Routing to internet

Question

It’s been a long day. I am trying to replace a old DLink switch with a PC 6224. I have configured 6 VLan’s, 68,69,70,71,210,206. The 210 & 206 (I know, it’s a public IP range. We use NAT and it isn’t an issue right now) will be removed shortly, but my first goal is getting this switch working. I am basically trying to mirror the config of the old switch for now, then I will tweak once it’s working. I configured the switch off line with 2 laptops. Everything appeared to be working so I plugged it in today and swung over hubs and servers on to it. Everything on the LAN seems to be working, I can ping, tracert follows the expected paths, grab IP from DHCP server, etc. But I am unable to access the internet. Our firewall sits on the 210 VLAN, it’s ip is 10.1.210.1. So I add a default route to point to the firewall. I can ping Google now, but 90% of the packets time out. After an hour of troubleshooting and changes, I decide to remove the default route pointing to the firewall and change it to another router on the other side of the building. Its default route is pointing to the firewall and has other routes pointing to the VLAN IP Interfaces.  It works, but it is slow. This makes no sense to me and I finally gave up after 6 hours and put the old switch back in. Sorry for the long story. Below is my running config of the 6224. Can anyone see anything that may cause this? Any other hints? Thanks!   !Current Configuration: !System Description 'Dell PowerConnect' !System Software Version 1.0.0.27 ! configure gvrp enable vlan database vlan 68-71,206,210 exit stack member 1 1 exit ip address 192.168.70.254 255.255.255.0 interface vlan 68 name '10 244 68 x' routing ip address  10.244.68.4  255.255.255.0 ip local-proxy-arp exit interface vlan 69 name '10 244 69 x' --More-- or (q)uit routing ip address  10.244.69.1  255.255.255.0 ip local-proxy-arp exit interface vlan 70 name '10 244 70 x' routing ip address  10.244.70.1  255.255.255.0 ip local-proxy-arp exit interface vlan 71 name '10 244 71 x' routing ip address  10.244.71.1  255.255.255.0 ip local-proxy-arp exit interface vlan 206 name '206 152 208 x' routing ip address  206.152.208.7  255.255.255.0 ip local-proxy-arp --More-- or (q)uit exit interface vlan 210 name '10 1 210 x' routing ip address  10.1.210.4  255.255.255.0 ip local-proxy-arp exit ip routing bootpdhcprelay maxhopcount 6 bootpdhcprelay serverip 10.1.210.8 username 'admin' password 76183d6fad609c3fc221a56c10a32a6b level 15 encrypted username 'cblair' password 1b167f9e8065e176543c90a876a7ec45 level 15 encrypted ! interface ethernet 1/g1 gvrp enable switchport access vlan 69 exit ! interface ethernet 1/g2 switchport access vlan 69 exit --More-- or (q)uit ! interface ethernet 1/g3 switchport access vlan 69 exit ! interface ethernet 1/g4 switchport access vlan 69 exit ! interface ethernet 1/g5 switchport access vlan 69 exit ! interface ethernet 1/g6 switchport access vlan 69 exit ! interface ethernet 1/g7 switchport access vlan 69 exit ! --More-- or (q)uit interface ethernet 1/g8 switchport access vlan 69 exit ! interface ethernet 1/g9 switchport access vlan 69 exit ! interface ethernet 1/g10 switchport access vlan 69 exit ! interface ethernet 1/g11 switchport access vlan 69 exit ! interface ethernet 1/g12 switchport access vlan 69 exit ! interface ethernet 1/g13 --More-- or (q)uit switchport access vlan 69 exit ! interface ethernet 1/g14 switchport access vlan 69 exit ! interface ethernet 1/g15 switchport access vlan 206 exit ! interface ethernet 1/g16 switchport access vlan 206 exit ! interface ethernet 1/g17 switchport access vlan 210 exit ! interface ethernet 1/g19 switchport access vlan 71 --More-- or (q)uit exit ! interface ethernet 1/g20 switchport access vlan 71 exit ! interface ethernet 1/g21 switchport access vlan 68 exit ! interface ethernet 1/g22 switchport access vlan 68 exit ! interface ethernet 1/g23 switchport access vlan 70 exit ! interface ethernet 1/xg1 switchport access vlan 68 exit --More-- or (q)uit ! interface ethernet 1/xg2 switchport access vlan 68 exit ! interface ethernet 1/xg3 switchport access vlan 70 exit exit console#

nlspears · Answer

I had a similar experience. What resolved my issue was that I had to create static routes on my firewall that points to the different vlan subnets. I created a route for each network and used the gateway of the vlan that my firewall sat on. Have you done this already?

Cblair · Answer

Well just an update. After putting back the orginial switch i found a Printer with a Static IP was plugged into the wrong VLAN port. It was causing our internal network to CRAWL and very sporadic ping responses. Would a PC plugged into a wrong subnet casue this much disruption?

Cblair · Answer

Thanks for the reply. I do have static routes on the firewall for each vlan. Those routes would be:   10.1.210.0 - gateway 10.1.210.4 10.244.68.0 - gateway 10.1.210.4 10.244.69.0 - gateway 10.1.210.4 10.244.70.0 - gateway 10.1.210.4 10.244.71 - gateway 10.1.210.4 206.152.208.x - gateway 10.1.210.4     I am going to set the switch back up in a test enviroment and see what i can figure out oday.

nlspears · Answer

Try adding a route on your firewall pointing 10.1.210.4 to your firewall's external interace ip address. This would be a 'host to host' route instead of a network route.

Cblair · Answer

I will try that tomorrow night, i need a night off from this one.     Thanks!

Networking General

Was this post helpful?