09-21-2017 10:35 AM - edited 03-08-2019 12:07 PM
Having trouble with communicating to a point of access gateway. Currently only way to communicate is through a routed port. Working with 3750-x. No distribution layer, they want to go from an access layer where all the PCs are connected to the poag. Point of access gateway communicating at
172.16.16.6 255.255.255.0. I do not have permissions on the hardware. My 3750-x is only able to communicate via routed port. Does not ping back if i program the connected port as a trunk or access port.
gi1/1/1
no switchport
ip address 172.16.16.33 255.255.255.0
pings successfully.
gi1/1/1
switchport mode trunk
switchport trunk encap dot1q
pings unsuccessful
gi1/1/1
switchport mode access
switchport access vlan 1280
pings unsuccessful
The issue is that the customers PCs are on the same subnet with
int vlan 1280
ip address 172.16.16.39 - .62 range with 255.255.255.0
All Pcs on switchports are configured as access ports with 1280 vlan including the server.
Turning on routing did not help since the ip range is overlapping. Looking for guidance on how to tackle this issue without having the luxury of a distribution layer. Customer has limitation on purchasing another distribution layer switch.
09-21-2017 11:06 AM - edited 09-21-2017 11:07 AM
Definitely don't use trunk but an access port in the same vlan as your clients should work.
So when you say pings are unsuccessful do you mean from clients or the switch itself ?
Also what has this to do with a VPN ?
Jon
09-21-2017 11:10 AM
From the switch itself. Once the configuration is completely taken off the linking port i.e. gi1/1/1, the engineers just went into the Win 10 machines and manually put in the route to the distant end and got communication working. The POAG itself i am told is a custom Linux distribution.
09-21-2017 11:13 AM
If you want to ping from the switch itself just create an SVI in vlan 1280 and give
it an IP from that subnet.
Just don't make that IP the default gateway for clients.
Jon
09-21-2017 11:16 AM
The point of access gateway is taking around 12 different subnets on 12 fiber ports and creating a VPN for each subnet and shooting them out an encryptor. Not sure if that is any help but thats where the VPN comes in.
09-21-2017 11:25 AM - edited 09-21-2017 11:26 AM
Okay, so it sounds like you actually got it working by setting the default gateway on the clients to be the VPN device and the connecting port as an access port.
So is this fixed or is there still an outstanding query ?
Jon
09-21-2017 01:11 PM
The SVI currently is
interface vlan 1280
ip address 172.16.16.32 255.255.255.0
with a layer 2
vlan 1280
name Data vlan
the connecting port gi1/1/1 is currently unconfigured.
int gi1/1/1
end
Would like to be able to come up with a solution in order to have the switch ports configured as access or trunk. Leaving the ports unconfigured allows the connection to work however it will not pass muster from the inspectors. Thanks for all the replies.
09-21-2017 01:33 PM
Place the client ports and the port connecting to the VPN device into vlan 1280 and set the client default gateway to be the VPN device.
Or do you need the clients to be routed on the switch ?
Jon
09-21-2017 01:49 PM
So when i have the client ports as members of vlan1280 and set the port connecting to the VPN device on vlan 1280 as an access port, the communication with the device stops. at least the pings from the switches come back unsucessful. Probably should still try pinging from the PCs to test the connectivity.
As per your advice if all i need to do is set the default gateway then there is no need to route.
09-21-2017 02:20 PM
Try from the PCs because I'm guessing the switch is just used for testing and may be giving you misleading results.
If the clients do not need access to other vlans/subnets that are routed on your switch then yes, the easiest thing is just to set the default gateway to be the VPN device.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: