Unsolved
This post is more than 5 years old
20 Posts
0
118221
VLAN not connecting to Internet - PowerConnect 6248
I have the following VLAN's:
VLAN1 192.168.10.1
VLAN50 192.168.50.1
VLAN100 (management)
I'm able to ping from VLAN1 to 50 and from 50 to 1. VLAN1 uses 192.168.10.2 to go out to the internet. I can ping 192.168.10.1 from VLAN50 but when I try to ping the firewall on 192.168.10.2 from VLAN50 I get no response and none of the hosts on VLAN50 are able to access the internet.
What am I missing?
Network Address | Subnet Mask | Protocol | Next Hop Interface | Next Hop IP Address |
---|---|---|---|---|
0.0.0.0 | 0.0.0.0 | Default | vlan1 | 192.168.10.2 |
192.168.10.0 | 255.255.255.0 | Local | vlan1 | 192.168.10.1 |
192.168.50.0 | 255.255.255.0 | Local | vlan50 | 192.168.50.1 |
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 21st, 2016 16:00
Hi,
Is routing enabled on the switch? Use the ip routing command. Page 728 http://downloads.dell.com/Manuals/Common/powerconnect-6224_Reference%20Guide_en-us.pdf
BAI-JD
20 Posts
0
January 22nd, 2016 05:00
Yes, IP routing is enable.
BAI-JD
20 Posts
0
January 22nd, 2016 05:00
Perhaps this helps:
console#show run
!Current Configuration:
!System Description "PowerConnect 6248, 3.3.3.3, VxWorks 6.5"
!System Software Version 3.3.3.3
!Cut-through mode is configured as disabled
!
configure
vlan database
vlan 50,100
vlan routing 50 1
vlan routing 1 3
exit
sntp unicast client enable
sntp client poll timer 1024
sntp server 192.168.10.207
clock summer-time date Mar 11 2012 02:00 Nov 4 2012 02:00 offset 60 zone "EST"
clock timezone -5 minutes 0 zone "EST"
stack
member 1 2
member 2 2
member 3 2
member 4 2
member 5 2
exit
ip address 192.168.100.5 255.255.255.0
ip address vlan 100
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.10.2
arp timeout 300
interface vlan 1
routing
ip address 192.168.10.1 255.255.255.0
exit
interface vlan 50
name "DR"
routing
ip address 192.168.50.1 255.255.255.0
exit
interface vlan 100
name "ManagementVLAN"
exit
username "username" password 3a49c82343243525ewegds5645 level 15 encrypted
username "username" password 26227a93fsafdsadsafdsadfsa5387d level 15 encrypted
sflow 1 destination owner sampling timeout 4257663274
sflow 1 destination 192.168.10.35
!
interface ethernet 1/g1
spanning-tree portfast
exit
!
interface ethernet 1/g2
spanning-tree portfast
exit
!
interface ethernet 1/g3
spanning-tree portfast
exit
!
interface ethernet 1/g4
spanning-tree portfast
exit
!
interface ethernet 1/g5
spanning-tree portfast
exit
!
interface ethernet 1/g6
spanning-tree portfast
exit
!
interface ethernet 1/g7
spanning-tree portfast
exit
!
interface ethernet 1/g8
spanning-tree portfast
exit
!
interface ethernet 1/g9
spanning-tree portfast
exit
!
interface ethernet 1/g10
spanning-tree portfast
exit
!
interface ethernet 1/g11
spanning-tree portfast
exit
!
interface ethernet 1/g12
spanning-tree portfast
exit
!
interface ethernet 1/g13
spanning-tree portfast
exit
!
interface ethernet 1/g14
spanning-tree portfast
exit
!
interface ethernet 1/g15
spanning-tree portfast
exit
!
interface ethernet 5/g16
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g17
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g18
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g19
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g20
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g21
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g22
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g23
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g24
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g25
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g26
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g27
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g28
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g29
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g30
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g31
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g32
sflow 1 sampling 1024
sflow 1 polling 30
spanning-tree portfast
exit
!
interface ethernet 5/g33
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g34
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g35
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g36
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g37
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g38
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g39
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g40
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g41
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g42
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g43
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g44
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g45
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g46
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g47
sflow 1 polling 60
spanning-tree portfast
exit
!
interface ethernet 5/g48
sflow 1 polling 60
spanning-tree portfast
exit
!
interface port-channel 1
switchport mode general
switchport general allowed vlan add 50 tagged
exit
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 22nd, 2016 09:00
If you set the default gateway on a client on VLAN 50 to 192.168.50.1, it should route to VLAN 1 and through the firewall.
BAI-JD
20 Posts
0
January 22nd, 2016 12:00
I'm not sure I understand your point. Can you tell me if something has to be changed and what need to change? I am not sure what to change. All devices on VLAN 50 have 192.168.50.1 as the default gateway but even with this none of them can ping 192.168.10.2. I can ping any other device on 192.168.10.x from VLAN50 but not the firewall.
I forgot to mention that the devices on VLAN50 are VMs that reside on a VRTX. The VRTX has its own switch so I'm not sure if something has to be changed there.
VRTX Switch:
config-file-header
v1.0.0.62 / RPLASMA_760_221_040
CLI v1.0
@
vlan database
vlan 50
exit
voice vlan oui-table add 000181 Nortel__________________
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 001049 Shoretel________________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00907a Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
username password encrypted privilege 15
!
interface gigabitethernet0/1
channel-group 1 mode on
!
interface gigabitethernet0/2
channel-group 1 mode on
!
interface gigabitethernet0/3
channel-group 1 mode on
!
interface gigabitethernet0/4
channel-group 1 mode on
!
interface gigabitethernet1/1
switchport mode trunk
!
interface gigabitethernet1/2
switchport mode trunk
!
interface gigabitethernet1/3
switchport mode trunk
!
interface gigabitethernet1/4
switchport mode trunk
!
interface gigabitethernet2/1
switchport mode trunk
!
interface gigabitethernet2/2
switchport mode trunk
!
interface gigabitethernet2/3
switchport mode trunk
!
interface gigabitethernet2/4
switchport mode trunk
!
interface Port-channel1
switchport mode trunk
!
interface oob
ip address 192.168.50.2 255.255.255.0
no ip address dhcp
!
exit
ip default-gateway 192.168.50.1
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 22nd, 2016 13:00
Try making a static route from vlan 50 directly to the firewall.
BAI-JD
20 Posts
0
January 25th, 2016 05:00
Is this correct? This is what I have now after adding a static route to 192.168.10.2. I am still not able to connect to the Internet from VLAN50.
Network Address Subnet Mask Protocol Next Hop Interface Next Hop IP Address
0.0.0.0 0.0.0.0 Default vlan1 192.168.10.2
192.168.10.0 255.255.255.0 Local vlan1 192.168.10.1
192.168.50.0 255.255.255.0 Local vlan50 192.168.50.1
192.168.50.0 255.255.255.0 Static vlan1 192.168.10.2
BAI-JD
20 Posts
0
January 25th, 2016 08:00
tracert google.com
Tracing route to google.com [216.58.192.78]
over a maximum of 30 hops:
1 2 ms 2ms 6 ms 192.168.50.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
...
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 25th, 2016 09:00
It doesn’t look like it is routing to vlan 1. By default vlan 1 is not routable. Try unassigning the ip address for management, then switch the management vlan back to 1 and then back to 100. The assign the management ip to vlan 100.
No ip address
Ip address vlan 1
Ip address vlan 100
Interface vlan 100
Ip address 192.168.100.5 255.255.255.0
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 25th, 2016 12:00
Wait until after hours.
BAI-JD
20 Posts
0
January 25th, 2016 12:00
This cannot be done while people are working, right? Will this cause down time?
DELL-Josh Cr
Moderator
Moderator
•
8.7K Posts
0
January 25th, 2016 14:00
Run the commands in that order. No there doesn't need to be anything beween the vlan 1 and vlan 100 commands, it is just changing the management vlan.
BAI-JD
20 Posts
0
January 25th, 2016 14:00
Are these the exact commands to run and the exact order? Do I run them from config prompt? You can tell I am not very proficient on this.
No ip address
Ip address vlan 1
Ip address vlan 100
Interface vlan 100
Ip address 192.168.100.5 255.255.255.0
Is there supposed to be something after "ip address vlan 1", ip address vlan 100?