cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
ya5e
New Contributor

3448 VLAN Routing

Hi All

I must be missing something stupid - the 3448 is layer 3 light - when VLANS have IP's they are routable. In other words a device in vlan 10 should be able to ping a device in vlan 1. In short I am not able to ping devices within different vlans. When troubleshooting from the 3448 i can ping the devices just fine. Computer A in vlan 10 cannot ping computer B in vlan 1 and vice versa.

Note: eth0 the ISP uplink is not configured yet so there is no default route.

What am I missing?

Thanks

Labels (2)
0 Kudos
10 Replies
ya5e
New Contributor

Re: 3448 VLAN Routing

What am I missing?

VLAN 10 - 10.0.10.1

VLAN 1 - 10.0.0.1

ClientA - 10.0.0.2

ClientB - 10.0.10.11

DHCP Scopes for both the 10.0.0.0/24 and the 10.0.10.0/24 networks.

When on 3448 I can ping all devices

When on network 10.0.10.0/24 with port set to VLAN 10 (or trunk port with native 10) I'm not able to ping the client at 10.0.0.2. I can ping the other gateways such as 10.0.10.1 and 10.0.0.1

Wjhen on network 10.0.0.0/24 with port set to VLAN 1 (or trunk port with native 1) Im not  able ot ping the client at 10.0.10.11 I can ping all other gateways such as 10.0.0.1, and 10.0.10.1

jayh
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Because your DHCP scopes are local, remove the helper addresses from the VLAN interfaces.

It may be just cosmetic, but your description of the DHCP pool for 10.0.0.0 says /29 and both the scope and interface are configured for /24.

You should also allow subnets in the Private policy class to reach other subnets within the Private class.

ip access-list extended allow-private

  permit ip any 10.0.0.0 0.255.255.255

ip policy-class Private

  allow list self self

  allow list allow-private policy Private

  nat source list wizard-ics interface eth 0/1 overload

!

ya5e
New Contributor

Re: 3448 VLAN Routing

Jayh -

Thank you for replying! I've been banging my head against the wall. I have updated the config with your suggestions with no luck. I am still unable to ping across VLANs.

To clarify from the 3448 I can ping all the clients within any subnet.

From the 10.0.0.0/24 network I am unable to ping clients in the 10.0.10.0/24 network

From the 10.0.10.0/24 network I am unable to ping clients in the 10.0.0.0/24 network

Updated Config Here

Any other ideas?

Thanks

jayh
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Your web-acl-6 is wrong. All of your private subnets are within 10.0.0.0/8 so the mask should be /8 or in wildcard form 0.255.255.255. You have it as a /24. or 0.0.0.255.

You've made VLAN 1 a /21 but your description still says /29. This is cosmetic assuming that you really want a /21 mask. If you're really going to have in excess of about 500 hosts on a subnet, you may run into some issues with excessive broadcasts.

ya5e
New Contributor

Re: 3448 VLAN Routing

Hi Jayh -

This makes sense - I have adjusted the config - thank you very much.

Everything appears to be working aside from a single host on the 10.0.0.0 network. An access point 10.0.0.2 is only reachable from the 10.0.0.0 network. Granted the AP does pass DHCP for each VLAN from the NV3448. In other words clients get IP's and are placed in the correct VLAN. For some reason the management ip 10.0.0.2 is not reachable from other networks such as 10.0.10.0 however the clients on the AP are.

Thanks again for the help!

jayh
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Is the access point on 10.0.0.2 configured by DHCP or manually? Check its default gateway and netmask for accuracy.

ya5e
New Contributor

Re: 3448 VLAN Routing

Jayh -

The Ruckus AP is configured with a static - 10.0.0.2/24 with a 10.0.0.1 default gateway.  The netmask here should work no?

jayh
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

I thought you set the netmask on that subnet to /21. If so, all devices on the subnet should have a /21 mask. However, it should still work for that circumstance.

ya5e
New Contributor

Re: 3448 VLAN Routing

That is correct - I will test with a /21 on the 10.0.0.2 device. I assumed it would work with a 255.255.255.0 - I do not see a reason it would not.

jayh
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Because it is just that one device, it's unlikely that the problem is related to the 3448 configuration. Most of the time this problem is a wrong or missing default route on the host. Maybe an ACL?