Inter Vlan /Routing
Inter Vlan /Routing
Hello,
I've been trying to setup multiple Vlan's, and have them talking to each other via L3 settings. the Vlan's work fine, but i can't make any intervlan connections. ping to the switch/router is functional(from most vlans).
Can't seem to find what i'm doing wrong.
Here is my config:
!T2600G-28TS
#
vlan 2
name "OLD-units"
#
vlan 10
name "ISPLan"
#
vlan 20
name "Voip"
#
vlan 30
name "CAMERA"
#
vlan 60
name "KPNITV"
#
vlan 70
name "PCLan"
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
serial_port baud_rate 38400
#
#
system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 12
no system-time dst
#
#
#
user name admin privilege admin secret
#
#
#
#
ip dhcp l2relay vlan 30
#
service dhcp server
ip dhcp server excluded-address 192.168.30.1 192.168.30.10
ip dhcp server excluded-address 192.168.2.1 192.168.2.200
ip dhcp server excluded-address 192.168.70.1 192.168.70.100
ip dhcp server excluded-address 192.168.1.1 192.168.1.1
ip dhcp server excluded-address 192.168.10.1 192.168.10.5
ip dhcp server pool "Voip"
network 192.168.20.0 255.255.255.0
default-gateway 192.168.20.1
dns-server 192.168.1.1
#
ip dhcp server pool "ITV"
network 192.168.60.0 255.255.255.0
default-gateway 192.168.60.1
dns-server 192.168.1.1
#
ip dhcp server pool "CAM"
network 192.168.30.0 255.255.255.0
default-gateway 192.168.30.1
dns-server 192.168.1.1
#
ip dhcp server pool "PCLAN"
network 192.168.70.0 255.255.255.0
default-gateway 192.168.70.1
dns-server 192.168.1.1
#
ip dhcp server pool "OLD"
network 192.168.2.0 255.255.255.0
default-gateway 192.168.2.1
dns-server 192.168.1.1
#
ip dhcp server pool "ISPlan"
network 192.168.10.0 255.255.255.0
default-gateway 192.168.10.1
dns-server 192.168.1.1
#
#
#
#
#
#
#
ip route 0.0.0.0 0.0.0.0 192.168.1.1
ip route 192.168.2.0 255.255.255.0 192.168.1.1
ip route 192.168.10.0 255.255.255.0 192.168.1.1
ip route 192.168.20.0 255.255.255.0 192.168.1.1
ip route 192.168.30.0 255.255.255.0 192.168.1.1
ip route 192.168.60.0 255.255.255.0 192.168.1.1
ip route 192.168.70.0 255.255.255.0 192.168.1.1
#
#
#
#
#
#
#
#
#
#
interface vlan 1
ip address 192.168.1.1 255.255.255.0
ipv6 enable
#
interface vlan 2
ip address 192.168.2.1 255.255.255.0
description "OLD"
ipv6 enable
#
interface vlan 10
ip address 192.168.10.1 255.255.255.0
description "ISPLAN"
ipv6 enable
#
interface vlan 20
ip address 192.168.20.1 255.255.255.0
description "Voip"
ipv6 enable
#
interface vlan 30
ip address 192.168.30.1 255.255.255.0
description "CAM"
ipv6 enable
#
interface vlan 60
ip address 192.168.60.1 255.255.255.0
description "ITV"
ipv6 enable
#
interface vlan 70
ip address 192.168.70.1 255.255.255.0
description "PCLAN"
ipv6 enable
#
interface gigabitEthernet 1/0/1
switchport general allowed vlan 2 untagged
switchport pvid 2
#
interface gigabitEthernet 1/0/2
switchport general allowed vlan 10 untagged
switchport pvid 10
#
interface gigabitEthernet 1/0/3
switchport general allowed vlan 20 untagged
switchport pvid 20
#
interface gigabitEthernet 1/0/4
switchport general allowed vlan 60 untagged
switchport pvid 60
#
interface gigabitEthernet 1/0/5
switchport general allowed vlan 2 untagged
switchport pvid 2
#
interface gigabitEthernet 1/0/6
switchport general allowed vlan 2 untagged
switchport pvid 2
#
interface gigabitEthernet 1/0/7
switchport general allowed vlan 2 untagged
switchport pvid 2
#
interface gigabitEthernet 1/0/8
switchport general allowed vlan 30 untagged
switchport pvid 30
#
interface gigabitEthernet 1/0/9
#
interface gigabitEthernet 1/0/10
switchport pvid 2
#
interface gigabitEthernet 1/0/11
switchport general allowed vlan 2 untagged
switchport pvid 2
#
interface gigabitEthernet 1/0/12
switchport general allowed vlan 30 untagged
switchport pvid 30
#
interface gigabitEthernet 1/0/13
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/14
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/15
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/16
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/17
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/18
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/19
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/20
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/21
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/22
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/23
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/24
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/25
#
interface gigabitEthernet 1/0/26
#
interface gigabitEthernet 1/0/27
#
interface gigabitEthernet 1/0/28
#
end
A llittle help would be greatly apreciated.
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
I've tried another setup with just 2 vlans, directly set to only 1 port each.
Vlan 30:
port 12, > pvid 30, DHCP server enabled in the switch, with default route 192.168.30.1(switch as gateway)
Vlan 10:
port 2, > pvid 10, dhcp client(since the router is set as DHCP server) it assigned ip 192.168.2.136 to the switch.
The switch automaticly creates route 192.168.30.0 > 192.168.30.1 and 192.168.2.0 > 192.168.2.136
I added 1 static route: 0.0.0.0 /0.0.0.0 /192.168.2.254(router)
For some reason the inter-vlan communication will not happen, neither can i ping in any direction. Is there a way to setup a log so i can see what's going on? the clients do see the switch/dhcp server in the seperate vlan's, so the vlan & pvid setup must be correct?
- Copy Link
- Report Inappropriate Content
check whether IPv4 routing has been disabled in Routing Config. If so, enable it again (it's enabled by default unless changed explicitly). Please show the routing table of the switch (cmd show ip route).
You should use a static IP for the switch even in VLAN 2. It does not harm the DHCP server running on the router in VLAN 2, but stationary devices should always have a static IP.
I also suggest to test step-by-step. Disconnect the router, remove the default gateway route, test Inter-VLAN routing again with a client in each VLAN, always use static IPs for tests. Then you can test the next step, connect the router, set static default gateway, test again.
- Copy Link
- Report Inappropriate Content
The ip routing was on indeed;
below is the latest tested config, with matching routing table and interface table. in this config i can ping the switch from any vlan, also to the outside ip adresses, but no link to the router or inter vlan client acces of any kind. I just don't see why it's not working at all...
The static IP of the switch in the vlan 10 causses a default route to the switch instead of the router in vlan 10, which you pointed out should not be in there a couple of posts ago?
!T2600G-28TS
#
vlan 10
name "ISPLAN"
#
vlan 30
name "CAM"
#
vlan 70
name "PCLAN"
#
vlan 100
name "testvlan100"
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
#
serial_port baud_rate 38400
#
logging host index 1 192.168.2.1 0
#
system-time ntp UTC+08:00 133.100.9.2 139.78.100.163 12
no system-time dst
#
#
#
user name xxxxxx privilege admin secret @<B/M:C5@>N0L;M0F:B8D<$!)!$
#
#
#
#
#
service dhcp server
ip dhcp server pool "testvlan"
network 192.168.100.0 255.255.255.0
default-gateway 192.168.100.1
dns-server 192.168.100.1
#
ip dhcp server pool "CAM"
network 192.168.30.0 255.255.255.0
default-gateway 192.168.30.1
dns-server 192.168.30.1
#
ip dhcp server pool "PCLAN"
network 192.168.70.0 255.255.255.0
default-gateway 192.168.70.1
dns-server 192.168.70.1
#
#
#
#
#
#
snmp-server
#
#
ip route 0.0.0.0 0.0.0.0 192.168.2.254
#
#
#
#
service dhcp relay
#
#
#
#
#
#
interface vlan 10
ip address-alloc dhcp
description "ISPROUTE"
no ipv6 enable
#
interface vlan 30
ip address 192.168.30.1 255.255.255.0
description "CAM"
no ipv6 enable
#
interface vlan 70
ip address 192.168.70.1 255.255.255.0
description "PCLAN"
no ipv6 enable
#
interface vlan 100
ip address 192.168.100.1 255.255.255.0
description "Testvlan"
no ipv6 enable
#
interface gigabitEthernet 1/0/1
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/2
switchport general allowed vlan 10 untagged
switchport pvid 10
no switchport general allowed vlan 1
ip dhcp relay information option
#
interface gigabitEthernet 1/0/3
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/4
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/5
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/6
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/7
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/8
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/9
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/10
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/11
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/12
switchport general allowed vlan 30 untagged
switchport pvid 30
no switchport general allowed vlan 1
#
interface gigabitEthernet 1/0/13
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/14
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/15
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/16
switchport general allowed vlan 100 untagged
switchport pvid 100
no switchport general allowed vlan 1
#
interface gigabitEthernet 1/0/17
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/18
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/19
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/20
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/21
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/22
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/23
#
interface gigabitEthernet 1/0/24
switchport general allowed vlan 70 untagged
switchport pvid 70
#
interface gigabitEthernet 1/0/25
#
interface gigabitEthernet 1/0/26
description "Testroutedport"
no ip igmp snooping
no ipv6 mld snooping
#
interface gigabitEthernet 1/0/27
#
interface gigabitEthernet 1/0/28
#
end
IPv4 Routing Table
Refresh
Protocol |
Destination Network |
Next Hop |
Distance |
Metric |
Interface Name |
Static |
0.0.0.0/0 |
192.168.2.254 |
1 |
0 |
VLAN10 |
Connected |
192.168.2.0/24 |
192.168.2.122 |
0 |
1 |
VLAN10 |
Connected |
192.168.30.0/24 |
192.168.30.1 |
0 |
1 |
VLAN30 |
Connected |
192.168.70.0/24 |
192.168.70.1 |
0 |
1 |
VLAN70 |
Connected |
192.168.100.0/24 |
192.168.100.1 |
0 |
1 |
VLAN100 |
Total: 5 |
Routing Config
IPv4 Routing :
- Enable
IPv6 Routing :
- Enable
Apply
Interface Config
AddDelete
Interface ID |
IP Address Mode |
IP Address |
Subnet Mask |
Interface Name |
Status |
Operation |
|
VLAN10 |
DHCP |
192.168.2.122 |
255.255.255.0 |
ISPROUTE |
Up |
Edit IPv4 Edit IPv6 Detail |
|
VLAN70 |
Static |
192.168.70.1 |
255.255.255.0 |
PCLAN |
Up |
Edit IPv4 Edit IPv6 Detail |
|
VLAN30 |
Static |
192.168.30.1 |
255.255.255.0 |
CAM |
Up |
Edit IPv4 Edit IPv6 Detail |
|
VLAN100 |
Static |
192.168.100.1 |
255.255.255.0 |
Testvlan |
Up |
Edit IPv4 Edit IPv6 Detail |
|
Total: 4 |
- Copy Link
- Report Inappropriate Content
@AshleyNL, the problem I see in this config is that you let DHCP assign the IP (192.168.2.122 in your example) to the VIF for VLAN 10.
How can you assure that the clients in VLAN 10 use the correct default gateway if the DHCP server assigns another IP to the switch's VIF, e.g. due to a reboot of the router after a power failure?
Please always use static IPs, do NOT use DHCP for switches or other routing gear. You wouldn't use DHCP for your router IP, would you?
Unfortunately I have no T2600G, but only T1600G as a core switch, but regarding Inter-VLAN routing it is pretty similar.
I did configure a testbed; simplified topology is as follows:
- My laptop is in VLAN 2, connected to the Office switch (TL-SG2008), which in turn is connected to the core switch port 1/0/1.
- A router is in VLAN 10, connected to the PoE switch (T1500G-10PS), which in turn is connected to the core switch port 1/0/2.
- An OC200 EAP controller resides in VLAN 2, connected to the PoE switch.
The Interface config in T1600G-28TS is as follows (I use .250 for switches just to be consistent):
Routing table:
Static IP config of my laptop:
Ping from laptop 192.168.1.7 to the switch VIFs 192.168.1.250, 192.168.2.250 and 192.168.30.250 as well as to the router 192.168.2.254 works:
$ ping 192.168.1.254
PING 192.168.1.254 (192.168.1.254): 56 data bytes
64 bytes from 192.168.1.254: icmp_seq=0 ttl=64 time=3.650 ms
^C
--- 192.168.1.254 ping statistics ---
1 packets transmitted, 1 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 3.650/3.650/3.650/0.000 ms
$
Of course, ping from the router 192.168.2.254 to my laptop 192.168.1.7 works, too:
router # ping 192.168.1.7
PING 192.168.1.7 (192.168.1.7): 56 data bytes
64 bytes from 192.168.1.7: seq=0 ttl=64 time=0.582 ms
64 bytes from 192.168.1.7: seq=1 ttl=64 time=0.448 ms
^C
--- 192.168.1.7 ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max = 0.448/0.515/0.582 ms
router #
What doesn't work (IMO b/c the Office and PoE smart switches can't do Inter-VLAN routing itself):
- Ping from the router VLAN 10/192.168.2.254 to the OC200 VLAN2/192.168.1.46, both connected to the same PoE switch,
- Ping from laptop VLAN 2/192.168.1.7 to the router VLAN 10/192.168.2.254 if the laptop is connected to the PoE switch directly.
Thus, if I don't made an error in the testbed's setup, this means that tagged traffic with VID 2 arriving on core switch port 1/0/2 from the PoE switch won't get routed to VLAN 10 back over the same port to the PoE switch. In my experience, it will be forwarded only to VLAN 10 over other ports including port 1/0/1 to the Office switch. This differs from Inter-VLAN routing done on a true router, which can route traffic from one VLAN to another one over the same physical port/different virtual ports.
I'm not sure whether this behavior of T1600G is intentional or whether it is a bug in the firmware. Maybe, more experienced users can comment on this.
What I can't test at the moment is the default gateway (the static default route from the core switch to the router) b/c the core switch is currently in use here for much more devices as shown in the test setup.
Usually I use a router-on-a-stick topology for Inter-VLAN routing, but only reason I do so is that T1600G V1 doesn't have a built-in DHCP server (V3 does, but V1 not), so I need the router's DHCP server anyway. If I would have a T2600G or a T1600G V3, I would only route traffic destined for the Internet to the router over a transit VLAN as suggested in post #8, thus not placing the router in any VLAN used by other clients and not using the router's DHCP service at all. But that's just my preference, YMMV.
I suggest to set up and test routing first, then set up and test the switch's default gateway, then configure the switch's DHCP servers, then check Internet connectivity last, always step-by-step.
Hope this helps you.
- Copy Link
- Report Inappropriate Content
It's the inter-vlan feature i am interested in, which is the part that doesn't work from your switch.
You use the router to connect between Vlans. I cannot configure my router, appart from DHCP static/server.
My idea was to have the T2600 do the inter-vlan routing, but i'm getting exactly what you have, no connection between vlans.(directly)
My guess is that it's not possible with the T2600 without a external router then? (anyone who knows??)
- Copy Link
- Report Inappropriate Content
AshleyNL wrote
My idea was to have the T2600 do the inter-vlan routing, but i'm getting exactly what you have, no connection between vlans.(directly
I'm not sure what you mean?
Inter-VLAN routing on T1600G (NOT on a router!) indeed works perfectly as I have shown as long as the VLAN clients are either connected directly to the T1600G or connected to different switches which in turn are connected to T1600G.
What dos not work in my setup is Inter-VLAN routing for clients all directly connected to another (same) switch – as an example: the T1500G-10PS, which doesn't support VIFs – which then is connected to the T1600G over one cable. I guess I have to replace the T1500G by another T1600G, which makes sense to avoid having data travel forth and back on the same cable.
- Copy Link
- Report Inappropriate Content
Just tell a simple test for inter-VLAN routing. I hope it can help you find the problem.
T2600G-28TS
#
vlan 10
#
vlan 30
#
#
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no ipv6 enable
#
interface vlan 30
ip address 192.168.30.1 255.255.255.0
no ipv6 enable
#
#
interface gigabitEthernet 1/0/1
switchport general allowed vlan 10 untagged
switchport pvid 10
#
interface gigabitEthernet 1/0/2
switchport general allowed vlan 30 untagged
switchport pvid 30
Connect a PC to port 1, set IP address 192.168.10.2/24 for it. Gateway is 192.168.10.1.
Connect a PC to port 2, set IP address 192.168.30.2/24 for it. Gateway is 192.168.30.1.
If two PCs can ping each other, it means inter-VLAN routing working normally.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 0
Views: 12898
Replies: 17
Voters 0
No one has voted for it yet.