Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6850
Views
20
Helpful
9
Replies

Vlan routing. Can't ping a router GW

Go to solution
Alex47
Level 1
Level 1

‎12-13-2018 07:57 AM - edited ‎03-05-2019 11:06 AM

Hi guys, it is probably something really stupid, but I need your help. I have sg300-28 (layer 3 - 192.168.5.254)

Pfsense router(192.168.5.1) connected to port 25 on the switch.

On the switch, I have DHCP and 2 VLANs(for simplicity): VLAN 1 - default VLAN (192.168.5.0/24) and VLAN 20 (192.168.20.0/24)

VLAN 1: ports 1-7 access,

VLAN 20: port 8 access, trunk port 25, tagged.

###

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
paul driver
VIP
VIP

‎12-13-2018 09:35 AM - edited ‎12-13-2018 09:38 AM

Hello

@Alex47 wrote:

 

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

Sw
Have port 25 as an access port in vlan 1 and add static default route towards rtr
ip route 0.0.0.0 0.0.0.0 vlan1 192.168.5.1

RTR

Needs to nat for vlan 20, so add that subnet to the rtrs nat config

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Go to solution
Larry Sullivan
Level 3
Level 3
In response to Alex47

‎12-13-2018 11:20 AM

You may have port 25 belonging to multiple VLANs, but how does the router know that?  It's just configured for layer 3 IP 192.168.5.1?  So it will only accept that subnet.  On the router you need to either create sub-interfaces (if even possible, not sure of the brand/model) with a GW for vlan 20 and 1 or like already stated, make port 25 VLAN 1 with switch default-gw pointing to the router VLAN 1 GW IP. 

View solution in original post

9 Replies 9

Go to solution
Larry Sullivan
Level 3
Level 3

‎12-13-2018 08:21 AM - edited ‎12-13-2018 08:25 AM

"I have sg300-28 (layer 3 - 192.168.5.254)"

 

"VLAN 20 192.168.20.0 255.255.255.0 192.169.5.254"

 

Typo?

 

Also, what are the interface configs on the router that goes down to the switch?

0 Helpful

Go to solution
Alex47
Level 1
Level 1
In response to Larry Sullivan

‎12-13-2018 08:58 AM - edited ‎12-13-2018 09:03 AM

Yep. It is a typo. Sorry texting on a phone.

Lan on the router is 192.168.5.1. No subinterfaces or anything... Tried to add it, but nothing changed. Maybe did something wrong.

0 Helpful

Go to solution
Kasun Bandara
VIP
VIP

‎12-13-2018 08:41 AM

can you set VLAN 20: port 25 access
Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

Go to solution
paul driver
VIP
VIP

‎12-13-2018 09:35 AM - edited ‎12-13-2018 09:38 AM

Hello

@Alex47 wrote:

 

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

Sw
Have port 25 as an access port in vlan 1 and add static default route towards rtr
ip route 0.0.0.0 0.0.0.0 vlan1 192.168.5.1

RTR

Needs to nat for vlan 20, so add that subnet to the rtrs nat config

 

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Alex47
Level 1
Level 1
In response to paul driver

‎12-13-2018 11:13 AM

 

Port 25 belongs to multiple VLANs. So how should I do this? And why? 

I do have routes:

S 0.0.0.0/0 via 192.168.5.1 vlan 1

C 192.168.5.0/24 is directly connected, vlan 1

C 192.168.20.0/24 is directly connected, vlan 20

Added wan/source any/destination 192.168.20.0/24.

 

 

0 Helpful

Go to solution
Larry Sullivan
Level 3
Level 3
In response to Alex47

‎12-13-2018 11:20 AM

You may have port 25 belonging to multiple VLANs, but how does the router know that?  It's just configured for layer 3 IP 192.168.5.1?  So it will only accept that subnet.  On the router you need to either create sub-interfaces (if even possible, not sure of the brand/model) with a GW for vlan 20 and 1 or like already stated, make port 25 VLAN 1 with switch default-gw pointing to the router VLAN 1 GW IP. 

Go to solution
paul driver
VIP
VIP
In response to Alex47

‎12-13-2018 12:24 PM - edited ‎12-13-2018 12:25 PM

Hello

your switch is performing  the inter vlan ( vlan 1-20) routing correct with a default route pointing towards the rtrs lan facing interface .1

 

The rtr has a static route back towards the switch to know how to reach vlan20 

It also has an interface in vlan 1 so you only need a access port connection from your switch to your rtr in vlan 1 not a trunk 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paul driver

‎12-13-2018 01:54 PM

I would like to know more about this

Pfsense router(192.168.5.1) connected to port 25 on the switch.

 

Can you tell us more about this device? If port 25 is a switch then does this device connected to port 25 have configuration for the trunk? Does it have any security policies that impact 192.168.20? Does it have an interface on the trunk for vlan 20? If the host in vlan 20 has its default gateway as the SG then its attempt to ping 5.1 would go to the SG which would forward to 5.1. But if 5.1 also has an interface in vlan 20 then it wold attempt to send its response directly  to the host in vlan 20. Is it possible that this creates an asymmetric path and that pfsense objects to the asymmetry?

 

HTH

 

Rick

HTH

Rick

Go to solution
Georg Pauwen
VIP
VIP

‎12-13-2018 10:33 AM

Hello,

 

on a side note, and I might have missed this, do you have a static default route on the SG300 pointing to 192.168.5.1 (page 276 of the attached guide) ?

 

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card