Solved: Vlan routing. Can't ping a router GW

Alex47 · ‎12-13-2018

Hi guys, it is probably something really stupid, but I need your help. I have sg300-28 (layer 3 - 192.168.5.254)

Pfsense router(192.168.5.1) connected to port 25 on the switch.

On the switch, I have DHCP and 2 VLANs(for simplicity): VLAN 1 - default VLAN (192.168.5.0/24) and VLAN 20 (192.168.20.0/24)

VLAN 1: ports 1-7 access,

VLAN 20: port 8 access, trunk port 25, tagged.

###

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

paul driver · ‎12-13-2018

Hello

@Alex47 wrote:

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

Sw
Have port 25 as an access port in vlan 1 and add static default route towards rtr
ip route 0.0.0.0 0.0.0.0 vlan1 192.168.5.1

RTR

Needs to nat for vlan 20, so add that subnet to the rtrs nat config

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

View solution in original post

Larry Sullivan · ‎12-13-2018

You may have port 25 belonging to multiple VLANs, but how does the router know that? It's just configured for layer 3 IP 192.168.5.1? So it will only accept that subnet. On the router you need to either create sub-interfaces (if even possible, not sure of the brand/model) with a GW for vlan 20 and 1 or like already stated, make port 25 VLAN 1 with switch default-gw pointing to the router VLAN 1 GW IP.

View solution in original post

Larry Sullivan · ‎12-13-2018

"I have sg300-28 (layer 3 - 192.168.5.254)"

"VLAN 20 192.168.20.0 255.255.255.0 192.169.5.254"

Typo?

Also, what are the interface configs on the router that goes down to the switch?

Alex47 · ‎12-13-2018

Yep. It is a typo. Sorry texting on a phone.

Lan on the router is 192.168.5.1. No subinterfaces or anything... Tried to add it, but nothing changed. Maybe did something wrong.

Kasun Bandara · ‎12-13-2018

can you set VLAN 20: port 25 access

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB

paul driver · ‎12-13-2018

Hello

@Alex47 wrote:

VLAN 1 host can ping everything and has access to the internet.

VLAN 20 host can ping all devices on VLAN 1 and ping switch gateway(192.168.5.254).

BUT, it can't ping the router's IP (192.168.5.1) and obviously no internet.

On the router, I created a static route: VLAN 20 192.168.20.0 255.255.255.0 192.168.5.254 (to be able to ping all devices/inter VLAN)

Sw
Have port 25 as an access port in vlan 1 and add static default route towards rtr
ip route 0.0.0.0 0.0.0.0 vlan1 192.168.5.1

RTR

Needs to nat for vlan 20, so add that subnet to the rtrs nat config

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Alex47 · ‎12-13-2018

Port 25 belongs to multiple VLANs. So how should I do this? And why?

I do have routes:

S 0.0.0.0/0 via 192.168.5.1 vlan 1

C 192.168.5.0/24 is directly connected, vlan 1

C 192.168.20.0/24 is directly connected, vlan 20

Added wan/source any/destination 192.168.20.0/24.

Larry Sullivan · ‎12-13-2018

You may have port 25 belonging to multiple VLANs, but how does the router know that? It's just configured for layer 3 IP 192.168.5.1? So it will only accept that subnet. On the router you need to either create sub-interfaces (if even possible, not sure of the brand/model) with a GW for vlan 20 and 1 or like already stated, make port 25 VLAN 1 with switch default-gw pointing to the router VLAN 1 GW IP.

paul driver · ‎12-13-2018

Hello

your switch is performing the inter vlan ( vlan 1-20) routing correct with a default route pointing towards the rtrs lan facing interface .1

The rtr has a static route back towards the switch to know how to reach vlan20

It also has an interface in vlan 1 so you only need a access port connection from your switch to your rtr in vlan 1 not a trunk

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Richard Burts · ‎12-13-2018

I would like to know more about this

Pfsense router(192.168.5.1) connected to port 25 on the switch.

Can you tell us more about this device? If port 25 is a switch then does this device connected to port 25 have configuration for the trunk? Does it have any security policies that impact 192.168.20? Does it have an interface on the trunk for vlan 20? If the host in vlan 20 has its default gateway as the SG then its attempt to ping 5.1 would go to the SG which would forward to 5.1. But if 5.1 also has an interface in vlan 20 then it wold attempt to send its response directly to the host in vlan 20. Is it possible that this creates an asymmetric path and that pfsense objects to the asymmetry?

HTH

Rick

HTH

Rick

Georg Pauwen · ‎12-13-2018

Hello,

on a side note, and I might have missed this, do you have a static default route on the SG300 pointing to 192.168.5.1 (page 276 of the attached guide) ?

https://www.cisco.com/c/dam/en/us/td/docs/switches/lan/csbms/sf30x_sg30x/administration_guide/78-19308-01.pdf