lbendingclark
1 Copper

Dell Switch 6248 - cannot connect to firewall with configuration

I have it so the Vlan's can talk to each other, the tracert shows that they're going through the correct default gateway's. The issue I'm having is that on port 47, I have the wifi firewall connected to VLAN 50, which has the IP of 172.10.10.2. The Wifi Firewall's default gateway is set as 172.10.10.1.


I can ping the default gateway of the VLAN 50, but not 172.10.10.1; Even with the ip route command below.

Any help will be greatly appreciated.

Here's my running configuration:

!Current Configuration:
!System Description "PowerConnect 6248, 3.3.8.2, VxWorks 6.5"
!System Software Version 3.3.8.2
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 2-3,20,40,50,67
vlan routing 3 1
vlan routing 2 2
vlan routing 50 3
vlan routing 20 4
vlan routing 67 5
exit
stack
member 1 2
exit
ip address 192.168.1.9 255.255.255.0
ip default-gateway 192.168.1.1
ip address vlan 40
ip routing


ip route 0.0.0.0 0.0.0.0 172.10.10.1
interface vlan 2
routing
ip address 172.16.15.1 255.255.255.0
exit
interface vlan 3
routing
ip address 172.16.16.1 255.255.255.0
exit
interface vlan 20
routing
ip address 172.16.17.1 255.255.255.0
exit
interface vlan 50
routing
ip address 172.10.10.2 255.255.255.0
exit
interface vlan 67
routing
exit
!


interface ethernet 1/g1
gvrp enable
switchport access vlan 2
exit
!
interface ethernet 1/g2
gvrp enable
switchport access vlan 2
exit
!
interface ethernet 1/g3
gvrp enable
switchport access vlan 2
exit
!
interface ethernet 1/g4
gvrp enable
switchport access vlan 2
exit
!
interface ethernet 1/g5


gvrp enable
switchport access vlan 3
exit
!
interface ethernet 1/g6
gvrp enable
switchport access vlan 3
exit
!
interface ethernet 1/g7
gvrp enable
switchport access vlan 3
exit
!
interface ethernet 1/g8
gvrp enable
switchport access vlan 3
exit
!
interface ethernet 1/g9
gvrp enable


switchport access vlan 20
exit
!
interface ethernet 1/g10
gvrp enable
switchport access vlan 20
exit
!
interface ethernet 1/g11
gvrp enable
switchport access vlan 20
exit
!
interface ethernet 1/g12
gvrp enable
switchport access vlan 20
exit
!
!
interface ethernet 1/g47
switchport mode general
switchport general pvid 50
switchport general allowed vlan add 2-3,20,50 tagged
exit
!
interface ethernet 1/g48
gvrp enable
exit
!
interface ethernet 1/xg1
gvrp enable
exit
!


interface ethernet 1/xg2
gvrp enable
exit
!
interface ethernet 1/xg3
gvrp enable
exit
!
interface ethernet 1/xg4
gvrp enable
exit
exit

Let me know if I need to provide more information.

Thanks

0 Kudos
13 Replies
Anonymous
Not applicable

RE: Dell Switch 6248 - cannot connect to firewall with configuration

A little more information about your network and how it is setup would help us get a better overall picture. What device is 172.10.10.1? Where does it connect in the network? Why is it being set as a default gateway?

Thanks

0 Kudos
lbendingclark
1 Copper

RE: Dell Switch 6248 - cannot connect to firewall with configuration

This is a test network we're setting up to emulate our future network. 172.10.10.1/24 is our interface default internet gateway, and we have that connected to a port on the test network switch. The gateway is managed through our firewall.

0 Kudos
Anonymous
Not applicable

RE: Dell Switch 6248 - cannot connect to firewall with configuration

With the switch performing VLAN routing, your clients will need to have their default gateway set to the IP address of the VLAN they are in. for instance, clients in VLAN 20 will have a DG of 172.16.17.1.

The connection from the 6248 to the firewall should not need to send tagged traffic for multiple VLANs. Unless different VLANs have a separate route they need to take. But if all traffic need to be funneled out 172.10.10.1, then port 47 can be changed to access mode for VLAN 50.

The 6248 cannot route it's own management VLAN, which by default is VLAN 1. If you are connecting to VLAN 1 and trying to route 192.168.1.0 out 172.10.10.1, it wont work.

0 Kudos
lbendingclark
1 Copper

RE: Dell Switch 6248 - cannot connect to firewall with configuration

Okay, I've tried having VLAN 50 in access mode and it still didn't work. The PC I'm trying to get to access the firewall internet is in VLAN 3 with it's default gateway at 172.16.16.1.  I set the default gateway of VLAN 50 to 172.10.10.2, which it can ping. But it cannot access the firewall at 172.10.10.1.

Should I change the default gateway of VLAN 50 to the firewall IP address? Also the management VLAN is currently 40 with the ip address of 192.168.1.1

0 Kudos
Anonymous
Not applicable

RE: Dell Switch 6248 - cannot connect to firewall with configuration

Are clients placed in VLAN 50 able to ping 172.10.10.1? What brand firewall is being used? You may need to add some routes on the firewall that points returning traffic back to the internal networks.

Example of possible entry on the firewall.

ip route 172.16.16.0 255.255.255.0 172.10.10.2

0 Kudos
lbendingclark
1 Copper

RE: Dell Switch 6248 - cannot connect to firewall with configuration

Yes I just checked. A client placed on VLAN 50 is able to access the internet, but not any of the other VLAN's. Just as none of the other VLAN's are able to access that client or the internet.

I have the port with the firewall set to:

interface ethernet 1/g47

switchport mode general

switchport general pvid 50

switchport general allowed vlan add 2-3,20,50 tagged

exit

And all the others are access. Would this cause any issues?

0 Kudos
Anonymous
Not applicable

RE: Dell Switch 6248 - cannot connect to firewall with configuration

I outlined in one of my previous posts that the connection from the switch to the firewall could be changed to access mode. Because the firewall is not performing the routing, and does not need traffic from multiple VLANs sent to it. I would proceed with making this change on port 47.

It sounds like VLAN routing may not be working, if no clients can access any of the clients in other VLANs. Are clients in VLAN 3 able to ping clients in VLAN 2 or VLAN 30, and vice versa? Or is it just the client in VLAN 50 that cannot be pinged?

0 Kudos
lbendingclark
1 Copper

RE: Dell Switch 6248 - cannot connect to firewall with configuration

I tried changing the port on the switch to access mode, and it lost it's internet connectivity. I think for our purposes, that port needs to be general mode in order for traffic to see it.

And it is just the client on VLAN 50, all other VLAN's can still talk to each other, and ping the ip address of VLAN 50, but they do not receive the internet connection that the client on VLAN 50 does.

Any changes to our configuration that you can suggest?

0 Kudos
Anonymous
Not applicable

RE: Dell Switch 6248 - cannot connect to firewall with configuration

The config on the switch looks fine, VLAN routing should be working and it sounds like it is except for VLAN 50. The PVID on a general mode connection sends untagged traffic, received untagged traffic is placed on the PVID. This is the exact same behavior as an interface in access mode. After you made the config changes to port 47, did the config look like this:

console(config-if)# switchport mode access

console(config-if)# switchport access vlan 50

How is the interface on the firewall configured?

0 Kudos