Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!
Need help with basic layer 3 switch configuration
Hi everyone, I could use some assistance doing what should be a pretty basic layer 3 switch configuration.
I've got a site with three existing VLANs and subnets. Currently the physical router device is routing inter-VLAN traffic. They are as follows:
VLAN 1 (default): 192.168.31.0/24
Gateway: 192.168.31.1
VLAN 2 (mgmt.): 192.168.131.0/24
Gateway: 192.168.131.1
VLAN 3 (guest): 192.168.231.0/24
Gateway: 192.168.231.1
Another group will be joining the existing network, that group will have their own subnet 192.168.103.0/24 which I will be placing on VLAN 4 at the main site. I have a layer 3 switch (Netgear GSM7328FS) that I will be using to route VLAN 4 to VLAN 1 as I should get better performance routing with this device than the physical router. This group will also be sharing VLANs 2 and 3. Switch port connecting to this office will be configured as a trunk (Cisco language), so it will be an untagged member of VLAN 4 and tagged member of VLANs 2 and 3.
The switch management interface is 192.168.31.25 on VLAN 2.
I've assigned IP addresses to the VLAN interfaces as follows:
VLAN1: 192.168.31.254
VLAN4: 192.168.103.1
Routing is enabled on the device and the interfaces. I've got a route statement in my physical router for 192.168.103.0 next hop 192.168.31.254.
Now for the question, why I'm not able to reach 192.168.103.1 (VLAN 4) from the other side?
If I attempt to ping from 192.168.31.0 I get:
Reply from 192.168.31.254: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
If I attempt tracert, I get:
Tracing route to 192.168.103.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.31.254
2 1 ms 1 ms <1 ms 192.168.131.1
3 145 ms 2 ms 2 ms 192.168.31.254
4 1 ms 1 ms 2 ms 192.168.131.1
5 2 ms 2 ms 2 ms 192.168.31.254
6 2 ms 2 ms 2 ms ...
I have no idea why the x.x.131.0 subnet is even involved. Hopefully this behaviour will throw up a flag for someone, and you can point me in the right direction. Thanks in advance
*** Edit ***
After sitting for a while, now the pings just time out, as does tracert. I've also thrown up a quick screen shot of the routes as configured in the device. I feel like the problem lies in something that's there (or not there).
I've got a site with three existing VLANs and subnets. Currently the physical router device is routing inter-VLAN traffic. They are as follows:
VLAN 1 (default): 192.168.31.0/24
Gateway: 192.168.31.1
VLAN 2 (mgmt.): 192.168.131.0/24
Gateway: 192.168.131.1
VLAN 3 (guest): 192.168.231.0/24
Gateway: 192.168.231.1
Another group will be joining the existing network, that group will have their own subnet 192.168.103.0/24 which I will be placing on VLAN 4 at the main site. I have a layer 3 switch (Netgear GSM7328FS) that I will be using to route VLAN 4 to VLAN 1 as I should get better performance routing with this device than the physical router. This group will also be sharing VLANs 2 and 3. Switch port connecting to this office will be configured as a trunk (Cisco language), so it will be an untagged member of VLAN 4 and tagged member of VLANs 2 and 3.
The switch management interface is 192.168.31.25 on VLAN 2.
I've assigned IP addresses to the VLAN interfaces as follows:
VLAN1: 192.168.31.254
VLAN4: 192.168.103.1
Routing is enabled on the device and the interfaces. I've got a route statement in my physical router for 192.168.103.0 next hop 192.168.31.254.
Now for the question, why I'm not able to reach 192.168.103.1 (VLAN 4) from the other side?
If I attempt to ping from 192.168.31.0 I get:
Reply from 192.168.31.254: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
If I attempt tracert, I get:
Tracing route to 192.168.103.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.31.254
2 1 ms 1 ms <1 ms 192.168.131.1
3 145 ms 2 ms 2 ms 192.168.31.254
4 1 ms 1 ms 2 ms 192.168.131.1
5 2 ms 2 ms 2 ms 192.168.31.254
6 2 ms 2 ms 2 ms ...
I have no idea why the x.x.131.0 subnet is even involved. Hopefully this behaviour will throw up a flag for someone, and you can point me in the right direction. Thanks in advance
*** Edit ***
After sitting for a while, now the pings just time out, as does tracert. I've also thrown up a quick screen shot of the routes as configured in the device. I feel like the problem lies in something that's there (or not there).
Do more with
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
That's called routing loop. :)
Next hop address should always point to some neighbor router as the way to get to some remote network. Your default route points to itself.
Can you attach your network topology and route tables of devices?
Next hop address should always point to some neighbor router as the way to get to some remote network. Your default route points to itself.
Can you attach your network topology and route tables of devices?
Hi Predrag, thanks for the reply. I agree it does look like some sort of loop but the default route next hop address (192.168.31.1) is the usual gateway / router on that subnet which I believe makes sense.
The switch's IP address on that subnet is 192.168.31.254.
I will post the requested topology and route tables shortly.
The switch's IP address on that subnet is 192.168.31.254.
I will post the requested topology and route tables shortly.
Gathered some new knowledge on this one; it looks to me like a routing issue within the switch. Firstly it reports the interface on VLAN4 as being down, presumably because the SFP port with PVID 4 has nothing plugged into it. I'm assuming that port down = VLAN interface down = gateway does not respond to ping even when I plug a PC into another port on the same VLAN.
Secondly, I got fed up and tried plan b - doing the routing in the down-stream HP 1920 switch instead of this device. Sure enough, I had that going in about 10 minutes. Looking at the routes that the HP switch automatically generated, there were some missing from the Netgear's route table. However, upon trying to add the corresponding routes (addresses and subnets adjusted of course) it would present an error message and wouldn't let me add them. I could add other nonsense routes, but not the ones I actually needed.
Unless someone has a bright idea why the Netgear switch won't let me add the required routes (maybe something to do with primary VLAN or something) I'm going to throw the towel on that device and go with plan b. Thanks for reading
Secondly, I got fed up and tried plan b - doing the routing in the down-stream HP 1920 switch instead of this device. Sure enough, I had that going in about 10 minutes. Looking at the routes that the HP switch automatically generated, there were some missing from the Netgear's route table. However, upon trying to add the corresponding routes (addresses and subnets adjusted of course) it would present an error message and wouldn't let me add them. I could add other nonsense routes, but not the ones I actually needed.
Unless someone has a bright idea why the Netgear switch won't let me add the required routes (maybe something to do with primary VLAN or something) I'm going to throw the towel on that device and go with plan b. Thanks for reading
For port to be up you need at least one port up (that can be trunk port - at least in Cisco world). If your vlan interface is down then sure, it can't work.
But anyhow, you did not provide routing table(s).
:)
Your default gateway for vlan 1, I suppose is interface on Cisco router, so Cisco router should have route how to reach VLAN 4 (and interface vlan 4 on netgear router should not be down), since default gateway for VLAN 4 is Netgear ...
From the picture of routes in the first post, Netgear router learned only directly connected network (VLAN 1) there is no attached network present for VLAN 4 , and you added default route. Maybe you should check Netgear documentation how to create interface for VLAN and make it routable.
Routers learn routes in 3 ways:
- directly connected networks automatically are inserted into routing table
- you (administrator) statically assign routes on router
- routers share information about routes in their routing table with neighbors by using some routing protocol
So HP and Cisco router really have no idea about routes that are not directly connected if you don't use RIP or OSPF in your network, and routes need to be configured manually.
I guess, that easiest solution in your case would be to extend VLAN 4 to Cisco router, make it default gateway and that will solve all of your problems.
Best solution would be to redesign your network and use Netgear GSM7328FS for all intervlan routing instead of Cisco router and to use Cisco only for internet traffic.
And don't throw the towel, you should always know where your towel is.
But anyhow, you did not provide routing table(s).
:)
Your default gateway for vlan 1, I suppose is interface on Cisco router, so Cisco router should have route how to reach VLAN 4 (and interface vlan 4 on netgear router should not be down), since default gateway for VLAN 4 is Netgear ...
From the picture of routes in the first post, Netgear router learned only directly connected network (VLAN 1) there is no attached network present for VLAN 4 , and you added default route. Maybe you should check Netgear documentation how to create interface for VLAN and make it routable.
upon trying to add the corresponding routes (addresses and subnets adjusted of course) it would present an error message and wouldn't let me add them.To add route usually required condition is that the next hop is available at the moment you are adding routes.
Routers learn routes in 3 ways:
- directly connected networks automatically are inserted into routing table
- you (administrator) statically assign routes on router
- routers share information about routes in their routing table with neighbors by using some routing protocol
So HP and Cisco router really have no idea about routes that are not directly connected if you don't use RIP or OSPF in your network, and routes need to be configured manually.
I guess, that easiest solution in your case would be to extend VLAN 4 to Cisco router, make it default gateway and that will solve all of your problems.
Best solution would be to redesign your network and use Netgear GSM7328FS for all intervlan routing instead of Cisco router and to use Cisco only for internet traffic.
And don't throw the towel, you should always know where your towel is.
“Hey, you sass that hoopy Ford Prefect? There's a frood who really knows where his towel is.":)
(Sass: know, be aware of, meet, have sex with; hoopy: really together guy; frood: really amazingly together guy.)”
- Douglas Adams, The Hitchhiker's Guide to the Galaxy
Thank you very much, I appreciate the thorough explanation. This project has been a learning one and the info you provided has added to that.
You confirming that the interface needs to be up in order for the router to learn about the subnet combined with the mention that simply having a tagged port using that VLAN is enough to bring it up (with Cisco) did the trick for me. I tagged a port on this switch and on another downstream switch so as to include VLAN 4 in that trunk and voila, interface up. Upon checking the learned routes I see one for the 192.168.103.0 subnet. A quick test from a client at that site and I am able to ping the gateway on that new subnet. Success!
I guess I'll hang on to my towel a little longer ;-) Have a good day
You confirming that the interface needs to be up in order for the router to learn about the subnet combined with the mention that simply having a tagged port using that VLAN is enough to bring it up (with Cisco) did the trick for me. I tagged a port on this switch and on another downstream switch so as to include VLAN 4 in that trunk and voila, interface up. Upon checking the learned routes I see one for the 192.168.103.0 subnet. A quick test from a client at that site and I am able to ping the gateway on that new subnet. Success!
I guess I'll hang on to my towel a little longer ;-) Have a good day
Premium Content
You need an Expert Office subscription to comment.Start Free Trial