Solved: Gateway for VLAN traffic

Rhys Davies · ‎11-11-2013

Hi

Have several layer 3 entry level switches (sg500x). They have their default VLAN1 plus VLAN2 which I have created and trunked across two of the switches. The trunk port between the switches carries VLAN1 traffic untagged and VLAN2 traffic tagged. I need to give clients on VLAN2 a gateway onto VLAN1 when all the servers are.

I understand most will not be familiar with sg500x cli but I’m looking for concepts of how this is done e.g. do I need to assign an IP in the subnet range for VLAN2 to the trunk port and make that the gateway?

Thanks

Karthick Murugan · ‎11-11-2013

Hi Rhys,

It looks like the default-gateway is incorrect.

can you perform this test and provide the output of IPCONFIG from the client PC?

Ping 172.16.40.20 sour vlan 1 from switch A

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285

View solution in original post

cadet alain · ‎11-11-2013

Hi,

if the switch is operating at layer 3(ip routing enabled ) then you can give hosts in vlan2 the ip address of interface vlan 2 as their default-gateway.

Regards

Alain

Don't forget to rate helpful posts.

Rhys Davies · ‎11-11-2013

Thanks Alain

Yes running in layer3 with routing enabled and yes I have tried that. On switch A I have:

VLAN2 interface 172.16.40.10

On switch B I have:

VLAN2 interface 172.16.40.20

So clients connected to VLAN2 on switch A I give gateway 172.16.40.10 and clients in VLAN2 switch B I give gateway 172.16.40.20? I still can’t ping clients on VLAN1 on subnet 172.16.6.0/21

cadet alain · ‎11-11-2013

Hi,

Have you tried with windows software firewall turned off ?

Regards

Alain

Don't forget to rate helpful posts.

Rhys Davies · ‎11-11-2013

Hi, yes all firewalls are off for testing. Clients on same vlan can ping across switches.

Karthick Murugan · ‎11-11-2013

Hi Rhys,

can you give the output of 'show ip route" and "show ip int brief' from both the switches?

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285

Rhys Davies · ‎11-11-2013

Karthick -

switchA#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: C - connected, S - static, D - DHCP, R - RIP

C 172.16.0.0/21 is directly connected vlan 1

C 172.16.40.0/21 is directly connected vlan 2

switchA#show ip int

IP Address I/F Type Directed Precedence Status

Broadcast

------------------- --------- ----------- ---------- ---------- -----------

172.16.6.95/21 vlan 1 Static disable No Valid

172.16.40.10/21 vlan 2 Static disable No Valid

switchB#show ip int

IP Address I/F Type Directed Precedence Status

Broadcast

------------------- --------- ----------- ---------- ---------- -----------

172.16.6.96/21 vlan 1 Static disable No Valid

172.16.40.20/21 vlan 2 Static disable No Valid

switchB#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: C - connected, S - static, D - DHCP, R - RIP

C 172.16.0.0/21 is directly connected vlan 1

C 172.16.40.0/21 is directly connected vlan 2

Karthick Murugan · ‎11-11-2013

Rhys,

Thanks for the info. We need to make sure the L2 path is fine.

Can you ping a client IP address from switch A with sour vlan 1?

ping source vlan 1

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285

Rhys Davies · ‎11-11-2013

Thanks, no I can't. Traffic will not transverse the VLANs. From VLAN1 to 2 or vice versa.

cadet alain · ‎11-11-2013

Hi,

Can you post a topology diagram.

Regards

Alain

Don't forget to rate helpful posts.

Joseph W. Doherty · ‎11-11-2013

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

From the client perspective, your hosts on both VLANs should be in their own subnet. Ideally, they will also have a gateway address for their own subnet.

On your L3 switches, things can become a bit complex if you have more than one of your L3 capable switches running in L3 mode. With just a few switches, simplest setup might be to run all your switches as L2 except just one. On that one, enable L3 and define VLAN interfaces (not just the VLANs) on it. Each VLAN interface will have the IP you've selected for the gateway.

Rhys Davies · ‎11-11-2013

Thanks Joseph, yes they are on their own subnet. My problem is the gateway. I will take your advice as I progress and disable L3 where I can. All switches are out of the box, configured with an interface IP and chained for the central switch which has servers and internet. Switch A and B are linked on port 3, this link is also a trunk for VLAN2. VLAN2 traffic is tagged, VLAN1 traffic untagged.

Karthick Murugan · ‎11-11-2013

Hi Rhys,

It looks like the default-gateway is incorrect.

can you perform this test and provide the output of IPCONFIG from the client PC?

Ping 172.16.40.20 sour vlan 1 from switch A

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285

Rhys Davies · ‎11-12-2013

Hi Karthick

No reply to ping

Ipconfig of client connected to VLAN1 on switchA pinging interface connection (172.16.40.20/21) of VLAN2 on switch 2

IP 172.16.1.47

MASK 255.255.248.0

GW – 172.16.6.90 (interface address of core switch which handles some routing off the LAN)

One thing that confuses me is that vlan2 has more than one IP address - ie VLAN2 has an interface address on switch A and an interface address on switch B (which connects the trunk ports either end). If the interface address is to be used as a gateway then when I configure dhcp clients will needsa different gateway depending which switch they are on. Something is obviously wrong here.

Karthick Murugan · ‎11-12-2013

Rhys,

If you want one of switches to act as a gateway for the clients then you need to configure HSRP and the virtual-ip can be used for the clients.

SAMPLE CONFIG

SW1

vlan 2

ip address 1.1.1.1 255.255.255.0

standby 1 ip 1.1.1.3

SW2

vlan 2

ip address 1.1.1.2 255.255.255.0

standby 1 ip 1.1.1.3

In the DHCp server you can configure 1.1.1.3 as the default-route for the users.

Thanks

Karthick Murugan

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285