cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
783
Views
0
Helpful
4
Replies

Vlans

pcromwell
Level 3
Level 3

I am having trouble routing traffic via vlans. see diagram below.

Existing deployment is to go over a vpn from the router to main data center. Internet connection is out the same router. We have now had a L2 link installed, so that all the traffic goes across this L2 link into the Data Center and internet traffic will breakout via a Firewall. VPN can now be a secondary link in case of L2 link down.

on the far right of diagram is a gui based non cisco switch, it is tagging all client ports with vlan 10. The default gateway is on the router  as an SVI with say 192.168.1.1

It is a trunk link from a 4 port switch on the router to the 3rd party switch.

On that same 4 port switch on the router is a Layer 2 wan link to a data center, this is also trunked.

When I move the SVI for vlan 10 from being on the router, to being on the firewall L3 link, traffic stops flowing. The trunks allow all vlans and the native vlan is the same for all. The L2 link is working but just can't understand why it will not route2019-10-08 06_26_41-Clipboard.jpg

4 Replies 4

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

On the remote site router, what is the output of sh spanning vlan 10 

 

...does it show both trunk interfaces in a forwarding state?

On the remote site router, what is the output of sh mac-address vlan 10

 

...does it show the MAC address of the firewall VLAN 10 SVI?

 

Please share the output of both commands.

 

cheers,

Seb.

Thanks for the reply Seb, I will try again and get the output you mentioned

Richard Burts
Hall of Fame
Hall of Fame

When you move the SVI to the firewall can the 3rd party switch ping its default gateway? It might be helpful if you could provide the content of the arp table on the 3rd party switch.

 

Also it might help us understand the issue is you would provide the config from your router (at least the parts that relate to the switch module, SVIs, and vlans). Also please identify which ports connect to the 3rd party switch and to the firewall. And the config from the firewall (at least the interface and any security policies related to this traffic).

 

HTH

 

Rick

HTH

Rick

Hi Richard, thanks for the reply. When I make the change and put the SVI on the firewall I am unable to ping the default gateway.

I will try to get the other information later on, Currently they are using the VPN model as that is currently working, I need to try the L2 Link out of hours

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco