Inter vlan routing not working -Switch SG300

AhmedTaher9188 · ‎09-16-2020

intervlan routingHello,

Could anyone help me to enable inter VLAN routing in this diagram

1- I have 2 Adsl Routers

Router1:10.0.0.136

Router2: 10.0.2.1

Router 2 connected directly to Cisco SG300 L3 Switch "Switch 1" on VLAN2 on Interface IP 10.0.2.141

Router 1 Connected to CISCO RV042 Router and the RV042 connected to "Switch1" Cisco SG300 L3 on Default VLAN 1 interface IP 10.0.0.141

I have another 2 L3 switches connected to "Switch 1" on VLAN1 for servers and users

I have another 1 L3 switch connected to "Switch 1" on VLAN2 for WIFI users

I have enabled DHCP Relay on VLAN2

I have enabled DHCP snooping on VLAN1 and enabled DHCP trusted interface snooping

All ports trunks

All ports untagged

I have added Ports# 2 & 9 on VLAN2 and all other ports on VLAN1

All I need VLAN1 Can communicate with VLAN2

Kindly find below extracted configuration

CORE-SW#show running-config
config-file-header
CORE-SW
v1.4.11.5 / R800_NIK_1_4_220_026
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp pool network 10.0.2.X
address low 10.0.2.101 high 10.0.2.200 255.255.255.0
domain-name PLAN-ALEX-wfi
default-router 10.0.2.1
dns-server 163.121.128.134 163.121.128.135 1.1.1.1 8.8.4.4 8.8.8.8
exit
ip dhcp information option
no boot host auto-config
bonjour interface range vlan 1
hostname CORE-SW
line telnet
exec-timeout 30
exit
aaa authentication login authorization Telnet local
aaa authentication enable authorization Telnet enable
line telnet
login authentication Telnet
enable authentication Telnet
password da39a3ee5e6b4b0d3255bfef95601890afd80709 encrypted
exit
no passwords complexity enable
passwords aging 0
username cisco password encrypted 78731ad83e90b90e16441e9cbfe75a80699e472a privilege 15
ip ssh server
snmp-server location "1st SW"
snmp-server contact "1st SW Core SW"
ip domain name PLAN-ALEX.wifi
ip name-server 163.121.128.134 163.121.128.135 1.1.1.1 8.8.8.8 8.8.4.4
ip telnet server
!
interface vlan 1
ip address 10.0.0.141 255.255.255.0
no ip address dhcp
!
interface vlan 2
name 10.0.2.0
ip address 10.0.2.141 255.255.255.0
ip dhcp relay enable
!
interface gigabitethernet1
ip dhcp snooping trust
!
interface gigabitethernet2
switchport trunk native vlan 2
!
interface gigabitethernet3
ip dhcp snooping trust
!
interface gigabitethernet4
ip dhcp snooping trust
!
interface gigabitethernet9
switchport trunk native vlan 2
!
exit
banner login ^C
CORE-SW 10 PPOE
^C
banner exec ^C
CORE-SW 10 PPOE
^C
ip dhcp snooping
ip dhcp snooping vlan 1

Reza Sharifi · ‎09-16-2020

Not familiar with the SG series switches but have a look at this link as someone had the same issue. Also, not sure if there is a command called "IP routing" that you can enable.

https://community.cisco.com/t5/small-business-switches/inter-vlan-routing-on-cisco-sg300/td-p/2896665

HTH

AhmedTaher9188 · ‎09-17-2020

Dear @Reza Sharifi

Thank you for your reply

Unfortunately "IP routing" not recognized on Cisco SG 300 switches, However i followed the instructions in the link you have shared and still inter vlan routing not working

Giuseppe Larosa · ‎09-16-2020

Hello @AhmedTaher9188 ,

>>1- I have 2 Adsl Routers

Router1:10.0.0.136

Router2: 10.0.2.1

Router 2 connected directly to Cisco SG300 L3 Switch "Switch 1" on VLAN2 on Interface IP 10.0.2.141

Router 1 Connected to CISCO RV042 Router and the RV042 connected to "Switch1" Cisco SG300 L3 on Default VLAN 1 interface IP 10.0.0.141

Just to clarify can you ping 10.0..0.136 IP address from core switch 10.0.0.141 ?

Because there is a router RV42 on the path that have IP address 10.0.0.138. Unless configured for IRB integrated routing and bridging the RV42 interfaces should be in different IP subnets.

If so you have three IP subnets and not only two in your network.

Otherwise if RV42 is doing IRB / bridging you need to configure appropriate static routes on each ADSL router.

ADSL router 1 must know that IP subnet 10.0.2.0/24 is reachable via 10.0.0.141

Note: RV42 router needs the same static route if all its interfaces are in 10.0.0.0/24

ADSL router 2 must know that IP subnet 10.0.0.0/24 is reachable via 10.0.2.141

They need specific static routes to take over the default routes each of them has to the internet via the local ADSL line.

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-17-2020

Dear @Giuseppe Larosa

I would like to Thank you for your prompt reply,

I will reply to your questions one by one

1- Just to clarify can you ping 10.0.0.136 IP address from core switch 10.0.0.141 ?

> No, I can't since I have installed the RV42 router in Gateway mode I can't reach my ADSL router1 10.0.0.136.

2- Unless configured for RIB integrated routing

> No, It is disabled, Should I enable it?

3- bridging the RV42 interfaces should be in different IP subnets

> Yes, I have configured it to use WAN IPs "Real IPs"

4- If so you have three IP subnets and not only two in your network

> If you counted the real IP subnet you will be right three subnets but this subnet not used in my internal network

5- Otherwise if RV42 is doing IRB / bridging you need to configure appropriate static routes on each ADSL router.

ADSL router 1 must know that IP subnet 10.0.2.0/24 is reachable via 10.0.0.141

Note: RV42 router needs the same static route if all its interfaces are in 10.0.0.0/24

ADSL router 2 must know that IP subnet 10.0.0.0/24 is reachable via 10.0.2.141

They need specific static routes to take over the default routes each of them has to the internet via the local ADSL line.

> How could it be done, I have Huawei ADSL routers

Giuseppe Larosa · ‎09-17-2020

Hello @AhmedTaher9188 ,

the first thing to do is to connect R1 ADSL directly to a port of the core switch in Vlan 1 so that RV42 is not needed anymore.

Consider to deploy a cheap 8 ports L2 switch if you haven't free ports in vlan 1 or there are issues with cabling.

>> > How could it be done, I have Huawei ADSL routers

post the Huawei model of your ADSL routers we can try to find an admin guide for GUI or CLI to be able to add the required static routes.

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-17-2020

Hello @Giuseppe Larosa

I can't exclude RV042 from my network as it is my VPN router

Is there any way to use RV42 in this implementation method.

Giuseppe Larosa · ‎09-17-2020

Hello @AhmedTaher9188 ,

I was meaning find a way to connect R1 ADSL to Vlan1 on core switch this can be achieved by adding a switch where you connect both the RV42 and the R1 ADSL with two cables. The current cable from core switch on RV42 is connected to a third port of this new small switch.

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-20-2020

Dear @Giuseppe Larosa

Hello,

please accept my apologies for my late response,

I followed your advice (adding a new L2 switch and attach it with both RV42 and R1 ADSL with 2 network cables, then I attached the current cable from core switch on RV42 to a third port of this new small L2 switch" once I did this my network crashed "Loop happened"

Is there any other way to achieve my goal" Inte Vlan between 2 Vlans"

If you have another Topology feel free to edit mine

Giuseppe Larosa · ‎09-20-2020

Hello @AhmedTaher9188 ,

I'm sorry that the suggestion of adding a new switch caused issues in your network.

I think at this point you should consider to use a different IP subnet like 10.0.3.0/24 between RV42 and R1 ADSL.

RV42 interface to core switch can have IP 10.0.0.138/24 interface of RV42 to R1 ADSL IP 10.0.3.138/24 and internal interface of R1 ADSL IP 10.0.3.136/24 instead of current 10.0.0.136 that does not make sense because of RV42 router on the path.

at this point R1 ADSL will need to have two static routes pointing to RV42 next-hop

ip route 10.0.0.0 255.255.255.0 10.0.3.138

ip route 10.0.2.0 255.255.255.0 10.0.3.138

on core switch you will need

ip route 10.0.3.0 255.255.255.0 10.0.0.138

for the Huawei routers provide the model and will look for their admin guide.

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-21-2020

Dear @Giuseppe Larosa

Thank you for your time

Never mind dear anything important happened I fixed it immediately

Adding new submit would be perfect I think it might solve my issue

you explained every thing clearly

and it is so generous from you to continue helping me even on my Huawei routers.

Huawei router model is: HUAWEI HG633

Giuseppe Larosa · ‎09-21-2020

Hello @AhmedTaher9188 ,

I have tried to look for a manual for the router Huawei HG633

see

https://setuprouter.com/router/huawei/hg633-talktalk/manuals.htm

unfortunately, it looks like it does not support static routes on the LAN interface so I'm afraid even this approach might be not possible.

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-22-2020

Hello, @Giuseppe Larosa

Never mind dearest.

I have a question that may solve routing issue.

After searching in my stock I found two working cisco routers (Cisco 1900 Series & Cisco 1800 Series) could I add them to my topology to solve routing issue?

Giuseppe Larosa · ‎09-22-2020

Hello @AhmedTaher9188 ,

>> found two working cisco routers (Cisco 1900 Series & Cisco 1800 Series) could I add them to my topology to solve routing issue?

The Cisco router should be used to perform NAT using the interface towards the R1 ADSL LAN.

The Cisco router supports static routes for sure.

Using both static routes and NAT you could be able to solve your routing issue

NAT = Network Address Translation

Hope to help

Giuseppe

AhmedTaher9188 · ‎09-24-2020

Thank you @Giuseppe Larosa for your help

I will try and feed back you