I am having trouble routing traffic via vlans. see diagram below.
Existing deployment is to go over a vpn from the router to main data center. Internet connection is out the same router. We have now had a L2 link installed, so that all the traffic goes across this L2 link into the Data Center and internet traffic will breakout via a Firewall. VPN can now be a secondary link in case of L2 link down.
on the far right of diagram is a gui based non cisco switch, it is tagging all client ports with vlan 10. The default gateway is on the router as an SVI with say 192.168.1.1
It is a trunk link from a 4 port switch on the router to the 3rd party switch.
On that same 4 port switch on the router is a Layer 2 wan link to a data center, this is also trunked.
When I move the SVI for vlan 10 from being on the router, to being on the firewall L3 link, traffic stops flowing. The trunks allow all vlans and the native vlan is the same for all. The L2 link is working but just can't understand why it will not route
On the remote site router, what is the output of sh spanning vlan 10
...does it show both trunk interfaces in a forwarding state?
On the remote site router, what is the output of sh mac-address vlan 10
...does it show the MAC address of the firewall VLAN 10 SVI?
Please share the output of both commands.
When you move the SVI to the firewall can the 3rd party switch ping its default gateway? It might be helpful if you could provide the content of the arp table on the 3rd party switch.
Also it might help us understand the issue is you would provide the config from your router (at least the parts that relate to the switch module, SVIs, and vlans). Also please identify which ports connect to the 3rd party switch and to the firewall. And the config from the firewall (at least the interface and any security policies related to this traffic).
Hi Richard, thanks for the reply. When I make the change and put the SVI on the firewall I am unable to ping the default gateway.
I will try to get the other information later on, Currently they are using the VPN model as that is currently working, I need to try the L2 Link out of hours