cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1048
Views
10
Helpful
5
Replies

SG300-10 & Actiontec M1424WR (Rev E) InterVLAN Routing Issue

JtulleUT79
Level 1
Level 1

I know several similar questions have been asked on this topic, but following the guidelines had no success for me. 

I have created the VLANs with the SG300-10 in L3 mode, but clients in each VLAN aren't able to ping each other. Each VLAN can ping the router, switch, and has internet access 

Below is my setup info.

config-file-header
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router 

file SSD indicator excluded
@
port jumbo-frame
vlan database
vlan 2-4 
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server 
ip dhcp pool network VLan 2
address low 192.168.2.2 high 192.168.2.254 255.255.255.0 
lease infinite
default-router 192.168.2.1
dns-server 8.8.8.8
exit
ip dhcp pool network VLan 3
address low 192.168.3.2 high 192.168.3.254 255.255.255.0 
lease infinite
default-router 192.168.3.1
dns-server 8.8.8.8
exit
ip dhcp pool network VLan 4
address low 192.168.4.2 high 192.168.4.254 255.255.255.0 
lease infinite
default-router 192.168.4.1
dns-server 8.8.8.8
exit
bonjour interface range vlan 1
exit
username cisco password encrypted privilege 15 
ip http timeout-policy 1800 http-only 
clock timezone " " -4
clock source browser
ip telnet server
!
interface vlan 1
 ip address 192.168.1.20 255.255.255.0 
 no ip address dhcp 
!
interface vlan 2
 name A
 ip address 192.168.2.1 255.255.255.0 
!
interface vlan 3
 name B
 ip address 192.168.3.1 255.255.255.0 
!
interface vlan 4
 name C
 ip address 192.168.4.1 255.255.255.0 
!
interface gigabitethernet1
 switchport mode access 
!
interface gigabitethernet2
 switchport mode access 
!
interface gigabitethernet3
 switchport mode access 
!
interface gigabitethernet4
 switchport mode access 
 switchport access vlan 3 
!
interface gigabitethernet5
 switchport mode access 
 switchport access vlan 4 
!
interface gigabitethernet6
 switchport mode access 
 switchport access vlan 4 
!
interface gigabitethernet7
 switchport mode access 
!
interface gigabitethernet8
 switchport mode access 
!
interface gigabitethernet9
 switchport mode access 
!
interface gigabitethernet10
 switchport mode access 
!
exit
ip default-gateway 192.168.1.1 

 

My Router is  Actiontec M1424WR (Rev E) with the following routing table setup: 

 

So my questions/challenges are:

1) client in VLAN 3, (192.168.3.2/24) can ping Switch (192.168.1.20/24) and router (192.168.1.1/24), and VLAN 4 (192.168.4.1/24) 

 , but NOT client in VLAN 4 (192.168.4.2/24)

2) that issue is common across all the VLANs 

3) The final network setup is below, but right now in the testing phase. VLAN 5 has not been setup yet. 

 

The final setup would allow VLAN 2 & VLAN 5 to communicate to access the NAS.

 

Any help will be greatly appreciated, thank you!

1 Accepted Solution

Accepted Solutions

Hi,

To me it looks like clients used for the testing such as Windows PC have firewall blocking different subnet request. Try to disable windows firewall and test ping.

Regards,

Aleksandra

View solution in original post

5 Replies 5

Brandon Svec
Level 7
Level 7

I suspect the problem is your default gateways on your devices are not correct. You should decide to do all inter-vlan routing on either the switch or the router, but not both.

You also appear to have several IP addresses assigned in your router and in the switch that are identical like 192.168.4.1, for example.

Basically, default gateway for devices on each VLAN should be the VLAN interface assigned in the switch and then they will be able to route to each other.  Additionally get rid of the multiple IP assignments in your tour and the route statements.  You might also make another VLAN like 5 to connect to your router and for Internet.  It could be a /30 subnet since you only need one IP for the switch VLAN interface and one for the router.  Then the default gateway in your switch can go to router and all VLANs will have internet access.

-- please remember to rate and mark answered helpful posts --

For the VLAN devices , i setup Network Pools with the switch as the DHCP Server. for example VLAN 3

 

ip dhcp pool network VLan 3
address low 192.168.3.2 high 192.168.3.254 255.255.255.0 
lease infinite
default-router 192.168.3.1
dns-server 8.8.8.8
exit

I verified with a device on VLAN 3 and it had an IP address of 192.168.3.3 and Default Gateway of 192.168.3.1. 

Below is my Switch's routing table. 0.0.0.0 manually added so each VLAN has internet access. 

 

So in this current configuration, when i remove that IP Address setting in my router, for example 192.168.4.1 , the devices in that VLAN do not have internet access, BUT i can ping the switch (192.168.1.20) and router (192.168.1.1). If i remove the static route, such as for 192.168.4.0, then devices do not  have internet access, can not ping the switch, BUT can ping the router.

 

I think i understand what you mean by adding a single VLAN for just the switch and router. Is it similar to what is discussed in this article? http://www.smallnetbuilder.com/lanwan/lanwan-howto/30071-vlan-how-to-segmenting-a-small-lan?start=3

Agreed that i do want my switch to do all the inter-vlan routing and not my current router. 

 

Thanks for your help

Hi,

To me it looks like clients used for the testing such as Windows PC have firewall blocking different subnet request. Try to disable windows firewall and test ping.

Regards,

Aleksandra

Bingo! we have  a winner :D

I suspected it might have been the client's firewall since i was able to ping some other devices (VOIP phone, music speaker) that were in the VLANs. 

So i updated my firewall to allow my VLAN subnets as seen here (http://www.sevenforums.com/network-sharing/269527-windows-7-firewall-exception-incoming-scope-rule-different-subnet.html)

Once i added the VLAN subnets, i was able to ping all the devices, remote desktop, and even map network drives. 

 

Thanks!!!!

Great! thank you for information and link :-)

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Switch products supported in this community
Cisco Business Product Family
  • CBS110
  • CBS220
  • CBS250
  • CBS350
Cisco Switching Product Family
  • 110
  • 200
  • 220
  • 250
  • 300
  • 350
  • 350X
  • 550X