cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

641
Views
5
Helpful
5
Replies
meckhardt
Beginner

RV345 Static Routing - Inter-Vlans Not working

Hi Everyone! I'm new in this Community.

 

I work for a School and we are setting up the entire network because finally I've got an office to build a DataCenter. 

 

The problem im having its driving me crazy, and at this point I don't know if its the router or my Switches.

I can ping any device while im connected at the switches, and every device can reach the router, internet, etc.

The problem starts when im trying to ping or reach a device from router to switches. I've tried pinging and tracerouting from the cisco diagnostics tab, but host is inaccesible.

 

Other 2 things of the RV345 that I cant figure out is, where RTSP config is and where I can set the port mode for VLANS as TRUNK - GENERAL- ACCESS. I couldn't find any info about that.

 

My config is:

1 Cisco RV345                                                      -GATEWAY, VLANS, Relay of DHCP. SNMP

1 TP LINK  T2600g-28mbps Managed Switch       -ROOT SWITCH - RTSP - VLANS - SNMP

6 TP LINK T2600g-28mbps Managed Switch        -VLANS - RTSP - VLANS - SNMP

1 Windows Server 2016                                         -DHCP - DNS -  SNMP

 

Gateway interfaces     DC Switch Interfaces 

10.0.101.254             10.0.101.253

10.0.110.254             10.0.110.253

10.0.120.254             10.0.120.253

10.0.130.254             10.0.130.253

10.0.140.254             10.0.140.253

 

Connections

ISP1 to Cisco WAN1 Port

ISP2 to Cisco WAN2 Port

DC Switch - to Cisco 16 Port - VLANS TAGGED: 101,110,120,130,140. UNTAGGED: 1

Remote Switches - to DC Switch to 18-24 Port VLANS TAGGED: 101,110,120,130,140. UNTAGGED: 1

IP Cameras - Remote Switches to 1-8 Port  VLANS TAGGED: 1 UNTAGGED: 101

LAN Clientes - Remote Switches to 9-17 Port VLANS TAGGED: 1 UNTAGGED: 120

 

VLANS

VLAN 1                                   DEFAULT VLAN

VLAN 101.  DHCP ENABLE -   FOR IP CCTV

VLAN 110.                              FOR  SERVERS

VLAN 120   DHCP ENABLE -   FOR LAN CLIENTS

VLAN 130.  DHCP ENABLE -   FOR  GUESTS

VLAN 140.                              FOR  MANAGEMENT

 

Cisco Inter-Vlans its enabled for every vlan

 

Static Routing for Rv and Switches

Network          Mask                    Next Hop            Metric     Interface

10.0.101.0      255.255.255.0     10.0.101.254          1        VLAN101

10.0.110.0      255.255.255.0     10.0.110.254          1        VLAN110

10.0.120.0      255.255.255.0     10.0.120.254          1        VLAN120

10.0.130.0      255.255.255.0     10.0.130.254          1        VLAN130

10.0.140.0      255.255.255.0     10.0.140.254          1        VLAN140

 

Well, I hope someone has a minute to take a look at my case and tell me what am I doing wrong.

 

Would appreciate any hint..

 

Thanks!

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

5 REPLIES 5
chadbaird2431
Beginner

Took me a minute but here is the issue. 

 

Once you untag a vlan on a port and tag another; the port becomes a 'trunk'. Then you want to untag the vlan you would like the device to use.   Vlan  1 is not used. Vlan 140 should be untagged if you want that port to be a trunk and have that device accessible from the '140'. management subnet. Untagged means that's the default vlan for the trunk-interface. Tagged means it's a vlan to be passed on and interpreted elsewhere Clear as mud?  

 

The reason you can't reach the switch's and stuff is because their on a un-used vlan1. Vlan 140 should be the untagged vlan everywhere. 10.0.140.0/24 subnet is management. 

 

And the vlan interfaces(the sub interfaces) should only live in one place in the network. Preferably on some layer 3 switch and not the firewall. And you don't need static routes with a directly connected network. There should be no routing statements in this small network. 

 

Just untag vlan 140 and you'll be good.  

 

Gateway interfaces     DC Switch Interfaces 

10.0.101.254             10.0.101.253

10.0.110.254             10.0.110.253

10.0.120.254             10.0.120.253

10.0.130.254             10.0.130.253

10.0.140.254             10.0.140.253

 

Connections

ISP1 to Cisco WAN1 Port

ISP2 to Cisco WAN2 Port

DC Switch - to Cisco 16 Port - VLANS TAGGED: 101,110,120,130 UNTAGGED: 140

Remote Switches - to DC Switch to 18-24 Port VLANS TAGGED: 101,110,120,130 UNTAGGED: 140

IP Cameras - Remote Switches to 1-8 Port  VLANS TAGGED: 101 UNTAGGED: 140

LAN Clientes - Remote Switches to 9-17 Port VLANS TAGGED: 120 UNTAGGED: 140

 

VLANS

VLAN 1                                   DEFAULT VLAN

VLAN 101.  DHCP ENABLE -   FOR IP CCTV

VLAN 110.                              FOR  SERVERS

VLAN 120   DHCP ENABLE -   FOR LAN CLIENTS

VLAN 130.  DHCP ENABLE -   FOR  GUESTS

VLAN 140.                              FOR  MANAGEMENT

It Worked! Thanks so much!! I hate when im hours dealing with this stuff and knowing that the solution should be something so simple!

 

These are some doubts that arose about your answer,

 

Ive changed all my TRUNK ports to VLAN140 untagged and only tagging the others vlans I want and now I can ping from both sides. (both RV and switches)

 

The only thing I didn't understand is that if I must untag with vlan140 every port of my switches and tag the ports which i want an specific vlan? cause I've tried this but when I tag a Port with vlan101 for example,  the ip camera connected in that port will not work.

My Ip cameras and NVR are configured with static ip 10.0.101.X

 

Maybe im misunderstanding concepts

 

Untagged: For trunk or connected devices wich don't have vlan taggin option?

tagged: Switches or devices wich have a vlan taggin option

 

And the other thing, my switchtes are configured at layer3 with an interface for every vlan, should I remove in my cisc rv every interface leaving only in vlan140? The thing is I have my relays to dhcp in the router, should I relay at my switches level? and if I do that, will my devices plugged in the RV get ip from the dhcp? 

 

Thanks Again for taking a moment to see my problem!

 

Cheers!

 

 

 

 

 

 

I think the concept of untagged vs tagged is confusing no matter what. Cisco calls ports access or trunk. It gets me confused as heck every time I have to go back to it.  You're not alone. :-) 

 

Access port= one un-tagged vlan

Trunk = Untagged vlan(native vlan) + tagged vlan(how ever many you choose)

 

Here's an example;  If you have a port with a wireless device and it's the only device that will be on that vlan; and you don't want to display multiple SSID's associated with vlans, then that port will be only one untagged vlan.(accessport) Otherwise make it a trunk so you can have a vlan associated with an SSID.

 

SSID = network subnet(if you want to run it that way) Otherwise make the port an access port on whichever Vlan is your wireless vlan. 

 

Let me know if that makes sense.

 

I included a picture of the vlans on my hp to show you both Cisco and HP switches and the vlan interfaces. 

 

On the 5520 you see a Gig0/1.200 Gi 0/1.201  and so on. Those are sub interfaces of gi 0/1  and the 5520 is doing the vlan routing and; DHCP, that interface is a trunk. The management Vlan is 200. 

 

 

On the 2960 switch, Vlan 200 is the native vlan on the trunks. 

 

( I edited this for errors)

 

 

Cisco 5520: 

System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside unassigned unassigned DHCP
GigabitEthernet0/1.108 2921 192.168.0.9 255.255.255.252 manual
GigabitEthernet0/1.200 inside 172.16.5.6 255.255.255.0 CONFIG
GigabitEthernet0/1.201 wireless 172.16.6.65 255.255.255.224 CONFIG
GigabitEthernet0/1.202 Camera 172.16.6.129 255.255.255.224 CONFIG
GigabitEthernet0/1.203 VPN-Extranet 172.16.6.193 255.255.255.224 CONFIG
GigabitEthernet0/1.204 servers 172.16.6.97 255.255.255.224 CONFIG
GigabitEthernet0/3 Centurylink-wan  255.255.255.248 CONFIG
 

Cisco 2960: 

2960-LAB#sh vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/26, Gi1/0/27
10 VLAN0010 active
20 VLAN0020 active
108 VLAN0108 active Gi1/0/2, Gi1/0/19
200 VLAN0200 active Gi1/0/2, Gi1/0/5, Gi1/0/8, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/22, Gi1/0/23
Gi1/0/24, Gi1/0/25
201 VLAN0201 active
202 VLAN0202 active Gi1/0/6, Gi1/0/7
203 VLAN0203 active Gi1/0/3, Gi1/0/23
204 VLAN0204 active Gi1/0/9
900 VLAN0900 active
901 VLAN0901 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
 
2960-LAB#sh int trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/4 on 802.1q trunking 200
Gi1/0/21 on 802.1q trunking 200

 

 

 

Chad

 

 

A D'Auria
Beginner

Hi Meckhardt,

 

I'll try to help out here.

 

For VLAN's and trunking....  You will find that under LAN--> VLAN Settings - scroll to the bottom of the page and you will see a table you need to edit per-interface and VLAN. To make a Trunk port, set all VLAN's on that port to T (Tagged) except for one that must be set to U (Untagged) and will be used for the Native VLAN on that trunk port.

 

For inter-VLAN routing - Also under LAN--> VLAN Settings - there is a column marked "Inter-VLAN Routing" - make sure there is a checkmark in each box for each VLAN that you want to be able to communicate with other VLANs.

 

There is next to that checkbox another one labeled "Device Management" - you need to have this checked for the management VLAN _and_ any other VLAN where you have AVC/DPI/WebFiltering/Security services enabled.

 

Now, after having typed this up and looking again at your config a bit, you seem to have the trunk port and inter-vlan stuff set correctly.

 

Do you see your end devices in the ARP table?

 

Why do you need static routing? If the layer 3 interface is on the RV345 and inter-vlan routing is on, the RV345 should pass the traffic to the other VLAN - unless you have Firewall rules on the RV345 blocking that.

 

I don't know if any of what I have written here is helpful. I'll check back to see if you've replied.

 

lol - sorry - didn't see that this had already been answered.