PowerConnect 6248 Routing Issue

Question

Hi All,

I'm having a very frustrating problem with routing using a PowerConnect 6248.

Network configuration is as follows:

VLAN3

172.16.0.254/24

VLAN4

192.168.0.254/24

PC's on each VLAN are using the switch VLAN interface IP's (x.x.x.254) as their gateways.

Switch has default route configured to 192.168.0.248 which is a frame relay router with excess of 100 subnets in the cloud. 192.168.0.248 has appropriate routes for all remote subnets via a serial interface, a static route for VLAN 3 traffic (172.16.0.0/24) via 192.168.0.254 and a default route via a PIX 515 (192.168.0.253). Both router and PIX are connected to access ports on VLAN 4. The PIX also has a route for VLAN 3 traffic via 192.168.0.254.

The problem is that all hosts on VLAN 3 cannot access the Internet. They can ping the appropriate gateways in sequence - 172.16.0.254, 192.168.0.248 and 192.168.0.253. I have disabled IP redirects on the router and the switch with no effect.

I built this configuration in Cisco Packet Tracer 5.0 (it works) and we are currently running exactly the same IP setup with a Nortel switch in place of the Dell 6248 (this also works).

Absoloutely stumped to know what I am missing! I have also noticed that if I perform a trace whilst in the CLI on the router using a source IP of the VLAN interface that it crashes the interface on the switch.

I would be very appreciative to anyone that can poing me in the right direction.

I've included the switch config below.

configure
vlan database
vlan 2-4
vlan association subnet 172.16.0.0 255.255.255.0 3
vlan association subnet 192.168.11.0 255.255.255.0 2
vlan association subnet 192.168.0.0 255.255.255.0 4
exit
stack
member 1 2
exit
ip address 10.10.10.1 255.255.255.0
no logging console
no ip redirects
ip routing
ip route 0.0.0.0 0.0.0.0 192.168.0.248
bootpdhcprelay enable
bootpdhcprelay serverip 192.168.0.3
router rip
no enable
exit
interface vlan 2
name "Voice"
routing
ip address 192.168.11.254 255.255.255.0
exit
interface vlan 3
name "Workstations"
routing
ip address 172.16.0.254 255.255.255.0
exit
interface vlan 4
name "Servers"
routing
ip address 192.168.0.254 255.255.255.0
exit
username "admin" password 3c9fd59f1a240ff455a9d9e8eebae936 level 15 encrypted
router ospf
no enable
exit
!
interface ethernet 1/g1
switchport mode trunk
switchport trunk allowed vlan add 2-4
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g2
switchport mode trunk
switchport trunk allowed vlan add 2-4
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g3
switchport access vlan 2
exit
!
interface ethernet 1/g4
switchport access vlan 2
exit
!
interface ethernet 1/g5
switchport access vlan 2
exit
!
interface ethernet 1/g6
switchport access vlan 4
exit
!
interface ethernet 1/g7
switchport mode trunk
switchport trunk allowed vlan add 2-4
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g8
switchport access vlan 3
exit
!
interface ethernet 1/g9
switchport access vlan 4
exit
!
interface ethernet 1/g10
switchport access vlan 3
exit
!
interface ethernet 1/g11
switchport access vlan 3
exit
!
interface ethernet 1/g12
switchport access vlan 3
exit
!
interface ethernet 1/g13
switchport access vlan 3
exit
!
interface ethernet 1/g14
switchport access vlan 3
exit
!
interface ethernet 1/g15
switchport access vlan 3
exit
!
interface ethernet 1/g16
switchport access vlan 3
exit
!
interface ethernet 1/g17
switchport access vlan 3
exit
!
interface ethernet 1/g18
switchport access vlan 3
exit
!
interface ethernet 1/g19
switchport access vlan 3
exit
!
interface ethernet 1/g20
switchport access vlan 3
exit
!
interface ethernet 1/g21
switchport access vlan 3
exit
!
interface ethernet 1/g22
switchport access vlan 3
exit
!
interface ethernet 1/g23
switchport mode trunk
switchport trunk allowed vlan add 2-4
switchport trunk allowed vlan remove 1
exit
!
interface ethernet 1/g24
switchport access vlan 3
exit
!
interface ethernet 1/g25
switchport access vlan 4
exit
!
interface ethernet 1/g26
switchport access vlan 4
exit
!
interface ethernet 1/g27
switchport access vlan 4
exit
!
interface ethernet 1/g28
switchport access vlan 4
exit
!
interface ethernet 1/g29
switchport access vlan 4
exit
!
interface ethernet 1/g30
switchport access vlan 4
exit
!
interface ethernet 1/g31
switchport access vlan 4
exit
!
interface ethernet 1/g32
switchport access vlan 4
exit
!
interface ethernet 1/g33
switchport access vlan 4
exit
!
interface ethernet 1/g34
switchport access vlan 4
exit
!
interface ethernet 1/g35
switchport access vlan 4
exit
!
interface ethernet 1/g36
switchport access vlan 4
exit
!
interface ethernet 1/g37
switchport access vlan 4
exit
!
interface ethernet 1/g38
switchport access vlan 4
exit
!
interface ethernet 1/g39
switchport access vlan 4
exit
!
interface ethernet 1/g40
switchport access vlan 4
exit
!
interface ethernet 1/g41
switchport access vlan 4
exit
!
interface ethernet 1/g42
switchport access vlan 4
exit
!
interface ethernet 1/g43
switchport access vlan 4
exit
!
interface ethernet 1/g44
switchport access vlan 4
exit
!
interface ethernet 1/g45
switchport access vlan 4
exit
!
interface ethernet 1/g46
switchport access vlan 4
exit
exit

DRNO10 · Answer

Just to clarify to access the internet traffic is routed from the 6248 out to the frame relay router which routes it to the pix and then off to the internet? I dont see anything that is obviously wrong with your config, all i can say is to double check your routes on your pix and frame relay router back to vlan 3 (although from your description it sounds like you have).

bh1633 · Answer

Remove the 'vlan association subnet 172.16.0.0 255.255.255.0 3' line from your config.   Why?... I am working on the answer to that.  I think the reason is that this command says to only allow source IP addresses of 172.16.0.x on vlan 3.  Do not allow 172.16.0.x source addresses on other vlans.    I think you will also have trouble with vlan 2 clients getting to the internet also.  I suggest remove all 'vlan association subnet' commands.

TKRS25 · Answer

I've also already tried removing the IP subnet associations with the VLAN's with no positive impact. Does anyone know if having the switch ports configured as 'Access' and having no VLAN membership information on either the router or PIX LAN interfaces could be causing me an issue? I seems that the packet is dropped on it's return path from the router to the switch and never reaches the PIX.

I've also tried the latest firmware and even tried a different switch (I have two of the same model waiting to be deployed but holding off until I've worked this issue out).

Starting to wonder if it's some sort of software bug but would be amazed if no one else has stumbled on it!

TKRS25 · Answer

Just clarifying that you are correct in your understanding of the issue with the way the traffic is routed. I've checked all routes and I'm 100% sure they're correct as it works with the existing switch.

bh1633 · Answer

I set up the network as you described. I used this exact configuration file. I saw your issue. I removed the "vlan association" lines and it resolved the issue.

Has your configuration file changed at all since you posted it?

With the "vlan association subnet 172.16.0.04 255.255.255.0 3" line in place, you would see the switch drop packets originating from vlan 3 that return from the router because the packets are now coming into the switch on vlan 4. This command restricts 172.16.0.x packets to vlan 3.

This was my test:

- I pinged from a pc plugged into the switch on vlan 3 to an interface on the pix (I used 1.1.1.1)

- doiing some port mirroring I found that the switch was dropping packets coming back from the router.

- I removed the "vlan association subnet 172.16.0.04 255.255.255.0 3" line and the ping succeeded.

Can you describe your test with more detail?

TKRS25 · Answer

Thanks so much for your suggestion as it appears to have solved the issue. I thought I had already tried that but I must have gotten confused in the multitude of other attempts I've made.   Take care.

Networking General

PowerConnect 6248 Routing Issue

Was this post helpful?