cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN Routing issues

david_cummins
New Contributor

Hello I am trying to setup an ICX 7150 to allow me to have multiple vlans share the same dhcp server on one vlan and the internet connection on the default vlan


However my very simple config seems unable to route from vlan 2 across to the default vlan


I have port 1/2/1 configured with ip address 192.168.50.15/24 

My router is ip 192.168.50 254

I have the ip address range 10.172.2.1/24 attached to virtual interface VE 2

DCHP on 10.172.2.0 and that works if i connect to a untagged switchport


But I am unable to access the internet from any device with a 10.172.2.x address, default gateway is set to 10.172.2.1


Any advice greatly received and config shown below

ICX7150-C12 Router#sho run
Current configuration:
!
ver 08.0.95dT213
!
stack unit 1
  module 1 icx7150-c12-poe-port-management-module
  module 2 icx7150-2-copper-port-2g-module
  module 3 icx7150-2-sfp-plus-port-20g-module
  stack-port 1/3/1
  stack-port 1/3/2
!
!
global-stp
!
!
!
vlan 1 name DEFAULT-VLAN by port
 spanning-tree
!
vlan 2 name server by port
 untagged ethe 1/1/1 to 1/1/4 
 router-interface ve 2
!

aaa authentication web-server default local
aaa authentication login default local
boot sys fl sec
console timeout 30
enable aaa console
ip dhcp-client disable
ip dhcp-server enable
!
ip dhcp-server pool server
 lease 0 0 30
network 10.172.2.0 255.255.255.0
 option  3 ip 10.172.2.1  
 option  5 ip 8.8.8.8  
 deploy
!
ip default-network 192.168.50.0/24
ip dns server-address 192.168.50.254
ip route 0.0.0.0/0 192.168.50.254
ip route 10.172.2.0/24 192.168.50.254
ip router-id 192.168.50.15
!
telnet timeout 10
no telnet server
username super password .....
username mgladmin password .....
!
!
password-change any
!
!
!
!
manager registrar
34.89.230.72 34.89.230.73
manager active-list 34.89.230.73 34.89.230.72
!
manager port-list 987
!
!
router ospf
 area 0.0.0.0
!
!
!
!
!
!
!
!
interface ethernet 1/2/1
 ip address 192.168.50.15 255.255.255.0
 no ip dhcp-client enable
!
interface ve 2
 port-name Server
 ip address 10.172.2.1 255.255.255.0
!
!
ip ssh  timeout 30
ip ssh  idle-time 10
!
end

11 REPLIES 11

@vincent_felisaz Hi, no the router is a basic unit with a single ip address 192.168.50.254 that NATs out to the internet, I have the ICX switch in router mode and assumed that it would route traffic from multiple VLAN's with various subnets to the internet via the default LAN on 192.168.50.0/24. This is a trail setup for a much bigger network I am installing.

below are the results from the ping test

ICX7150-C12 Router>ping 8.8.8.8 source 192.168.50.15
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Reply from 8.8.8.8         : bytes=16 time=15ms TTL=116
Success rate is 100 percent (1/1), round-trip min/avg/max=15/15/15 ms.
ICX7150-C12 Router>ping 8.8.8.8 source 10.172.2.1
Sending 1, 16-byte ICMP Echo to 8.8.8.8, timeout 5000 msec, TTL 64
Type Control-c to abort
Request timed out.
No reply from remote host.
ICX7150-C12 Router>

Thank you

Ok thanks for the provided information.

So here is the issue, your NAT router must be aware of the 10.172.2.0 network. Otherwise it will not be able to route the traffic back to the end-device. There is no NAT on the ICX itself to mask the different subnets in its VLAN.

One way to do it is to configure the NAT/Internet Access router with all the local subnets.
The second way is to use dynamic routing like OSPF to have exchanges between the 2 routers about their local subnets. In this way the ICX will announce to the NAT router the subnet 10.172.2.0 and others if there are.

Hi Vincent

Ok I kind of understand, but my router will only take 1 ip address, the Cisco system we have in place currently the router only has a single gateway ip address, i thought the the 10.172.2.0/24 would route to 192.168.50.254 via the ruckus unit, the switch is in router mode and all the examples I have seen show that to be the case. I have OSPF already switched on already. Also is it not routing the packets from 10.172.2.x across to 192.168.50.254.?

I very much appreciate you help with this thank you

For OSPF to work, you have to enable it globally, and assign interface(s) in the area (the right one if you have several). You have enable it already but you have to go on interface to assign it. So for your setup :

"interface ethernet 1/2/1"

"ip ospf area 0.0.0.0"

and then to check of this is working :

"show ip ospf neighbor"

No Joy on this i'm afraid. Does this product not route packets from one VLAN to another? 

Thanks for the help so far, I don't want to appear ungrateful for all your help.

David