Solved: Re: Inter-VLAN routing help needed pls!!

AirspanIT · ‎02-05-2021

All.

I have three Cisco switches.

One is a Layer-3 core switch C3850 and two are Layer-2 edge switches SG5200.

Lets call them Core, Edge1, Edge2.

Core: Connects to router upstream on port 24, Edge1 on port23 and Edge2 on port 22.

it has two VLAN interfaces configured. Vlan 1: 10.4.0.254/16, Vlan 10: 10.33.0.254/16

Edge1: Configured for Vlan1 only. Vlan 1 IP: 10.4.0.253/16. Default gateway: 10.4.0.254

Edge2: Configured for Vlan10 only: Vlan 10 IP: 10.33.0.253/16: Default gateway: 10.33.0.254

The idea is that we have two seperate subnets.

Vlan1: 10.4.0.0/16

Vlan10: 10.33.0.0/16

Vlan1 clients connect to Edge1 and Vlan10 clients to Edge2. All the ports on Edge 2 are configured to be access ports for Vlan10, except port 48 which is a trunk port and connects to port 22 on Core switch which is also a trunk port. So I assume the VLAN information is transparent to clientss in subnet 10.33.0.0/16 and no VLAN configuration is required on PC in that subnet since they are connecting to VLAN 10 access ports.

Both port 22 and 23 on Core switch have been configured as:

interface GigabitEthernet1/0/22
description "Downlink to Edge2"
switchport trunk allowed vlan 1,10
switchport mode trunk
!
interface GigabitEthernet1/0/23
description "Downlink to Edge1"
switchport trunk allowed vlan 1,10
switchport mode trunk

interface Vlan1
ip address 10.4.0.254 255.255.0.0
!
interface Vlan10
ip address 10.33.0.254 255.255.0.0

Edge1:

=====

interface vlan 1
ip address 10.4.0.253 255.255.0.0
no ip address dhcp
!

interface GigabitEthernet48
switchport mode trunk
no macro auto smartport
!
ip default-gateway 10.4.0.254

Edge 2

=====

interface vlan 1
ip address 10.4.0.252 255.255.0.0
no ip address dhcp
!
interface vlan 10
ip address 10.33.0.253 255.255.0.0

int range gi1 - 47

switchport access vlan 10

interface GigabitEthernet48
spanning-tree link-type point-to-point
switchport mode trunk
switchport trunk allowed vlan 1,10
macro description switch
!next command is internal.
macro auto smartport dynamic_type switch
!
exit
ip default-gateway 10.4.0.254
ip default-gateway 10.33.0.254

Now - I have defined interfac Vlan 1 on Edge2 as if I dont have it I am not able to ping the Edge2 or access it remotely using its VLAN 10 IP 10.33.0.253. Or even ping it from the directly connected core switch. Also I have defined two DGs on Edge2 which I am pretty sure are wrong.

If I connect a PC to Edge2 access port and ping 10.3.0.253 then I get a reply. But I cannot ping 10.33.0.254 (core router's vlan 1 IP) from the PC. Also from the Edge2 switch, I cannot ping either 10.33.0.254 or the the 10.33.0.X IP of the PC

My requirement is 10.4.0.0/16 and 10.33.0.0/16 on Edge1 and Edge2 respectively. They should both be able to browse Internet and reach other VPN sites as well as communicate with each other. And I should be able to access both edge switches remotely. I think a good start would be why I cannot communicate between Core and edge2 on 10.33.0.0/16 or Vlan 10.

Many thanks and much appreciated!!

Reza Sharifi · ‎02-05-2021

Interface IP-Address OK? Method Status Protocol
Vlan10 10.33.0.254 YES NVRAM down down

This is the problem.

Can you connect a pc/laptop to a port on the core switch 3850 and put that port in vlan 10 (access port) and give it an IP in 10.33.0.0/16 range and then run the same command on the switch and see if it comes up?

HTH

View solution in original post

Reza Sharifi · ‎02-05-2021

Hi,

Not familiar with SG series switches, but when you connect to the core 3850, can you ping the interface for each vlan on the same switch?

ping 10.4.0.254

ping 10.33.0.254

If yes, can you ping from the same switch to the edge switch's IP?

ping 10.4.0.253

ping 10.33.0.253

HTH

AirspanIT · ‎02-05-2021

Very interesting.

I pinged 10.4.0.254 from Core switch and it works!

But 10.33.0.254 ping does not work!!

Could that be a clue to something? Not sure why 10.33.0.254 is not pingable even locally.

Both are local VLAN IPs. And I have applied the "no shut" command on both. Also all the three interfaces on Core switch are connected.

Also from core switch I can ping 10.4.0.253 (VLAN1 IP of Edge1) and 10.4.0.252 (VLAN1 IP of Edge2) but I cant ping 10.33.0.253 (VLAN10 IP of Edge2).

Reza Sharifi · ‎02-05-2021

Ok, so VLAN 1 is good but not 10. On the core switch, can you verify that interface VLAN 10 is in up and up mode.

"sh IP int brief vlan 10" should show you that.

If that is good. Can you also turn on "IP routing" on the switch and retest?

Also, can you post the output of "sh run" from the core switch?

HTH

AirspanIT · ‎02-05-2021

#sh ip int brief vlan 10

Interface IP-Address OK? Method Status Protocol
Vlan10 10.33.0.254 YES NVRAM down down

#sh ip int brief vlan 1
Interface IP-Address OK? Method Status Protocol
Vlan1 10.4.0.254 YES NVRAM up up

So its down and down for VLAN 10.

I have applied the no shut command on both.

What do I need to do to get both the UPs? "IP routing" command already there.

Happy to provide core switch config if solution cant be determined from this.

Reza Sharifi · ‎02-05-2021

Interface IP-Address OK? Method Status Protocol
Vlan10 10.33.0.254 YES NVRAM down down

This is the problem.

Can you connect a pc/laptop to a port on the core switch 3850 and put that port in vlan 10 (access port) and give it an IP in 10.33.0.0/16 range and then run the same command on the switch and see if it comes up?

HTH

AirspanIT · ‎02-05-2021

You are a star!!

I had forgotten to create VLAN 10 on the core switch using the command.

coreswitch(conf)# name vlan10

(since vlan database didn't work on this switch so thought it wouldn't be needed).

As soon as I did this and applied no shut here and also again on the int vlan 10. Both statuses came up and the ping and access is working fine now.

Thanks a lot for your diagnosis and help!!

Reza Sharifi · ‎02-05-2021

Glad to help and know that everything is working for you now! Good luck!