Unsolved
This post is more than 5 years old
9 Posts
0
23041
Routing VLAN traffic on 6224 switch
Have 3 VLANs setup on a 6224 switch: 10,20 &99. Have 99 connected to our Sonicwall interface and have connectivity, the problem is routing traffic from VLAN 10 & 20 to 99. I have included the config below. Have tried creating a static route to our Sonicwall interface and even tried OSPF. Thks
!Current Configuration:
!System Description "PowerConnect 6224, 3.3.4.1, VxWorks 6.5"
!System Software Version 3.3.4.1
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 10,20,99
vlan routing 10 1
vlan routing 20 2
vlan routing 99 3
exit
stack
member 1 1
exit
ip address 192.168.2.1 255.255.255.0
ip routing
ip route 0.0.0.0 0.0.0.0 10.168.12.254
interface vlan 10
routing
ip address 192.168.3.1 255.255.255.0
exit
interface vlan 20
routing
ip address 192.168.4.1 255.255.255.0
exit
interface vlan 99
routing
ip address 10.168.12.1 255.255.255.0
exit
router ospf
router-id 172.1.1.1
no enable
exit
!
interface ethernet 1/g1
switchport access vlan 10
exit
!
interface ethernet 1/g2
switchport access vlan 10
exit
!
interface ethernet 1/g3
switchport access vlan 10
exit
!
interface ethernet 1/g4
switchport access vlan 10
exit
!
interface ethernet 1/g5
switchport access vlan 10
exit
!
interface ethernet 1/g6
switchport access vlan 10
exit
!
interface ethernet 1/g7
switchport access vlan 20
exit
!
interface ethernet 1/g8
switchport access vlan 20
exit
!
interface ethernet 1/g9
switchport access vlan 20
exit
!
interface ethernet 1/g10
switchport access vlan 20
exit
!
interface ethernet 1/g11
switchport access vlan 20
exit
!
interface ethernet 1/g12
switchport access vlan 20
exit
!
interface ethernet 1/g24
switchport access vlan 99
exit
exit
Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static
B - BGP Derived, IA - OSPF Inter Area
E1 - OSPF External Type 1, E2 - OSPF External Type 2
N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2
S 0.0.0.0/0 [1/0] via 10.168.12.254, vlan 99
C 10.168.12.0/24 [0/1] directly connected, vlan 99
C 192.168.3.0/24 [0/1] directly connected, vlan 10
C 192.168.4.0/24 [0/1] directly connected, vlan 20
VLAN Name Ports Type Authorization
----- --------------- ------------- ----- -------------
1 Default ch1-48, Default Required
1/g13-1/g23,
1/xg1-1/xg4
10 1/g1-1/g6 Static Required
20 1/g7-1/g12 Static Required
99 1/g24 Static Required
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 21st, 2012 09:00
It looks like you have all of the routing commands in place. Are you able to ping back and forth between devices on VLAN 10 and 20?
What type of Sonicwall device is being used? If this is a Firewall device that then leads out to the internet, or another part of your network, then we need to place that port in Trunk mode instead of access mode.
So port 24 would look similar to this.
console(config-if)# switchport mode trunk
console(config-if)# switchport trunk allowed vlan add 10,20,99
Keep us updated,
Thanks.
WEBCCI
9 Posts
0
September 21st, 2012 09:00
Oddly we cannot ping between VLANs with Win7 clients but we can with XP. Have shutdown firewall service, etc.
The Sonicwall is a 3560 Pro which has 2 LAN interfaces and 2 WAN interfaces setup. Have VLAN 99 plugged into one of the LAN interfaces.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 21st, 2012 10:00
I am not seeing a Sonicwall 3560, I was able to find a 3500 and a 3060 though.
Is it this device
o-www.sonicwall.com/.../NSA_3500.html
Or this one?
www.sonicwall.com/.../PROSERIES_DS_A4.pdf
What is on the other side of the Sonicwall?
I would take the static route out for right now, we can add it back in later if we need to.
Are the clients that are plugged into VLAN 10 and 20 setup for DHCP or Static? Can Win7 clients ping each other on the same VLAN? IE. Win7 from VLAN 10 ping another Win7 from VLAN 10. On the win7 machines is the default gateway set to the VLAN IP address? IE. A machine plugged into VLAN 10 will have a default gateway of 192.168.3.1.
Thanks
WEBCCI
9 Posts
0
September 21st, 2012 10:00
Actually it is a 3060 (typo in earlier post).
We have them set statically and pointed to their associated VLAN address as their GW.
Should we take out the static route from 99 to the sonicwall?
Will have to check if they can ping each other on the same VLAN, believe they can.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 21st, 2012 11:00
For now I would take out the static route, we can add it back in later if needed. Once the static route is taken out we then need to set port 24 that connects to the Sonicwall to the switchport Trunk mode, and allow the VLANs across it.
I found this bit of information in some Sonicwall documentation.
"SonicWALLs do not support VTP (VLAN Trunking Protocol) or GVRP (Generic VLAN Registration
Protocol) – you will need to explicitly force trunking on the switch port that’s connected to the
SonicWALL device, as it will not auto-negotiate the trunk."
So access mode will not work.
Once we have that done then see if the XP machines can ping the Sonicwall and gain access to the other side of the sonicwall.
I am not familiar with the SonicWall pro 3060, but I did find this getting started guide on it. The guide may be something you want to glance through to also help ensure it is configured correctly.
www.reachcom.com/.../Sonicwall_PRO3060.pdf
Thanks.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 25th, 2012 14:00
When you have the command
ip route 0.0.0.0 0.0.0.0 10.168.12.254
It is making a static route for all traffic, telling it to take the next hop of 10.168.12.254, which in this case is fine.
What happens is you have port 24, which is connected to the sonicwall, set to access mode. Which means it can only participate in the one specific VLAN. Regardless of if routing is enabled, or a static route is set, in access mode it is able to only access the specified VLAN. So we need to use Trunk mode or even general mode and allow the other VLANs to traverse that connection.
I would still recommend changing from access mode to Trunk mode and allow the VLANs across it, we can leave the static route in, that is fine, and then see if the other VLANs have access to the Sonicwall.
WEBCCI
9 Posts
0
September 25th, 2012 14:00
Not able to get out at all when we take the static out. We can get out on the 99 VLAN because of the static route, problem is we cannot get out from VLAN 10 & 20 maybe due to the different subnets? When 10 & 20 is routed through 99 via the static route do they keep their original IP so that maybe the Sonicwall doesn't know how to return the traffic without a static in the Sonicwall? In other words, the static route via VLAN 99 forwards the traffic and doesn't NAT it right?
WEBCCI
9 Posts
0
September 25th, 2012 15:00
Don't we need to create static routes in the Sonicwall so, it knows how to route traffic back from the 192.168.3.1 & 192.168.4.1 networks?
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 26th, 2012 06:00
I am not real familiar with the Sonicwall devices, so you may need to setup the static routes on the Sonicwall also. I found this article had some good information in it.
www.fuzeqna.com/.../kbdetail.asp
Were you able to change the port from access to Trunk mode?
Thanks.
WEBCCI
9 Posts
0
September 26th, 2012 10:00
Thanks for the information. We changed to trunk mode, but still cannot get out from the 10 & 20 VLANs. Definitely think we need to enter static routes on the Sonicwall to provide return routes.
Anonymous
5 Practitioner
5 Practitioner
•
274.2K Posts
0
September 26th, 2012 10:00
What does the config on port 24 look like now?
Here is a link to SonicWall support channels, they may have better direct answers for how the SonicWall functions in a situation like this and if it needs those static routes.
o-www.sonicwall.com/.../contact.html