cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1020
Views
0
Helpful
15
Replies

SG500 InterVLAN routing problem

Mark99
Level 1
Level 1

I have 5 VLANs in my environment 1, 2, 10, 98, 99 and all is working fine (Layer 3 enabled, all interfaces and routes configured), I can ping any device from any VLAN.  I've added an additional VLAN (20) for cameras and have configured it the same as the other ones.  I cannot ping any device on the new VLAN20 sub from any other VLAN.  I can ping the gateway interface (192.168.20.1) but nothing on the subnet (I can't ping anything other than the gateway from the switch either).  I've connected a laptop and manually configured it's IP to that of the 20 network but can't ping it's own gateway.  At this point it seems that it's a simple routing issue but as I stated, I've configured it the same as the other networks.  I've configured the ports to untagged and allow VLAN20 to no avail.  I have 6 switches in my network ( all SG500's) but have moved the laptop and test camera onto the main switch which does the routing to remove any outside issues.  I've attached my config, hopefully there's something obvious in there that I'm missing.  The port I'm using for testing is #39

15 Replies 15

Richard Burts
Hall of Fame
Hall of Fame

Your description says that you have interfaces and routes configured. The only statement I see in the config about routing is the default gateway (pointing to 192.168.98.1) and the IP addresses of some vlan interfaces. Is there anything about routing that I missed?

 

Where are the devices connected that should be in 192.168.20.x? When you connected a laptop and configured it with an IP address in that subnet where was that laptop connected. In looking at the config I can not find any interface that is assigned to vlan 20. Did I miss something?

 

HTH

 

Rick

HTH

Rick

tis my understanding that the VLAN interface IP's and the subsequent routing able automatically populates with are what is required for interVLAN routing (correct me if I'm mistaken).  The routes are automatically created once a device from that network is connected.  As I said earlier, the routing between all of the other VLANs is working correctly, it's only the new network that is a problem.  The 192.168.98.1 address is for the router\firewall and is external.

 

Here is the port that I am using for testing, it appears here and via the web interface that it is configured for VLAN 20:

 

interface gigabitethernet1/1/39
spanning-tree link-type point-to-point
switchport trunk allowed vlan add 20
macro description switch

Thank you for the additional information. In general you are correct that if a vlan interface has a correct IP address and mask and if the vlan interface is in the up state then a route will be added to the routing table. Part of my confusion was about the configuration of default gateway. In my experience default gateway is generally used for switches operating as layer 2 devices and not as layer 3. I do not have experience with this model of switch and if this is working for your other vlans then obviously this switch does not operate like the ones that I do have experience with. So we are probably not looking at a routing issue.

 

Thanks for posting the config of the interface you are using to connect the camera/laptop. When I was reading the posted config (more than once) I did not catch this. So we are probably not looking for a routing issue or for not having a device connected in the vlan. So what could it be? I am wondering if the issue might be configuring the interface as a trunk and adding vlan 20. In the switches I am familiar with a configuration like this would send tagged frames in vlan 20 (vlan 20 does not appear to be the native vlan and so assuming dot1Q trunking the frame would be tagged. I do see that this interface uses a switch macro and am not sure of the significance of this) What would be the result if you configure this interface as an access port in vlan 20 rather than as a trunk? (I do see that you have many interfaces configured as trunk and you then add a single vlan to the trunk. If this works for many other devices then perhaps this is another example of how this switch does not act like the ones I am familiar with)

 

HTH

 

Rick

HTH

Rick

I didn't set this switch up originally so the rational as to why the ports are set the way they are escapes me.  I know there were some issues sorting out the ip phones but again, I don't know what was done to resolve that issue.  I have tried changing the port type to tagged, access, general all to no avail.  I've spent a lot of time researching this problem but I'm not coming up with anything that will resolve this.  Once things are working, I will start playing with tagging and such as I don't want the camera traffic interfering with the regular traffic.

I wish that I had more experience with this model of switch so that I could give better suggestions. Perhaps someone else in the community will jump into this discussion and provide their insight. In the mean time I still wonder if it would help to configure this port as simply an access port in the vlan (and perhaps look for some macro other than switch to use as an host connection.

 

HTH

 

Rick

HTH

Rick

It occurs to me that there are a couple of things that you could do in terms of troubleshooting this problem.

- with the laptop connected to that port and manually configured with an IP address, mask, and gateway what does the switch show as status of the interface?

- with the laptop connected to that port attempt to ping the gateway and then immediately show the arp table. Does the arp table contain an entry for the gateway address?

- with the laptop connected to that port does the Ethernet interface see link?

 

HTH

 

Rick

HTH

Rick

The port shows up and active with at 1 Gb  (the camera shows the same except for 100Mb).  Initially the camera showed up in the ARP table but after resetting the switch, there are not VLAN20 devices showing up.  I'm not at the office right now so I can't test the laptop, I'll let you know when I do.

If the port shows as up and active that is good. If there were arp entries that was good but if they went away and do not come back that requires further investigation. It suggests that there might have been some change in configuration.

 

Please do update when you are able to test with laptop.

 

HTH

 

Rick

HTH

Rick

When I attempted to ping the laptop's gateway (192.168.20.1), I saw no entry in the ARP cache.  If I look at the dynamic mac address, it shows that it is in VLAN1 (which is the default one that every port belongs to).  When I set the laptop to DHCP, it picks up an address on VLAN1 and functions properly (so this rules out a bad port, cable, laptop port).  I have gone through all of the settings again and compared them to VLAN10 and they are identical (with the obvious substitution of VLAN20 on the ports).  What am I missing?? 

The symptoms that you describe suggest that the switch port that the laptop is connected to is in vlan 1. It needs to be assigned to vlan 20.

 

HTH

 

Rick

HTH

Rick

I do have the port configured for VLAN20, I can't remove it from VLAN1.

I do not understand how you can have it configured for vlan 20 and it is still in vlan 1. There must be something about configuring vlans and assigning ports to vlans on this switch that we do not understand. When you show the interface status what do you get?

 

HTH

 

Rick

HTH

Rick

I shows as up at 1Gb.  I agree, there's something going on here that I don't get.  As an aside, I configured everything using the web interface and only a few things with the cli.  I had assumed that they both configured things the same way but...  My next step will be to remove the VLAN entirely and rebuild it using the cli.

I would certainly expect the same results using the web interface or cli. It sounds like a good plan to remove the vlan and configure it over again.

 

HTH

 

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: