Re: VLAN c881 router + sg250-08 switch

Ruslan Kopenkin · ‎10-18-2020

Hello.

Have problem with connecting VLANs. Devices connected via Fa3 (router) and Gi8(switch), Gi7(switch) client device.

Router config:

interface FastEthernet3
description << LAN L2 >>
switchport mode trunk
no ip address
!
interface Vlan1
description << LAN >>
ip address 192.168.8.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
!
interface Vlan2
description << IPT >>
ip address 10.10.3.1 255.255.255.0
ip virtual-reassembly in
no autostate

It's ip route table:

      10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
S        10.0.0.0/24 is directly connected, Tunnel0
C        10.1.2.0/24 is directly connected, Tunnel0
L        10.1.2.2/32 is directly connected, Tunnel0
C        10.10.3.0/24 is directly connected, Vlan2
L        10.10.3.1/32 is directly connected, Vlan2
S        10.10.12.0/24 is directly connected, Tunnel0
      172.10.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        172.10.10.0/24 is directly connected, Vlan100
L        172.10.10.1/32 is directly connected, Vlan100
S     192.168.5.0/24 is directly connected, Tunnel0
S     192.168.6.0/24 is directly connected, Tunnel0
S     192.168.7.0/24 is directly connected, Tunnel0
      192.168.8.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.8.0/24 is directly connected, Vlan1
L        192.168.8.1/32 is directly connected, Vlan1

Switch:

Client and switch vlan2 interface are unreachable from router. Router's ARP clear from vlan2 clients

Internet  10.10.3.1               -   5ca6.2d22.6ae8  ARPA   Vlan2
Internet  172.10.10.1             -   5ca6.2d22.6ae8  ARPA   Vlan100
Internet  192.168.8.1             -   5ca6.2d22.6ae8  ARPA   Vlan1
Internet  192.168.8.2           126   4c71.0c18.4b08  ARPA   Vlan1
Internet  192.168.8.3            44   00fd.2291.2aac  ARPA   Vlan1
Internet  192.168.8.4            29   0014.38e3.c57d  ARPA   Vlan1
Internet  192.168.8.19            3   0025.ab6e.7b21  ARPA   Vlan1
Internet  192.168.8.29           33   0015.6594.1618  ARPA   Vlan1

Ideas?

MHM Cisco World · ‎10-18-2020

Can I see the topology ?

Ruslan Kopenkin · ‎10-18-2020

Georg Pauwen · ‎10-18-2020

Hello,

you need to delete the Vlan 2 interface from your switch and let the router to the inter-Vlan routing. On the switch, enable the Vlan 1 interface.

Ruslan Kopenkin · ‎10-18-2020

vlan2 interface on the switch made just for connectivity test. It has no any impact. All interfaces enabled.

Don't know about vlan routing enabling on the router. It routes correctly. Vlan1 clients can ping 10.10.3.1, but Vlan2 clients can't ping anything. Because there is no connectivity between router vlan2 and switch vlan2

Georg Pauwen · ‎10-18-2020

Did you enable Vlan 1 and disable Vlan 2 on the switch as suggested ?

Ruslan Kopenkin · ‎10-18-2020

Vlan1 int on the switch was always enabled

Georg Pauwen · ‎10-18-2020

You can only have one active Vlan interface on the switch (Vlan 1 in your case). In the screenshot you posted you have Vlan 2 enabled. Did you delete that ?

Ruslan Kopenkin · ‎10-18-2020

I can make them as many as I want

interface vlan 1
 ip address 192.168.8.2 255.255.255.0
 no ip address dhcp
!
interface vlan 2
 name IPT
 ip address 10.10.3.2 255.255.255.0
!
interface vlan 100
 name wifiguest
 ip address 172.10.10.2 255.255.255.0

Yes, I did

paul driver · ‎10-18-2020

Hello
Can you make the topology much clearer -

router- switch-client plus tunnels which you haven't mentioned that you show in the rtr output, if you do this I would assume it will be much easier to resolve for you.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Ruslan Kopenkin · ‎10-18-2020

how clearer it could be? it is just router, switch and client. tunnels do not touch the switch

paul driver · ‎10-18-2020

Hello
Yes understand and that's the problem obviously its configured incorrectly, For instance what are the tunnels for ?
If its the rtr that performing all the routing ( including inter-vlan routing) then the switch should basically act as a host switch and that's it with the end host connected to it on a access-port, however the switch its showing an populated arp table?

The only L3 addressing on the switch should be the MGT vlan, in this case it seems to be vlan 2, so then you don't need any other L3 address so vlan 1 isn't required in any case that vlan 1 looks like its being used for some tunnel addressing also you have a phone connected to the switch but i don't see any voice vlan?

Lastly how is the phone obtaining ip addressing, have you manually configured it or is it from dhcp that you haven't shared?

So basically:
RTR - all L3 interfaces ( in your case svi's for data /voice and mgt) and default route to wan
Switch -single l3 interface for mgt reachability with default-gateway to the rtrs svi ip for the same vlan, plus L2 vlans created for the access ports (data/voice) but i don't see these either?
Access-ports on the switch should be assigned for the phone (data & voice)

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Ruslan Kopenkin · ‎10-18-2020

tunnels for vpn

all switch ports are in L2 mode. Vlan1 is mgt int.

Vlan2 should be the voice vlan.

Phone should obtain address from router's dhcp server.

Gi7 - access-port

Ruslan Kopenkin · ‎10-20-2020

up