10-07-2019 10:41 PM
I am having trouble routing traffic via vlans. see diagram below.
Existing deployment is to go over a vpn from the router to main data center. Internet connection is out the same router. We have now had a L2 link installed, so that all the traffic goes across this L2 link into the Data Center and internet traffic will breakout via a Firewall. VPN can now be a secondary link in case of L2 link down.
on the far right of diagram is a gui based non cisco switch, it is tagging all client ports with vlan 10. The default gateway is on the router as an SVI with say 192.168.1.1
It is a trunk link from a 4 port switch on the router to the 3rd party switch.
On that same 4 port switch on the router is a Layer 2 wan link to a data center, this is also trunked.
When I move the SVI for vlan 10 from being on the router, to being on the firewall L3 link, traffic stops flowing. The trunks allow all vlans and the native vlan is the same for all. The L2 link is working but just can't understand why it will not route
10-07-2019 11:24 PM
Hi there,
On the remote site router, what is the output of sh spanning vlan 10
...does it show both trunk interfaces in a forwarding state?
On the remote site router, what is the output of sh mac-address vlan 10
...does it show the MAC address of the firewall VLAN 10 SVI?
Please share the output of both commands.
cheers,
Seb.
10-08-2019 11:00 PM
Thanks for the reply Seb, I will try again and get the output you mentioned
10-08-2019 07:25 AM - edited 10-08-2019 07:26 AM
When you move the SVI to the firewall can the 3rd party switch ping its default gateway? It might be helpful if you could provide the content of the arp table on the 3rd party switch.
Also it might help us understand the issue is you would provide the config from your router (at least the parts that relate to the switch module, SVIs, and vlans). Also please identify which ports connect to the 3rd party switch and to the firewall. And the config from the firewall (at least the interface and any security policies related to this traffic).
HTH
Rick
10-08-2019 11:02 PM
Hi Richard, thanks for the reply. When I make the change and put the SVI on the firewall I am unable to ping the default gateway.
I will try to get the other information later on, Currently they are using the VPN model as that is currently working, I need to try the L2 Link out of hours
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide