Routing to internet

Question

It’s been a long day.

I am trying to replace a old DLink switch with a PC 6224. I have configured 6 VLan’s, 68,69,70,71,210,206. The 210 & 206 (I know, it’s a public IP range. We use NAT and it isn’t an issue right now) will be removed shortly, but my first goal is getting this switch working. I am basically trying to mirror the config of the old switch for now, then I will tweak once it’s working.

I configured the switch off line with 2 laptops. Everything appeared to be working so I plugged it in today and swung over hubs and servers on to it. Everything on the LAN seems to be working, I can ping, tracert follows the expected paths, grab IP from DHCP server, etc. But I am unable to access the internet.

Our firewall sits on the 210 VLAN, it’s ip is 10.1.210.1. So I add a default route to point to the firewall. I can ping Google now, but 90% of the packets time out.

After an hour of troubleshooting and changes, I decide to remove the default route pointing to the firewall and change it to another router on the other side of the building. Its default route is pointing to the firewall and has other routes pointing to the VLAN IP Interfaces. It works, but it is slow. This makes no sense to me and I finally gave up after 6 hours and put the old switch back in.

Sorry for the long story. Below is my running config of the 6224. Can anyone see anything that may cause this? Any other hints?

Thanks!

!Current Configuration:
!System Description "Dell PowerConnect"
!System Software Version 1.0.0.27
!
configure
gvrp enable
vlan database
vlan 68-71,206,210
exit
stack
member 1 1
exit
ip address 192.168.70.254 255.255.255.0
interface vlan 68
name "10 244 68 x"
routing
ip address 10.244.68.4 255.255.255.0
ip local-proxy-arp
exit
interface vlan 69
name "10 244 69 x"

--More-- or (q)uit

routing
ip address 10.244.69.1 255.255.255.0
ip local-proxy-arp
exit
interface vlan 70
name "10 244 70 x"
routing
ip address 10.244.70.1 255.255.255.0
ip local-proxy-arp
exit
interface vlan 71
name "10 244 71 x"
routing
ip address 10.244.71.1 255.255.255.0
ip local-proxy-arp
exit
interface vlan 206
name "206 152 208 x"
routing
ip address 206.152.208.7 255.255.255.0
ip local-proxy-arp

--More-- or (q)uit

exit
interface vlan 210
name "10 1 210 x"
routing
ip address 10.1.210.4 255.255.255.0
ip local-proxy-arp
exit
ip routing
bootpdhcprelay maxhopcount 6
bootpdhcprelay serverip 10.1.210.8
username "admin" password 76183d6fad609c3fc221a56c10a32a6b level 15
encrypted
username "cblair" password 1b167f9e8065e176543c90a876a7ec45 level 15
encrypted
!
interface ethernet 1/g1
gvrp enable
switchport access vlan 69
exit
!
interface ethernet 1/g2
switchport access vlan 69
exit

--More-- or (q)uit

!
interface ethernet 1/g3
switchport access vlan 69
exit
!
interface ethernet 1/g4
switchport access vlan 69
exit
!
interface ethernet 1/g5
switchport access vlan 69
exit
!
interface ethernet 1/g6
switchport access vlan 69
exit
!
interface ethernet 1/g7
switchport access vlan 69
exit
!

--More-- or (q)uit

interface ethernet 1/g8
switchport access vlan 69
exit
!
interface ethernet 1/g9
switchport access vlan 69
exit
!
interface ethernet 1/g10
switchport access vlan 69
exit
!
interface ethernet 1/g11
switchport access vlan 69
exit
!
interface ethernet 1/g12
switchport access vlan 69
exit
!
interface ethernet 1/g13

--More-- or (q)uit

switchport access vlan 69
exit
!
interface ethernet 1/g14
switchport access vlan 69
exit
!
interface ethernet 1/g15
switchport access vlan 206
exit
!
interface ethernet 1/g16
switchport access vlan 206
exit
!
interface ethernet 1/g17
switchport access vlan 210
exit
!
interface ethernet 1/g19
switchport access vlan 71

--More-- or (q)uit

exit
!
interface ethernet 1/g20
switchport access vlan 71
exit
!
interface ethernet 1/g21
switchport access vlan 68
exit
!
interface ethernet 1/g22
switchport access vlan 68
exit
!
interface ethernet 1/g23
switchport access vlan 70
exit
!
interface ethernet 1/xg1
switchport access vlan 68
exit

--More-- or (q)uit

!
interface ethernet 1/xg2
switchport access vlan 68
exit
!
interface ethernet 1/xg3
switchport access vlan 70
exit
exit

console#

nlspears · Answer

I had a similar experience. What resolved my issue was that I had to create static routes on my firewall that points to the different vlan subnets. I created a route for each network and used the gateway of the vlan that my firewall sat on. Have you done this already?

Cblair · Answer

Well just an update. After putting back the orginial switch i found a Printer with a Static IP was plugged into the wrong VLAN port. It was causing our internal network to CRAWL and very sporadic ping responses. Would a PC plugged into a wrong subnet casue this much disruption?

Cblair · Answer

Thanks for the reply. I do have static routes on the firewall for each vlan. Those routes would be:   10.1.210.0 - gateway 10.1.210.4 10.244.68.0 - gateway 10.1.210.4 10.244.69.0 - gateway 10.1.210.4 10.244.70.0 - gateway 10.1.210.4 10.244.71 - gateway 10.1.210.4 206.152.208.x - gateway 10.1.210.4     I am going to set the switch back up in a test enviroment and see what i can figure out oday.

nlspears · Answer

Try adding a route on your firewall pointing 10.1.210.4 to your firewall's external interace ip address. This would be a 'host to host' route instead of a network route.

Cblair · Answer

I will try that tomorrow night, i need a night off from this one.     Thanks!

Networking General

Routing to internet

Was this post helpful?