Inter VLAN routing is OK but issue with some VLANs' communication on WAN / internet after crossing m...

lantech.solution · ‎08-10-2016

I have a typical scenario as attached. Here my VLAN1 can cross the cyberom but rest of the VLANs can not cross the cyberom for internet and other WAN communication. Please help.

I have also configured default gateway on my core switch (which is in L3 mode) as 10.0.7.1 which is an IP of my cyberom.

My all the VLANs are across the switches and have no problem in inter VLAN communication. Suitable trunk/tagged/untagged type of port configuration seems to be OK.

Waiting for early response. Please let me know if any more inputs are required.

Thanks and regards,

Jayesh Trivedi

Carlos Villagran · ‎08-10-2016

Hi!

Can you please share the show ip route command output from CYBER ROM?

Have a nice day!

JC

lantech.solution · ‎08-10-2016

Hi Carols,

Thanks for your reply. We were working on live network and since could not do the set up as needed we have put the switches in L2 mode so that network operate in a same manner in which it was operating previously.

Our plan is to have one L3 at core level and two L2 at departments. We have 3 to 5 VLANs and will enable routing in L3 switch. Presently and in our original set up cyberom is taking care of routing and I believe removing routing function from cyberom will make the WAN communication and firewall functions more smooth.

Please advise as you find suitable, however if you need a "show ip route" in present scenario (where SG300 is in L2 mode and connected with cyberom), please let me know will share it.

Thanks and regards,

Jayesh Trivedi

Terence Payet · ‎08-10-2016

Hi Jayesh,

So basically the issue is that the rest of the vlans are not able to access internet?

If yes, i think the issue is with NAT.

As suggested by Carols, a config of CYBER ROM would be good.

Regards,

Terence

lantech.solution · ‎08-11-2016

Hi Terence,

Thanks for your mail. What I understand is, since my VLAN 1 IP (10.0.7.231) is in the same range as my cyberom’s IP, i.e. 10.0.7.1 my VLAN1 users are able to access the internet, however users of other VLANs cannot access internet. This is happening in spite of configuration of default IP on my SG300 (L3 mode) as 10.0.7.1 (Cyberom’s IP). Considering this all unknown traffic to the switch regardless of the VLAN it is coming from should be sent to cyberom and further to the internet as needed. But this is not happening. Why, I don’t know.

Moreover, to reduce the routing load on the cyberom, my idea is to change IP of my VLAN 1 also and will make it saperate from the cyberom’s IP scheme. I want my switch should divert the traffic to cyberom for all unknown packets to it regardless of the VLAN it is coming from. All inter VLAN routing sould happen at SG300 level and need not require to cross the switch. I will give an IP of cyberom as a gateway to my SG300 as stated above. I am confused if this setup will work or not and wish to know the reason and solution to this issue.

Please give your idea / views.

Best regards,

Jayesh

Terence Payet · ‎08-11-2016

Hi Jayesh,

Is it possible to share the config?

If not please post sh ip route from Cyber ROM

Regards,

Terence

lantech.solution · ‎08-11-2016

Dear Terence,

Show IP from cyberom result image attached. Please check and help.

Please note presantly switches are in L2 mode and are in almost unmanaged state.

Please let me know if you need any more details.

Regards,

Jayesh

lantech.solution · ‎08-19-2016

Dear Terence,

Please let me know if you have checked the details I have sent. Waiting for your reply.

Please let me know if you need any more details.

Thanks and regards,

Jayesh Trivedi

Inter VLAN routing is OK but issue with some VLANs' communication on WAN / internet after crossing my cyberom