VLAN Routing issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 01:18 AM
Hello I am trying to setup an ICX 7150 to allow me to have multiple vlans share the same dhcp server on one vlan and the internet connection on the default vlan
However my very simple config seems unable to route from vlan 2 across to the default vlan
I have port 1/2/1 configured with ip address 192.168.50.15/24
My router is ip 192.168.50 254
I have the ip address range 10.172.2.1/24 attached to virtual interface VE 2
DCHP on 10.172.2.0 and that works if i connect to a untagged switchport
But I am unable to access the internet from any device with a 10.172.2.x address, default gateway is set to 10.172.2.1
Any advice greatly received and config shown below
ICX7150-C12 Router#sho run
Current configuration:
!
ver 08.0.95dT213
!
stack unit 1
module 1 icx7150-c12-poe-port-management-module
module 2 icx7150-2-copper-port-2g-module
module 3 icx7150-2-sfp-plus-port-20g-module
stack-port 1/3/1
stack-port 1/3/2
!
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
spanning-tree
!
vlan 2 name server by port
untagged ethe 1/1/1 to 1/1/4
router-interface ve 2
!
aaa authentication web-server default local
aaa authentication login default local
boot sys fl sec
console timeout 30
enable aaa console
ip dhcp-client disable
ip dhcp-server enable
!
ip dhcp-server pool server
lease 0 0 30
network 10.172.2.0 255.255.255.0
option 3 ip 10.172.2.1
option 5 ip 8.8.8.8
deploy
!
ip default-network 192.168.50.0/24
ip dns server-address 192.168.50.254
ip route 0.0.0.0/0 192.168.50.254
ip route 10.172.2.0/24 192.168.50.254
ip router-id 192.168.50.15
!
telnet timeout 10
no telnet server
username super password .....
username mgladmin password .....
!
!
password-change any
!
!
!
!
manager registrar
34.89.230.72 34.89.230.73
manager active-list 34.89.230.73 34.89.230.72
!
manager port-list 987
!
!
router ospf
area 0.0.0.0
!
!
!
!
!
!
!
!
interface ethernet 1/2/1
ip address 192.168.50.15 255.255.255.0
no ip dhcp-client enable
!
interface ve 2
port-name Server
ip address 10.172.2.1 255.255.255.0
!
!
ip ssh timeout 30
ip ssh idle-time 10
!
end
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 02:43 AM
@vincent_felisaz Hi, no the router is a basic unit with a single ip address 192.168.50.254 that NATs out to the internet, I have the ICX switch in router mode and assumed that it would route traffic from multiple VLAN's with various subnets to the internet via the default LAN on 192.168.50.0/24. This is a trail setup for a much bigger network I am installing.
below are the results from the ping test
ICX7150-C12 Router>ping 8.8.8.8 source 192.168.50.15
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 8.8.8.8 : bytes=16 time=15ms TTL=116
Success rate is 100 percent (1/1), round-trip min/avg/max=15/15/15 ms.
ICX7150-C12 Router>ping 8.8.8.8 source 10.172.2.1
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Request timed out.
No reply from remote host.
ICX7150-C12 Router>
Thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 03:23 AM
Ok thanks for the provided information.
So here is the issue, your NAT router must be aware of the 10.172.2.0 network. Otherwise it will not be able to route the traffic back to the end-device. There is no NAT on the ICX itself to mask the different subnets in its VLAN.
One way to do it is to configure the NAT/Internet Access router with all the local subnets.
The second way is to use dynamic routing like OSPF to have exchanges between the 2 routers about their local subnets. In this way the ICX will announce to the NAT router the subnet 10.172.2.0 and others if there are.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 03:38 AM
Hi Vincent
Ok I kind of understand, but my router will only take 1 ip address, the Cisco system we have in place currently the router only has a single gateway ip address, i thought the the 10.172.2.0/24 would route to 192.168.50.254 via the ruckus unit, the switch is in router mode and all the examples I have seen show that to be the case. I have OSPF already switched on already. Also is it not routing the packets from 10.172.2.x across to 192.168.50.254.?
I very much appreciate you help with this thank you
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 04:58 AM
For OSPF to work, you have to enable it globally, and assign interface(s) in the area (the right one if you have several). You have enable it already but you have to go on interface to assign it. So for your setup :
"interface ethernet 1/2/1"
"ip ospf area 0.0.0.0"
and then to check of this is working :
"show ip ospf neighbor"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-28-2021 06:45 AM
No Joy on this i'm afraid. Does this product not route packets from one VLAN to another?
Thanks for the help so far, I don't want to appear ungrateful for all your help.
David