Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
775
Views
0
Helpful
7
Replies

SG300-10 - No routing between VLANs

Basic-Fit
Level 1
Level 1

‎01-06-2015 04:04 AM

Hi,

 

I'm trying to setup an SG300-10 switch to route traffic between two VLAN's, but I don't get it to work properly. Here's  my setup with which I'm testing this:

 

  • Layer 3 mode is enabled
  • The switch has two VLANs:
    • VLAN 30 has IP address 10.30.250.21, mask 255.255.255.0
    • VLAN 32 has IP address 10.32.250.11, mask 255.255.255.0
  • All switchports are in access mode
  • Interface GE1 is a member of VLAN 32
  • Interface GE9 is a member of VLAN 30
  • In VLAN 32 I have a PC with IP-address 10.32.250.10, mask 255.255.255.0, gateway 10.32.250.11
  • In VLAN 30 I have a PC with IP-address 10.30.250.10, mask 255.255.255.0, gateway 10.30.250.21

Both PC's are able to ping the IP-address of the switch in their own corresponding VLAN, but they are also able to ping the IP-address of the switch in the other VLAN. However, they are not able to ping each other, while I can ping both PCs from the CLI of the switch.

No Internet access is needed in this setup, so I don't have to create a default route on the switch, it's just these two hosts that need to communicate with each other.

Here's the config:


config-file-header
switch92d92d
v1.4.0.88 / R800_NIK_1_4_194_194
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 30,32
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switch92d92d
ip telnet server
!
interface vlan 1
 no ip address dhcp
 shutdown
!
interface vlan 30
 ip address 10.30.250.21 255.255.255.0
!
interface vlan 32
 ip address 10.32.250.11 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
 switchport access vlan 32
!
interface gigabitethernet2
 switchport mode access
!
interface gigabitethernet3
 switchport mode access
!
interface gigabitethernet4
 switchport mode access
!
interface gigabitethernet5
 switchport mode access
!
interface gigabitethernet6
 switchport mode access
!
interface gigabitethernet7
 switchport mode access
!
interface gigabitethernet8
 switchport mode access
!
interface gigabitethernet9
 switchport mode access
 switchport access vlan 30
!
interface gigabitethernet10
 switchport mode access
!
exit

 

Labels:
0 Helpful
7 Replies 7

Aleksandra Dargiel
Cisco Employee
Cisco Employee

‎01-06-2015 05:08 AM

Hi Basic-Fit,

This seems to be related to windows firewall so please try to disable Windows firewall and test.

Regards,

Aleksandra

0 Helpful

Basic-Fit
Level 1
Level 1
In response to Aleksandra Dargiel

‎01-06-2015 05:12 AM

Hi,

It's not related to the Windows firewall. It is disabled by a GPO on our network and I can ping both hosts if I connect them to the same VLAN.

Regards, Leo.

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to Basic-Fit

‎01-07-2015 07:14 AM

Hi Leo,

Can you do packet capture on both PC to see what is missing arp or ICMP?

Regards,

Aleksandra

0 Helpful

Basic-Fit
Level 1
Level 1
In response to Aleksandra Dargiel

‎01-07-2015 07:31 AM

Hi Aleksandra,

 

If it's ICMP related, that would mean that I should be able to use other protocols, but I'm not able to use SMB, HTTP and RDP either. ARP is layer 2 only, so I don't think it's ARP related either.

 

There must be something in the switch config that doesn't work properly.

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to Basic-Fit

‎01-07-2015 08:01 AM

Hi Leo,

Yes you are right for ARP if you can ping the other vlan interface thus default gateway ARP response has no issue. Since such a setup normally works and configuration is correct either it is something with the way it is tested or the devices used for testing. Unfortunately without packet capture I cannot say much more than that.

Regards,

Aleksandra

0 Helpful

Basic-Fit
Level 1
Level 1
In response to Aleksandra Dargiel

‎01-08-2015 05:32 AM

While building a new test setup to do packet captures, suddenly it worked. I don't know what I've done different this time, but my problem's solved now. Thanks for you effort.

 

Leo.

0 Helpful

Aleksandra Dargiel
Cisco Employee
Cisco Employee
In response to Basic-Fit

‎01-08-2015 06:02 AM

Great! Thank you Leo for feedback.

0 Helpful
Customers Also Viewed These Support Documents