09-15-2022 05:19 PM
Hello team!
I have an issue and I can't figure out the solution. I'm sure it's stupid obvious but it doesn't come up in my brain.
I'm setting up a new router with which I can currently ping internet and the GW ip from all vlans except vlan 5
From the GW router, I can ping 8.8.8.8 with source vlan 5
From new Router (that is uplinked to a switch that is itself uplink to the GW Router) I can ping GW RTR from source vlan 5 but not internet. I can ping internet with the new RTR if I don't use the vlan 5 source.
Thank you in advance for your help,
-Damien
Solved! Go to Solution.
09-20-2022 02:34 PM - last edited on 09-21-2022 02:39 AM by Translator
Am I correct in assuming that the link from the new router/switch to the GW is a routed link (layer 3 connection and not a trunk or other type of layer 2 connection)? If the connection is a routed link, and if this is the addressing for vlan 2008
ip address 10.65.238.253 255.255.255.0
Then the GW needs some type of routing information about how to get to that subnet. The new router/switch is running OSPF but only on vlan 2008. So I do not see how the GW could learn the subnet for vlan 2008 dynamically. And there is no static route on GW for that subnet. You could verify that this is the problem by posting the output of show ip route from the GW.
09-15-2022 10:39 PM
Hello,
post the full running configurations of both routers...
09-16-2022 02:12 AM
Hello
@BobCA wrote:
From the GW router, I can ping 8.8.8.8 with source vlan 5
From new Router (that is uplinked to a switch that is itself uplink to the GW Router) I can ping GW RTR from source vlan 5 but not internet. I can ping internet with the new RTR if I don't use the vlan 5 source.
I would say you would require Network Translation (NAT however you then mention "Source vlan" which is isn’t really applicable on a rtr unless you are manually specifying sub-interfaces.
As suggest by @Georg Pauwen please share you configuration and maybe a simple network topology.
09-16-2022 08:53 AM - last edited on 09-21-2022 02:38 AM by Translator
Of course, should have done that before, my bad.
Providing more background:
Previously, GW RTR was doing the routing for multiple building. I'm turning on routing on a switch in building xx so it is done locally.
That layer 3 switch is plugged into a 9200 stack that is itself plug into the GW RTR. I want to be sure the new vlan 2008 is able to ping internet so I can migrate the ssid clients to it while working on the others vlans/subnet. the GW RTR is plug into a router we don't manage that allow all our connection on the internet.
From the new XX RTR I can ping GW RTR from source vlan 2008, ping internet but not ping internet from source vlan 2008 while I can from the GW RTR.
XX RTR is uplinked to stack from gi1/0/1 and GW RTR is plugged into the stack from Ten1/1/3
New RTR config (I removed what I believe was unnecessary config);
-----------------
version 17.3
!
hostname Sxx-RTR
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication enable default enable
aaa authorization exec default local
!
aaa session-id common
boot system switch all cat9k_lite_iosxe.17.03.01.SPA.bin
clock timezone PST -7 0
switch 1 provision c9200-24p
!
!
!
!
vtp mode transparent
!
ip routing
!
ip name-server 10.71.251.8 10.71.251.24
ip domain list xxx.ca
ip domain name xxx.ca
!
!
!
login on-success log
no device-tracking logging theft
!
license boot level network-essentials addon dna-essentials
!
!
redundancy
mode sso
!
mdns-sd gateway
!
mdns-sd service-list mDNS_in IN
match apple-airprint
match airplay
match printer-ipps
match multifunction-printer
!
mdns-sd service-list mDNS_out OUT
match apple-airprint
match airplay
match printer-ipps
match multifunction-printer
!
mdns-sd service-policy xx_mDNS
service-list mDNS_in IN
service-list mDNS_out OUT
!
!
!
!
vlan 105
name YNET
!
vlan 810
name Building_Management
!
vlan 2000
name Infrastructure
!
vlan 2001
name Wired
!
vlan 2002
name Wireless
!
vlan 2003
name T_Wireless
!
vlan 2004
name S_Wireless
!
vlan 2005
name Guest_Wireless
!
vlan 2006
name IOT
!
vlan 2007
name VOIP_&_BPI
!
vlan 2008
name SPARE
!
vlan 2009
name SPARE2
!
vlan 2100,2480-2496
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
description UPLINK SWITCH
switchport mode trunk
!
!
interface Vlan1
no ip address
!
interface Vlan2008
ip address 10.65.238.253 255.255.255.0
!
interface Vlan2100
ip address 10.64.100.209 255.255.255.0
!
interface Vlan2480
description management
ip address 10.65.220.208 255.255.255.0
!
router ospf 841
network 10.65.238.0 0.0.0.255 area 0.0.0.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.64.100.254
!
!
!
end
-------
GW RTR config;
!
! Last configuration change at 08:07:50 PST Fri Sep 16 2022 by itss
!
version 16.12
!
hostname Fxx-Backbone-3650
!
aaa session-id common
boot system switch all flash:cat3k_caa-universalk9.16.12.04.SPA.bin
clock timezone PST -7 0
switch 1 provision ws-c3650-24td
!
ip routing
!
!
!
!
!
ip name-server 10.71.251.8 10.71.251.24
ip domain list xxx.ca
!
!
license boot level ipbasek9
!
!
diagnostic bootup level minimal
!
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 8,30,40,50,75,114-115,450,550,602-603,671,675,703,707,788
no spanning-tree vlan 851,860,882,898-900,910-914,920-921,970-974,977-999,2000
no spanning-tree vlan 2001-2029,2100-2129,2180-2183,2185-2188,2190-2197,2200
no spanning-tree vlan 2201-2202,2270-2280,2282-2289,2480-2499
memory free low-watermark processor 79489
!
redundancy
mode sso
!
mdns-sd gateway
!
mdns-sd service-definition GoogleExpedition
service-type _googexpeditions._tcp.local.
!
mdns-sd service-list mDNS_in IN
match apple-airprint
match airplay
match printer-ipps
match multifunction-printer
match GoogleExpedition
!
mdns-sd service-list mDNS_out OUT
match apple-airprint
match airplay
match printer-ipps
match multifunction-printer
match GoogleExpedition
!
mdns-sd service-policy xx_mDNS
service-list mDNS_in IN
service-list mDNS_out OUT
!
!
transceiver type all
monitoring
!
vlan 2000
name Infrastructure
!
vlan 2001
name Wired
!
vlan 2002
name Wireless
!
vlan 2003
name T_Wireless
!
vlan 2004
name S_Wireless
!
vlan 2005
name Guest_Wireless
!
vlan 2006
name IOT
!
vlan 2007
name VOIP_&_BPI
!
vlan 2008
name SPARE
!
vlan 2009
name SPARE2
!
vlan 2100
name F_Infrastructure
!
vlan 2480
name Sxx_Infrastructure
!
vlan 2481
name Sxx_Reserved1
!
vlan 2482
name Sxx_Wired_DHCP_1
!
vlan 2483
name Sxx_Wired_DHCP_2
!
vlan 2484
name Sxx_Wi-Fi
!
vlan 2486
name Sxx_Reserved2
!
vlan 2487
name Sxx_Reserved3
!
vlan 2488
name Sxx_T_Wi-Fi
!
vlan 2489
name Sxx_O_Wi-Fi
!
vlan 2490
name Sxx_S_Wi-Fi
!
vlan 2491
!
vlan 2492
name Sxx_S_WiFi
!
vlan 2494
name Sxx_Reserved4
!
vlan 2495
name Sxx_Reserved5
!
vlan 2496
name Sxx_Reserved6
!
vlan 2497
name Sxx_Reserved7
!
vlan 2498
name Sxx_Reserved8
!
vlan 2499
name Sxx_Reserved9
!
!
interface Port-channel1
!
interface Port-channel2
switchport mode trunk
!
interface Port-channel3
switchport mode trunk
!
interface TenGigabitEthernet1/1/3
description link to MLAN-Stack
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan2100
description Fxx_Infrastructure
ip address 10.64.100.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2480
description Sxx_Infrastructure
ip address 10.65.220.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2481
description Sxx__Wired_DHCP_1
ip address 172.16.27.254 255.255.255.0 secondary
ip address 10.65.221.254 255.255.255.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2482
description Sxx__Wired_DHCP_2
ip address 10.65.222.254 255.255.255.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2483
description Sxx__Wired_DHCP_3
ip address 10.65.223.254 255.255.255.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2484
description Sxx_Wi-Fi_1
ip address 10.65.225.254 255.255.254.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2486
description Sxx_reserved
ip address 10.65.226.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2487
description Sxx_Reserved3
ip address 10.65.227.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2488
description Sxx_T_Wi-Fi
ip address 10.65.228.254 255.255.255.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2489
description Sxx_1_WiFi
ip address 10.65.229.254 255.255.255.0
ip helper-address 10.71.250.3
mdns-sd gateway
service-policy SES_mDNS
!
interface Vlan2490
description Sxx_T_Wi-Fi_1/1-1
ip address 10.65.230.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2491
description Sxx_Reserved
ip address 10.65.231.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2492
description Sxx_S_Wi-Fi
ip address 10.65.235.254 255.255.252.0
ip helper-address 10.71.250.3
!
interface Vlan2496
description Sxx_Reserved5
ip address 10.65.236.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2497
description Sxx_Reserved6
ip address 10.65.237.254 255.255.255.0
ip helper-address 10.71.250.3
!
interface Vlan2499
description Sxx_Reserved8
ip address 10.65.239.254 255.255.255.0
ip helper-address 10.71.250.3
!
router ospf 841
network 10.64.10.0 0.0.0.255 area 0.0.0.0
network 10.64.11.0 0.0.0.255 area 0.0.0.0
network 10.64.12.0 0.0.0.255 area 0.0.0.0
network 10.64.13.0 0.0.0.255 area 0.0.0.0
network 10.64.14.0 0.0.1.255 area 0.0.0.0
network 10.64.16.0 0.0.0.255 area 0.0.0.0
network 10.64.17.0 0.0.0.255 area 0.0.0.0
network 10.64.18.0 0.0.1.255 area 0.0.0.0
network 10.64.20.0 0.0.3.255 area 0.0.0.0
network 10.64.24.0 0.0.0.255 area 0.0.0.0
network 10.64.25.0 0.0.0.255 area 0.0.0.0
network 10.64.26.0 0.0.0.255 area 0.0.0.0
network 10.64.27.0 0.0.0.255 area 0.0.0.0
network 10.64.28.0 0.0.0.255 area 0.0.0.0
network 10.64.29.0 0.0.0.255 area 0.0.0.0
network 10.64.100.0 0.0.0.255 area 0.0.0.0
network 10.64.101.0 0.0.0.255 area 0.0.0.0
network 10.64.102.0 0.0.0.255 area 0.0.0.0
network 10.64.103.0 0.0.0.255 area 0.0.0.0
network 10.64.104.0 0.0.0.255 area 0.0.0.0
network 10.64.105.0 0.0.0.255 area 0.0.0.0
network 10.64.106.0 0.0.0.255 area 0.0.0.0
network 10.64.107.0 0.0.0.255 area 0.0.0.0
network 10.64.108.0 0.0.0.255 area 0.0.0.0
network 10.64.109.0 0.0.0.255 area 0.0.0.0
network 10.64.110.0 0.0.1.255 area 0.0.0.0
network 10.64.112.0 0.0.7.255 area 0.0.0.0
network 10.64.120.0 0.0.3.255 area 0.0.0.0
network 10.64.124.0 0.0.0.255 area 0.0.0.0
network 10.64.125.0 0.0.0.255 area 0.0.0.0
network 10.64.126.0 0.0.0.255 area 0.0.0.0
network 10.64.127.0 0.0.0.255 area 0.0.0.0
network 10.64.129.0 0.0.0.255 area 0.0.0.0
network 10.65.10.0 0.0.0.255 area 0.0.0.0
network 10.65.11.0 0.0.0.255 area 0.0.0.0
network 10.65.12.0 0.0.1.255 area 0.0.0.0
network 10.65.14.0 0.0.1.255 area 0.0.0.0
network 10.65.16.0 0.0.0.255 area 0.0.0.0
network 10.65.17.0 0.0.0.255 area 0.0.0.0
network 10.65.18.0 0.0.1.255 area 0.0.0.0
network 10.65.20.0 0.0.3.255 area 0.0.0.0
network 10.65.220.0 0.0.0.255 area 0.0.0.0
network 10.65.221.0 0.0.0.255 area 0.0.0.0
network 10.65.222.0 0.0.0.255 area 0.0.0.0
network 10.65.223.0 0.0.0.255 area 0.0.0.0
network 10.65.224.0 0.0.1.255 area 0.0.0.0
network 10.65.226.0 0.0.0.255 area 0.0.0.0
network 10.65.227.0 0.0.0.255 area 0.0.0.0
network 10.65.228.0 0.0.0.255 area 0.0.0.0
network 10.65.229.0 0.0.0.255 area 0.0.0.0
network 10.65.230.0 0.0.0.255 area 0.0.0.0
network 10.65.231.0 0.0.0.255 area 0.0.0.0
network 10.65.232.0 0.0.3.255 area 0.0.0.0
network 10.65.236.0 0.0.0.255 area 0.0.0.0
network 10.65.237.0 0.0.0.255 area 0.0.0.0
network 10.65.239.0 0.0.0.255 area 0.0.0.0
network 10.70.254.0 0.0.0.255 area 0.0.0.0
network 10.191.0.0 0.0.0.255 area 0.0.0.0
network 172.16.27.0 0.0.0.255 area 0.0.0.0
neighbor 10.70.254.254
!
ip forward-protocol nd
no ip http server
ip http authentication local
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.70.254.254
!
!
ntp server 172.16.1.246
!
end
09-20-2022 08:28 AM
Any ideas team?
09-20-2022 09:06 AM
Hello,
it is difficult to figure out what your topology looks like. Can you post a schematic drawing showing how your devices are connected ? Which device is the one that is connected to the ISP ?
09-20-2022 02:34 PM - last edited on 09-21-2022 02:39 AM by Translator
Am I correct in assuming that the link from the new router/switch to the GW is a routed link (layer 3 connection and not a trunk or other type of layer 2 connection)? If the connection is a routed link, and if this is the addressing for vlan 2008
ip address 10.65.238.253 255.255.255.0
Then the GW needs some type of routing information about how to get to that subnet. The new router/switch is running OSPF but only on vlan 2008. So I do not see how the GW could learn the subnet for vlan 2008 dynamically. And there is no static route on GW for that subnet. You could verify that this is the problem by posting the output of show ip route from the GW.
09-20-2022 03:16 PM - edited 09-20-2022 03:17 PM
Hi Richard,
you were right.. i'm missing the route for vlan 2008 in the router ospf table. So I added network 10.65.238.0 0.0.0.255 area 0.0.0.0 and now the ping is coming back to the new RTR.
I thought that only one router could advertise the route in its OSPF table then it will share it with its neighbour (GW). I guess I got that wrong!
Also the 2 switches between the new RTR and the GW are layer 2 using trunk ports as uplink.
09-20-2022 10:13 PM
I am glad that my suggestion helped you identify and then solve the problem. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide