09-05-2013 08:06 PM - edited 03-07-2019 03:19 PM
I've setup a 3550 that is configured for intervlan routing. I can ping each other's gateway and hosts on the others vlans when behind the switch. However, when trying to reach the internet, I am unable to. Also, I am unable to reach any of the addresses on the second vlan i created on the switch.
((COMCAST))<===>[home wireless router 10.0.0.1]<====>[3550]<====>test pcs.
My home router as an address of 10.0.0.1.
3550 has two vlans configured (10.0.0.254 and 192.168.1.254)
I have no issues communicating with any of the 10.0.0.x no matter where I am connected. However, I cannot connect to any of the 192.168.1.x IPs when going through the home wireless or anything plugged directly into the home router. I think I am missing a route, but don't know where to put it as I am pretty new. See my code below and a show ip route. Any ideas? Thanks!
E-SW3550-01#sh run
Building configuration...
Current configuration : 3593 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname E-SW3550-01
!
enable secret 5 $1$ZJSk$GSHsLF8ARlb1Q6bK4RWhj0
!
ip subnet-zero
ip routing
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan 10
name Management
!
vlan 20
name Data
!
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/3
[LINES OMITTED]
interface FastEthernet0/22
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/23
description ESXi test host vmnic1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10,20
switchport mode trunk
spanning-tree portfast
!
interface FastEthernet0/24
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/1
description ESXi test host vmnic0
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 10,20
switchport mode trunk
!
interface GigabitEthernet0/2 <================connected to home router at 10.0.0.1
switchport access vlan 10
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description Management
ip address 10.0.0.254 255.255.255.0
!
interface Vlan20
description Data
ip address 192.168.1.254 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.0.1
ip http server
!
E-SW3550-01#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is 10.0.0.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.0.0.0 is directly connected, Vlan10
C 192.168.1.0/24 is directly connected, Vlan20
S* 0.0.0.0/0 [1/0] via 10.0.0.1
09-05-2013 08:39 PM
Eric,
The first thing that I notice is that you have the devices that should be connecting to vlan 20 as trunked ports. Those trunked ports have the vlan 999 set up as a native vlan. I'm not a vmware person, but I seem to remember that the default native vlan on vmware is 999. I don't see vlan 999 in the config, so you're going to probably want to create that. Your hosts on that server will have to be tagged as 20 in the vswitch in order for them to see the vlan 20 and be able to route outside of the 192.x.x.x subnet. This looks to be a vmware issue, as it looks like the switch is configured correctly.
To test, I would take a normal host (PC) and switch one of your ports to an access port of vlan 20. Throw some pings around and see if you can route everywhere then. If so, take a closer look at the vmware boxes.
You may have another issue though. You're going to have to nat the 192.168.x.x subnet if you're going to want to get internet access. I'm not sure what device your router is, but you'll need to configure nat support to support the 10.x.x.x and 192.168.x.x subnets in order to nat. Also, the router in front of the switch will need a route for the 192.168.x.x subnet back to the switch so it will know how to get back. If you can't support more than one subnet in your home router, you may have issues with this part of it. The 3550 doesn't support nat which is why your home router will need to be able to support more than one subnet to nat (aside from the 10.x.x.x subnet you have on the main interface)
HTH,
John
*** Please rate all useful posts ***
09-06-2013 06:28 AM
I agree with John about the routing on the wifi Router. I think the issue is because the wifi/router doesn't have a route to the 192.168.1.0/24 network. When the wifi router receives a packet destined for the 192.168.1.0 it doesn't have a route for it in its routing table and drops the packet. Most mid to high end SOHO routers have some sort of routing configuration that will let you configure a static route or use something like RIP.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide