10-13-2014 06:14 PM
I know several similar questions have been asked on this topic, but following the guidelines had no success for me.
I have created the VLANs with the SG300-10 in L3 mode, but clients in each VLAN aren't able to ping each other. Each VLAN can ping the router, switch, and has internet access
Below is my setup info.
config-file-header
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router
file SSD indicator excluded
@
port jumbo-frame
vlan database
vlan 2-4
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network VLan 2
address low 192.168.2.2 high 192.168.2.254 255.255.255.0
lease infinite
default-router 192.168.2.1
dns-server 8.8.8.8
exit
ip dhcp pool network VLan 3
address low 192.168.3.2 high 192.168.3.254 255.255.255.0
lease infinite
default-router 192.168.3.1
dns-server 8.8.8.8
exit
ip dhcp pool network VLan 4
address low 192.168.4.2 high 192.168.4.254 255.255.255.0
lease infinite
default-router 192.168.4.1
dns-server 8.8.8.8
exit
bonjour interface range vlan 1
exit
username cisco password encrypted privilege 15
ip http timeout-policy 1800 http-only
clock timezone " " -4
clock source browser
ip telnet server
!
interface vlan 1
ip address 192.168.1.20 255.255.255.0
no ip address dhcp
!
interface vlan 2
name A
ip address 192.168.2.1 255.255.255.0
!
interface vlan 3
name B
ip address 192.168.3.1 255.255.255.0
!
interface vlan 4
name C
ip address 192.168.4.1 255.255.255.0
!
interface gigabitethernet1
switchport mode access
!
interface gigabitethernet2
switchport mode access
!
interface gigabitethernet3
switchport mode access
!
interface gigabitethernet4
switchport mode access
switchport access vlan 3
!
interface gigabitethernet5
switchport mode access
switchport access vlan 4
!
interface gigabitethernet6
switchport mode access
switchport access vlan 4
!
interface gigabitethernet7
switchport mode access
!
interface gigabitethernet8
switchport mode access
!
interface gigabitethernet9
switchport mode access
!
interface gigabitethernet10
switchport mode access
!
exit
ip default-gateway 192.168.1.1
My Router is Actiontec M1424WR (Rev E) with the following routing table setup:
So my questions/challenges are:
1) client in VLAN 3, (192.168.3.2/24) can ping Switch (192.168.1.20/24) and router (192.168.1.1/24), and VLAN 4 (192.168.4.1/24)
, but NOT client in VLAN 4 (192.168.4.2/24)
2) that issue is common across all the VLANs
3) The final network setup is below, but right now in the testing phase. VLAN 5 has not been setup yet.
The final setup would allow VLAN 2 & VLAN 5 to communicate to access the NAS.
Any help will be greatly appreciated, thank you!
Solved! Go to Solution.
10-15-2014 04:52 AM
Hi,
To me it looks like clients used for the testing such as Windows PC have firewall blocking different subnet request. Try to disable windows firewall and test ping.
Regards,
Aleksandra
10-13-2014 08:26 PM
I suspect the problem is your default gateways on your devices are not correct. You should decide to do all inter-vlan routing on either the switch or the router, but not both.
You also appear to have several IP addresses assigned in your router and in the switch that are identical like 192.168.4.1, for example.
Basically, default gateway for devices on each VLAN should be the VLAN interface assigned in the switch and then they will be able to route to each other. Additionally get rid of the multiple IP assignments in your tour and the route statements. You might also make another VLAN like 5 to connect to your router and for Internet. It could be a /30 subnet since you only need one IP for the switch VLAN interface and one for the router. Then the default gateway in your switch can go to router and all VLANs will have internet access.
10-14-2014 07:38 PM
For the VLAN devices , i setup Network Pools with the switch as the DHCP Server. for example VLAN 3
ip dhcp pool network VLan 3
address low 192.168.3.2 high 192.168.3.254 255.255.255.0
lease infinite
default-router 192.168.3.1
dns-server 8.8.8.8
exit
I verified with a device on VLAN 3 and it had an IP address of 192.168.3.3 and Default Gateway of 192.168.3.1.
Below is my Switch's routing table. 0.0.0.0 manually added so each VLAN has internet access.
So in this current configuration, when i remove that IP Address setting in my router, for example 192.168.4.1 , the devices in that VLAN do not have internet access, BUT i can ping the switch (192.168.1.20) and router (192.168.1.1). If i remove the static route, such as for 192.168.4.0, then devices do not have internet access, can not ping the switch, BUT can ping the router.
I think i understand what you mean by adding a single VLAN for just the switch and router. Is it similar to what is discussed in this article? http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan?start=3
Agreed that i do want my switch to do all the inter-vlan routing and not my current router.
Thanks for your help
10-15-2014 04:52 AM
Hi,
To me it looks like clients used for the testing such as Windows PC have firewall blocking different subnet request. Try to disable windows firewall and test ping.
Regards,
Aleksandra
10-15-2014 06:45 PM
Bingo! we have a winner :D
I suspected it might have been the client's firewall since i was able to ping some other devices (VOIP phone, music speaker) that were in the VLANs.
So i updated my firewall to allow my VLAN subnets as seen here (http://www.sevenforums.com/network-sharing/269527-windows-7-firewall-exception-incoming-scope-rule-different-subnet.html)
Once i added the VLAN subnets, i was able to ping all the devices, remote desktop, and even map network drives.
Thanks!!!!
10-16-2014 12:26 AM
Great! thank you for information and link :-)
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide