Solved: VLAN routing and WAN connection

J Sullivan · ‎09-07-2016

I have a stack config with 2 3750g-12 running as a core connecting one access switch (non-cisco and actually 8, but just testing right now). I have routing turned on and a default route established. Two VLANs created, 1 and 2. Two ports, 1/0/12 and 2/0/12, are LAGed to the access switch and have 2 ports, 1/0/2 and 2/0/2, running to the router (non-cisco) in a VRRP config. VLAN1 shares same IP subnet as router (172.24.10.0/23) and VLAN2 does not (10.10.10.0/24). I have both VLANs running on the access switch and the Cisco stack is acting as DHCP server for both VLANs and handing out addresses to clients off access switch. Problem is I only get internet access on VLAN1 which is on the same subnet as the router. I assumed the default route would forward. I tried setting up a route from the 10.10.10.0/24 network to forward to the 172. network, but that didn't work.

Thoughts?

(Tried to upload image w/ topology, but no go.)

Current configuration : 2383 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
!
!
no aaa new-model
switch 1 provision ws-c3750g-12s
switch 2 provision ws-c3750g-12s
system mtu routing 1500
ip routing
no ip domain-lookup
ip dhcp excluded-address 172.24.10.1
ip dhcp excluded-address 10.10.10.1
ip dhcp excluded-address 172.24.10.150
!
ip dhcp pool GenDat
network 172.24.10.0 255.255.254.0
default-router 172.24.10.150
dns-server 8.8.8.8
!
ip dhcp pool SecDat
network 10.10.10.0 255.255.255.0
dns-server 8.8.4.4
default-router 10.10.10.1
!
!
spanning-tree mode mst
spanning-tree extend system-id
spanning-tree mst 0 priority 0
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
switchport mode trunk
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
!
interface GigabitEthernet2/0/8
!
interface GigabitEthernet2/0/9
!
interface GigabitEthernet2/0/10
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2
switchport mode trunk
channel-group 1 mode active
!
interface Vlan1
ip address 172.24.10.150 255.255.254.0
!
interface Vlan2
ip address 10.10.10.150 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.24.10.1
no ip http server
no ip http secure-server
!
!
!
!
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end

Patrick Colbeck · ‎09-21-2016

No set the 3750G stack up with a VLAN with an SVI with an IP address of 172.24.10.151 and point the routes from both routers at that address. Make 1/0/1 and 2/0/2 access ports on that VLAN.

On the 3750 point a static route at 172.24.10.1 (the VRRP address of the routers). You should be good to go then.

View solution in original post

Reza Sharifi · ‎09-07-2016

Are you trying to use the core switches as just layer-2 or layer-3? Are the core switches going to be the gateways for the end device or the router is going to be the gateway? If you are planning to termite the vlans on the core switches that means the core switches are used as the gateway (layer-3). You than need a layer-3 connection between the switches and the router. You currently have a trunk between the switches and the router and this suggests that you want to use the router as the gateway.

Can you clarify?

HTH

J Sullivan · ‎09-07-2016

Both core and access will be run as L3. I would like the core to act as gateway to the routers so the only traffic that gets to the router will have been forwarded by core switch on single subnet.

The current connection between the core switch and router is not a trunk. Just access in a to a pair of routers in a VRRP config. again, the only trunk that I am aware of is between the core and access by way of LAGed links.

Am I missing something in the config?

Reza Sharifi · ‎09-07-2016

Ok, so if you want the core switches to act as the gateway for your subnet, than you need 2 layer-3 (/30) links between the core switch stack and the routers. One /30 connects the core to one of the router and the /30 will connect the core to the other router. What type of routers do you have and are they connected to Internet?

HTH

J Sullivan · ‎09-07-2016

Ubiquiti ER-Pro 8. They are in a VRRP config. So virtual IP of 172.245.10.1 and the interface IP on one is .2 and the other is .3. I guess I can set them up on a /29 subnet between core and router.

How should those links be setup? Routing?

Patrick Colbeck · ‎09-21-2016

No set the 3750G stack up with a VLAN with an SVI with an IP address of 172.24.10.151 and point the routes from both routers at that address. Make 1/0/1 and 2/0/2 access ports on that VLAN.

On the 3750 point a static route at 172.24.10.1 (the VRRP address of the routers). You should be good to go then.

J Sullivan · ‎09-19-2016

So I setup the routes for the routers to the switch:

static 10.10.10.0/24 next-hop 172.24.10.150

static 192.168.0.0/24 next-hop 172.24.10.150

Also added the following since VRRP requires two IPs and I don't t think I can use the VRRP virtual address for the next-hop.

static 10.10.10.0/24 next-hop 172.24.10.151

static 192.168.0.0/24 next-hop 172.24.10.151

Tried to setup .151 on a port on the second switch in the stack (2/0/2) and got, "Switch(config-if)#ip address 172.24.10.151 255.255.254.0
172.24.10.0 overlaps with GigabitEthernet1/0/1"

So, am I not able to set another port on the switch to the same subnet? I need to have the two routers in the VRRP config be in the same subnet and need route-able interfaces from the switch to connect.

I think...

But obviously missing something here. If I can't have 2 ports on the switch be in the same subnet, I'm not sure what to do to make VRRP work.

ahmedshoaib · ‎09-19-2016

Hi;

In case of switches are configured as stack then there is no need to configure VRRP/HSRP. Both switches already considered as a single switch.

Thanks & Best regards;

J Sullivan · ‎09-19-2016

So basically asking switch stack to do 2 LAN interfaces to operate at layer 3. Didn't know if it would do that, but don't know. If not, is there another way to do it? Bridging? They are going to one virtual IP.

J Sullivan · ‎09-20-2016

VRRP is to 2 non-Cisco routers. They are the ones setup in a VRRP config.

ahmedshoaib · ‎09-07-2016

Hi;

Why you configure SecDat (default gateway 10.10.10.1), it should be 10.10.10.150 (3750 vlan 2 IP Address).

Your non-Cisco router should have 2 things configure:

1- Static Router for 10.10.10.X network reachable via 172.24.10.150

2- NAT should be configure for both subnets (10.10.10.X & 172.24.10.X).

Thanks & Best regards;

J Sullivan · ‎09-08-2016

So the router needs to have static routes into core switch and NAT defined in the router out to the WAN? That's what I get from your previous statement.

ahmedshoaib · ‎09-08-2016

Hi;

As per your current scenario this is the best what we can do. Other wise 2nd option is what Reza mentioned you need to modify your whole network.

Thanks & Best regards;