Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
724
Views
0
Helpful
7
Replies

SG300-20 Inter VLAN Routing problems

dynamotech
Level 1
Level 1

‎02-08-2016 05:08 PM - edited ‎03-08-2019 04:31 AM

I've been banging my head on this for a couple of days and I think I'm missing something really fundamental in my setup.

So my WAN is connected to my RV320 Router (10.0.0.254) which is connected to my SG300-20 Switch (10.0.0.1).

I've defined 2VLANs:

10.0.0.0 - 255.255.255.0 - VLAN 1 (default)

10.0.100.0 - 255.255.255.0 - VLAN 100

VLAN interfaces are on the x.x.x.1 static IP address.

My routes on the SG300:

0.0.0.0/0 - 10.0.0.254

10.0.0.0/24 route type local (VLAN 1)

10.0.100.0/24 route type local (VLAN 100)

My routes on the RV320:

0.0.0.0/0 - 10.0.0.254

10.0.0.0/24 - 10.0.0.1

10.0.100.0/24 - 10.0.0.1

I think that configuration is pretty straightforward. 

My ports on the SG300 look like:

GE1 (which is port connected to the router which is where my laptop is connected) - 1UP 100T

GE2 (which is connected to a DNS server) - 1UP 100T

GE3 (which is connected to another linux box) - 1T 100UP

Laptop (10.0.0.100) connected to the router has access to the outside world, and can access DNS server (10.0.0.252) and the linux box (10.0.100.100). This is great.

DNS server can access outside world and other 10.0.0.0/24 devices. Cannot access 10.0.100.0/24 addresses.

Linux box can only access 10.0.100.0/24 addresses. Cannot access anything else.

Now, for DNS server and the linux box, I can create a secondary, vlan enabled device, and from those, I can ping the appropriate subnet, but am unable to access the outside world (in the case of the linux box).

Confused since I thought the routes allowed for inter VLAN routing. Can someone please tell me what I'm doing wrong?

Labels:
0 Helpful
7 Replies 7

acampbell
VIP Alumni
VIP Alumni

‎02-09-2016 05:17 AM

Hi,

So the issue seems to around vlan 100 (10.0.100.0/24).

For this to work the way you want the devices on Vlan 100 (like the LINUX BOX) will
need to use 10.0.100.1 (Vlan 100 SVI in SG300 Router) as their default gateway.

Can you confirm

Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

dynamotech
Level 1
Level 1
In response to acampbell

‎02-09-2016 06:14 AM

Thanks for the response! So last night, I did a few tests and this is what I found:

1. Static routes defined by the client (Linux box) were NOT being routed properly, even when using the proper gateway of 10.0.100.1. My uneducated guess is that the SG300 doesn't know it's there and thus can't forward on requests to the appropriate box.

2. If I do a Static Host configuration in DHCP and reserve the IP address that way, the box will pick up the IP address and then can ping out and be accessed from outside.

3. I have noticed that SSH sessions drop now in some instances.

4. I thought I had solved the problem by assigning static hosts for all of my servers. I started rebuilding my esxi infrastructure and setting up separate VLAN for management, storage, etc. However, with DHCP enabled for each one of the VLAN, they all have inconsistent connectivity. vSphere clients will drop, and I can't deploy a new instance of vSphere because of connections that need to be kept alive on the server being lost.

Really scratching my head on this...

0 Helpful

acampbell
VIP Alumni
VIP Alumni
In response to dynamotech

‎02-09-2016 06:25 AM

Hi,

So your LINUX is a VM iin your ESXI.

If you are using a different subnet for the VMs and the ESXI may be you
need to fix the Lan switch port to be a trunk carrying the VLANS you need.

So the EXSI could be on Vlan 1
The LINUX VM on Vlan 100

So you need a trunk to the physical EXSI carrying Vlans 1 & 100

I also never use DHCP for server type devices (but then again Im an old F***)
Always a fixed IP,mask,d/gway.

Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

dynamotech
Level 1
Level 1
In response to acampbell

‎02-09-2016 06:33 AM

Sorry, probably provided some different information.

So a few things since last night...

1. I created a separate VLAN for non-esxi hosts which can be leveraged across all other VLANs (primarily DNS).

The VLANS:

1 Default

2 General Static

100 Management Static

101 Front End Static

102 SAN Static

I put a DNS on port 20 which is ACCESS 2UP

All hosts so far are on ports with TRUNK 100UP 101T 102T

If I don't use DHCP, my statically defined IPs on my boxes aren't ever routed to properly. Within a VLAN they work fine, but they are unable to ping out for some reason. If I use DHCP, it seems to work...

0 Helpful

acampbell
VIP Alumni
VIP Alumni
In response to dynamotech

‎02-09-2016 06:56 AM

Hi,

I dont get why you are using TRUNKS to host devices.

I would only do that if the host has been configured to tag the vlan in 802.1Q.
An EXSI can do this if you configure the ESXI internal switch with its uplink as a trunk and set the VM internal ports to the correct Vlans

To me all hosts should be set as access ports with just the correct vlan set. The exceptions being devices like IP phones etc.

Trunks are usually only used to connect to other switches and routers that are using trunking.

I dont have any experience on the SG300s but the theory is the same as IOS cli configured switches

Regards
Alex

Regards, Alex. Please rate useful posts.
0 Helpful

dynamotech
Level 1
Level 1
In response to acampbell

‎02-09-2016 07:00 AM

So, I'm probably thinking of this wrong, but each of the esxi hosts has at most 2 NICs. Between the 2 NICs, I wanted to have traffic for SAN and whatnot be separated by additional VLANs.

With ACCESS, wouldn't I not be able to tag traffic on the hosts with the appropriate management or SAN tags so that other devices on the network can see the traffic? Maybe I'm overthinking this.

0 Helpful

dynamotech
Level 1
Level 1
In response to acampbell

‎02-09-2016 06:57 AM

Here's the appropriate configuration:

ip dhcp pool network VM Storage
address low 10.0.102.2 high 10.0.102.254 255.255.255.0
exit
ip dhcp pool network VM Front End
address low 10.0.101.2 high 10.0.101.254 255.255.255.0
dns-server 10.0.0.254
exit
ip dhcp pool network VM Management
address low 10.0.100.2 high 10.0.100.254 255.255.255.0
exit
ip dhcp pool network General Access
address low 10.0.2.2 high 10.0.2.253 255.255.255.0
dns-server 10.0.2.254
exit

ip domain polling-interval 8
!
interface vlan 1
ip address 10.0.1.1 255.255.255.0
no ip address dhcp
!
interface vlan 2
name DynoDB
ip address 10.0.2.1 255.255.255.0
!
interface vlan 100
name "VM Management"
ip address 10.0.100.1 255.255.255.0
!
interface vlan 101
name "VM Front End"
ip address 10.0.101.1 255.255.255.0
!
interface vlan 102
name "VM Storage"
ip address 10.0.102.1 255.255.255.0
!
interface gigabitethernet2
switchport trunk allowed vlan add 2,100-102
!
interface gigabitethernet3
switchport trunk allowed vlan add 101-102
switchport trunk native vlan 100

!

interface gigabitethernet20
switchport mode access
switchport access vlan 2
!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card