cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

CISCO SWITCHES FOR SMALL and MEDIUM BUSINESS

Introducing the next generation of Cisco Small and Medium Business Switches. Cisco is refreshing its SMB Switch portfolio. Click here  to learn more.


10449
Views
0
Helpful
7
Replies
steurercc
Beginner

SG300-10 / Layer3 / interVLAN routing

Hi there,

I'm trying to get the following running.

I have 4 Subnets

VLAN 1       172.20.0.0/16        with the default GW 172.20.200.254

VLAN 10     192.168.10.0/24     with the default GW 192.168.10.2

VLAN 59     192.168.59.0/24     with the default GW 192.168.59.254

VLAN 130   192.168.130.0/24   with the default GW 192.168.130.254

Each of this Subnets have their own default GW and Firewall. There is no way @the moment to change this issue.

Now I have to connect this 4 networks. So I tried the following with the SG300-10

- Changed via Console Cable to Layer3 Mode

- Added VLAN 10, 59,130 to the Switch

- Assigned IPs

     VLAN 1     172.20.200.253

     VLAN 10   192.168.10.253

     VLAN 59   192.168.59.253

     VLAN 130 192.168.130.253

-  Assigned Each VLAN to one Port

      VLAN 1     Port 1

      VLAN 10   Port 2

      VLAN 59   Port 3

      VLAN 130  Port 4

- Set default GW to 172.20.200.254

Then I added the needed routes to the existing Firewalls/Gateways that they know how to reach the other networks.

i.e. from  VLAN 59

net 192.168.10.0/24 reachable over 192.168.59.253

net 192.168.130.0/24 reachable over 192.168.59.253

net 172.20.0.0/16 reachable over 192.168.59.253

Then I know from the existing posts related to intervlan routing or L3 routing, that the routing table gets not instantly populated - you need to connect at least one client to the matching VLAN/Port.

I did this, but it looks like it's not working - I mean, no really working.

Even when I checked, if there are some clients on every port, the routing is only partly working, and the routing table gets not populated, even I have some clients connected - doing ping to the other side.

i.e.

I can Ping from 172.20.200.192 to 192.168.59.4 - an viceversa.

@ the same time ping from 172.20.200.192 to 192.168.130.1 is not possible.

If i login to the SG 300 I can ping theese hosts from the build in  console interface.

With absolutly the same settings I did this with an HP E4200-12G L3 Switch (which is now doing the job) so there is no routing mistake in the other components.

For me it looks like, the SG300 doesn't like to be NOT the default gateway.  

Maybe someone has an idea....

regards

Marius

7 REPLIES 7
David Carr
Frequent Contributor

Mr. Steurer,


With what you have going, it sounds like you have a router with 4 vlans with the gateways at 254 on each vlan.


You have configured the switches vlans with gateway addresses of 253 and connect to the switch and don't see intervlan working.


Pretty much, it looks like you have two sets of gateways going for both networks, 253 and 254. 


Ideally, since you have a router that understands vlans, I would leave the sg300 in layer 2 mode and setup a trunk between the router and switch and let the router be the gateway for all vlans.


If your going to use the switch in layer 3 mode, then you would want to not use the routers vlans and just have it setup with a gateway out to the internet.


With that option you would have to reconfigure your networks gateways on all devices to point to 253 in stead of 254 and then do a static default route to the router and in the router do 3 routes back for the vlan 10, 59, and 130 addresses and point that route to the switches ip address on vlan 1.


Ideally, i would just do the trunk and let the switch handle the vlans instead of the routing since you already have it setup on the router.

Hi David,

you wrote....

--------------

Pretty much, it looks like you have two sets of gateways going for both networks, 253 and 254. 


Ideally,  since you have a router that understands vlans, I would leave the sg300  in layer 2 mode and setup a trunk between the router and switch and let  the router be the gateway for all vlans.

-------------------------

That's not exactly right.

I have 3 seperate Networks, with 3 seperate Firewalls. So there is no common router I could use for this case.

Just for your understanding - theese 3 Seperate Networks where 3 seperate companys with 3 seperate Administrators until the companys get merged.

(i attached a picture)

As of this and some missing decisions, theese networks where kept seperated. But they need to communicate until the network merge is also done. This communication link was done with one of the gateways, but unfortunly the'r only running on 100MBit - and this is for one application to slow.

This is where the SG300 should help - with his Gigabit Interfaces.

As i wrote, with th HP L3 switch the same setup works.

regards

Marius

David Carr
Frequent Contributor

One thing you could try, leave the gateways on the pc's the routers vlan ip address of 254.


Then do routes back from each router going like so, for example router vlan 1.


Anything going to the networks 192.168.10.0 go to 192.168.1.253 (Switches Ip address).  Do this for all vlans except the one it is on.  This will send the request back to the switch for routing between the vlan networks.


You will have to do this in all 4 routers but once you set the routes up it will look for each network and reference the sg300 switch.

Hi David,

i did this as I wrote in my first poste.

I wrote

----------------------------------------

Then I added the needed routes to the existing Firewalls/Gateways that they know how to reach the other networks.

i.e. from  VLAN 59

net 192.168.10.0/24 reachable over 192.168.59.253

net 192.168.130.0/24 reachable over 192.168.59.253

net 172.20.0.0/16 reachable over 192.168.59.253

--------------------------------------------

Without this routes it would also not work with the HP L3 Switch.

regards

Marius

David Carr
Frequent Contributor

Mmmmm,


With the ports in access mode and in those vlans, if they are connected to the routers then that would fulfil the ports being utilized and the routing table should populate at that point.


What is strange that some of the routes work and the others don't. 


What does the traceroute show for the routes not allowing connection?

Hi David,

I cannot check it @ the moment, becaus it's an production environment. But if I remember correct - it tried pings and got something like...

ping to 192.168.59.4 from 172.20.200.192

172.20.200.254 (the SG300 IP) told me  192.168.59.4 Address not reachable.

Don't think any longer about this problem - I think it's impossible to reproduce and understand the problem without making a testnet like mine. I think i'll keep the E4200 from HP as the L3 router..

thanks for you tries to help !

regards

MArius

Alejandro Gallego
Cisco Employee

     -  Assigned Each VLAN to one Port

           VLAN 1     Port 1

           VLAN 10   Port 2

           VLAN 59   Port 3

           VLAN 130  Port 4

    - Set default GW to 172.20.200.254 <== can't do this!

since you have 4 networks and 4 routers we can't tell the switch that it has a default route on vlan1. our traffic will get split, not in a good way.

so... for your VLANs

VLAN 1       with the default GW 172.20.200.254

VLAN 10     with the default GW 192.168.10.2

VLAN 59     with the default GW 192.168.59.254

VLAN 130   with the default GW 192.168.130.254

do this... BIG NOTE!!!! all your hosts attached to the NEW (SG300) switch will KEEP their original default gateway configuration!!!

on the SG300

     for vlan1: do nothing

     for vlan2:  do nothing

     for vlan 59:  do nothing

     for vlan130:  do nothing

     ==> DO NOT ADD A DEFAULT ROUTE

     ==> ONLY give your vlans on the SG300 an IP address and nothing else, the switch will do the rest.

each of your existing routers should be connected to a single access port assigned with proper VLAN and that is all. If you want to connect through a single port then we need something different but i do not think that is relevant here.

try that!