Solved

Cisco SG300, Routing and Point To Point Link

Posted on 2014-02-19
15
666 Views
Last Modified: 2014-04-03
Dear Experts,

I needs some help as im struggling with a new setup.

Situation
I have two sites, Site A and Site B
I need laptops from Site A to communicate with Site B (get a DHCP address from Site B from the DC)

The ISP has given me a Point To Point Metro Ethernet from Site A to Site B (not over internet) on VLAN 4
I have Two Cisco SG300s on each end and both are in layer 3 mode.
Site A, Port 4 is Tagged VLAN 4 ,IP 12.0.0.1, The cable from the ISP goes into Port 4 of Cisco
Site B Port 4 is Tagged VLAN 4, IP 12.0.0.2, The cable from the ISP goes into Port 4 of Cisco

I then plug laptops into Port 5 on both Ciscos which is untagged VLAN 4 on the same subnet and I can ping the two VLANs and Laptops.

Issue

I need to also carry VLAN 100  Site A to Site B.
If I plug a laptop on Site A, Port 2, VLAN100 192.168.100.1, I need to get to Site B Port 2 VLAN100 192.168.100.2.

As both sides are on the same subnet I cant seem to do routing as there on the same subnet.
Can anyone helps out with this.

Thanks in advanced
0
Comment
Question by:Rio_10
  • 7
  • 3
  • 3
  • +1
15 Comments
 

Author Comment

by:Rio_10
ID: 39871405
The Cisco throws an error about the gateway. it wont let me configure from 192.168.100.1 to 192.168.100.2 as its the same subnet
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39871464
You can't assign IP from same subnet when you configure routed interface.

Also VLANs don't go accross the site A to site B as it needs to be trunked.

Can you post sh run?
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39871494
the confusion is that whether you are going to run L2 or L3 on the Metro-E link and if to use switchport access or switch trunk

in your case, you are running it at L2 by assigning the switchport connected to the Metro-E as access mode, switchport vlan 4

now since you need to pass VLAN 100 on both sites also, the problem is that your are running the link on single VLAN by assinging it to VLAN4. my suggestion is to reconfigure the port4 as trunk port instead of assigning it to VLAN4. make sure the both VLAN 4 and VLAN 100 are allowed on the trunk. please do note that reconfiguring the port as a trunk might loose your connectivity between sites.

let me know if you have further questions, glad to help out
0
 

Author Comment

by:Rio_10
ID: 39871531
In Layer 2 mode neither side is reachable. Im not sure what the ISP is doing put I need to configure IPs on either end, So L3 mode I can reach each side on V4.

do I need to get the ISP to add V100?
0
 
LVL 9

Expert Comment

by:ffleisma
ID: 39871559
if you are assigning the port to VLAN4, how is it on L2 mode? where are you applying the IP address, currently I'm assuming the SVI (interface VLAN4)?

did i get it wrong and your are assigning the IP address on port4?
0
 
LVL 12

Expert Comment

by:Infamus
ID: 39871579
I think it will be easier if we can see the configuration....
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39872070
It looks like your ISP is using Private Transport / Ethernet Handoff between your sites and they identified the connection as VLAN 4. 12.0.0.1 and 12.0.0.2 then acts as you WAN link
with the traffic tagged as vlan 4.

If so, you won't be able to have the same vlans on both sides as the gateway has to be on the side of the network it belongs.

You can call the VLAN on both sides the same thing but technically they are not. You can even use the same subnets but technically they are not the same. If you do that, you sites have to communicate via NetBIOS names or FQDNs and that means a lot of DNS processes going on.

For ease of connection, all you need is to configure routes to each side.



On the L3 switch in Site A with IP 192.168.100.1

ip route 192.168.200 0.0.0.255 12.0.0.2


On the L3 switch in Site B with IP 192.168.200.1

ip route 192.168.100 0.0.0.255 12.0.0.1



Since your DHCP server is in Site B, you will need to configure ip helper on switch in site A to point to B

Let's assume your DHCP server is 192.168.200.250

Interface vlan 100
ip helper-address 192.168.200.250

This is assuming that " ip address 192.168.100.1 255.255.255.0" was configured under interface vlan 100.

Anyways,  that's the idea
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 9

Expert Comment

by:ffleisma
ID: 39872222
in case it is imperative you trunk VLAN100 between sites, you may inform your service provider that you wish to use the metro-e link as L2 and that you'll be trunking VLAN acroos site. now either they will add the VLAN across their circuit or better yet just mention that you want control over which vlans are trunk across sites.

i have a similar experience before with a provider of Metro-E that I had to ask them to use the link as L2 add some VLAN across the trunking. also, i had to specify to the provider which VLAN to use as native VLAN
0
 

Author Comment

by:Rio_10
ID: 39872567
Thanks for the advice so far. We will do some testing today and revert
0
 

Author Comment

by:Rio_10
ID: 39874495
Akinsd,  you put is us right direction.

We can now go from a laptop on vlan 100 through the trunk which carries vlan4 and vlan100 to the other side to another laptop on vlan100.

However when I get to site B I need to replace the laptop with a core switch which has all the servers on it.  

However when I take the cable that goes into the laptop and put it into the switch it doesnt work.  I do a tracert and it gets to the site B switch, but the traffic then stops. Doing a tracert to the laptop (which works) shows the hops to site b and then the ip of the laptop.  Do I need to make another route from the site b switch to the core switch gateway?

Its like when its to site B it doesn't know where to send the traffic unless its a static ip (laptop) on the other side.
0
 

Author Comment

by:Rio_10
ID: 39877754
Update.

After a long day i have managed to go from site b to site a.

From site a i am unable to go to site b. a tracert shows that i can go to site b (12.0.0.1) but the next hop times out.
The weird thing is the static route is not visable in the gui. If i try to add it again it states that it already exsists. If i backup the config i can see the route in the txt file but im worried that maybe it hasnt been applied correctly.

The have thelastest firmware, im tried all combinations, deleting, rebooting, saving...
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 39879485
If the route exist and does not show in show ip route, it means the route is not believable enough. You will need to remove existing routes that suppressed the real route you need.

To view existing routes, issue the following command
show run route

To remove the route, just add "no" in front of it
eg
no route inside x.x.x.x 255.255.255.0 x.x.x.x 1
0
 

Author Comment

by:Rio_10
ID: 39883590
Guys,

I'm still struggling with this.

I can go from site A to site Bs interface 12.0.0.1 but no further.
I then have a cable that goes into another switch (no vlans configured) in Site B. The firewall also is in this switch.

I cant seem to go from12.0.0.1 to the GW that I need which is 192.168.103.254 from site A. The switch in Site B can ping 192.168.103.254.

From Site A the next hop is 12.0.0.1, I then need to hop to 192.168.103.254  but this is not the interface on the next switch, is this the problem?
 Do I have to hop to the firewall where 192.168.103.254 exist.

Am I wrong in my thinking that when I ping 192.168.103.254 from site A its gets to 12.0.0.1 in site b and it should be clever enough to travel down the cable to the next switch (everything is on the default vlan) and up to the Firewall interface that has 192.168.103.254
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 500 total points
ID: 39884659
"From Site A the next hop is 12.0.0.1, I then need to hop to 192.168.103.254  but this is not the interface on the next switch, is this the problem?"


"Site A, Port 4 is Tagged VLAN 4 ,IP 12.0.0.1, The cable from the ISP goes into Port 4 of Cisco
Site B Port 4 is Tagged VLAN 4, IP 12.0.0.2, The cable from the ISP goes into Port 4 of Cisco
"


Per your description above
Next hop address for Site A is 12.0.0.2
Next hop address for site B is 12.0.0.1



On the L3 switch in Site A with IP 192.168.100.1
ip route 192.168.200 0.0.0.255 12.0.0.2

On the L3 switch in Site B with IP 192.168.200.1
ip route 192.168.100 0.0.0.255 12.0.0.1
0
 

Author Closing Comment

by:Rio_10
ID: 39974400
Thanks,

I was trying to hop to a normal layer 2 switch with not interface, I was expecting the traffic to be broadcasting to find the GW. I overcome this having the next hop as the actual gw interface on the firewall
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco ASA 5500 Series Site-to-Site Azure 6 44
PORT NUMBER FOR FIOS ROUTER 5 39
Cisco switch SVI 17 40
HSRP needed? 4 26
This article will cover setting up redundant ISPs for outbound connectivity on an ASA 5510 (although the same should work on the 5520s and up as well).  It’s important to note that this covers outbound connectivity only.  The ASA does not have built…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now