cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2439
Views
5
Helpful
7
Replies

SWITCH L3 SG250-18 3 THE VLANs ROUTING DOESN'T WORKS PROPERLY

Hi,

I need to configure a switch SG250-18 L3 to routing traffic from VLANs.

I have defined 3 VLAN (ID 1, 2 and 11)


The VLAN 1 is for a closed management networks where are all PC

The VLAN 11 is only for a closed big data transfer (Vmotion, Backups and other)

The VLAN 2 is to enable me to have internet access only when I need and I am authorized

 

from a PC on VLAN 1

1) I can ping default gateway of VLAN 11 and a PC on this VLAN

2) I can ping an IP on VLAN 2 but I receive many packets lost (I suppose that this problem can be connected came back route, in the test environement actually I can't insert this routing rule )


from a PC on VLAN 11

1) I can ping default gateway of VLAN 1

2) I can't ping a PC on this VLAN ( the traceroute told me that arrive on Default gateway on this VLAN 1)

3) I can ping an IP on VLAN 2 but I receive many packets lost (I suppose that this problem can be connected came back route, in the test environement actually I can't insert this routing rule )


From the switch using SSH

1) I can ping PC on VLAN 1

1) I can ping PC on VLAN 2

1) I can ping PC on VLAN 11

1) I can ping IP on Internet


I suppose that there is the routing Table problems, but I don't understund.


I see that only the default VLAN can routing IP with other VLAN in outgoing.

The VLANs added cann't do this.

I need to do some rules or enable some function that I don't know?


This is my configuration

config-file-header
A-CISCO-SarBioEner
v2.5.0.83 / RTESLA2.5_930_364_091
CLI v1.0
file SSD indicator excluded
@
!
unit-type-control-start
unit-type unit 1 network gi uplink none
unit-type-control-end
!
vlan database
vlan 2,11
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname A-CISCO-SarBioEner
username admin password encrypted aa7e273bb51a8ef39eac9d4fc25036e513d030dd privilege 15
clock timezone J +1
clock summer-time web recurring eu
no ip domain lookup
ip name-server 8.8.8.8
!
interface vlan 1
name "RETE 0 GESTIONE SISTEMI CONTROLL"
ip address 192.168.0.1 255.255.255.0
no ip address dhcp
!
interface vlan 2
name "RETE AZIENDALE PER INTERNET"
ip address dhcp
!
interface vlan 11
name "RETE 11 STORAGE ED INTERNET"
ip address 192.168.11.1 255.255.255.0
!
interface GigabitEthernet1
switchport access vlan 2
switchport general pvid 2
switchport trunk native vlan 2
!
interface GigabitEthernet2
switchport mode trunk
switchport access vlan 11
switchport general pvid 11
switchport trunk native vlan 11
switchport trunk allowed vlan 2-4094
!
interface GigabitEthernet3
switchport access vlan 11
switchport general pvid 11
switchport trunk native vlan 11
!
interface GigabitEthernet9
switchport access vlan 2
switchport general pvid 2
switchport trunk native vlan 2
!
interface GigabitEthernet10
switchport mode trunk
switchport access vlan 11
switchport general pvid 11
switchport trunk native vlan 11
switchport trunk allowed vlan 2-4094
!
interface GigabitEthernet11
switchport access vlan 11
switchport general pvid 11
switchport trunk native vlan 11
!
exit
banner login 
A-CISCO-SarBioEnergy

banner exec 
A-CISCO-SarBioEnergy


These are the routing tables

A-CISCO-SarBioEner#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S 0.0.0.0/0 [1/4] via 192.168.1.1, 14:51:58, vlan 2
C 192.168.0.0/24 is directly connected, vlan 1
C 192.168.1.0/24 is directly connected, vlan 2
C 192.168.11.0/24 is directly connected, vlan 11

A-CISCO-SarBioEner#

1 Accepted Solution

Accepted Solutions

balaji.bandi
Hall of Fame
Hall of Fame

make the device - #System mode router  - when you change this configuration will be lost, so take the config before issue the command.

 

Make sure all the PC Windows FW disabled.

 

Make sure Port setup to access VLAN ( and you setup PVID - not sure you really need it ? and also setup trun ?)

 

You just need a simple configuration as below :

 

 

interface GigabitEthernet9
switchport access vlan 2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

View solution in original post

7 Replies 7

Hello,

 

I don't see 'ip routing' in the output you have posted, add that through the CLI, or watch how do enable ipv4 routing in this short video:

 

https://www.youtube.com/watch?v=ZdEe7cU3x1Q

Hi,

Thanks lot four your time and support.

 

I have see the video suggested by you.

I have noted that in the configuration there aren't "ip routing", for this reason I have performed the command "shop ip route". that you can found in the last line of my discussion.

This command told me that the "IP Forwarding is enabled".

I repeat here the result

These are the routing tables

A-CISCO-SarBioEner#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S 0.0.0.0/0 [1/4] via 192.168.1.1, 14:51:58, vlan 2
C 192.168.0.0/24 is directly connected, vlan 1
C 192.168.1.0/24 is directly connected, vlan 2
C 192.168.11.0/24 is directly connected, vlan 11

balaji.bandi
Hall of Fame
Hall of Fame

make the device - #System mode router  - when you change this configuration will be lost, so take the config before issue the command.

 

Make sure all the PC Windows FW disabled.

 

Make sure Port setup to access VLAN ( and you setup PVID - not sure you really need it ? and also setup trun ?)

 

You just need a simple configuration as below :

 

 

interface GigabitEthernet9
switchport access vlan 2

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB,

Thanks lot for your time ad support.

I am working on a switch L3 and I don't have licence to run the command suggested by you.

Yes I am sure the all IP have echo ping enableb, infact by ssh connection from switch I can ping all without problems.

balaji.bandi
Hall of Fame
Hall of Fame

But your switch has config this one ? if all the ports are Layer 3 ? i do not belive so.

 

or am i reading the wrong device here ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Hi BB,

as you have suggest me:

1) I have restarded form factory configuration,

2) done a new configuration with only basic information


Now it's works.


Thanks lot for your support

balaji.bandi
Hall of Fame
Hall of Fame

Glad to know all working as expected, thanks for confirming all working as expected and marked as solution.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: