Solved: Inter VLan routing on SG300-52

egutierrez29 · ‎07-27-2015

Good night everyone!

I have the following scenario:

SG300-52 set to L3 with no managed router (connected directly to ISP)

I have created 6 VLAN's (30 to 35), and changed my default vlan to 30.

All VLAN's have their respective IP addresses (192.168.ID.2)

I have a Windows DHCP server for VLAN 30 (on port G2), and the switch is DHCP for VLAN's 34 and 35.

Gateways are set to the switch VLAN's IP addresses

The problems I've found are 2

1. If I set any port as access, with its corresponding IP Address inside of the VLAN's corresponding network, I can ping the gateway, but I cant ping any of the other switches interfaces. Also, I can't ping hosts that are in different VLAN's. If both hosts are in the same VLAN, they can ping each other without any problem. On the other hand, from the switch, I can ping any host on any VLAN, and also ping to Internet (8.8.8.8).

2. I can't navigate on any host connected to the switch, but I'm assuming this is caused by the 1st problem.

According to what I have read, at the very least, if I set any port to let's say Access on VLAN 31, and with this IP configuration on the host

IP: 192.168.31.3
Mask: 255.255.255.0
GW: 192.168.31.2

I should be able to ping the Windows server (IP 192.168.30.11), but it's not working. On the other hand, if I set up the port to Access on VLAN 30, I receive my IP from the DHCP server as follows

IP: 192.168.30.3
Mask: 255.255.255.0
GW: 192.168.30.2

and I can ping and connect without any problem to the Windows server.

Here's the routing table on the SG300

SW-CONSERVATORIO#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static

S   0.0.0.0/0 [1/1] via ISP_GIVEN_IP_GW, 03:03:33, gi52
C   192.168.30.0/24 is directly connected, vlan 30
C   192.168.31.0/24 is directly connected, vlan 31
C   192.168.32.0/24 is directly connected, vlan 32
C   192.168.33.0/24 is directly connected, vlan 33
C   192.168.34.0/24 is directly connected, vlan 34
C   192.168.35.0/24 is directly connected, vlan 35
C   ISP_GIVEN_IP_NET is directly connected, gi52

Here is the full configuration:

config-file-header
SW-CONSERVATORIO
v1.4.1.3 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

vlan database
default-vlan vlan 30
exit
vlan database
vlan 1,31-35
exit
voice vlan id 31
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp pool network DHCP_WiFi_Admin
address low 192.168.34.100 high 192.168.34.254 255.255.255.0
default-router 192.168.34.2
dns-server 192.168.30.11
exit

ip dhcp pool network DHCP_WiFi_Guest
address low 192.168.35.100 high 192.168.35.254 255.255.255.0
default-router 192.168.35.2
dns-server 192.168.30.11
exit

bonjour interface range vlan 1
hostname SW-CONSERVATORIO
ip ssh server
ip telnet server
!

interface vlan 1
 no ip address dhcp
!
interface vlan 30
 name DATA
 ip address 192.168.30.2 255.255.255.0
!
interface vlan 31
 name VOZ
 ip address 192.168.31.2 255.255.255.0
!
interface vlan 32
 name CCTV
 ip address 192.168.32.2 255.255.255.0
!
interface vlan 33
 name Control_de_Acceso
 ip address 192.168.33.2 255.255.255.0
!
interface vlan 34
 name WiFi_Admin
 ip address 192.168.34.2 255.255.255.0
!
interface vlan 35
 name WiFi_Guest
 ip address 192.168.35.2 255.255.255.0
!
interface range gigabitethernet 1-51
 switchport trunk allowed vlan add 31-35
!
interface gigabitethernet52
 description Internet
 ip address ISP_GIVEN_IP_ADD ISP_GIVEN_IP_MASK
 switchport trunk allowed vlan add 31-35
 switchport default-vlan tagged
!
exit
macro auto disabled
ip default-gateway ISP_GIVEN_IP_GW

Am I missing something obvious? Please any help would be greatly appreciated.

Brandon Svec · ‎07-28-2015

Strange. The only thing somewhat unique (compared to my common configs) is changing the default vlan. I agree it is worth defaulting and trying again either via web gui or CLI, but maybe you want to try changing the default vlan back to 1 and reloading just to see if that makes a difference. I also wonder with you current config if you made access ports for say vlan vlan 32 and 33 they can communicate? It seems like it might just be a problem with the default vlan.

-- please remember to rate and mark answered helpful posts --

View solution in original post

Brandon Svec · ‎07-27-2015

Here my observations and ideas-

- First, all you VLANs in this config are tagged on trunk ports and I am not 100% sure about this part, but since you changed the default VLAN to 30 I think you may need to add 'switchport native vlan 30' to the ports that you want to pass untagged traffic on that VLAN.

- double/triple check the default gateways on the host machines you are testing with. Like the Windows server you mentioned you are trying to ping are you sure it has the correct default gateway and no other static routes or interfaces that might interfere with returning traffic to 192.168.30.2

-- please remember to rate and mark answered helpful posts --

egutierrez29 · ‎07-28-2015

Hi Brandon

- Since it's already defined globally as the default vlan, when I try to add vlan 30 as native vlan per port it does nothing (the command is not even added to the configuration). Just confirming it was a feature on this switch, I tried setting vlan 31 as native on port 1, and the command appeared as expected.

- I verified default gateways on server. It's only connected through 1 port, and its set as follows:

IP: 192.168.30.11
Mask: 255.255.255.0
GW: 192.168.30.2

- Also for testing purposes, I set port 2 as access on vlan 30 (where the server is connected), and then port 25 as access on vlan 31 (and connected a PC to it), with their corresponding IP addresses and gateways, and still no ping between those 2. On the other hand, changing port 25 to access on vlan 30, and changing the IP configuration of the PC to the one used on that vlan, allowed PC and server to ping each other.

Later today I'm planning to erase all the configuration and start from scratch using only the web UI, just in case I'm missing something.

Brandon Svec · ‎07-28-2015

Strange. The only thing somewhat unique (compared to my common configs) is changing the default vlan. I agree it is worth defaulting and trying again either via web gui or CLI, but maybe you want to try changing the default vlan back to 1 and reloading just to see if that makes a difference. I also wonder with you current config if you made access ports for say vlan vlan 32 and 33 they can communicate? It seems like it might just be a problem with the default vlan.

-- please remember to rate and mark answered helpful posts --

egutierrez29 · ‎07-28-2015

Apparently it was precisely that. I changed the default vlan back to 1, and set native vlan per port only as I needed, and that way inter vlan communication worked flawlessly, even though i still kept vlan 1 with no ip address and without any configuration at all.

Thanks for your help Brandon!