11-11-2013 09:29 AM - edited 03-07-2019 04:32 PM
Hi
Have several layer 3 entry level switches (sg500x). They have their default VLAN1 plus VLAN2 which I have created and trunked across two of the switches. The trunk port between the switches carries VLAN1 traffic untagged and VLAN2 traffic tagged. I need to give clients on VLAN2 a gateway onto VLAN1 when all the servers are.
I understand most will not be familiar with sg500x cli but I’m looking for concepts of how this is done e.g. do I need to assign an IP in the subnet range for VLAN2 to the trunk port and make that the gateway?
Thanks
Solved! Go to Solution.
11-11-2013 10:36 AM
Hi Rhys,
It looks like the default-gateway is incorrect.
can you perform this test and provide the output of IPCONFIG from the client PC?
Ping 172.16.40.20 sour vlan 1 from switch A
Thanks & Regards,
Karthick Murugan
CCIE#39285
11-11-2013 09:38 AM
Hi,
if the switch is operating at layer 3(ip routing enabled ) then you can give hosts in vlan2 the ip address of interface vlan 2 as their default-gateway.
Regards
Alain
Don't forget to rate helpful posts.
11-11-2013 09:54 AM
Thanks Alain
Yes running in layer3 with routing enabled and yes I have tried that. On switch A I have:
VLAN2 interface 172.16.40.10
On switch B I have:
VLAN2 interface 172.16.40.20
So clients connected to VLAN2 on switch A I give gateway 172.16.40.10 and clients in VLAN2 switch B I give gateway 172.16.40.20? I still can’t ping clients on VLAN1 on subnet 172.16.6.0/21
11-11-2013 09:57 AM
Hi,
Have you tried with windows software firewall turned off ?
Regards
Alain
Don't forget to rate helpful posts.
11-11-2013 09:59 AM
Hi, yes all firewalls are off for testing. Clients on same vlan can ping across switches.
11-11-2013 10:02 AM
Hi Rhys,
can you give the output of 'show ip route" and "show ip int brief' from both the switches?
Thanks & Regards,
Karthick Murugan
CCIE#39285
11-11-2013 10:16 AM
Karthick -
switchA#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: C - connected, S - static, D - DHCP, R - RIP
C 172.16.0.0/21 is directly connected vlan 1
C 172.16.40.0/21 is directly connected vlan 2
switchA#show ip int
IP Address I/F Type Directed Precedence Status
Broadcast
------------------- --------- ----------- ---------- ---------- -----------
172.16.6.95/21 vlan 1 Static disable No Valid
172.16.40.10/21 vlan 2 Static disable No Valid
switchB#show ip int
IP Address I/F Type Directed Precedence Status
Broadcast
------------------- --------- ----------- ---------- ---------- -----------
172.16.6.96/21 vlan 1 Static disable No Valid
172.16.40.20/21 vlan 2 Static disable No Valid
switchB#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: C - connected, S - static, D - DHCP, R - RIP
C 172.16.0.0/21 is directly connected vlan 1
C 172.16.40.0/21 is directly connected vlan 2
11-11-2013 10:20 AM
Rhys,
Thanks for the info. We need to make sure the L2 path is fine.
Can you ping a client IP address from switch A with sour vlan 1?
ping
Thanks & Regards,
Karthick Murugan
CCIE#39285
11-11-2013 10:25 AM
Thanks, no I can't. Traffic will not transverse the VLANs. From VLAN1 to 2 or vice versa.
11-11-2013 10:05 AM
Hi,
Can you post a topology diagram.
Regards
Alain
Don't forget to rate helpful posts.
11-11-2013 10:08 AM
Disclaimer
The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
Liability Disclaimer
In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
Posting
From the client perspective, your hosts on both VLANs should be in their own subnet. Ideally, they will also have a gateway address for their own subnet.
On your L3 switches, things can become a bit complex if you have more than one of your L3 capable switches running in L3 mode. With just a few switches, simplest setup might be to run all your switches as L2 except just one. On that one, enable L3 and define VLAN interfaces (not just the VLANs) on it. Each VLAN interface will have the IP you've selected for the gateway.
11-11-2013 10:22 AM
Thanks Joseph, yes they are on their own subnet. My problem is the gateway. I will take your advice as I progress and disable L3 where I can. All switches are out of the box, configured with an interface IP and chained for the central switch which has servers and internet. Switch A and B are linked on port 3, this link is also a trunk for VLAN2. VLAN2 traffic is tagged, VLAN1 traffic untagged.
11-11-2013 10:36 AM
Hi Rhys,
It looks like the default-gateway is incorrect.
can you perform this test and provide the output of IPCONFIG from the client PC?
Ping 172.16.40.20 sour vlan 1 from switch A
Thanks & Regards,
Karthick Murugan
CCIE#39285
11-12-2013 08:41 AM
Hi Karthick
No reply to ping
Ipconfig of client connected to VLAN1 on switchA pinging interface connection (172.16.40.20/21) of VLAN2 on switch 2
IP 172.16.1.47
MASK 255.255.248.0
GW – 172.16.6.90 (interface address of core switch which handles some routing off the LAN)
One thing that confuses me is that vlan2 has more than one IP address - ie VLAN2 has an interface address on switch A and an interface address on switch B (which connects the trunk ports either end). If the interface address is to be used as a gateway then when I configure dhcp clients will needsa different gateway depending which switch they are on. Something is obviously wrong here.
11-12-2013 09:10 AM
Rhys,
If you want one of switches to act as a gateway for the clients then you need to configure HSRP and the virtual-ip can be used for the clients.
SAMPLE CONFIG
SW1
vlan 2
ip address 1.1.1.1 255.255.255.0
standby 1 ip 1.1.1.3
SW2
vlan 2
ip address 1.1.1.2 255.255.255.0
standby 1 ip 1.1.1.3
In the DHCp server you can configure 1.1.1.3 as the default-route for the users.
Thanks
Karthick Murugan
Thanks & Regards,
Karthick Murugan
CCIE#39285
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide