Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
599
Views
0
Helpful
3
Replies

SG500X - Inter VLAN routing issue

paul.hermans
Level 1
Level 1

‎02-01-2017 10:15 AM - edited ‎03-08-2019 09:08 AM

Hi, I'm trying to get the inter VLAN routing working on a SG500X switch but with no success. For the test I did a factory reset and created the simplest scenario. See attached drawing

Inter VLAN routing

Here are the running-config, the ip routes and the ip interfaces:

switchf5512c#show running-config
config-file-header
switchf5512c
v1.4.7.5 / R800_NIK_1_4_194_194
CLI v1.0
set system queues-mode 4

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 40
exit
bonjour interface range vlan 1
hostname switchf5512c
ip ssh server
!
interface vlan 40
name Office
ip address 192.168.40.11 255.255.255.0
!
interface gigabitethernet1/1/13
switchport mode access
!
interface gigabitethernet1/1/14
switchport mode access
switchport access vlan 40
!
interface gigabitethernet1/1/15
switchport mode access
switchport access vlan 40
!
exit

switchf5512c#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP


D 0.0.0.0/0 [1/2] via 192.168.100.1, 02:13:35, vlan 1
C 192.168.40.0/24 is directly connected, vlan 40
C 192.168.100.0/24 is directly connected, vlan 1

switchf5512c#show ip interface


IP Address I/F I/F Status Type Directed Prec Redirect Status
admin/oper Broadcast
------------------ --------- ---------- ------- --------- ---- -------- ------
192.168.40.11/24 vlan 40 UP/UP Static disable No enable Valid
192.168.100.11/24 vlan 1 UP/UP DHCP disable No enable Valid

IPv4 routing is enabled (in GUI)

The firewalls on the hosts is turned off.

What is the result:

From host 192.168.100.12 I can ping the VLAN 1 interface (192.168.100.11), the firewall (192.168.100.1) and I have internet access. I cannot ping the VLAN 40 interface (192.168.40.11) or host 192.168.40.12

From host 192.168.40.12 I can ping the VLAN 40 interface (192.168.40.11). I cannot ping VLAN 1 interface (192.168.100.11)  or host 192.168.100.12.

From the CLI I can ping everthing (192.168.100.12, 192.168.100.11, 168.168.100.1, 192.168.40.11, 192.168.40.12).

What am I overlooking? Please help!

Labels:
Preview file
25 KB
0 Helpful
3 Replies 3

Diana Karolina Rojas
Cisco Employee
Cisco Employee

‎02-01-2017 11:12 AM

Hello,

It looks like a correct configuration. Can you prove a tracer from one user in a vlan to another user in other vlan? where does the tracer stop?

Thanks,

0 Helpful

paul.hermans
Level 1
Level 1
In response to Diana Karolina Rojas

‎02-01-2017 12:32 PM

Hi,

A trace route from host 192.168.40.12 to host 192.168.100.12 stops after the first hop (192.168.40.11). First hop 1 ms, 4 ms 3 ms. After that nothing but "Request timed out".

A trace route from host 192.168.100.12 to host 192.168.40.12 stops at the first hop. Nothing but "Request timed out". However, the log of the firewall shows that the ping arrived there (192.168.100.1) and were logged because of a policy violation. That's normal because there is no policy for routing to VLAN 40.

0 Helpful

Diana Karolina Rojas
Cisco Employee
Cisco Employee
In response to paul.hermans

‎02-02-2017 12:43 PM

Hello again!

Did you prove create another vlan? Maybe is a problem with vlan 1, the configuration is complete? aren't there access list configured, firewall features or so on configured in your switch?

Regards,

0 Helpful
Customers Also Viewed These Support Documents