4 Replies Latest reply on Sep 17, 2013 1:36 PM by george_s

    1638p standalone InterVLAN routing

    george_s New Member

      I have 2 1638P's at a single site. Both are on R10.9.0.HA OS. The switches are connected with fiber on xgigabit 1/1:

      interface xgigabit-switchport 1/1

        description Tie to BLDG 2

        no shutdown

        switchport mode trunk

        switchport trunk allowed vlan 1,10

        qos trust cos

        speed auto

       

      I have 2 VLANs:

      interface vlan 1

        ip address  199.248.249.240  255.255.255.0 ( i know this is a public address, this is inherited and will eventually be changed)

        ip route-cache express

        no shutdown

      !

      interface vlan 10

        ip address  192.168.10.1  255.255.255.0

        ip route-cache express

        no shutdown

      !

      I want devices on VLANs to be able to communicate with each other, using the 1638P for routing between the VLANs.


      Right now if I have PC's on gi 0/2 with an IP address of 199.248.249.210/24 and gi 0/3 with an IP address of 192.168.10.100/24, I cannot ping between the 2. Can you tell me what I am missing?


      Here are the port configs:

       

      interface gigabit-switchport 0/1

        description Router/Firewall Port

        spanning-tree edgeport

        no shutdown

        switchport mode trunk

        switchport trunk allowed vlan 1,10

        switchport voice vlan 10

        qos trust cos

      !

      interface gigabit-switchport 0/2

        spanning-tree edgeport

        no shutdown

        qos trust cos

      !

      interface gigabit-switchport 0/3

        spanning-tree edgeport

        no shutdown

        switchport voice vlan 10

        qos trust cos

        • Re: 1638p standalone InterVLAN routing
          levi Employee

          george_s:

           

          Thank you for asking this question in the support community.  Based on the configuration example you provided, it appears that gigabit-switchport 0/2 and 0/3 are both in VLAN 1 (the native VLAN) for the PCs.  Therefore, since one computer is configured in the VLAN 1 subnet, and the other is in the VLAN 10 subnet, but both of the switchports are configured for VLAN 1, this will not work.  When you get a chance, could you configure switchport 0/3 to be in VLAN 10, as follows, and try the connectivity tests again:

           

          # configure terminal

          (config)# interface gigabit-switchport 0/3

          (config-giga-swx 0/3)# switchport access vlan 10

           

          Also, I recommend the firewalls are disabled on the PCs during your testing.  Is the NV1638 acting as a Layer 3 switch with the global command ip route-cache express?

           

          Please, do not hesitate to reply to this post with any questions or additional information.  I will be happy to help in any way I can.

           

          Levi

            • Re: 1638p standalone InterVLAN routing
              george_s New Member

              Thanks for the reply Levi, I appreciate the assist!

               

              Here is what I have done:

              PC#1 Ethernet adapter Local Area Connection:

                 Connection-specific DNS Suffix  . :

                   IPv4 Address. . . . . . . . . . . : 192.168.10.100

                 Subnet Mask . . . . . . . . . . . : 255.255.255.0

                 Default Gateway . . . . . . . . . : 192.168.10.1

              on switchport 3

               

              PC#2

              Ethernet adapter Local Area Connection:

                 Connection-specific DNS Suffix  . :

                   IPv4 Address. . . . . . . . . . . : 199.248.249.100

                 Subnet Mask . . . . . . . . . . . : 255.255.255.0

                 Default Gateway . . . . . . . . . : 199.248.249.239

              on switchport 2

               

              I can ping the local gateways from each pc, but not the other pc

               

              Here is the sho run with the changes:

               

              BLDG_1#sho run

              Building configuration...

              !

              !

              ! ADTRAN, Inc. OS version R10.9.0.HA

              ! Boot ROM version R10.3.0.SB

              ! Platform: NetVanta 1638P, part number 1700569F1

              ! Serial number LBADTN1330AC109

              !

              !

              hostname "BLDG_1"

              enable password encrypted 45417c969624fbb572faea17d3bf694b7d0b

              !

              clock timezone -6-Central-Time

              clock no-auto-correct-DST

              !

              ip subnet-zero

              ip classless

              ip default-gateway 199.248.249.200

              ip routing

              domain-name "customer.com"

              name-server 199.248.249.219 199.248.249.120

              !

              !

              ip route-cache express

              !

              no auto-config

              !

              event-history on

              no logging forwarding

              no logging email

              !

              service password-encryption

              !

              username "admin" password encrypted "2921684f70c8e5f65910e17ad71b507967cd"

              username "customer" password encrypted "3632860a05f03c30d946651decec5e91b7ef"

              username "vendor" password encrypted "464e740d5eea99e0046f3e3b8fe320bf9b29"

              !

              banner motd 1

              NO UNAUTHORIZED ACCESS!!! 1

              !

              !

              !

              no dot11ap access-point-control

               

              no dos-protection

               

              no desktop-auditing dhcp

               

              no network-forensics ip dhcp

              !

              !

              !

              qos queue-type strict-priority

              !

              qos dscp-cos 46 to 5

              ! DSCP to CoS mapping only operates on ports that have 'qos trust cos' applied

              !

              !

              !

              vlan 1

                name "Default"

              !

              vlan 10

                name "Voice_VLAN"

              !

              interface eth 0/1

                no ip address

                shutdown

              !

              !

              interface gigabit-switchport 0/1

                description To FIREWALL/ROUTER

                spanning-tree edgeport

                no shutdown

                switchport mode trunk

                switchport trunk allowed vlan 1,10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/2

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/3

                spanning-tree edgeport

                no shutdown

                switchport access vlan 10

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/4

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

               

               

              !

              interface gigabit-switchport 0/47

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              interface gigabit-switchport 0/48

                spanning-tree edgeport

                no shutdown

                switchport voice vlan 10

                qos trust cos

              !

              !

              interface xgigabit-switchport 1/1

                description BLDG2 TRUNK

                no shutdown

                switchport mode trunk

                switchport trunk allowed vlan 1,10

                qos trust cos

                speed auto

              !

              interface xgigabit-switchport 1/2

                no shutdown

                switchport mode access

                speed auto

              !

              !

              !

              interface vlan 1

                ip address  199.248.249.239  255.255.255.0

                ip route-cache express

                no shutdown

              !

              interface vlan 10

                ip address  192.168.10.1  255.255.255.0

                ip route-cache express

                no shutdown

              !

              !

              no tftp server

              no tftp server overwrite

              http server

              http secure-server

              no snmp agent

              no ip ftp server

              ip ftp server default-filesystem flash

              no ip scp server

              no ip sntp server

              !

              !

              line con 0

                login local-userlist

                password encrypted 2622805029c6d744b272afd26cef4452f21a

              !

              line telnet 0 4

                login local-userlist

                password encrypted 32364d4c499a28f5792d01841d942bd166fe

                no shutdown

              line ssh 0 4

                login local-userlist

                no shutdown

              !

              !

              !

              !

              end

              BLDG_1#

                • Re: 1638p standalone InterVLAN routing
                  levi Employee

                  george_s:

                   

                  Thank you for replying with this information.  Is the firewall disabled on both PCs?  Can PC#1 (which is in VLAN 10) ping the VLAN 1 interface?  Can PC#2 (which is in VLAN 1) ping the VLAN 10 interface?  What happens on a tracert from PC1 to PC2 and vice-versa?

                   

                  Levi

                    • Re: 1638p standalone InterVLAN routing
                      george_s New Member

                      Hi Levi:

                      I had firewall issues on one of the machines, in that even with the service disabled it would not respond to pings. I swapped machines and all is good

                      • From PC#1 VLAN10, I can ping 192.168.10.1, 199.248.249.239, and 199.248.249.100
                      • From PC#1 tracert is good to the machine
                      • From PC#2 VLAN1, I can ping 199.248.249.239, 192.168.10.1 and 192.168.10.100
                      • From PC#2 tracert is goo to the machine
                      • From the console port, I can ping both gateways, and machines

                      So your original diagnosis was good, and I am now able to route between VLANs. Thanks again for taking the time to help me out