static routes?


If you connect computer a to vlan 1 and computer b to vlan 30 with static IP and only the switch (remove router from the picture), do they communicate with the default gateway specified as the vlan interface IP address?




-Tom

Roger1000 Sun, 08/12/2012 - 08:45
User Badges:

Hi Tom,

Switch SG500-28 - in Layer 3 mode

Router:  RV220w ver 1.0.3.5 set in Gateway mode, RIP config none

     - This model can do all the VLAN trunking, tagging, subnets, static routes etc.

Topology:  web -> Modem -> RV220W connected to SG500 on port 1

VLAN's:

     VLAN ID     VLAN Name     Type

    1         Default    

    10     SAN-NFS                  Static    

    11     SAN-iSCSI-VLAN       Static    

    20     FT-VLAN                   Static    

    21     vmotion-VLAN            Static    

    22     Management-VLAN    Static    

    30     Server-VLAN              Static    

    40     Workstation-VLAN      Static


Switch Setup

Sw PortEndpointVLAN(s)
GE1Connected to RV220wnative
GE2SAN-NFS10
GE3SAN-iSCSI11
GE8Win XP workstation40
GE10Win 7 workstation40
GE13ESX 330
GE14ESX 320, 21, 22, 30
GE15ESX 320, 21, 22, 30
GE16ESX 320, 21, 22, 30
GE17ESX 230
GE18ESX 220, 21, 22, 30
GE19ESX 220, 21, 22, 30
GE20ESX 220, 21, 22, 30
GE21ESX 130
GE22ESX 120, 21, 22, 30
GE23ESX 120, 21, 22, 30
GE24ESX 120, 21, 22, 30


I haven't configured the router to do the VLAN routing and such so far because I assumed that the switch could handle all of that and just use the RV220w as a web gateway.  let me know your thoughts though.

Thanks,

Roger

Correct Answer
Tom Watts Sun, 08/12/2012 - 09:02
User Badges:
  • Green, 3000 points or more

Hi Roger, the switch has handled the intervlan routing completely. The issue you're experiencing is the second and third subnet has no path back to the switch. When the traffic is egress from the switch port, it will make it to the router. However, the router does not know how to send it back to the switch as it doesn't know where that subnet belongs. So, this means you need to configure the router with the trunk and tags or add a static route on the router directing the 192.168.30.x and 192.168.40.x traffic to the vlan interface of the switch.




-Tom

Roger1000 Mon, 08/13/2012 - 08:17
User Badges:

I was doing some more testing with this configuration.  I found that the intervlan communications on VLAN 40 did not work.  I could not ping between workstation (physical systems) connected to the same VLAN 40.  I tried a number of combinations of configurations including changing the trunk mode to General so that it supports tagging.  Could you suggest the correct setting of the VLAN tagging on the switch to permit same VLAN pinging.

Possibly I have not setup the router correctly.  The path I chose was to add static routes on the router for each VLAN.  How do I setup a trunk and tags on the router between the rv220w and SG500?

Thanks,

Roger

Tom Watts Mon, 08/13/2012 - 09:22
User Badges:
  • Green, 3000 points or more

Hello Roger,


The switch configuration as follows;


*create vlan (you're already done)

config t

vlan database

vlan 30,40

*Assign a link to connect to the router

config t

int gi1/1/1

switchport mode trunk

switchport port trunk allowed vlan add 30,40


The router configuration as follow;

Networking -> LAN -> VLAN Membership

Click ADD ROW then fill the correct VLAN ID (30)

Choose InterVLAN Routing (check the box to allow the VLANs to talk)

Choose Device management (remove check from this box if you don't want the VLAN subnet access to router admin)

Port 1-4 (choose tagged)


Follow the same process for the VLAN ID 40 then connect the link between the router and switch. The DHCP scope will be automatically created, you may remove or modify the DHCP services on the router under the Multiple VLAN subnets.




-Tom

Roger1000 Mon, 08/13/2012 - 11:28
User Badges:

Thanks.  I'll try this out.  Does this also mean I need to do the following:

- Remove the static routes for the other VLAN method I tried or do I leave them in?

- Should I connect all LAN ports from the Rv220w (ports 1-4) to the switch?  If so do I change the int gi1/1/1 to an int range

statement gi1/1/1-4 for all the ports?

Tom Watts Mon, 08/13/2012 - 11:57
User Badges:
  • Green, 3000 points or more

Hi Roger,


No, you need only to connect 1 wire between the router and switch. The above example is the extend of switch configuration needed to achieve vlan creation and sending all traffic up to the router. You should remove the static routes as they will be uneeded.



-Tom

Roger1000 Mon, 08/13/2012 - 13:32
User Badges:

One thing is still bothering me about this setup...  Since the SG500 is a Layer 3 capable switch, why should I have to move all the intervlan routing to the RV220w?  My original intent was to have the SG500 do all the locally connected intervlan routing and VLAN management local to the switch and only see non VLAN traffic routed to the RV220w.  I also don't like having to port all traffic to the router then back to the switch as you're suggesting.  It seems inefficient just to router traffic to an adjacent ports on the switch.  I'm still going to pursue getting the intervlan routing on the SG500 and that I have the correct configuration on the switch itself because it seems the right solution to me.  Can the SG500 indeed do intervlan routing with the correct configuration without the need for an external router?

Thoughts?

Roger

Tom Watts Mon, 08/13/2012 - 13:42
User Badges:
  • Green, 3000 points or more

Roger, you can set the default gateway of your computers to that of the switch and all routing decisions will be local to the switch. Then the challenge would be an external DHCP server, as the RV220W can't specify a different gateway.



-Tom

Ben Johnson Fri, 02/01/2013 - 18:50
User Badges:

Just tried this and inter vlan routing doesn't seem to be working with the switch's IP on the respective vlan/subnet set as my host's default gateway.
Roger, did you ever get this working?

Ben Johnson Fri, 02/01/2013 - 20:12
User Badges:

Thanks!

My issue was that the binding order of interfaces on my Mac was making wireless take priority over the wired connection.

Been reading this, and try to implement in my environment but no luck. I cannot ping other end device in other vlan.


I face similar problem as Roger. I just want a simple layer 3 routing in my SG500-28.

VLAN 10 -->IP address 192.168.10.2/24 at port Gi 1/1/15

VLAN 30 -->IP address 192.168.30.2/24 at port Gi 1/1/17

VLAN 40 -->IP address 192.158.40.2/24 at port Gi 1/1/19

VLAN 50 -->IP address 192.168.50.2/24 at port Gi 1/1/10-14 (Server)


I plan to put unmanaged switch to each port (Gi port 15,17,19). And connect PC, Printer at those switches.

I plan to put directly on port 10-14 several servers.


I mostly use CLI (due to slow access to web based configurator)


Any idea how to do that?


Thanks


Boedy

Finally able to do that setting. In fact all configuration posted  here is very good and complete with explanation too. But The thing I forgot when I  use Windows 7 as end point device to make a test is The Firewall in Windows 7.

By default in Windows 7 ICMP (Ping) is blocked. After open ICMP traffic in Windows Firewall. (Or we can just disable firewall).

And we tend to blame to the Cisco device configuration, while we cannot ping the device.

andbor600 Fri, 05/10/2013 - 05:40
User Badges:

good day,

I went thought this post and could not find a syntax for "ip routing between vlans within one switch"


I have got an SG500 swtich in layer 3 mode and 3 vlans defined. each vlan has its own interface with suitable ip address:


vlan 1 is 10.10.10.0 /24, vlan interaface IP on switch: 10.10.10.2, gateway (located on router): 10.10.10.1

vlan 11 is 10.10.11.0 /24, vlan interface IP on switch: 10.10.11.2, gateway (located on router): 10.10.11.1

vlan 14 is 192.168.1.0/24, vlan interface IP on switch: 192.168.1.2, gateway (located on router) : 192.168.1.1


I have got only one ip route defined on my switch:

ip route 0.0.0.0 0.0.0.0 10.10.10.1


although al hosts are connected to switch - all communiction goes via router. how I know that ? transfer between two different vlans is very slow, bacause my router is FE (100mb), while my hosts are 1Gb capable. now, if I measure transfer of the same file within the same valn it is 10 times faster

I am sure I need to modify the "ip route" syntax, but frankly speaking I do not know how...


any idea ?

ps1715pss Wed, 02/25/2015 - 04:25
User Badges:

You have most of it right.   The switch's port facing the router must have an ip address assigned that is in the same subnet as the router's ip address.   In your case,

1) switch port facing router = 10.10.0.2/24 on VLAN 1

2) router port facing switch = 10.10.0.1/24

Just change your default route (0.0.0.0 statement to point to the IP assigned to your switch's port facing the router, not the router's IP.  It should be:

ip route 0.0.0.0 0.0.0.0 10.10.10.2

Best wishes,

kpiq

ps1715pss Wed, 02/25/2015 - 04:27
User Badges:

One more thing... if your router is VLAN-unaware make sure that the VLAN assigned to the switch's "default gateway" port is untagged.   All traffic to and from VLAN-unaware devices must ingress/egress the VLAN-aware switch thru an untagged port.

Actions

This Discussion

Related Content