Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Gateway for VLAN traffic

Hi

Have several layer 3 entry level switches (sg500x). They have their default VLAN1 plus VLAN2 which I have created and trunked across two of the switches. The trunk port between the switches carries VLAN1 traffic untagged and VLAN2 traffic tagged. I need to give clients on VLAN2 a gateway onto VLAN1 when all the servers are.

I understand most will not be familiar with sg500x cli but I’m looking for concepts of how this is done e.g. do I need to assign an IP in the subnet range for VLAN2 to the trunk port and make that the gateway?

Thanks

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Gateway for VLAN traffic

Hi Rhys,

It looks like the default-gateway is incorrect.

can you perform this test and provide the output of IPCONFIG from the client PC?

Ping 172.16.40.20 sour vlan 1 from switch A

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
17 REPLIES
Purple

Gateway for VLAN traffic

Hi,

if the switch is operating at layer 3(ip routing enabled ) then you can give hosts in vlan2 the ip address of interface vlan 2 as their default-gateway.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Gateway for VLAN traffic

Thanks Alain

Yes running in layer3 with routing enabled and yes I have tried that. On switch A I have:

VLAN2 interface 172.16.40.10

On switch B I have:

VLAN2 interface 172.16.40.20

So clients connected to VLAN2 on switch A I give gateway 172.16.40.10 and clients in VLAN2 switch B I give gateway 172.16.40.20? I still can’t ping clients on VLAN1 on subnet 172.16.6.0/21

Purple

Gateway for VLAN traffic

Hi,

Have you tried with windows software firewall turned off ?

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
New Member

Gateway for VLAN traffic

Hi, yes all firewalls are off for testing. Clients on same vlan can ping across switches.

Cisco Employee

Gateway for VLAN traffic

Hi Rhys,

can you give the output of 'show ip route" and "show ip int brief' from both the switches?

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
New Member

Gateway for VLAN traffic

Karthick -

switchA#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP, R - RIP

C  172.16.0.0/21      is directly connected                        vlan 1

C  172.16.40.0/21     is directly connected                        vlan 2

switchA#show ip int

IP Address         I/F       Type     Directed   Precedence   Status

                                          Broadcast

------------------- --------- ----------- ---------- ---------- -----------

172.16.6.95/21      vlan 1    Static      disable    No         Valid

172.16.40.10/21     vlan 2    Static      disable    No         Valid

switchB#show ip int

IP Address         I/F       Type     Directed   Precedence   Status

                                          Broadcast

------------------- --------- ----------- ---------- ---------- -----------

172.16.6.96/21      vlan 1    Static      disable    No         Valid

172.16.40.20/21     vlan 2    Static      disable    No         Valid

switchB#show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP, R - RIP

C  172.16.0.0/21      is directly connected                        vlan 1

C  172.16.40.0/21     is directly connected                        vlan 2

Cisco Employee

Gateway for VLAN traffic

Rhys,

Thanks for the info. We need to make sure the L2 path is fine.

Can you ping a client IP address from switch A with sour vlan 1?

ping source vlan 1

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
New Member

Gateway for VLAN traffic

Thanks, no I can't. Traffic will not transverse the VLANs. From VLAN1 to 2 or vice versa.

Purple

Gateway for VLAN traffic

Hi,

Can you post a topology diagram.

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Super Bronze

Re: Gateway for VLAN traffic

Disclaimer

The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.

Liability Disclaimer

In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.

Posting

From the client perspective, your hosts on both VLANs should be in their own subnet.  Ideally, they will also have a gateway address for their own subnet.

On your L3 switches, things can become a bit complex if you have more than one of your L3 capable switches running in L3 mode.  With just a few switches, simplest setup might be to run all your switches as L2 except just one.  On that one, enable L3 and define VLAN interfaces (not just the VLANs) on it.  Each VLAN interface will have the IP you've selected for the gateway.

New Member

Gateway for VLAN traffic

Thanks Joseph, yes they are on their own subnet. My problem is the gateway. I will take your advice as I progress and disable L3 where I can. All switches are out of the box, configured with an interface IP and chained for the central switch which has servers and internet. Switch A and B are linked on port 3, this link is also a trunk for VLAN2. VLAN2 traffic is tagged, VLAN1 traffic untagged.

Cisco Employee

Gateway for VLAN traffic

Hi Rhys,

It looks like the default-gateway is incorrect.

can you perform this test and provide the output of IPCONFIG from the client PC?

Ping 172.16.40.20 sour vlan 1 from switch A

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
New Member

Gateway for VLAN traffic

Hi Karthick

No reply to ping

Ipconfig of client connected to VLAN1 on switchA pinging interface connection (172.16.40.20/21) of  VLAN2 on switch 2

IP 172.16.1.47

MASK 255.255.248.0

GW – 172.16.6.90 (interface address of core switch which handles some routing off the LAN)

One thing that confuses me is that vlan2 has more than one IP address - ie VLAN2  has an interface address on switch A and an interface address on switch B (which connects the trunk ports either end). If the interface address is to be used as a gateway then when I configure dhcp clients will needsa different gateway depending which switch they are on. Something is obviously wrong here.

Cisco Employee

Gateway for VLAN traffic

Rhys,

If you want one of switches to act as a gateway for the clients then you need to configure HSRP and the virtual-ip can be used for the clients.

SAMPLE CONFIG

SW1

vlan 2

ip address 1.1.1.1 255.255.255.0

standby 1 ip 1.1.1.3

SW2

vlan 2

ip address 1.1.1.2 255.255.255.0

standby 1 ip 1.1.1.3

In the DHCp server you can configure 1.1.1.3 as the default-route for the users.

Thanks

Karthick Murugan

Thanks & Regards,
Karthick Murugan
CCIE#39285

Thanks & Regards, Karthick Murugan CCIE#39285
New Member

Gateway for VLAN traffic

If you see this post

https://supportforums.cisco.com/thread/2241471

He says

"Each VLAN has an ip address and clients have their gateways set as the switches interface address. Intervlan is working and clients can ping across VLANS and access the internet."

This is what I'm trying to achive - the sg500 should be able to route across the vlans by simply enabling routing. I think the crux is when assigning an IP to an interface be it a vlan or a port I'm doing something wrong.

Thanks

Rhys

New Member

Gateway for VLAN traffic

Thanks Karthick you were right about the gateway. The clients on VLAN1 are all configured to use SwitchE for gateway as this has routes off to WAN, internet etc so.....I was focusing on the gateway the clients on VLAN2 were using, without considering the clients on VLAN1 needed a gateway local to switchA/B that was aware of VLAN2.

To make Switch E aware of VLAN 2 I guess I need to make trunks back up the uplinks to SwitchE?

Thanks for all contributions from others.

Rhys

Super Bronze

Re: Gateway for VLAN traffic

Disclaimer

The  Author of this posting offers the information contained within this  posting without consideration and with the reader's understanding that  there's no implied or expressed suitability or fitness for any purpose.  Information provided is for informational purposes only and should not  be construed as rendering professional advice of any kind. Usage of this  posting's information is solely at reader's own risk.

Liability Disclaimer

In  no event shall Author be liable for any damages whatsoever (including,  without limitation, damages for loss of use, data or profit) arising out  of the use or inability to use the posting's information even if Author  has been advised of the possibility of such damage.

Posting

 

From the other information you've posted, you've got gateways on two L3 (?) enabled switches.  For this to work, you'll need to either do static or dynamic routing between your L3 devices.  This is the kind of complexity you might avoid on just a few switches.

239
Views
0
Helpful
17
Replies
CreatePlease to create content