Need help with basic layer 3 switch configuration
Hi everyone, I could use some assistance doing what should be a pretty basic layer 3 switch configuration.
I've got a site with three existing VLANs and subnets. Currently the physical router device is routing inter-VLAN traffic. They are as follows:
VLAN 1 (default): 192.168.31.0/24
Gateway: 192.168.31.1
VLAN 2 (mgmt.): 192.168.131.0/24
Gateway: 192.168.131.1
VLAN 3 (guest): 192.168.231.0/24
Gateway: 192.168.231.1
Another group will be joining the existing network, that group will have their own subnet 192.168.103.0/24 which I will be placing on VLAN 4 at the main site. I have a layer 3 switch (Netgear GSM7328FS) that I will be using to route VLAN 4 to VLAN 1 as I should get better performance routing with this device than the physical router. This group will also be sharing VLANs 2 and 3. Switch port connecting to this office will be configured as a trunk (Cisco language), so it will be an untagged member of VLAN 4 and tagged member of VLANs 2 and 3.
The switch management interface is 192.168.31.25 on VLAN 2.
I've assigned IP addresses to the VLAN interfaces as follows:
VLAN1: 192.168.31.254
VLAN4: 192.168.103.1
Routing is enabled on the device and the interfaces. I've got a route statement in my physical router for 192.168.103.0 next hop 192.168.31.254.
Now for the question, why I'm not able to reach 192.168.103.1 (VLAN 4) from the other side?
If I attempt to ping from 192.168.31.0 I get:
Reply from 192.168.31.254: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
If I attempt tracert, I get:
Tracing route to 192.168.103.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.31.254
2 1 ms 1 ms <1 ms 192.168.131.1
3 145 ms 2 ms 2 ms 192.168.31.254
4 1 ms 1 ms 2 ms 192.168.131.1
5 2 ms 2 ms 2 ms 192.168.31.254
6 2 ms 2 ms 2 ms ...
I have no idea why the x.x.131.0 subnet is even involved. Hopefully this behaviour will throw up a flag for someone, and you can point me in the right direction. Thanks in advance
*** Edit ***
After sitting for a while, now the pings just time out, as does tracert. I've also thrown up a quick screen shot of the routes as configured in the device. I feel like the problem lies in something that's there (or not there).
I've got a site with three existing VLANs and subnets. Currently the physical router device is routing inter-VLAN traffic. They are as follows:
VLAN 1 (default): 192.168.31.0/24
Gateway: 192.168.31.1
VLAN 2 (mgmt.): 192.168.131.0/24
Gateway: 192.168.131.1
VLAN 3 (guest): 192.168.231.0/24
Gateway: 192.168.231.1
Another group will be joining the existing network, that group will have their own subnet 192.168.103.0/24 which I will be placing on VLAN 4 at the main site. I have a layer 3 switch (Netgear GSM7328FS) that I will be using to route VLAN 4 to VLAN 1 as I should get better performance routing with this device than the physical router. This group will also be sharing VLANs 2 and 3. Switch port connecting to this office will be configured as a trunk (Cisco language), so it will be an untagged member of VLAN 4 and tagged member of VLANs 2 and 3.
The switch management interface is 192.168.31.25 on VLAN 2.
I've assigned IP addresses to the VLAN interfaces as follows:
VLAN1: 192.168.31.254
VLAN4: 192.168.103.1
Routing is enabled on the device and the interfaces. I've got a route statement in my physical router for 192.168.103.0 next hop 192.168.31.254.
Now for the question, why I'm not able to reach 192.168.103.1 (VLAN 4) from the other side?
If I attempt to ping from 192.168.31.0 I get:
Reply from 192.168.31.254: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
Reply from 192.168.131.1: TTL expired in transit.
If I attempt tracert, I get:
Tracing route to 192.168.103.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.31.254
2 1 ms 1 ms <1 ms 192.168.131.1
3 145 ms 2 ms 2 ms 192.168.31.254
4 1 ms 1 ms 2 ms 192.168.131.1
5 2 ms 2 ms 2 ms 192.168.31.254
6 2 ms 2 ms 2 ms ...
I have no idea why the x.x.131.0 subnet is even involved. Hopefully this behaviour will throw up a flag for someone, and you can point me in the right direction. Thanks in advance
*** Edit ***
After sitting for a while, now the pings just time out, as does tracert. I've also thrown up a quick screen shot of the routes as configured in the device. I feel like the problem lies in something that's there (or not there).
ASKER
Hi Predrag, thanks for the reply. I agree it does look like some sort of loop but the default route next hop address (192.168.31.1) is the usual gateway / router on that subnet which I believe makes sense.
The switch's IP address on that subnet is 192.168.31.254.
I will post the requested topology and route tables shortly.
The switch's IP address on that subnet is 192.168.31.254.
I will post the requested topology and route tables shortly.
ASKER
Posting the network topology here:
Calgary.pdf
Calgary.pdf
ASKER
Gathered some new knowledge on this one; it looks to me like a routing issue within the switch. Firstly it reports the interface on VLAN4 as being down, presumably because the SFP port with PVID 4 has nothing plugged into it. I'm assuming that port down = VLAN interface down = gateway does not respond to ping even when I plug a PC into another port on the same VLAN.
Secondly, I got fed up and tried plan b - doing the routing in the down-stream HP 1920 switch instead of this device. Sure enough, I had that going in about 10 minutes. Looking at the routes that the HP switch automatically generated, there were some missing from the Netgear's route table. However, upon trying to add the corresponding routes (addresses and subnets adjusted of course) it would present an error message and wouldn't let me add them. I could add other nonsense routes, but not the ones I actually needed.
Unless someone has a bright idea why the Netgear switch won't let me add the required routes (maybe something to do with primary VLAN or something) I'm going to throw the towel on that device and go with plan b. Thanks for reading
Secondly, I got fed up and tried plan b - doing the routing in the down-stream HP 1920 switch instead of this device. Sure enough, I had that going in about 10 minutes. Looking at the routes that the HP switch automatically generated, there were some missing from the Netgear's route table. However, upon trying to add the corresponding routes (addresses and subnets adjusted of course) it would present an error message and wouldn't let me add them. I could add other nonsense routes, but not the ones I actually needed.
Unless someone has a bright idea why the Netgear switch won't let me add the required routes (maybe something to do with primary VLAN or something) I'm going to throw the towel on that device and go with plan b. Thanks for reading
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much, I appreciate the thorough explanation. This project has been a learning one and the info you provided has added to that.
You confirming that the interface needs to be up in order for the router to learn about the subnet combined with the mention that simply having a tagged port using that VLAN is enough to bring it up (with Cisco) did the trick for me. I tagged a port on this switch and on another downstream switch so as to include VLAN 4 in that trunk and voila, interface up. Upon checking the learned routes I see one for the 192.168.103.0 subnet. A quick test from a client at that site and I am able to ping the gateway on that new subnet. Success!
I guess I'll hang on to my towel a little longer ;-) Have a good day
You confirming that the interface needs to be up in order for the router to learn about the subnet combined with the mention that simply having a tagged port using that VLAN is enough to bring it up (with Cisco) did the trick for me. I tagged a port on this switch and on another downstream switch so as to include VLAN 4 in that trunk and voila, interface up. Upon checking the learned routes I see one for the 192.168.103.0 subnet. A quick test from a client at that site and I am able to ping the gateway on that new subnet. Success!
I guess I'll hang on to my towel a little longer ;-) Have a good day
Next hop address should always point to some neighbor router as the way to get to some remote network. Your default route points to itself.
Can you attach your network topology and route tables of devices?