Powerconnect 8024F routing issue

Question

Hi all, Currently in the process of setting up routing and DHCP in order to use the switch as a default gateway instead of the router since the router is on a heavy load. The topology is the following ROUTER - Dell Switch - Other switches  Currently, the problem is the following: if a client from VLAN 20(10.1.20.0/24) connects he won't be able to access the internet without an additional default route being set (0.0.0.0 0.0.0.0 10.1.20.1). 10.1.20.1 is the router's IP address. My question is shouldn't the switch use the default route that is already in place? Here is my entire config: console(config)#show running-config !Current Configuration:!System Description 'Powerconnect 8024F, 5.1.15.2, VxWorks 6.6'!System Software Version 5.1.15.2!Cut-through mode is configured as disabled!configurevlan 8,20,30-32,40,100,250-251,253-254exitvlan 8name 'MNG'exitvlan 20name 'SEC'exitvlan 30name 'EMP'exitvlan 31name 'Accounting'exitvlan 32name 'Wireless'--More-- or (q)uitexitvlan 40name 'SRV'exitvlan 100name 'VOIP'exitvlan 251name 'Native'exitvlan 253name 'Motorola_Primary'exitvlan 254name 'Motorola_Secondary_Lan'exitsntp unicast client enablesntp server 129.128.12.20sntp server 158.69.243.189clock summer-time recurring USAclock timezone -5 minutes 0 zone 'EST'stackmember 1 2 ! PC8024F--More-- or (q)uitexitinterface out-of-bandip address 10.10.250.1 255.255.255.0 0.0.0.0exitip name-server '8.8.8.8'ip name-server '1.1.1.1'logging file informationalno ip http serverclass-map match-all DSCP-ALL ipv4!match ip dscp 46(ef)match ip dscp 46exitpolicy-map input_trush_dscp inexitpolicy-map input_trist_dscp inexitpolicy-map VOIP inclass DSCP-ALLmark ip-dscp 46exitexitip routingip route 0.0.0.0 0.0.0.0 10.1.30.1--More-- or (q)uitip route 0.0.0.0 0.0.0.0 10.1.20.1ip route 10.50.20.0 255.255.255.0 10.250.0.1ip route 10.51.20.0 255.255.255.0 10.250.0.1ip route 10.52.20.0 255.255.255.0 10.250.0.1ip route 10.53.20.0 255.255.255.0 10.250.0.1ip route 10.79.20.0 255.255.255.0 10.250.0.1ip route 10.80.8.0 255.255.255.0 10.250.0.1ip route 10.80.20.0 255.255.255.0 10.250.0.1ip route 10.81.1.0 255.255.255.0 10.250.0.1ip route 10.81.8.0 255.255.255.0 10.250.0.1ip route 10.81.20.0 255.255.255.0 10.250.0.1ip route 10.82.8.0 255.255.255.0 10.250.0.1ip route 10.82.20.0 255.255.255.0 10.250.0.1ip route 10.83.8.0 255.255.255.0 10.250.0.1ip route 10.83.20.0 255.255.255.0 10.250.0.1ip route 10.84.8.0 255.255.255.0 10.250.0.1ip route 10.84.20.0 255.255.255.0 10.250.0.1ip route 10.85.20.0 255.255.255.0 10.250.0.1ip route 10.87.8.0 255.255.255.0 10.250.0.1ip route 10.87.20.0 255.255.255.0 10.250.0.1ip route 10.88.8.0 255.255.255.0 10.250.0.1ip route 10.88.20.0 255.255.255.0 10.250.0.1ip route 192.168.2.0 255.255.255.0 10.250.0.1--More-- or (q)uitip route 10.89.8.0 255.255.255.0 10.250.0.1ip route 10.89.20.0 255.255.255.0 10.250.0.1ip route 10.90.8.0 255.255.255.0 10.250.0.1ip route 10.90.20.0 255.255.255.0 10.250.0.1ip route 10.90.21.0 255.255.255.0 10.250.0.1ip route 10.90.22.0 255.255.255.0 10.250.0.1ip route 10.90.23.0 255.255.255.0 10.250.0.1ip route 10.90.24.0 255.255.255.0 10.250.0.1ip route 10.90.25.0 255.255.255.0 10.250.0.1ip route 10.90.26.0 255.255.255.0 10.250.0.1ip route 10.90.30.0 255.255.255.0 10.250.0.1ip route 10.91.8.0 255.255.255.0 10.250.0.1ip route 10.91.20.0 255.255.255.0 10.250.0.1ip route 192.168.27.0 255.255.255.0 10.250.0.1ip route 10.92.20.0 255.255.255.0 10.250.0.1ip route 10.93.8.0 255.255.255.0 10.250.0.1ip route 10.93.20.0 255.255.255.0 10.250.0.1ip route 10.94.8.0 255.255.255.0 10.250.0.1ip route 10.94.20.0 255.255.255.0 10.250.0.1ip route 10.94.21.0 255.255.255.0 10.250.0.1ip route 10.95.8.0 255.255.255.0 10.250.0.1ip route 10.95.20.0 255.255.255.0 10.250.0.1ip route 192.168.0.0 255.255.255.0 10.250.0.1--More-- or (q)uitip route 10.96.8.0 255.255.255.0 10.250.0.1ip route 10.96.20.0 255.255.255.0 10.250.0.1ip route 10.98.8.0 255.255.255.0 10.250.0.1ip route 10.98.20.0 255.255.255.0 10.250.0.1ip route 10.99.8.0 255.255.255.0 10.250.0.1ip route 10.99.20.0 255.255.255.0 10.250.0.1ip route 10.99.50.0 255.255.255.0 10.250.0.1ip route 10.100.20.0 255.255.255.0 10.250.0.1ip route 10.100.8.0 255.255.255.0 10.250.0.1ip route 192.168.36.0 255.255.255.0 10.250.0.1ip route 10.101.8.0 255.255.255.0 10.250.0.1ip route 10.101.20.0 255.255.255.0 10.250.0.1ip route 10.102.8.0 255.255.255.0 10.250.0.1ip route 10.102.20.0 255.255.255.0 10.250.0.1ip route 10.103.8.0 255.255.255.0 10.250.0.1ip route 10.103.20.0 255.255.255.0 10.250.0.1ip route 10.104.8.0 255.255.255.0 10.250.0.1ip route 10.104.20.0 255.255.255.0 10.250.0.1ip route 10.105.8.0 255.255.255.0 10.250.0.1ip route 10.105.20.0 255.255.255.0 10.250.0.1ip route 10.107.8.0 255.255.255.0 10.250.0.1ip route 10.107.20.0 255.255.255.0 10.250.0.1ip route 10.108.8.0 255.255.255.0 10.250.0.1--More-- or (q)uitip route 10.108.20.0 255.255.255.0 10.250.0.1ip route 10.109.8.0 255.255.255.0 10.250.0.1ip route 10.109.20.0 255.255.255.0 10.250.0.1ip route 10.110.8.0 255.255.255.0 10.250.0.1ip route 10.110.20.0 255.255.255.0 10.250.0.1ip route 10.110.21.0 255.255.255.0 10.250.0.1ip route 10.111.8.0 255.255.255.0 10.250.0.1ip route 10.111.20.0 255.255.255.0 10.250.0.1ip route 10.112.8.0 255.255.255.0 10.250.0.1ip route 10.112.20.0 255.255.255.0 10.250.0.1ip route 10.113.8.0 255.255.255.0 10.250.0.1ip route 10.113.20.0 255.255.255.0 10.250.0.1ip route 10.114.8.0 255.255.255.0 10.250.0.1ip route 10.115.8.0 255.255.255.0 10.250.0.1ip route 10.115.20.0 255.255.255.0 10.250.0.1ip route 10.117.8.0 255.255.255.0 10.250.0.1ip route 10.117.20.0 255.255.255.0 10.250.0.1ip route 10.118.8.0 255.255.255.0 10.250.0.1ip route 10.118.20.0 255.255.255.0 10.250.0.1ip route 10.119.8.0 255.255.255.0 10.250.0.1ip route 10.119.20.0 255.255.255.0 10.250.0.1ip route 10.120.8.0 255.255.255.0 10.250.0.1ip route 10.120.20.0 255.255.255.0 10.250.0.1--More-- or (q)uitip route 10.121.1.0 255.255.255.0 10.250.0.1ip route 10.121.20.0 255.255.255.0 10.250.0.1ip route 192.168.37.0 255.255.255.0 10.250.0.1ip route 10.125.8.0 255.255.255.0 10.250.0.1ip route 10.125.20.0 255.255.255.0 10.250.0.1ip route 10.126.8.0 255.255.255.0 10.250.0.1ip route 10.126.20.0 255.255.255.0 10.250.0.1ip route 10.3.40.0 255.255.255.0 10.250.0.1ip route 10.127.20.0 255.255.255.0 10.250.0.1ip route 10.2.20.0 255.255.255.0 10.250.0.1ip route 10.2.8.0 255.255.255.0 10.250.0.1ip route 10.2.30.0 255.255.255.0 10.250.0.1ip route 10.106.20.0 255.255.255.0 10.250.0.1ip route 10.106.8.0 255.255.255.0 10.250.0.1ip route 10.78.20.0 255.255.255.0 10.250.0.1ip route 10.90.1.0 255.255.255.0 10.250.0.1ip route 10.119.1.0 255.255.255.0 10.250.0.1ip route 10.54.20.0 255.255.255.0 10.250.0.1ip route 10.54.8.0 255.255.255.0 10.250.0.1ip route 10.129.20.0 255.255.255.0 10.250.0.1ip route 10.86.1.0 255.255.255.0 10.250.0.1ip route 10.86.20.0 255.255.255.0 10.250.0.1ip route 10.86.21.0 255.255.255.0 10.250.0.1--More-- or (q)uitip route 10.128.20.0 255.255.255.0 10.250.0.1ip route 10.131.20.0 255.255.255.0 10.250.0.1ip route 10.49.20.0 255.255.255.0 10.250.0.1ip route 10.107.1.0 255.255.255.0 10.250.0.1ip route 10.48.20.0 255.255.255.0 10.250.0.1ip route 10.10.20.0 255.255.255.0 10.250.0.1ip route 10.46.20.0 255.255.255.0 10.250.0.1ip route 10.130.20.0 255.255.255.0 10.250.0.1ip route 0.0.0.0 0.0.0.0 10.250.0.1 2no ip helper enableservice dhcpip dhcp excluded-address 10.1.20.1 10.1.20.1ip dhcp pool 'VLAN20'dns-server 10.1.30.2 1.1.1.1default-router 10.1.20.200network 10.1.20.0 255.255.255.0domain-name bvp.localexitinterface vlan 1 1exitinterface vlan 8 6ip address 10.1.8.200 255.255.255.0exit--More-- or (q)uitinterface vlan 20 5ip address 10.1.20.200 255.255.255.0exitinterface vlan 30 3ip address 10.1.30.200 255.255.255.0exitinterface vlan 31 7ip address 10.1.31.200 255.255.255.0exitinterface vlan 40 4ip address 10.1.40.200 255.255.255.0exitinterface vlan 100 8ip address 10.1.100.200 255.255.255.0exitinterface vlan 250 2ip address 10.250.0.4 255.255.255.0exitinterface vlan 253 9ip address 192.168.1.200 255.255.255.0exitinterface vlan 254 10ip address 192.168.254.200 255.255.255.0--More-- or (q)uitexitusername 'admin' password 8074871d45db5fd313f8da4284607d3e privilege 15 encryptedno spanning-treespanning-tree bpdu floodingclassofservice trust ip-dscpclassofservice ip-dscp-mapping 46 6cos-queue random-detect 5cos-queue strict 0 1 2 3 4 5 6udld enable!interface Te1/0/1description 'MX250_Uplink'switchport mode generalswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30-32,40,100,250,253-254 taggedswitchport general allowed vlan remove 1switchport trunk allowed vlan 1,40,250exit!interface Te1/0/2description 'Warm_Spare_MX250_Uplink'switchport mode generalswitchport general acceptable-frame-type tagged-only--More-- or (q)uitswitchport general allowed vlan add 8,20,30-31,40,100,250-251,253-254 taggedswitchport general allowed vlan add 1 taggedexit!interface Te1/0/3description 'MS-120-48P_Top_Trunk'switchport mode generalswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,253-254 taggedswitchport access vlan 250exit!interface Te1/0/4description 'MS-120-48P_Middle_Trunk'switchport mode generalswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,253-254 taggedswitchport general allowed vlan remove 1switchport access vlan 250switchport trunk native vlan 8switchport trunk allowed vlan 8,20,30,40,100,253-254exit!--More-- or (q)uitinterface Te1/0/5description 'MS-120-48P_Bottom_Trunk'switchport mode trunkswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,253-254 taggedswitchport general allowed vlan remove 1switchport trunk native vlan 8switchport trunk allowed vlan 8,20,30,40,100,253-254exit!interface Te1/0/6speed 1000duplex fullswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,254switchport general allowed vlan add 253 taggedswitchport general allowed vlan remove 1switchport access vlan 250switchport trunk native vlan 8switchport trunk allowed vlan 8,20,30,40,100,254exit!interface Te1/0/7--More-- or (q)uitspeed 1000duplex fullswitchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,253-254 taggedswitchport general allowed vlan remove 1switchport trunk native vlan 8switchport trunk allowed vlan 8,20,30,40,100,253-254exit!interface Te1/0/8duplex fullexit!interface Te1/0/9speed 1000duplex fulldescription 'Small_Office_Uplink'switchport mode trunkswitchport trunk native vlan 8udld enableexit!interface Te1/0/10--More-- or (q)uitspeed 1000duplex fulldescription 'Middle_Row_Uplink'switchport mode trunkswitchport access vlan 8switchport trunk native vlan 251udld enableexit!interface Te1/0/11speed 1000duplex fulldescription 'Middle_Row_VOIP_Access'switchport general acceptable-frame-type tagged-onlyswitchport general allowed vlan add 8,20,30,40,100,253-254 taggedswitchport general allowed vlan remove 1switchport access vlan 100switchport trunk native vlan 8udld enableexit!interface Te1/0/12speed 1000--More-- or (q)uitduplex fulldescription 'Hik_Central_Access'switchport general allowed vlan remove 1switchport access vlan 30switchport trunk native vlan 8switchport trunk allowed vlan 8,20,30,40,100,253-254udld enableexit!interface Te1/0/13speed 1000duplex fulldescription 'Top_Floor_Uplink_Trunk'switchport mode generalswitchport general allowed vlan add 8,30-32 taggedswitchport general allowed vlan remove 1switchport access vlan 31exit!interface Te1/0/14speed 1000duplex fulldescription 'Accounting_Server'--More-- or (q)uitswitchport access vlan 40exit!interface Te1/0/15duplex fullexit!interface Te1/0/16speed 1000exit!interface Te1/0/19mtu 9216switchport access vlan 250exit!interface Te1/0/20description 'MPLS_Uplink'mtu 9216switchport access vlan 250exitsnmp-server engineid local 800002a2035c260a979669exit--More-- or (q)uit

Mr.Larry91 · Accepted Answer

Hi guys,

Have an update. Did a packet capture and saw that the router that is doing the nat is not replying to pings.

I double-checked the config and saw that "source IP address spoofing protection" was enabled, once it was turned off the default route was working and I was able to ping.

So basically the router decided that my client was a spoof attack.

DELL-Josh Cr · Answer

Hi Mr.Larry91, When the clients are being assigned DHCP do they show the proper ip address for their default gateway?

Mr.Larry91 · Answer

Hi,

The clients are showing the proper IP address of their default gateway.

For example when a client received a DHCP lease from 10.1.20.0/24 (client ip 10.1.20.2, default gateway 10.1.20.200), the client on that network could not ping 10.1.30.1 which was originally the default route on the switch while directly from the switch 10.1.30.1 was replying to pings.

All vlan interfaces have IP assigned to them and clients are able to communicate in between vlans. There are no ACL set on the router.

Current workaround that I am using is adding default route with same priority for each vlan 10.1.20.1, 10.1.30.1, 10.1.40.1 and so on.

I will run a packet capture today hopefully that will provide additional insight into the problem.

Networking General

Was this post helpful?