Help with Inter-Vlan routing SG500

carlbme

[H]ard|Gawd
Joined
Aug 17, 2001
Messages
1,256
I know very little about switches. This is the first time I've ever touched them. However, I'm the only one in the company who has the slightest knowledge on how to make them work.

4 vlans

vlan 1 - 192.168.32.1 - Existing network with Internet access
vlan 33 - 192.168.33.1
vlan 34 - 192.168.34.1
vlan 35 - 192.168.35.1

From the laptop on vlan 33 I can ping the management interfaces (192.168.x.1) for each of the vlans. However, I cannot ping anything on those networks.

Below is what I have with the config. Right now not much attached to these switches until they are setup.

Code:
config-file-header
poe-switch
v1.3.0.59 / R750_NIK_1_3_647_260
CLI v1.0
set system mode router queues-mode 4
 
 
file SSD indicator plaintext
@
vlan database
vlan 33-35
exit
voice vlan id 34
voice vlan state disabled
ip dhcp relay address 192.168.32.73
ip dhcp relay address 192.168.32.74
ip dhcp relay enable
ip dhcp information option
bonjour interface range vlan 1
hostname poe-switch
username cisco password encrypted ef47fabfa8fb17bb22aecd4f2e1af3e205b2def9 privilege 15
clock timezone " " -5
clock summer-time web recurring usa
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 192.168.32.74
clock dhcp timezone
ip domain name SOESOFTWARE
ip name-server  192.168.32.73 192.168.32.74
!
interface vlan 1
ip address 192.168.32.1 255.255.255.0
no ip address dhcp
!
interface vlan 33
name Wireless
ip address 192.168.33.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 34
name VoIP
ip address 192.168.34.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 35
name Guest
ip address 192.168.35.1 255.255.255.0
ip dhcp relay enable
!
interface gigabitethernet1/1/47
switchport trunk native vlan 33
!
exit
 
Try enabling IP routing with the command, as by default, cisco layer 3 switches do not route IP traffic:

Router (config)# ip routing

may also need to setup and enable a layer 3 routing protocol like OSPF, RIP, BGP or EGIRP so that it will exchange network routing information with other routers on the network (if there are any), or manually entering an IP routing table depending on your network's configuration.

If this is just a simple office network, then at the minimum, you should also configure the IP address of the default gateway (IP of whatever main router is providing your internet access), and the IP address of your network's or ISP's DNS server.

Router (config)# ip default-gateway <IP address of default gateway>
Router (config)# ip name-server <IP address of DNS server>
 
Last edited:
ip routing was already enabled. for some reason with the sg series it doesn't show it running. Instead if it's off it shows a line reading "no ip routing" near the top.

I run the default-gateway and name server lines. Sadly it still isn't routing. Maybe the static routes aren't correct?
 
you don't need static routes for vlans, it will automatically route based on the interfaces your created. You only need static routes for subnets in which the switch doesn't have an interface, like the WAN for example (0.0.0.0 via next hop).

are all the gateways on your hosts correct? The switch interface in every vlan should be the DG for all the hosts in that vlan.
 
Last edited:
Yeah, all of the PCs have the vlan 192.168.x.1 as their gateway. I used wireshark and discovered that some information was being passed. For instance PC on vlan 33 requesting an address from the dhcp server on vlan 1. I see the traffic reach the server and the server respond with a dhcp offer. However, the packets do not get sent back from vlan 1 to vlan 33.
 
If you want VLANs to talk to each other you DO need to setup static routes, but the switch, being a switch, doesn't do the actual routing, you have to specify an external router to forward the packets to that would then do the routing between VLANs
 
If you want VLANs to talk to each other you DO need to setup static routes, but the switch, being a switch, doesn't do the actual routing, you have to specify an external router to forward the packets to that would then do the routing between VLANs

Not exactly. What he needs to do is change the gateways or add static routes ON the gateway.

What he needs to do is run "show ip route" and show us the output.

Also, what are the DHCP scopes you have looking like, plus you really shouldn't be using "ip dhcp relay enable" but rather "ip helper-address <DHCP SERVER IP>"

What is the gateway for devices on the 192.168.32.0/24 network?

What you need to do is setup a default route for 0.0.0.0/0 to your actual gateway, and have all devices that you're using use the L3 Switch as their gateway.

Or you can setup your actual gateway to have routes to all the networks that are on the switch to the switch's IP, again you'll still need the default route on the switch.
 
This is an example of what a show ip route command outputs:

This is from my Cisco 4948-10GE-E Layer 3 switch shows... and right now I have my whole rack shutdown minus this switch and a couple vlans etc... when the whole rack is running I have all sorts of info in this table.



Code:
CoreSwitch#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 10.1.1.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 2 subnets
C       10.2.1.0 is directly connected, Vlan3
C       10.1.1.0 is directly connected, Vlan2
S*   0.0.0.0/0 [1/0] via 10.1.1.1
I bet your problem is that you can't ping other VLANs( subnets ) because you are using the gateway address of your router and not your switch. Change the gateway on the PC's that you are trying to ping to the switches VLAN whatever IP address.

I.e. If you have 2 VLANs and they are vlan2 and vlan3 I issues the commands...

First add your actual internet gateway... i.e. ip route 0.0.0.0 0.0.0.0 10.1.1.1 (10.1.1.1 is whatever your actual routers internal ip is)

then configure an IP for your vlans on the switch ...

conf t
int vlan2
desc "Whatever the hell you wanna call it"
ip address 10.1.1.2 255.255.255.0
exit

then change the gateway of all PC's/devices/servers to the ip address of whatever VLAN they are a member of that belongs to the switch i.e. if you have a computer on a port that is a member of VLAN2 then you need to set the computers gateway to 10.1.1.2, which in this example is the switches VLAN 2 interface address. If you added a VLAN 3 with an IP of 10.2.1.1 then you would need to change the gateway of any device that is on a port that belongs to vlan 3 to the gateway address of 10.2.1.1 as that would mean any traffic that is meant for a subnet outside of 10.2.1.0 will go through the switch's routing table to reach it's destination.

Once you issue the vlan an IP address on your switch you can then change all your PC's that are on different VLANs to use the switches vlan2 or 3 or any vlan for that matter that has an IP address as your gateway. The switch, if it is a L3 router/switch, will be able to route between your VLANs.

But chances are you are using the gateway of your router and your router has no clue what the heck is going on.

Edit** Forgot to add.... With Cisco, and I am sure the SG500 is like this, will probably not be able to ping different interfaces, i.e. ping from vlan 2 to vlan 3 using the console commands until you plug something into the switch. So using an empty switch and trying to ping different interfaces are probably going to fail for you.

I also notice that you have a trunk setup on interface g1/1/47 only passing tagged frames of vlan 33? Is this what you want? I am not sure what that trunk goes too but if you are planning to use your router to do the L3 work then you need to specify all VLANs to pass across that trunk that are participating in intervlan routing.
 
Last edited:
You can't, for instance, do "ping 192.168.33.100" from 192.168.34.100 and have it actually work unless you've got some other external device doing the routing or setup static routes specifically to that device. There are no layer 3 routing protocols on this device to setup and enable. Even with a default route an external device has to do that routing and basically bounce the packets back in to send them to the correct VLAN. At least that's what I had to do with mine.
 
You can't, for instance, do "ping 192.168.33.100" from 192.168.34.100 and have it actually work unless you've got some other external device doing the routing or setup static routes specifically to that device. There are no layer 3 routing protocols on this device to setup and enable. Even with a default route an external device has to do that routing and basically bounce the packets back in to send them to the correct VLAN. At least that's what I had to do with mine.

I only ever use Cisco's enterprise stuff. I am just not in the know of what this little SG500 can do although the official specs have it listed as a layer 3 device so it must be able to self route between vlans.
 
Nearest I can tell on mine routing can only be done to external subnets, as the "next hop" parameter has to be an external IP. I don't see any way to do inter-VLAN routing on these things without first leaving the switch and having an actual router route the packets.
 
I have a sg300, in L3 mode it does routing just fine between it's interfaces without any static routes. I use it to route all inter-vlan traffic and the only static routes I need are:

ip route 0.0.0.0 /0 (ip of edge router) metric 1 - this is your gateway to the WAN, not the default gateway for your hosts
ip route 10.0.8.0 /24 (ip of vnp gateway VM) metric 1 - this one I could have sent to the edge router as well and had a static route there but why add extra hops, doesn't apply to you

I bet your problem is that you can't ping other VLANs( subnets ) because you are using the gateway address of your router and not your switch.
This is the only thing i can think of that is wrong. It any given vlan, the switch interface is your gateway.
 
Last edited:
What he needs to do is run "show ip route" and show us the output.

Code:
poe-switch#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S   0.0.0.0/0 [1/1] via 192.168.32.254, 48:22:42, vlan 1
C   192.168.32.0/24 is directly connected, vlan 1
C   192.168.33.0/24 is directly connected, vlan 33

Also, what are the DHCP scopes you have looking like, plus you really shouldn't be using "ip dhcp relay enable" but rather "ip helper-address <DHCP SERVER IP>"

The reason for doing the relay agent was because I was able to put in multiple dhcp servers. I have the two servers running using dhcp failover with a 75/25 split of address handling. Will the ip helper-address allow me to put in both dhcp servers?

What is the gateway for devices on the 192.168.32.0/24 network?

The gateway is 192.168.32.1 on most of the devices, the others haven't changed yet and are pointing to the original router/gateway of 192.168.32.254.

So basically what I'm wanting to accomplish is Internet>Gateway(192.168.32.254)>Switch (vlans 1, 33, 34, 35 - 192.168.x.1)>Machines on different vlans.
 
I also notice that you have a trunk setup on interface g1/1/47 only passing tagged frames of vlan 33? Is this what you want? I am not sure what that trunk goes too but if you are planning to use your router to do the L3 work then you need to specify all VLANs to pass across that trunk that are participating in intervlan routing.

All of the ports were trunk as default. I left it as that because, well I'm not sure the difference between trunk, access, general, etc.. I've looked up some of the definitions but still didn't get a good feeling for why you should use one instead of the other. So I just left it at the default, which was trunk.
 
Did you put the switchports in the vlans and make them access ports?

In IOS (not sure about a SG500):

switchport mode access
switchport access vlan XXX

where XXX is the vlan for the device

you should be able to ping the vlan IP for a device in that vlan, if not you do not have the device in the right vlan.
 
Last edited:
OK, well I changed the gateway on the DHCP servers to the 192.168.x.1 (it appears I only did this with one of the two) and DHCP started working. But the machines on vlan 33 cannot access the internet. Also weird is that from vlan 33 I can remote into computers in vlan 1, but computers in vlan1 cannot access computers in vlan 33. No firewall on any of the computers.

So it appears to be half working?

Did you put the switchports in the vlans and make them access ports?

In IOS (not sure about a SG500):

switchport mode access
switchport access vlan XXX

where XXX is the vlan for the device

you should be able to ping the vlan IP for a device in that vlan, if not you do not have the device in the right vlan.

I'm not completely familiar with the CLI, so maybe I'd doing it wrong. But when I attempted the above, it would not accept the switchport command. It would return % Unrecognized command error.
 
you need to show us the remainder of your running config that contains port configuration, right now the only thing i can see is that gigabitethernet1/1/47 is untagged for vlan 33.
 
you need to show us the remainder of your running config that contains port configuration, right now the only thing i can see is that gigabitethernet1/1/47 is untagged for vlan 33.

Here is what is currently in the config. I did manage to get the ports changed over as djflow195 suggested. Port 1/1/16 (vlan 1) works fine and reach the Internet. It just cannot access machines on vlan 33 (ports 2/1/11 & 2/1/24), despite the machines on vlan 33 able to access it, but not the Internet.

Code:
config-file-header
poe-switch
v1.3.0.59 / R750_NIK_1_3_647_260
CLI v1.0
set system mode router queues-mode 4 

file SSD indicator plaintext
@
vlan database
vlan 33-35 
exit
voice vlan id 34 
voice vlan state disabled 
ip dhcp relay address 192.168.32.73
ip dhcp relay address 192.168.32.74
ip dhcp relay enable
ip dhcp information option 
bonjour interface range vlan 1
hostname poe-switch
username cisco password encrypted ef47fabfa8fb17bb22aecd4f2e1af3e205b2def9 privilege 15 
clock timezone " " -5
clock summer-time web recurring usa 
clock source sntp
sntp unicast client enable
sntp unicast client poll
sntp server 192.168.32.74 
clock dhcp timezone
ip domain name SOESOFTWARE
ip name-server  192.168.32.73 192.168.32.74
!
interface vlan 1
 ip address 192.168.32.1 255.255.255.0 
 no ip address dhcp 
!
interface vlan 33
 name Wireless 
 ip address 192.168.33.1 255.255.255.0 
 ip dhcp relay enable 
!
interface vlan 34
 name VoIP 
 ip address 192.168.34.1 255.255.255.0 
 ip dhcp relay enable 
!
interface vlan 35
 name Guest 
 ip address 192.168.35.1 255.255.255.0 
 ip dhcp relay enable 
!
interface gigabitethernet1/1/1
 switchport mode access 
!
interface gigabitethernet1/1/2
 switchport mode access 
!
interface gigabitethernet1/1/3
 switchport mode access 
!
interface gigabitethernet1/1/4
 switchport mode access 
!
interface gigabitethernet1/1/5
 switchport mode access 
!
interface gigabitethernet1/1/6
 switchport mode access 
!
interface gigabitethernet1/1/7
 switchport mode access 
!
interface gigabitethernet1/1/8
 switchport mode access 
!
interface gigabitethernet1/1/9
 switchport mode access 
!
interface gigabitethernet1/1/10
 switchport mode access 
!
interface gigabitethernet1/1/11
 switchport mode access 
!
interface gigabitethernet1/1/12
 switchport mode access 
!
interface gigabitethernet1/1/13
 switchport mode access 
!
interface gigabitethernet1/1/14
 switchport mode access 
!
interface gigabitethernet1/1/15
 switchport mode access 
!
interface gigabitethernet1/1/16
 switchport mode access 
!
interface gigabitethernet1/1/17
 switchport mode access 
!
interface gigabitethernet1/1/18
 switchport mode access 
!
interface gigabitethernet1/1/19
 switchport mode access 
!
interface gigabitethernet1/1/20
 switchport mode access 
!
interface gigabitethernet1/1/21
 switchport mode access 
!
interface gigabitethernet1/1/22
 switchport mode access 
!
interface gigabitethernet1/1/23
 switchport mode access 
!
interface gigabitethernet1/1/24
 switchport mode access 
!
interface gigabitethernet1/1/25
 switchport mode access 
!
interface gigabitethernet1/1/26
 switchport mode access 
!
interface gigabitethernet1/1/27
 switchport mode access 
!
interface gigabitethernet1/1/28
 switchport mode access 
!
interface gigabitethernet1/1/29
 switchport mode access 
!
interface gigabitethernet1/1/30
 switchport mode access 
!
interface gigabitethernet1/1/31
 switchport mode access 
!
interface gigabitethernet1/1/32
 switchport mode access 
!
interface gigabitethernet1/1/33
 switchport mode access 
!
interface gigabitethernet1/1/34
 switchport mode access 
!
interface gigabitethernet1/1/35
 switchport mode access 
!
interface gigabitethernet1/1/36
 switchport mode access 
!
interface gigabitethernet1/1/37
 switchport mode access 
!
interface gigabitethernet1/1/38
 switchport mode access 
!
interface gigabitethernet1/1/39
 switchport mode access 
!
interface gigabitethernet1/1/40
 switchport mode access 
!
interface gigabitethernet1/1/41
 switchport mode access 
!
interface gigabitethernet1/1/42
 switchport mode access 
!
interface gigabitethernet1/1/43
 switchport mode access 
!
interface gigabitethernet1/1/44
 switchport mode access 
!
interface gigabitethernet1/1/45
 switchport mode access 
!
interface gigabitethernet1/1/46
 switchport mode access 
!
interface gigabitethernet1/1/47
 switchport mode access 
!
interface gigabitethernet1/1/48
 switchport mode access 
!
interface gigabitethernet1/1/49
 switchport mode access 
!
interface gigabitethernet1/1/50
 switchport mode access 
!
interface gigabitethernet2/1/1
 switchport mode access 
!
interface gigabitethernet2/1/2
 switchport mode access 
!
interface gigabitethernet2/1/3
 switchport mode access 
!
interface gigabitethernet2/1/4
 switchport mode access 
!
interface gigabitethernet2/1/5
 switchport mode access 
!
interface gigabitethernet2/1/6
 switchport mode access 
!
interface gigabitethernet2/1/7
 switchport mode access 
!
interface gigabitethernet2/1/8
 switchport mode access 
!
interface gigabitethernet2/1/9
 switchport mode access 
!
interface gigabitethernet2/1/10
 switchport mode access 
!
interface gigabitethernet2/1/11
 switchport mode access 
 switchport access vlan 33 
!
interface gigabitethernet2/1/12
 switchport mode access 
!
interface gigabitethernet2/1/13
 switchport mode access 
!
interface gigabitethernet2/1/14
 switchport mode access 
!
interface gigabitethernet2/1/15
 switchport mode access 
!
interface gigabitethernet2/1/16
 switchport mode access 
!
interface gigabitethernet2/1/17
 switchport mode access 
!
interface gigabitethernet2/1/18
 switchport mode access 
!
interface gigabitethernet2/1/19
 switchport mode access 
!
interface gigabitethernet2/1/20
 switchport mode access 
!
interface gigabitethernet2/1/21
 switchport mode access 
!
interface gigabitethernet2/1/22
 switchport mode access 
!
interface gigabitethernet2/1/23
 switchport mode access 
!
interface gigabitethernet2/1/24
 switchport mode access 
 switchport access vlan 33 
!
interface gigabitethernet2/1/25
 switchport mode access 
!
interface gigabitethernet2/1/26
 switchport mode access 
!
interface gigabitethernet2/1/27
 switchport mode access 
!
interface gigabitethernet2/1/28
 switchport mode access 
!
interface gigabitethernet2/1/29
 switchport mode access 
!
interface gigabitethernet2/1/30
 switchport mode access 
!
interface gigabitethernet2/1/31
 switchport mode access 
!
interface gigabitethernet2/1/32
 switchport mode access 
!
interface gigabitethernet2/1/33
 switchport mode access 
!
interface gigabitethernet2/1/34
 switchport mode access 
!
interface gigabitethernet2/1/35
 switchport mode access 
!
interface gigabitethernet2/1/36
 switchport mode access 
!
interface gigabitethernet2/1/37
 switchport mode access 
!
interface gigabitethernet2/1/38
 switchport mode access 
!
interface gigabitethernet2/1/39
 switchport mode access 
!
interface gigabitethernet2/1/40
 switchport mode access 
!
interface gigabitethernet2/1/41
 switchport mode access 
!
interface gigabitethernet2/1/42
 switchport mode access 
!
interface gigabitethernet2/1/43
 switchport mode access 
!
interface gigabitethernet2/1/44
 switchport mode access 
!
interface gigabitethernet2/1/45
 switchport mode access 
!
interface gigabitethernet2/1/46
 switchport mode access 
!
interface gigabitethernet2/1/47
 switchport mode access 
!
interface gigabitethernet2/1/48
 switchport mode access 
!
interface gigabitethernet2/1/49
 switchport mode access 
!
interface gigabitethernet2/1/50
 switchport trunk allowed vlan add 33-35 
!
exit
ip default-gateway 192.168.32.254
 
Last edited:
Here is what is currently in the config. I did manage to get the ports changed over as djflow195 suggested. Port 1/1/16 (vlan 1) works fine and reach the Internet. It just cannot access machines on vlan 33 (ports 2/1/11 & 2/1/24), despite the machines on vlan 33 able to access it, but not the Internet.

Does your router have routes to get to the other vlan subnets? If not, then the router will not know how to get to the other vlan subnets. Vlan 1 it can find as it is direct connected to that vlan. You can either use static routes or setup a routing protocol on the switch to tell the router about the other vlan subnets.
 
Last edited:
Something like:
Code:
ip route 0.0.0.0 0.0.0.0 X.X.X.X metric 255
which is a default route, it would be after all the interface declarations, but before the keys.
 
This command-

ip default-gateway 192.168.32.254

Does nothing for you when you have ip routing enabled.

You need to add a static route to your router.
 
Give us the following output:

show ip interface
show ip route
show arp
show vlan

show ip interface
Code:
poe-switch#show ip interface


    IP Address         I/F       Type     Directed   Precedence   Status
                                          Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.32.1/24     vlan 1    Static      disable    No         Valid
192.168.33.1/24     vlan 33   Static      disable    No         Valid
192.168.34.1/24     vlan 34   Static      disable    No         Valid
192.168.35.1/24     vlan 35   Static      disable    No         Valid

show ip route
Code:
poe-switch#show ip interface


    IP Address         I/F       Type     Directed   Precedence   Status
                                          Broadcast
------------------- --------- ----------- ---------- ---------- -----------
192.168.32.1/24     vlan 1    Static      disable    No         Valid
192.168.33.1/24     vlan 33   Static      disable    No         Valid
192.168.34.1/24     vlan 34   Static      disable    No         Valid
192.168.35.1/24     vlan 35   Static      disable    No         Valid

show arp
Code:
poe-switch#show arp                   

Total number of entries: 45                           


  VLAN    Interface     IP address        HW address          status                                                                    
--------------------- --------------- ------------------- ---------------                                                                         
vlan 1     gi2/1/50   192.168.32.30   00:18:8b:48:4a:53   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.73   00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.74   00:14:22:21:cc:e9   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.84   d0:67:e5:46:69:13   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.85   d4:be:d9:37:67:fd   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.91   2c:27:d7:5e:91:d1   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.95   00:13:72:df:2a:aa   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.99   00:0c:29:76:7e:21   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.104  00:0c:29:92:b0:54   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.110  60:67:20:f4:3e:78   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.114  d4:be:d9:6a:df:12   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.116  e0:cb:4e:cf:4b:a                                                    
vlan 1     gi2/1/50   192.168.32.121  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.127  14:fe:b5:a7:0f:67   dynamic                                                                 
vlan 1                192.168.32.145  98:b8:e3:86:3f:c8   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.146  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.148  e0:db:55:e1:8a:51   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.150  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.152  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.157  00:14:22:1f:aa:a                                                    
vlan 1     gi2/1/50   192.168.32.158  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.161  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.162  00:14:22:1f:aa:a3   dynamic                                                                 
vlan 1     gi2/1/50   192.168.32.166  00:14:22:1f:aa:a3   dynamic               
vlan 1                192.168.32.169  c8:60:00:4f:0b:34   dynamic
vlan 1     gi2/1/50   192.168.32.172  30:85:a9:98:2f:f4   dynamic
vlan 1     gi1/1/16   192.168.32.175  08:60:6e:85:41:c0   dynamic
vlan 1     gi2/1/50   192.168.32.182  14:da:e9:51:40:69   dynamic
vlan 1     gi2/1/50   192.168.32.187  00:1e:c9:ac:3e:e7   dynamic
vlan 1                192.168.32.190  e0:db:55:e0:4e:d0   dynamic
vlan 1     gi2/1/50   192.168.32.214  dc:2b:61:a8:0f:21   dynamic
vlan 1     gi2/1/50   192.168.32.215  00:19:d1:80:23:89   dynamic
vlan 1     gi2/1/50   192.168.32.217  00:14:22:1f:aa:a3   dynamic
vlan 1     gi2/1/50   192.168.32.218  d4:be:d9:88:b9:93   dynamic
vlan 1                192.168.32.220  c4:85:08:59:b2:2b   dynamic
vlan 1     gi2/1/50   192.168.32.221  00:22:19:32:e5:74   dynamic
vlan 1     gi2/1/50   192.168.32.223  08:3e:8e:4e:36:d8   dynamic
vlan 1     gi2/1/50   192.168.32.225  d4:be:d9:5b:c6:af   dynamic
vlan 1                192.168.32.231  00:0c:29:37:d7:f4   dynamic
vlan 1     gi2/1/50   192.168.32.237  00:19:d1:3d:20:44   dynamic
vlan 1     gi2/1/50   192.168.32.238  00:1e:4f:cd:10:6e   dynamic
vlan 1     gi2/1/50   192.168.32.241  e0:db:55:dd:db:4d   dynamic
vlan 1                192.168.32.247  e8:03:9a:ba:48:e5   dynamic
vlan 1     gi2/1/50   192.168.32.254  64:9e:f3:88:64:24   dynamic
vlan 33    gi2/1/11   192.168.33.126  00:1d:09:ac:c2:08   dynamic

show vlan
Code:
poe-switch#show vlan

Vlan       Name                   Ports                Type     Authorization
---- ----------------- --------------------------- ------------ -------------
 1           1         fa1/2/1-48,gi1/1/1-52,        Default      Required
                       gi1/2/1-4,fa2/2/1-48,
                       gi2/1/1-10,gi2/1/12-23,
                       gi2/1/25-52,gi2/2/1-4,
                       fa3/2/1-48,gi3/1/1-52,
                       gi3/2/1-4,fa4/2/1-48,
                       gi4/1/1-52,gi4/2/1-4,
                       fa5/2/1-48,gi5/1/1-52,
                       gi5/2/1-4,fa6/2/1-48,
                       gi6/1/1-52,gi6/2/1-4,
                       fa7/2/1-48,gi7/1/1-52,
                       gi7/2/1-4,fa8/2/1-48,
                       gi8/1/1-52,gi8/2/1-4,Po1-32
 33      Wireless      gi2/1/11,gi2/1/24,gi2/1/50     static      Required
 34        VoIP                 gi2/1/50              static      Required
 35        Guest                gi2/1/50              static      Required
 
Still need show ip route, you posted the interfaces twice

Also, what is the gateway for the VLAN 1 devices? You said it was an existing network. Does that network have routes for these vlans?
 
Still need show ip route, you posted the interfaces twice

Also, what is the gateway for the VLAN 1 devices? You said it was an existing network. Does that network have routes for these vlans?

Sorry about that.

IP Route
Code:
poe-switch#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static


S   0.0.0.0/0 [1/1] via 192.168.32.254, 13:47:24, vlan 1
C   192.168.32.0/24 is directly connected, vlan 1
C   192.168.33.0/24 is directly connected, vlan 33
C   192.168.34.0/24 is directly connected, vlan 34
C   192.168.35.0/24 is directly connected, vlan 35

The gateway for the vlan1 devices is 192.168.32.1
 
This command-

ip default-gateway 192.168.32.254

Does nothing for you when you have ip routing enabled.

You need to add a static route to your router.

Funny thing is that there is a static route in the table:

S 0.0.0.0/0 [1/1] via 192.168.32.254, 13:47:24, vlan 1

But I've seen stranger things in IOS.

See http://www.cisco.com/en/US/tech/tk365/technologies_tech_note09186a0080094374.shtml

Try switching it to a static default route:

Code:
no ip default-gateway 192.168.32.254
ip route 0.0.0.0 0.0.0.0 192.168.32.254

Everything else looks ok at this point.

I know you have done some of this already, but with the latest chages try:

  1. pinging each vlan ip address from the CLI (Test vlan IPs are up.)
  2. pinging each vlan ip address from a PC in each vlan (Test vlan IPs are reachable from all vlans.)
  3. pinging a PC in each vlan from a PC in each other vlan (Test reachability from one vlan to another.)
  4. pinging 192.168.32.254 from a PC in each vlan (Test reachability from each vlan to the internet gateway IP. Make sure 192.168.32.254 is not firewalled and that the router has routes to the other vlans. Can also ping each vlan IP from the rotuer to test the reverse.)

You can also traceroute in the cli specifying the internet gateway IP as a target and the vlan IP as a source to see if each vlan can reach the internet gateway. See http://www.cisco.com/en/US/docs/switches/lan/csbms/Sx500/cli_guide/CLI_500.pdf pg 92 section 5.2.
 
Does the device at 192.168.32.254 have routes back to the switch for all of its networks? It won't know about them unless you add them manually. The only way to have routes detected automatically is to use a routing protocol like rip, eigrp, ospf, etc.

Are all VLAN 1 devices connected to this switch or are some also connected to another device elsewhere?

This would probably work better if your default route wasn't also on a directly connected subnet....maybe change the router and switch link on their own dedicated subnet
 
Last edited:
I removed the default-gateway and added the static route. There seems no change.

  1. pinging each vlan ip address from the CLI (Test vlan IPs are up.)
  2. pinging each vlan ip address from a PC in each vlan (Test vlan IPs are reachable from all vlans.)
  3. pinging a PC in each vlan from a PC in each other vlan (Test reachability from one vlan to another.)
  4. pinging 192.168.32.254 from a PC in each vlan (Test reachability from each vlan to the internet gateway IP. Make sure 192.168.32.254 is not firewalled and that the router has routes to the other vlans. Can also ping each vlan IP from the rotuer to test the reverse.)

  1. Pinging each vlan from the CLI works
  2. Pinging each vlan ip address from the PCs doesn't work from vlan1 to the others. The others are able to ping all vlan (including vlan1) with no problems.
  3. Pinging a PC from the PCs doesn't work from vlan1 to the others. The others are able to ping all PCs (including vlan1) with no problems.
  4. No other subnet except for vlan1 (192.168.32.x) can ping 192.168.32.254
  5. traceroute ip 192.168.32.254 source 192.168.33.1 from the CLI fails. Replacing 33.1 with 32.1 as the source works.

Does the device at 192.168.32.254 have routes back to the switch for all of its networks? It won't know about them unless you add them manually. The only way to have routes detected automatically is to use a routing protocol like rip, eigrp, ospf, etc.

Are all VLAN 1 devices connected to this switch or are some also connected to another device elsewhere?

This would probably work better if your default route wasn't also on a directly connected subnet....maybe change the router and switch link on their own dedicated subnet

192.168.32.254 is a rv042 in gateway mode. I have added the static route 192.168.33.0 /24 192.168.33.1 to it with no success.

No, not all of the vlan1 devices are connected to this switch. Some of the traffic is going through other unmanaged switches. I cannot put the others (even the rv042) into these until I get this configuration fixed as these are replacing/upgrading the old unmanaged switches.
 
192.168.32.254 is a rv042 in gateway mode. I have added the static route 192.168.33.0 /24 192.168.33.1 to it with no success.

.

What good does that static route do? If it doesn't know how to get to x.x.33.0/24, how does it know where 192.168.33.1 is? It doesn't know how to get to that subnet unless it has an interface and IP on that subnet, which I am assuming it doesn't.

Your static route on the router for all other vlans 32,33,34, etc should be pointing to whatever IP the switch is on that the router and switch share subnets. In this case its 192.168.32.1
 
I removed the default-gateway and added the static route. There seems no change.

  1. Pinging each vlan from the CLI works
  2. Pinging each vlan ip address from the PCs doesn't work from vlan1 to the others. The others are able to ping all vlan (including vlan1) with no problems.
  3. Pinging a PC from the PCs doesn't work from vlan1 to the others. The others are able to ping all PCs (including vlan1) with no problems.
  4. No other subnet except for vlan1 (192.168.32.x) can ping 192.168.32.254
  5. traceroute ip 192.168.32.254 source 192.168.33.1 from the CLI fails. Replacing 33.1 with 32.1 as the source works.

192.168.32.254 is a rv042 in gateway mode. I have added the static route 192.168.33.0 /24 192.168.33.1 to it with no success.

No, not all of the vlan1 devices are connected to this switch. Some of the traffic is going through other unmanaged switches. I cannot put the others (even the rv042) into these until I get this configuration fixed as these are replacing/upgrading the old unmanaged switches.

I'm at a loss as to why ICMP echo requests from vlan 1 do not go, but ICMP echo replies from vlan 1 do. Are you running ACLs or some other kind of security?

Only other test I can think of is to:

traceroute ip 192.168.33.1 source 192.168.32.1
traceroute ip 192.168.34.1 source 192.168.32.1
traceroute ip 192.168.35.1 source 192.168.32.1
traceroute ip 192.168.33.xxx source 192.168.32.1 (where xxx is a PC in that vlan)
traceroute ip 192.168.34.xxx source 192.168.32.1 (where xxx is a PC in that vlan)
traceroute ip 192.168.35.xxx source 192.168.32.1 (where xxx is a PC in that vlan)

In your router, you need to apply routes to each vlan subnet via vlan 1 IP since your router is in vlan 1:

route 192.168.33.0/24 via 192.168.32.1
route 192.168.34.0/24 via 192.168.32.1
route 192.168.35.0/24 via 192.168.32.1
 
Back
Top