Routing Issue

paul.logan · ‎07-21-2017

I am trying to setup a router within a district with VLANs and a /23 network.
I have been given a 172.17.25.0/29 address to use.
I have configured the 3560 SW Version:
* 1 52 WS-C3560G-48PS 12.2(55)SE7 C3560-IPBASEK9-M
I have ip routing turned on and VLANs setup as follows:
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description DCSD-LAN
ip address 10.41.1.1 255.255.254.0
!
interface Vlan3
description DCSD-Staff
ip address 10.41.2.1 255.255.254.0
!
interface Vlan4
description DCSD-Student
ip address 10.41.4.1 255.255.254.0
!
interface Vlan5
description DCSD-VIOP
ip address 10.41.6.1 255.255.254.0
!
interface Vlan6
description DCSD-CCTV
ip address 10.41.8.1 255.255.254.0
!
interface Vlan7
description DCSD-AP
ip address 10.41.10.1 255.255.254.0
!
interface Vlan131
description Up-Link to DESD-DFN
ip address 172.17.25.2 255.255.255.248
!
router eigrp 1872
network 10.0.0.0
network 172.17.0.0
eigrp stub connected summary
!
ip default-gateway 10.41.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.25.1
ip route 172.17.25.0 255.255.255.248 172.17.25.1

When I run sho ip route I get:DCSD-3560G-CORE-MDF#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

Gateway of last resort is 172.17.25.1 to network 0.0.0.0

172.17.0.0/29 is subnetted, 1 subnets
C 172.17.25.0 is directly connected, Vlan131
10.0.0.0/23 is subnetted, 6 subnets
C 10.41.2.0 is directly connected, Vlan3
C 10.41.0.0 is directly connected, Vlan2
C 10.41.6.0 is directly connected, Vlan5
C 10.41.4.0 is directly connected, Vlan4
C 10.41.10.0 is directly connected, Vlan7
C 10.41.8.0 is directly connected, Vlan6
S* 0.0.0.0/0 [1/0] via 172.17.25.1

all the VLANs sho up and up

I can ping all the local vlans but not anything on the other end.
I can ping the 172.17.25.1 address from another locations outside of this network.
I have checked other configurations on other 3560s that I have access to and don't see an issue.
we currently have a connection via:
VLAN 1 to the provider on the current 2960X.
They have our 10.41.0.1 and we are on 10.41.0.38 with the following:

Gateway of last resort is 10.41.0.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 10.41.0.1
10.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
C 10.41.0.0/16 is directly connected, Vlan1
L 10.41.0.38/32 is directly connected, Vlan1
S 10.41.2.0/23 [1/0] via 10.41.0.1
S 10.41.4.0/23 [1/0] via 10.41.0.1
S 10.41.6.0/23 [1/0] via 10.41.0.1

interface Vlan1
ip address 10.41.0.38 255.255.0.0

ip default-gateway 10.41.0.1

Any direction to look would be greatful.
BTY the Tech that controls the other end is out of country and I do not have access to the router.

Georg Pauwen · ‎07-21-2017

Hello,

you need to get rid of:

ip default-gateway 10.41.1.1

This is used for L2 switches only.

Predrag Jovic · ‎07-21-2017

first device:
interface Vlan2
description DCSD-LAN
ip address 10.41.1.1 255.255.254.0

second device:
ip default-gateway 10.41.0.1

default route on the second device points to 10.41.0.1 :)

There is no 10.41.0.1

As said above ip defailt gateway is not used on L3 devices and can be removed. ip route 172.17.25.0 255.255.255.248 172.17.25.1 also can be removed, it is directly connected interface.

To be able to ping other address ranges - you should have route that points in direction of those networks (otherwise, if present, default route will be used to forward traffic).

Predrag Jovic · ‎07-21-2017

Addition - ranges

interface Vlan2
description DCSD-LAN
ip address 10.41.1.1 255.255.254.0

interface Vlan3
description DCSD-Staff
ip address 10.41.2.1 255.255.254.0
!
interface Vlan4
description DCSD-Student
ip address 10.41.4.1 255.255.254.0
!
interface Vlan5
description DCSD-VIOP
ip address 10.41.6.1 255.255.254.0
!
interface Vlan6
description DCSD-CCTV
ip address 10.41.8.1 255.255.254.0
!
interface Vlan7
description DCSD-AP
ip address 10.41.10.1 255.255.254.0

overlap with range

interface Vlan1
ip address 10.41.0.38 255.255.0.0

?

Above VLANs are subnets of the lower one - and in different VLANs (the VLAN may not be important (depending on topology, but topology is not provided), but overlapping is important).

paul.logan · ‎07-25-2017

I am trying to move to a /23 but still have the /16 up and running. I swap the uplink while testing so I am not bring the network down complete until I have a valid connection. once done I have a lot of work due to the current tech has everything with static address' and doesn't want to move to DHCP complete at this point.

Predrag Jovic · ‎07-25-2017

Don't forget that as long as devices in any part of your network "think" that they are in the same network they will try to broadcast each other. You can't go around it. Even if you place static route it should not work if any device along path "think" that they suppose to broadcast each other to be able to send traffic. Routing is not considered if host(s) believe that they are in the same subnet.

paul.logan · ‎07-25-2017

I had VLAN 2 setup with the address of 10.41.0.1 /23 and since it is currently in use at the Provider as a /16 i changed it to the 1.1/23 to see if it was an issue.

The current configuration has the network on a /16 with the provider having 10.41.0.1.

I am trying to move to a /23 with multiple VLANs to allow me to split up the broadcast domain. I added the ip route mention as part of my testing and will remove it on Wednesday.

cofee · ‎07-21-2017

Can you explain these route statements:

ip default-gateway 10.41.1.1
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.25.1
ip route 172.17.25.0 255.255.255.248 172.17.25.1

Per these route statements you are using 172.17.25.1 as your default route. Is that what you intent to use? When you are pinging other sites/networks from this switch do they know how to get back to you? did you try a traceroute?

paul.logan · ‎07-25-2017

The first 2 line are what I have been adding to all setups i have done with a different address.

the 172.17.25.1 is the gateway of last resort

the 4th line is next hop from this router.

The 172.17.25.0/29 is the network I was told to use for setting up my new /23 VLANs on.

paul driver · ‎07-21-2017

Hello

I see you have eigrp enabled but are also applied a static default route which would take precedence over eigrp and I don't see any eigrp routes propagated into the rib via eigrp, So is eigrp required?

If it is required then i would suggest remove the statics and amend the eigrp stanza to be more specific so the summary route will be advertied otherwise remove the eigrp and go with static default.

As these subnets are not globally routable I am assuming this is internal network otherwise you need to nat.

router eigrp 1872
no network 10.0.0.0
no network 172.17.0.0
no auto-summary
network 172.17.25.2 0.0.0.0
network 10.41.1.1 0.0.0.0
network 10.41.2.1 0.0.0.0
network 10.41.4.1 0.0.0.0
network 10.41.6.1 0.0.0.0
network 10.41.8.1 0.0.0.0
network 10.41.10.1 0.0.0.0
eigrp stub connected summary

or

no router eigrp 1872
no ip route 172.17.25.0 255.255.255.248 172.17.25.1
no ip default-gateway 10.41.0.1 (not necessary to remove as you ip routing enabled but advisable for clarity)

Lasty

VLAN 1 to the provider on the current 2960X.
They have our 10.41.0.1 and we are on 10.41.0.38 with the following:

however you have vlan 1 on this device shutdown and the subnet applied to vlan2.

no int vlan 2
int vlan 1
ip address 10.41.1.1 255.255.254.0

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

paul.logan · ‎07-25-2017

I will look at this on Wednesday when I am back in that district.

paul.logan · ‎08-01-2017

The eigrp setting helped with the routing but everything is going through VLAN 1. I am able to get IP Address from the DHCP settings per VLAN3-7 but it is not routing that traffic. If I get a DHCP address from DCSD-LAN pool which is 10.41.0.1/23 it will route that traffic.