Hi Lategas, the default

Andries Lategan · ‎04-08-2014

Hi,

I currently have a SF300-48 switch with two vlans on it, one for voice and one for data. The switch connects to a Watchgaurd firewall which is also doing the routing. The Mitel PBX is also connected to the switch. The switch is only configured as L2 at the moment.

My issue is that I can't ping the Mitel from the data vlan, eventhough everything seems to work fine. The phones have registered and I can make calls and receive calls and PC users can get to the internet and rest of the network.

I am using the follwing subnets - 192.168.5.0/24 - data vlan with .1 as default gateway on the Watchgaurd.

192.168.6.0/24 as the voice vlan with .1 as the default gateway on the Watchgaurd.

I can ping the voice vlan default gateway on the firewall from the switch, but can't ping the Mitel or any phones on the voice vlan and am not sure if the issue is with the switch or the Watchgaurd.

I have tried various port configs for the Mitel and firewall voice ports (switchport access vlan 100 etc), but none seem to resolve the issue

!
interface vlan 1
ip address 192.168.5.2 255.255.255.0
no ip address dhcp
!
interface vlan 100
name "Voice"

!

ip default-gateway 192.168.5.1

interface fastethernet46
description "WatchGaurd Data"
switchport mode general
switchport general allowed vlan add 100 untagged
!
interface fastethernet47
description "WatchGuard Voice"
switchport mode general
switchport general allowed vlan add 100 tagged
!
interface fastethernet48
description "Mitel 3300"
switchport mode general
switchport general allowed vlan add 100 untagged

Tom Watts · ‎04-08-2014

Hi Lategan, since the switch is in layer 2 mode, the router is going to be the problem for inter vlan routing.

The router must support one of the following for 802.1q vlan;

1.) 802.1q subinterface with IP address with tagged VLAN appropriately matching on switch config

2.) 802.1q trunk with tagged VLAN appropriately matching on switch config

So if you set up VLAN 100 untagged on the switch and connect it to your VLAN 100 on the router, the port between switch and router can be tag or untag depending how you configured the router. The port connecting the Mitel for example could be untagged assuming the Mitel itself is not tagging the VLAN.

If this does not work, the router has an incorrect configuration.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Andries Lategan · ‎04-09-2014

Hi Tom,

Thanks a lot. I have one more question, currently my default gateway on the switch is set to the 192.168.5.1 address on the watchgaurd. Do I need to set anything for the voice vlan on 192.168.5.x ? How would device on that vlan get to the 192.168.6.1 address if there is no DG set for them on the switch?

Regards,

Andries

Tom Watts · ‎04-11-2014

Hi Lategas, the default gateway of a layer 2 switch is not for data traffic, it is for management traffic.

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

Andries Lategan · ‎04-09-2014

Hi Tom,

Thanks a lot. I have one more question, currently my default gateway on the switch is set to the 192.168.5.1 address on the watchgaurd. Do I need to set anything for the voice vlan on 192.168.5.x ? How would device on that vlan get to the 192.168.6.1 address if there is no DG set for them on the switch?

Regards,

Andries

Dan Miley · ‎04-11-2014

I'l bet your mitel PBX does not have a default gateway, or it's not pointing to the watchguard.

do a traceroute from the mitel to a client on the data network. or google.com and see where the packets are going.

Dan

SF300 inter vlan routing