Link to home
Start Free TrialLog in
Avatar of Rio_10
Rio_10Flag for Cyprus

asked on

Cisco SG300, Routing and Point To Point Link

Dear Experts,

I needs some help as im struggling with a new setup.

Situation
I have two sites, Site A and Site B
I need laptops from Site A to communicate with Site B (get a DHCP address from Site B from the DC)

The ISP has given me a Point To Point Metro Ethernet from Site A to Site B (not over internet) on VLAN 4
I have Two Cisco SG300s on each end and both are in layer 3 mode.
Site A, Port 4 is Tagged VLAN 4 ,IP 12.0.0.1, The cable from the ISP goes into Port 4 of Cisco
Site B Port 4 is Tagged VLAN 4, IP 12.0.0.2, The cable from the ISP goes into Port 4 of Cisco

I then plug laptops into Port 5 on both Ciscos which is untagged VLAN 4 on the same subnet and I can ping the two VLANs and Laptops.

Issue

I need to also carry VLAN 100  Site A to Site B.
If I plug a laptop on Site A, Port 2, VLAN100 192.168.100.1, I need to get to Site B Port 2 VLAN100 192.168.100.2.

As both sides are on the same subnet I cant seem to do routing as there on the same subnet.
Can anyone helps out with this.

Thanks in advanced
Avatar of Rio_10
Rio_10
Flag of Cyprus image

ASKER

The Cisco throws an error about the gateway. it wont let me configure from 192.168.100.1 to 192.168.100.2 as its the same subnet
Avatar of Infamus
Infamus

You can't assign IP from same subnet when you configure routed interface.

Also VLANs don't go accross the site A to site B as it needs to be trunked.

Can you post sh run?
Avatar of Nico Eisma
the confusion is that whether you are going to run L2 or L3 on the Metro-E link and if to use switchport access or switch trunk

in your case, you are running it at L2 by assigning the switchport connected to the Metro-E as access mode, switchport vlan 4

now since you need to pass VLAN 100 on both sites also, the problem is that your are running the link on single VLAN by assinging it to VLAN4. my suggestion is to reconfigure the port4 as trunk port instead of assigning it to VLAN4. make sure the both VLAN 4 and VLAN 100 are allowed on the trunk. please do note that reconfiguring the port as a trunk might loose your connectivity between sites.

let me know if you have further questions, glad to help out
Avatar of Rio_10

ASKER

In Layer 2 mode neither side is reachable. Im not sure what the ISP is doing put I need to configure IPs on either end, So L3 mode I can reach each side on V4.

do I need to get the ISP to add V100?
if you are assigning the port to VLAN4, how is it on L2 mode? where are you applying the IP address, currently I'm assuming the SVI (interface VLAN4)?

did i get it wrong and your are assigning the IP address on port4?
I think it will be easier if we can see the configuration....
It looks like your ISP is using Private Transport / Ethernet Handoff between your sites and they identified the connection as VLAN 4. 12.0.0.1 and 12.0.0.2 then acts as you WAN link
with the traffic tagged as vlan 4.

If so, you won't be able to have the same vlans on both sides as the gateway has to be on the side of the network it belongs.

You can call the VLAN on both sides the same thing but technically they are not. You can even use the same subnets but technically they are not the same. If you do that, you sites have to communicate via NetBIOS names or FQDNs and that means a lot of DNS processes going on.

For ease of connection, all you need is to configure routes to each side.



On the L3 switch in Site A with IP 192.168.100.1

ip route 192.168.200 0.0.0.255 12.0.0.2


On the L3 switch in Site B with IP 192.168.200.1

ip route 192.168.100 0.0.0.255 12.0.0.1



Since your DHCP server is in Site B, you will need to configure ip helper on switch in site A to point to B

Let's assume your DHCP server is 192.168.200.250

Interface vlan 100
ip helper-address 192.168.200.250

This is assuming that " ip address 192.168.100.1 255.255.255.0" was configured under interface vlan 100.

Anyways,  that's the idea
in case it is imperative you trunk VLAN100 between sites, you may inform your service provider that you wish to use the metro-e link as L2 and that you'll be trunking VLAN acroos site. now either they will add the VLAN across their circuit or better yet just mention that you want control over which vlans are trunk across sites.

i have a similar experience before with a provider of Metro-E that I had to ask them to use the link as L2 add some VLAN across the trunking. also, i had to specify to the provider which VLAN to use as native VLAN
Avatar of Rio_10

ASKER

Thanks for the advice so far. We will do some testing today and revert
Avatar of Rio_10

ASKER

Akinsd,  you put is us right direction.

We can now go from a laptop on vlan 100 through the trunk which carries vlan4 and vlan100 to the other side to another laptop on vlan100.

However when I get to site B I need to replace the laptop with a core switch which has all the servers on it.  

However when I take the cable that goes into the laptop and put it into the switch it doesnt work.  I do a tracert and it gets to the site B switch, but the traffic then stops. Doing a tracert to the laptop (which works) shows the hops to site b and then the ip of the laptop.  Do I need to make another route from the site b switch to the core switch gateway?

Its like when its to site B it doesn't know where to send the traffic unless its a static ip (laptop) on the other side.
Avatar of Rio_10

ASKER

Update.

After a long day i have managed to go from site b to site a.

From site a i am unable to go to site b. a tracert shows that i can go to site b (12.0.0.1) but the next hop times out.
The weird thing is the static route is not visable in the gui. If i try to add it again it states that it already exsists. If i backup the config i can see the route in the txt file but im worried that maybe it hasnt been applied correctly.

The have thelastest firmware, im tried all combinations, deleting, rebooting, saving...
If the route exist and does not show in show ip route, it means the route is not believable enough. You will need to remove existing routes that suppressed the real route you need.

To view existing routes, issue the following command
show run route

To remove the route, just add "no" in front of it
eg
no route inside x.x.x.x 255.255.255.0 x.x.x.x 1
Avatar of Rio_10

ASKER

Guys,

I'm still struggling with this.

I can go from site A to site Bs interface 12.0.0.1 but no further.
I then have a cable that goes into another switch (no vlans configured) in Site B. The firewall also is in this switch.

I cant seem to go from12.0.0.1 to the GW that I need which is 192.168.103.254 from site A. The switch in Site B can ping 192.168.103.254.

From Site A the next hop is 12.0.0.1, I then need to hop to 192.168.103.254  but this is not the interface on the next switch, is this the problem?
 Do I have to hop to the firewall where 192.168.103.254 exist.

Am I wrong in my thinking that when I ping 192.168.103.254 from site A its gets to 12.0.0.1 in site b and it should be clever enough to travel down the cable to the next switch (everything is on the default vlan) and up to the Firewall interface that has 192.168.103.254
ASKER CERTIFIED SOLUTION
Avatar of Akinsd
Akinsd
Flag of United States of America image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Rio_10

ASKER

Thanks,

I was trying to hop to a normal layer 2 switch with not interface, I was expecting the traffic to be broadcasting to find the GW. I overcome this having the next hop as the actual gw interface on the firewall