09-13-2013 08:46 PM - edited 03-07-2019 03:27 PM
Perhaps I need to sleep on this but I'm hoping someone can provide some insight so I can rest easier on this issue...
Have a pretty basic setup with VLAN 1 set up with 192.168.1.0/24 and VLAN 10 set up with 10.1.1.0/24. On a host on the 192 network I can hit the gateway of the 10 network (10.1.1.253) and vice versa without any issue. The problem I have is that if I am on a host on the 192 network, I cannot hit a host on the 10 network and vice versa. On the router itself I can ping any host on the 10 network and source it with VLAN 1 and it hits it just fine.
I can't tell much from the 3Com as its ping functionality is basic. The 3Com switches can hit any 10 or 192 host but I can't source traffic to tell what's going on there...
Solved! Go to Solution.
09-14-2013 07:00 AM
Hi Derek,
I wonder if the set ip next-hop in your route-maps for PBR is the adequate solution if you want to achive routing between the VLANs.
With that option, every packet with an source IP belonging to the particular VLAN is routed to an ISP, regardless of the local routing table. So a packet from the Data-VLAN is routed to ISP1 and ISP1 has to route it back to reach the Voice-VLAN.
I think a set ip default next-hop clause would be more appropriate, or you may want to change the ACLs to not policy-route to local destinations.
Hope that helps
Rolf
09-13-2013 10:27 PM
Hi Derek,
Sorry I dont have any idea how your connectivity is.
BTW I will just give the update , I hope you might have already checked this.
For Example:
1- With only one switch with 2 difference networks of Vlan.
SWITCH
| |
vlan 10 Vlan 20
(192.168.0.1) (10.0.0.1)
| |
PC PC
IP:192.168.0.10 IP:10.0.0.2
DF: 192.168.0.1 DF: 10.0.0.1
Switch:
=======
ip routing
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
interface Vlan10
ip address 192.168.0.1 255.255.255.0
!
interface Vlan20
ip address 10.0.0.1 255.255.255.0
Testing pinging PC between eachother:
============================
PC>ping 10.0.0.1 >>>>>>>>>>>>>>>>>>> OK
Pinging 10.0.0.1 with 32 bytes of data:
Reply from 10.0.0.1: bytes=32 time=14ms TTL=255
PC>ping 192.168.0.1
>>>>>>>>>>>>>>>>>>> OK
Pinging 192.168.0.1 with 32 bytes of data:
Reply from 192.168.0.1: bytes=32 time=5ms TTL=255
2-Scenario:
==========
Switch-------------------3COM
Make sure the trunk is configured.
Make sure the PC are been configured with the DF of there respective vlan.
Make sur ethe trunk and acess ports are not blocked by STP.
HTH
Regards
Inayath
*Plz rate if this info is helpfull.
09-14-2013 06:43 AM
The basic configuration on our router is as follows:
int gig 0/0/0 (trunk to switch1)
switchport mode trunk
switchport voice vlan 10
no ip address
int Vlan1
desc DATA VLAN
ip addr 192.168.1.253 255.255.255.0
ip access-group VLAN1ACCESS in
ip nat inside
ip virtual-reassembly in
ip policy route-map DATA
int Vlan10
desc VOICE VLAN
ip addr 10.1.1.253 255.255.255.0
ip access-group VLAN10ACCESS in
ip nat inside
ip virtual-reassembly in
ip policy route-map VOICE
ip access-list extended VLAN10ACCESS
permit ip 10.1.1.0 0.0.0.255 any
permit ip 192.168.1.0 0.0.0.255 any
ip access-list extended VLAN1ACCESS
permit ip 192.168.1.0 0.0.0.255 any
permit ip 10.1.1.0 0.0.0.255 any
route-map DATA permit 10
match ip address 101
set ip next-hop ISP1.IP.ADDRESS
route-map VOICE permit 10
match ip address 110
set ip next-hop ISP2.IP.ADDRESS
access-list 101 remark DATA
access-list 101 permit ip 192.168.1.0 0.0.0.255 any
access-list 110 remark VOICE
access-list 110 permit ip 10.1.1.0 0.0.0.255 any
On the 3Com switches the basic configuration is that there is a VLAN interface configured on each switch with each VLAN and a trunk from the router to switch1 and a trunk from switch1 to switch2. All other ports are configured as access ports for whatever VLAN the various hosts needs to be on.
The hosts are configured with the applicable default gateway of their VLAN (192.168.1.253 and 10.1.1.253 respectively). Any host can ping the other VLANs default gateway (i.e. 192.168.1.100 can ping 10.1.1.253) but cannot ping a host in the other VLAN (i.e. 192.168.1.100 cannot ping 10.1.1.40).
09-14-2013 07:00 AM
Hi Derek,
I wonder if the set ip next-hop in your route-maps for PBR is the adequate solution if you want to achive routing between the VLANs.
With that option, every packet with an source IP belonging to the particular VLAN is routed to an ISP, regardless of the local routing table. So a packet from the Data-VLAN is routed to ISP1 and ISP1 has to route it back to reach the Voice-VLAN.
I think a set ip default next-hop clause would be more appropriate, or you may want to change the ACLs to not policy-route to local destinations.
Hope that helps
Rolf
09-14-2013 08:15 AM
Thank you, Rolf! That did the trick!
I appreciate your input and assistance on this Saturday. Best regards to you, kind sir.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide