Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 688
  • Last Modified:

Cisco SG300, Routing and Point To Point Link

Dear Experts,

I needs some help as im struggling with a new setup.

Situation
I have two sites, Site A and Site B
I need laptops from Site A to communicate with Site B (get a DHCP address from Site B from the DC)

The ISP has given me a Point To Point Metro Ethernet from Site A to Site B (not over internet) on VLAN 4
I have Two Cisco SG300s on each end and both are in layer 3 mode.
Site A, Port 4 is Tagged VLAN 4 ,IP 12.0.0.1, The cable from the ISP goes into Port 4 of Cisco
Site B Port 4 is Tagged VLAN 4, IP 12.0.0.2, The cable from the ISP goes into Port 4 of Cisco

I then plug laptops into Port 5 on both Ciscos which is untagged VLAN 4 on the same subnet and I can ping the two VLANs and Laptops.

Issue

I need to also carry VLAN 100  Site A to Site B.
If I plug a laptop on Site A, Port 2, VLAN100 192.168.100.1, I need to get to Site B Port 2 VLAN100 192.168.100.2.

As both sides are on the same subnet I cant seem to do routing as there on the same subnet.
Can anyone helps out with this.

Thanks in advanced
0
Rio_10
Asked:
Rio_10
  • 7
  • 3
  • 3
  • +1
1 Solution
 
Rio_10Author Commented:
The Cisco throws an error about the gateway. it wont let me configure from 192.168.100.1 to 192.168.100.2 as its the same subnet
0
 
InfamusCommented:
You can't assign IP from same subnet when you configure routed interface.

Also VLANs don't go accross the site A to site B as it needs to be trunked.

Can you post sh run?
0
 
ffleismaCommented:
the confusion is that whether you are going to run L2 or L3 on the Metro-E link and if to use switchport access or switch trunk

in your case, you are running it at L2 by assigning the switchport connected to the Metro-E as access mode, switchport vlan 4

now since you need to pass VLAN 100 on both sites also, the problem is that your are running the link on single VLAN by assinging it to VLAN4. my suggestion is to reconfigure the port4 as trunk port instead of assigning it to VLAN4. make sure the both VLAN 4 and VLAN 100 are allowed on the trunk. please do note that reconfiguring the port as a trunk might loose your connectivity between sites.

let me know if you have further questions, glad to help out
0
Get your Conversational Ransomware Defense e‑book

This e-book gives you an insight into the ransomware threat and reviews the fundamentals of top-notch ransomware preparedness and recovery. To help you protect yourself and your organization. The initial infection may be inevitable, so the best protection is to be fully prepared.

 
Rio_10Author Commented:
In Layer 2 mode neither side is reachable. Im not sure what the ISP is doing put I need to configure IPs on either end, So L3 mode I can reach each side on V4.

do I need to get the ISP to add V100?
0
 
ffleismaCommented:
if you are assigning the port to VLAN4, how is it on L2 mode? where are you applying the IP address, currently I'm assuming the SVI (interface VLAN4)?

did i get it wrong and your are assigning the IP address on port4?
0
 
InfamusCommented:
I think it will be easier if we can see the configuration....
0
 
AkinsdNetwork AdministratorCommented:
It looks like your ISP is using Private Transport / Ethernet Handoff between your sites and they identified the connection as VLAN 4. 12.0.0.1 and 12.0.0.2 then acts as you WAN link
with the traffic tagged as vlan 4.

If so, you won't be able to have the same vlans on both sides as the gateway has to be on the side of the network it belongs.

You can call the VLAN on both sides the same thing but technically they are not. You can even use the same subnets but technically they are not the same. If you do that, you sites have to communicate via NetBIOS names or FQDNs and that means a lot of DNS processes going on.

For ease of connection, all you need is to configure routes to each side.



On the L3 switch in Site A with IP 192.168.100.1

ip route 192.168.200 0.0.0.255 12.0.0.2


On the L3 switch in Site B with IP 192.168.200.1

ip route 192.168.100 0.0.0.255 12.0.0.1



Since your DHCP server is in Site B, you will need to configure ip helper on switch in site A to point to B

Let's assume your DHCP server is 192.168.200.250

Interface vlan 100
ip helper-address 192.168.200.250

This is assuming that " ip address 192.168.100.1 255.255.255.0" was configured under interface vlan 100.

Anyways,  that's the idea
0
 
ffleismaCommented:
in case it is imperative you trunk VLAN100 between sites, you may inform your service provider that you wish to use the metro-e link as L2 and that you'll be trunking VLAN acroos site. now either they will add the VLAN across their circuit or better yet just mention that you want control over which vlans are trunk across sites.

i have a similar experience before with a provider of Metro-E that I had to ask them to use the link as L2 add some VLAN across the trunking. also, i had to specify to the provider which VLAN to use as native VLAN
0
 
Rio_10Author Commented:
Thanks for the advice so far. We will do some testing today and revert
0
 
Rio_10Author Commented:
Akinsd,  you put is us right direction.

We can now go from a laptop on vlan 100 through the trunk which carries vlan4 and vlan100 to the other side to another laptop on vlan100.

However when I get to site B I need to replace the laptop with a core switch which has all the servers on it.  

However when I take the cable that goes into the laptop and put it into the switch it doesnt work.  I do a tracert and it gets to the site B switch, but the traffic then stops. Doing a tracert to the laptop (which works) shows the hops to site b and then the ip of the laptop.  Do I need to make another route from the site b switch to the core switch gateway?

Its like when its to site B it doesn't know where to send the traffic unless its a static ip (laptop) on the other side.
0
 
Rio_10Author Commented:
Update.

After a long day i have managed to go from site b to site a.

From site a i am unable to go to site b. a tracert shows that i can go to site b (12.0.0.1) but the next hop times out.
The weird thing is the static route is not visable in the gui. If i try to add it again it states that it already exsists. If i backup the config i can see the route in the txt file but im worried that maybe it hasnt been applied correctly.

The have thelastest firmware, im tried all combinations, deleting, rebooting, saving...
0
 
AkinsdNetwork AdministratorCommented:
If the route exist and does not show in show ip route, it means the route is not believable enough. You will need to remove existing routes that suppressed the real route you need.

To view existing routes, issue the following command
show run route

To remove the route, just add "no" in front of it
eg
no route inside x.x.x.x 255.255.255.0 x.x.x.x 1
0
 
Rio_10Author Commented:
Guys,

I'm still struggling with this.

I can go from site A to site Bs interface 12.0.0.1 but no further.
I then have a cable that goes into another switch (no vlans configured) in Site B. The firewall also is in this switch.

I cant seem to go from12.0.0.1 to the GW that I need which is 192.168.103.254 from site A. The switch in Site B can ping 192.168.103.254.

From Site A the next hop is 12.0.0.1, I then need to hop to 192.168.103.254  but this is not the interface on the next switch, is this the problem?
 Do I have to hop to the firewall where 192.168.103.254 exist.

Am I wrong in my thinking that when I ping 192.168.103.254 from site A its gets to 12.0.0.1 in site b and it should be clever enough to travel down the cable to the next switch (everything is on the default vlan) and up to the Firewall interface that has 192.168.103.254
0
 
AkinsdNetwork AdministratorCommented:
"From Site A the next hop is 12.0.0.1, I then need to hop to 192.168.103.254  but this is not the interface on the next switch, is this the problem?"


"Site A, Port 4 is Tagged VLAN 4 ,IP 12.0.0.1, The cable from the ISP goes into Port 4 of Cisco
Site B Port 4 is Tagged VLAN 4, IP 12.0.0.2, The cable from the ISP goes into Port 4 of Cisco
"


Per your description above
Next hop address for Site A is 12.0.0.2
Next hop address for site B is 12.0.0.1



On the L3 switch in Site A with IP 192.168.100.1
ip route 192.168.200 0.0.0.255 12.0.0.2

On the L3 switch in Site B with IP 192.168.200.1
ip route 192.168.100 0.0.0.255 12.0.0.1
0
 
Rio_10Author Commented:
Thanks,

I was trying to hop to a normal layer 2 switch with not interface, I was expecting the traffic to be broadcasting to find the GW. I overcome this having the next hop as the actual gw interface on the firewall
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 7
  • 3
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now