Unsolved
This post is more than 5 years old
6 Posts
0
915
September 29th, 2019 17:00
N2024 routing between VLANs
Hopefully someone has a suggestion here, because I am out of ideas. I have a N2024 switch, which I have enabled ip routing on. I have two VLANS, the default VLAN1, and a management VLAN99.
VLAN 1 10.10.1.0/24 OOB
VLAN 99 10.10.99.0/24 MGMT
The switch has an IP enabled for both VLANs, x.x.x.254.
I have two ACLs set, one for each inbound vlan, with the same name. The following ACEs are in each:
OOB ACL (Linked to inbound vlan 1):
1000 permit ip 10.10.1.0 0.0.0.255 10.10.1.0 0.0.0.255
2000 permit ip 10.10.1.0 0.0.0.255 10.10.99.0 0.0.0.255
MGMT ACL (Linked to inbound vlan 99):
1000 permit ip 10.10.99.0 0.0.0.255 10.10.99.0 0.0.0.255
2000 permit ip 10.10.99.0 0.0.0.255 10.10.1.0 0.0.0.255
From my understanding, this should allow for IP traffic to travel between the vlans. In testing, however, the following happens:
I can successfully ping from vlan99 to vlan1
I can successfully ping from vlan1 to vlan99
I successfully pull up a webpage hosted on vlan 1 from a different host on vlan 1
I FAIL to pull up a webpage hosted on vlan 1 from a different host on vlan 99
I successfully pull up a webpage hosted on vlan 99 from a different host on vlan 99
I FAIL to pull up a webpage hosted on vlan 99 from a different host on vlan 1
Basically, While I can ping between the vlans, no other traffic seems to complete. What am I missing? All IPs are manual.
Running show ip route gives me:
No default gateway is configured
C *10.10.1.0/24 [0/0] Directly connected, Vl11
C *10.10.99.0/24 [0/0] directly connected, Vl99
To Summarize, with IP ACLs connected to each vlan (inbound) i can only ping across the vlans, but no actual traffic can pass other than pings. What have I missed?
DELL-Josh Cr
Moderator
•
9.5K Posts
0
September 30th, 2019 10:00
Hi,
Are you able to connect between the VLANs if there is not an ACL set? The ACLs will deny all traffic that isn’t specifically permitted.
kjy101
6 Posts
0
October 5th, 2019 12:00
Josh, Thank you for your response.
Disabling the ACL did NOT allow me to pass IP traffic between the Vlans, but I think I may have found the answer.
There is a line in my running-config, that is the following:
vlan assocation subnet 10.10.1.0 255.255.255.0
Which directly follows the vlan 1 entry at the beginning of the config.
Here is my current config (Edited): https://pastebin.com/hCvB46SZ
I am thinking that by having these vlan assocation statements, it is preventing vlan IP cross traffic.
Would these prevent IP traffic across vlans?
kjy101
6 Posts
0
October 6th, 2019 13:00
Josh, Thank you for your response.
Disabling the ACL did NOT allow me to pass IP traffic between the Vlans, but I think I may have found the answer.
There is a line in my running-config, that is the following:
vlan assocation subnet 10.10.1.0 255.255.255.0
Which directly follows the vlan 1 entry at the beginning of the config.
Here is my current config (Edited): https://pastebin.com/hCvB46SZ
I am thinking that by having these vlan assocation statements, it is preventing vlan IP cross traffic.
Would these prevent IP traffic across vlans?