cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
435
Views
15
Helpful
17
Replies

Layer 3 /30 Vlans Daisy Chain help

BrianOver
Beginner
Beginner

Hi All!

I got dragged into a partly configured project & am trying to piece together what's needed

*UPDATE because I worded this poorly

Network:

Firewall -> Aggregate C3850-S

                  -> Trunk -> (A) C3850-S 

                  -> Trunk -> (B) C3850-S 

                  -> Trunk -> (C) C3850-S

 

A, B, & C contain many /30 Vlans connected to corresponding DHCP pools (They give out 1 specific IP) 

Vlans are all configured with a INT address & only are populated on their corresponding switch

A is 192.168.5.0 - split into Vlan 2-20 all /30

B is 192.168.6.0 - split into Vlan 26-49 all /30

C is 192.168.7.0 - split into Vlan 50-73 All /30

 

The trouble, as always, is internet access. I've tried a lot of different route combinations on the Firewall & Switches but they never seem to pick up internet access

 

A buddy theorized I could make the interface on the firewall 192.168.4.1/16 & make that the default router for all the vlan (DHCP) but I cannot seem to get that to work

 

Any ideas? Struggling here

 

 

 

 

1 Accepted Solution

Accepted Solutions

Tried this - Using Vlan 99 instead of Vlan 1 per recommendation 

Firewall - Vlan 99 - 192.168.99.1/24

Switches - Vlan 99 to all the switches & allowed on the trunk ports

 

The Switches would not apply default routes to 192.168.99.1 unless I had int vlan 99 set on each

Firewall 192.168.99.1

Agg. - 192.168.99.2

A - 192.168.99.3

B - 192.168.99.4

C - 192.168.99.5

 

Results:

Test Server (TS) received correct DHCP settings (192.168.5.53/30 - Gateway 192.168.5.54 - DNS 8.8.8.8)

The TS can ping 192.168.99.3 (the switch it is connected to), 192.168.99.2 & 192.168.99.1

No internet access is available 

All the switches can ping each other & the FW

 

*Update

I added a route on the FW - 192.168.5.52/30 to 192.168.99.3 (the switch with the .5.X vlans/routes on it)

Using traceroute from the FW, the first hop to 192.168.99.3 works but all further hops fail.

The FW is correctly connecting to the SW then SW fails to route the packet to TS. Looking at the SW route table, everything is correct, all Vlans (including .5.52/30) are automatically in the table & healthy

 

*Update 2

Turns out the SWs just took a long time to propagate their routing tables

I gave it a night & it magically worked in the morning

 

Thank yall for the help!

View solution in original post

17 Replies 17

MHM Cisco World
Advisor
Advisor

Are SW is L3 or L2?

</