Re: Catalyst 9200 VLAN macOS static IP no routing

isquare · ‎11-01-2024

There is the following setup:

1. 9200 switch with 2 VLANs.
VLAN 1: 10.0.1.0/24, IP 10.0.1.1
VLAN 2: 10.0.2.0/24, IP 10.0.2.1

2. Main router on VLAN 1: 10.0.1.2.

3. 9200 routes everything to 10.0.1.2 (main router) by a static route: 0.0.0.0 -> 10.0.1.2.

When a computer joins VLAN 1 either by DHCP or statically, it gets 10.0,1.2 as default gateway.
But when it joins VLAN 2, I can only set the switch as gateway, 10.0.2.1.

Now, everything works fine when the computer gets DHCP on VLAN 2.
When it joins VLAN 2 statically though (default gateway 10.0.2.1), the computer routing table is empty(!).
I have to manually add routes in order to access anything outside VLAN 2.

I have tried with several macOS computers with different macOS versions (Monterey, Ventura, Sonoma).
You think it’s something wrong with the switch refusing to provide routing info if the computer is not a DHCP client? Or there is something wrong with macOS static IP configuration?

Mind also that there is no problem setting static IP on VLAN 1 (default gateway 10.0.1.2, the main router).

Any thoughts might be helpful.

MHM Cisco World · ‎11-01-2024

check if SW run dhcp snooping

MHM

Flavio Miranda · ‎11-01-2024

@isquare

If the router sits on the vlan1 with IP address of 10.0.1.2, it can not be a gateway for vlan 2 which network is 10.0.2.0.

"When a computer joins VLAN 1 either by DHCP or statically, it gets 10.0,1.2 as default gateway.
But when it joins VLAN 2, I can only set the switch as gateway, 10.0.2.1."

Of course, because the router is in another network 10.0.1.0. It can only be the gateway for this network

"Now, everything works fine when the computer gets DHCP on VLAN 2.
When it joins VLAN 2 statically though (default gateway 10.0.2.1), the computer routing table is empty(!).
I have to manually add routes in order to access anything outside VLAN 2."

You are doing routing on the PC side

To fix this, you need to create a router in a stick topology and extende the vlans up to the router using trunk and create subinterfaces on the router to both vlans. This way the router will be the default gateway for both vlans.

isquare · ‎11-01-2024

The thing is that the switch happily routes traffic to and from VLAN 2 to the main router when the mac on VLAN 2 is its DHCP client. It’s when the mac’s network configuration is set manually, with a static IP, that the routing stops. Also, on the same switch, there are many more VLANs, all having 10.0.x.1 as their default gateway. Linux machines, ip phones, wireless controllers, ASAs etc., have no problem finding their way to 10.0.1.2 by sending all traffic to 10.0.x.1. And 10.0.1.2 has a static route for each VLAN and sends corresponding traffic to the switch at 10.0.1.1.

Why being a DHCP client to the switch makes such a difference to a macOS machine? And why routing breaks when the IP is manually set?

Flavio Miranda · ‎11-01-2024

"Why being a DHCP client to the switch makes such a difference to a macOS machine? And why routing breaks when the IP is manually set?"

When you add the IP manually, which is the gateway you are configuring?

For vlan 2 the gateway must be the switch, it can not be the router.

isquare · ‎11-02-2024

For VLAN 2 the gateway is the switch at 10.0.2.1.
When a mac gets DHCP, it gets the gateway automatically. And the gateway works.
When the mac is set manually to let’s say 10.0.2.100 with gateway 10.0.2.1 (the switch), the gateway does not work. No routing to nowhere. The mac can just reach devices on VLAN 2. Nothing else.

Flavio Miranda · ‎11-02-2024

Got It. Well, weird to say the least.

Never heard something similar.