Having trouble with communicating to a point of access gateway. Currently only way to communicate is through a routed port. Working with 3750-x. No distribution layer, they want to go from an access layer where all the PCs are connected to the poag. Point of access gateway communicating at
172.16.16.6 255.255.255.0. I do not have permissions on the hardware. My 3750-x is only able to communicate via routed port. Does not ping back if i program the connected port as a trunk or access port.
ip address 172.16.16.33 255.255.255.0
switchport mode trunk
switchport trunk encap dot1q
switchport mode access
switchport access vlan 1280
The issue is that the customers PCs are on the same subnet with
int vlan 1280
ip address 172.16.16.39 - .62 range with 255.255.255.0
All Pcs on switchports are configured as access ports with 1280 vlan including the server.
Turning on routing did not help since the ip range is overlapping. Looking for guidance on how to tackle this issue without having the luxury of a distribution layer. Customer has limitation on purchasing another distribution layer switch.
Definitely don't use trunk but an access port in the same vlan as your clients should work.
So when you say pings are unsuccessful do you mean from clients or the switch itself ?
Also what has this to do with a VPN ?
From the switch itself. Once the configuration is completely taken off the linking port i.e. gi1/1/1, the engineers just went into the Win 10 machines and manually put in the route to the distant end and got communication working. The POAG itself i am told is a custom Linux distribution.
If you want to ping from the switch itself just create an SVI in vlan 1280 and give
it an IP from that subnet.
Just don't make that IP the default gateway for clients.
The point of access gateway is taking around 12 different subnets on 12 fiber ports and creating a VPN for each subnet and shooting them out an encryptor. Not sure if that is any help but thats where the VPN comes in.
Okay, so it sounds like you actually got it working by setting the default gateway on the clients to be the VPN device and the connecting port as an access port.
So is this fixed or is there still an outstanding query ?
The SVI currently is
interface vlan 1280
ip address 172.16.16.32 255.255.255.0
with a layer 2
name Data vlan
the connecting port gi1/1/1 is currently unconfigured.
Would like to be able to come up with a solution in order to have the switch ports configured as access or trunk. Leaving the ports unconfigured allows the connection to work however it will not pass muster from the inspectors. Thanks for all the replies.
Place the client ports and the port connecting to the VPN device into vlan 1280 and set the client default gateway to be the VPN device.
Or do you need the clients to be routed on the switch ?
So when i have the client ports as members of vlan1280 and set the port connecting to the VPN device on vlan 1280 as an access port, the communication with the device stops. at least the pings from the switches come back unsucessful. Probably should still try pinging from the PCs to test the connectivity.
As per your advice if all i need to do is set the default gateway then there is no need to route.
Try from the PCs because I'm guessing the switch is just used for testing and may be giving you misleading results.
If the clients do not need access to other vlans/subnets that are routed on your switch then yes, the easiest thing is just to set the default gateway to be the VPN device.