sg300 and routing

wehner · ‎08-07-2012

I'am testing a sg300 switch in layer 3 mode and created different vlans

vlan1: 172.16.0.0/16

vlan4: 192.168.4.0/24

I inserted a default route to our internet router (172.16.0.55) and there a route back to the switch 172.16.2.101

I defined no acls at the moment

I can access the internet from a client 192.168.4.10 over the router 172.16.0.55

If I ping our DNS server (172.16.0.6) from this client in VLAN4 I get the replies on the client (see picture)

If i ping the router on the client in VLAN 4 I get no replies, sometimes one reply (see picture).

I mirrored the uplink to the different switch where the router is connectd and I can see the replies on wireshark. But somehow they do not get routed to the client on VLAN4 (see picture)

Does somebody have any idea why that happens?

Kind regard

Andreas

Tom Watts · ‎08-07-2012

Hi Andreas,

I feel the information provided is incomplete. I think you have almost all pieces of the puzzle though. Here are the requirements to make this work;

Switch configuration

Switch configured in L3 (set system mode router)
Make VLAN interfaces
Assign IP address to the VLAN interfaces
Set a global default gateway (config t, ip default-gateway 172.16.0.55)
Assign an uplink for Vlan 1untagged, vlan 4 tagged
Ensure you have an active connection on each respective VLAN (this will ensure the ip route is built dynamically)
If you choose, you can make a default route (0.0.0.0.0 172.16.0.55) to send all traffic to the router***

Router configuration;

The router should be aware of the multiple subnets
A static route pointing back to the gateway it is connecting to on the switch

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

wehner · ‎08-08-2012

Hi Tom,

thanks for your answer.

I did the most steps you mentioned except

- Set a global default gateway (config t, ip default-gateway 172.16.0.55)

I used a default route like you described too.

- Assign an uplink for Vlan 1untagged, vlan 4 tagged

VLAN4 should only be on this switch but should have the possibility to use the internet

And Internet over the router 172.16.0.55 is working well. But the pings to 172.16.0.55 are not routed back. I can see them on the trunk port on VLAN1 but not on VLAN4.

Kind regard

Andreas

Tom Watts · ‎08-08-2012

Hi Andreas,

I'm not sure I understand.

VLAN4 should only be on this switch but should have the possibility to use the internet

So if I interpret this correctly, the 172.16.0.0 (vlan 1) network is not known to the switch while the 192.168.4.0 network is.

I understand you have vlan 1 and 4 on the switch. It sounds like you don't have vlan 1 ip interface defined.

If both IP interfaces are defined on the switch the ip route will populate with a directed connected notation.

So I will assume this is the switch configuration;

set system mode router

reload

y

config t

vlan database

vlan 4

int vlan 1

ip address 172.16.2.101 /16

int vlan 4

ip address 192.168.4.x /24

interface gi1

switchport mode trunk

switchport trunk allowed vlan add 4

interface gi2

switchport trunk native vlan 1

interface gi3

switchport trunk native vlan 4

If you connect your router to port 1

vlan 1 computer on port 2

vlan 4 computer on port 3

perform a show ip route you will see 2 directly connected routes.

The only work left to do will be your router with making static routes.

You can make 2 static routes on the router one pointing back to IP interface of the switch VLAN interface addresses.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

wehner · ‎08-10-2012

Hi Tom,

thanks for your patient.

You pretty much pictured my configuration.

The small difference is on gi1 where I'am connected to an umanaged switch with the router and the server (DNS,DHCP etc.)

I have one static route from the router to 172.16.2.101 for the 192.168.4.0 network. You mentioned 2 static routes on the router?

And I have a default route (0.0.0.0 to 172.16.0.55) to the router

And I can use the internet from the computer on gi3 (vlan4)

And I can ping the server 172.16.0.6 on vlan1 from gi3

But if I try to ping the router from gi3 (vlan4), I can see (on mirrored port with wireshark) on gi1 all 4 ping requests and all 4 replies. But on gi3 I get no replies. I see only the 4 requests.

Thanks again for your help

Andreas

Tom Watts · ‎08-10-2012

Andreas,

How I am reading your information is this way;

And I can use the internet from the computer on gi3 (vlan4)

The internet from 192.168.4.x works fine

And I can ping the server 172.16.0.6 on vlan1 from gi3

I am able to ping from 192.168.4.x to the server

But if I try to ping the router from gi3 (vlan4), I can see (on mirrored port with wireshark) on gi1 all 4 ping requests and all 4 replies. But on gi3 I get no replies. I see only the 4 requests.

I ping from 192.168.4.x to the router LAN interface IP 172.16.x.x I see the request but I do not receive a reply

My interpretation:

The server is considered directly connected and does not make a routing decision, therefore the packet destination will go to the server and come back as the route is through the switch only. When trying to ping the router from 192.168.4.x to 172.16.x.x, the router does not know the path back to forward the packet to the 192.168.4.x network. Your static route may be adjusted to be something such as 192.168.4.0 /24 172.16.x.x <- IP of the VLAn1 interface. Now, keep in mind, if your default gateway is the router's LAN ip address, you won't ping the router. But, if the computer's gateway is the switch's vlan interface, it should be able to get a reply from the router LAN side.

-Tom

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

sg300 and routing

Cisco Business Product Family

Cisco Switching Product Family