Solved: Re: InterVlan Routing between a Cisco SG500x and ERL (EdgeRouter Lite)

johnnyparada · ‎01-21-2018

Hello All,

I need a little assistance with getting my vlans from the switch to make it to the router and back - or simply put, my vlans (other than the defualt) cannot reach the internet.

On the switch side, I have changed it to router mode (layer 3), enabled ip routing, and set the ip route 0.0.0.0 0.0.0.0 192.168.1.1 (which is the address of the router port eth1). Vlans are 1, 192.168.1.254 for default and 101-105 @ 192.168.101-105.1, and 201-208 @ 192.168.201-08.1 (192.168.207.254 Vlan 7 is going to be differnet because I was testing where I was making my mistakes). I also setup the port on the switch connnected to the router as a trunk and allowed, in this testing case, vlan 7. Currently, I can ping from each vlan as a member, to any of the other vlans. However, when I try to ping the router or the internet from, in this case vlan 7, I get "reply unavialable; tracert will only get the response from the first hop (the vlan interface - 192.168.207.254).

On the router side port eth0 (71.95.196.xxx) is going to the ISP mode out to the net. Port eth1 is connected to the switch and is assigned the ip of 192.168.1.1 (I also setup an second IP 192.168.207.1). As far as the route go, I have tried to set the route back to the switch at 102.168.1.0/24(static), but for some reason the only one that goes active is the one that is connected (c). I have also added the routes for the other vlans.

I will attach my configs and ip routes for both my router and switch, if any one can provide me some assistance on how to get the route setup for the return back to the switch (which I believe is where my connection is broken).Or could NAT or my firewall (which I have not altered or added any rules) come into play here.

Btw, my router is an ERL and my switch is a Cisco SG500x

Thank you all in advance.

Johnny Parada

ghostinthenet · ‎01-22-2018

One route will do, but if you want to encompass 192.168.x.x, you need to route 192.168.0.0/16 and not 192.168.0.0/24. 192.168.0.0/24 will only cover 192.168.0.x.

View solution in original post

ghostinthenet · ‎01-22-2018

I think I see the problem here. On your ERL, you have two misconfigurations.

You have eth1 and eth2 configured on the same subnet, which is potentially going to cause destination problems for traffic going to the 192.168.1.0/24 network. If eth2 is disconnected, this is a non-issue, but if both are connected, you should remove or change the assigned IPv4 address on eth2.
You're using interface routes on the ERL, pointing your VLAN subnets at the eth1 interface, but not giving them a next hop address. This is going to cause return traffic from the ERL to be broadcast on the eth1 interface rather than being sent to the IPv4 address of the switch's VLAN1 interface.

For simplicity's sake, I would remove your interface routes and do something like this:

protocols {
    static {
        route 10.0.0.0/8 {
            next-hop 192.168.1.254 {
            }
        route 172.16.0.0/12 {
            next-hop 192.168.1.254 {
            }
        route 192.168.0.0/16 {
            next-hop 192.168.1.254 {
            }
        }
    }
}

This will direct all of the RFC1918 space back to your SG500X unless a more specific route exists on your ERL, eliminating the need to add routes to the ERL as you create networks on the SG500X.

johnnyparada · ‎01-22-2018

Hi Jody,

Thanks for the response. I have removed the IP routes added to the interface and instead created a single route to the switch as a next hop, as suggested. I also remove the IP from the eth2 port.

However, I am still unable to reach the internet or the router from any of the vlans other than the default (i tested under vlan207 and 208).

Any other suggestions. I have posted the updated config's and routes.

Thank you again,

Johnny

ghostinthenet · ‎01-22-2018

It looks like the routes didn't take on the ERL. You only have this one in there now:

protocols { static { route 192.168.0.0/24 { next-hop 192.168.1.254 { distance 1 } } } }

You should be doing okay once you have them all in there.

Sorry about the formatting. Replying from my mobile.

johnnyparada · ‎01-22-2018

Jody,

Do I need a route for each of the Vlan interfaces? My understanding is that the 192.168.0.0/24 encompasses all the networks within the 192.168.x.x range, is that not correct?

Or am I off?

Thank you again for your help.

ghostinthenet · ‎01-22-2018

One route will do, but if you want to encompass 192.168.x.x, you need to route 192.168.0.0/16 and not 192.168.0.0/24. 192.168.0.0/24 will only cover 192.168.0.x.

johnnyparada · ‎01-22-2018

DUH!

Let me try that and report back.

TY

Johnny

ghostinthenet · ‎01-24-2018

Did it work any better with the /16?

johnnyparada · ‎01-25-2018

Jody,

Hi. Yes. Placing the correct /notation cleared that up. Thank you for all your advice and suggestions.

To anyone experiencing this issue, here is an updated copy of my configs that resolved it for me.

Thanks again Jody,

Johnny