ExtremeSwitching (EXOS)

Expand all | Collapse all

Default route on VLAN

Paolo Trivisonno

Paolo Trivisonno11-19-2018 07:45

Patrick Voss

Patrick Voss11-19-2018 14:05

  • 1.  Default route on VLAN

    Posted 11-13-2018 12:42
    Hi,
    I have an problem with my core switch, the core is 2 Summit 670 with EXOS 16.1.3.6 .
    On the core and peripheral we have many VLAN but when I try to configure an client with the sumimt's IP as default gw I'm able only to ping other VLAN client.. but the default iproute for 0.0.0.0 don't work.
    Intervlan forwarding is enabled.
    an example config:
    configure vlan Client ipaddress 172.26.15.254 255.255.248.0
    enable ipforwarding vlan Client
    configure vlan AP ipaddress 192.168.110.10 255.255.255.0
    enable ipforwarding vlan AP
    configure vlan didattical ipaddress 172.26.20.254 255.255.255.0
    configure iproute add default 172.26.15.253

    Can anyone help me? please...!



  • 2.  RE: Default route on VLAN

    Posted 11-13-2018 13:13
    What is 172.26.15.253? Does it have a route back to the Client subnet? My guess is the switch is forwarding the traffic to the default route but it is not making it back. If you could give more information on the IP you are pinging from and the destination IP along with a topology it might help.


  • 3.  RE: Default route on VLAN

    Posted 11-13-2018 13:50
    I also don't see ipforwarding enabled for didattical. If this VLAN is acting as your default gateway ipforwarding will be needed.


  • 4.  RE: Default route on VLAN

    Posted 11-14-2018 20:06



    This is my network..

    Centro Stella is the core (2 x summit670) with ip 172.26.15.254
    on the VLAN client (VID 1).
    On the same VLAN I have an Fortigate (172.26.15.253)
    as default gw for the core and all client use the core as gw.


  • 5.  RE: Default route on VLAN

    Posted 11-14-2018 21:01
    Run the following from the 670...

    sh iproute
    ping 8.8.8.8
    ping 8.8.8.8 from 192.168.110.10

    ...and this on the fortigate...
    show router static

    ...and post a screenshot of it.


  • 6.  RE: Default route on VLAN

    Posted 11-15-2018 09:08
    Look this:

    * Slot-1 Summit670.16 # configure iproute add 8.8.8.8/32 172.26.71.254 vlan "Radio"

    * Slot-1 Summit670.17 # ping 8.8.8.8 from 172.26.71.253

    Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).

    16 bytes from 8.8.8.8: icmp_seq=0 ttl=118 time=20 ms

    16 bytes from 8.8.8.8: icmp_seq=1 ttl=118 time=20 ms

    16 bytes from 8.8.8.8: icmp_seq=2 ttl=118 time=20 ms

    16 bytes from 8.8.8.8: icmp_seq=3 ttl=118 time=20 ms



    --- 8.8.8.8 ping statistics ---

    4 packets transmitted, 4 packets received, 0% loss

    round-trip min/avg/max = 20/20/20 ms

    * Slot-1 Summit670.18 # configure iproute delete 8.8.8.8/32 172.26.71.254 vlan "Radio"

    * Slot-1 Summit670.19 # configure iproute add default 172.26.71.254 vlan "Radio"

    * Slot-1 Summit670.20 # ping 8.8.8.8 from 172.26.71.253

    Ping(ICMP) 8.8.8.8: 4 packets, 8 data bytes, interval 1 second(s).



    --- 8.8.8.8 ping statistics ---

    4 packets transmitted, 0 packets received, 100% loss

    round-trip min/avg/max = 0/0/0 ms

    * Slot-1 Summit670.21 #

    I don't understand why only the default route don't work from other vlan..


  • 7.  RE: Default route on VLAN

    Posted 11-19-2018 07:44
    * Slot-1 Summit670.1 # sh iproute

    Ori Destination Gateway Mtr Flags VLAN Duration

    #s Default Route 172.26.15.253 1 UG---S-um--f- Client 25d:19h:7m:36s

    s Default Route 172.26.20.253 10 UG---S-um---- didattical 25d:19h:7m:36s

    #d 172.26.8.0/21 172.26.15.254 1 U------um--f- Client 25d:19h:7m:40s

    #d 172.26.20.0/24 172.26.20.254 1 U------um--f- didattical 25d:19h:7m:40s

    #d 172.26.32.0/21 172.26.39.254 1 U------um--f- UtentiInterni 25d:19h:7m:40s

    #d 172.26.40.0/21 172.26.47.254 1 U------um--f- WebPortal 25d:19h:7m:40s

    #d 172.26.48.0/24 172.26.48.254 1 U------um--f- VideoSorveglianza 25d:19h:7m:40s

    #d 172.26.49.0/24 172.26.49.254 1 U------um--f- VideoConferenza 25d:19h:7m:40s

    #d 172.26.56.0/21 172.26.63.254 1 U------um--f- wifi-ospiti 25d:19h:7m:40s

    #d 172.26.68.0/24 172.26.68.253 1 U------um--f- wifi-mgmt 13d:20h:8m:48s

    #d 172.26.70.0/24 172.26.70.254 1 U------um--f- wifi-tele 25d:19h:7m:40s

    #d 172.26.250.0/24 172.26.250.254 1 U------um--f- HiPath 25d:19h:7m:40s

    #d 172.26.253.0/24 172.26.253.254 1 U------um--f- NetworkDevice 25d:19h:7m:40s

    #s 192.68.49.0/24 172.26.15.253 1 UG---S-um--c- Client 25d:19h:7m:36s

    #d 192.168.110.0/24 192.168.110.10 1 U------um--f- AP 25d:19h:7m:40s



    (mo) MOSPF (o) OSPF, (o1) OSPFExt1, (o2) OSPFExt2,

    (oa) OSPFIntra, (oe) OSPFAsExt, (or) OSPFInter, (pd) PIM-DM, (ps) PIM-SM,

    (r) RIP, (ra) RtAdvrt, (s) Static, (sv) SLB_VIP, (un) UnKnown,

    (*) Preferred unicast route (@) Preferred multicast route,

    (#) Preferred unicast and multicast route.



    Flags: (b) BFD protection requested, (B) BlackHole, (c) Compressed, (D) Dynamic,

    (f) Provided to FIB, (G) Gateway, (H) Host Route, (l) Calculated LDP LSP,

    (L) Matching LDP LSP, (m) Multicast, (p) BFD protection active, (P) LPM-routing,

    (R) Modified, (s) Static LSP, (S) Static, (t) Calculated RSVP-TE LSP,

    (T) Matching RSVP-TE LSP, (u) Unicast, (U) Up, (3) L3VPN Route.


  • 8.  RE: Default route on VLAN

    Posted 11-19-2018 07:45




  • 9.  RE: Default route on VLAN

    Posted 11-19-2018 07:47
    config router static

    edit 10

    set dst 172.26.10.225 255.255.255.255

    set gateway 172.26.15.254

    set device "Didattica"

    next

    edit 13

    set gateway 80.22.x.y

    set device "port4"

    next

    edit 19

    set dst 10.0.23.10 255.255.255.255

    set distance 1

    set device "NDMZ"

    next

    end



    FGT3HD3916826456_Master #


  • 10.  RE: Default route on VLAN

    Posted 11-19-2018 14:05
    Please provide a "show vlan"


  • 11.  RE: Default route on VLAN

    Posted 11-19-2018 14:19
    Slot-1 Summit670.1 # show vlan

    -----------------------------------------------------------------------------------------------

    Name VID Protocol Addr Flags Proto Ports Virtual

    Active router

    /Total

    -----------------------------------------------------------------------------------------------

    AP 101 192.168.110.10 /24 -f--------------------------- ANY 30/124 VR-Default

    Client 1 172.26.15.254 /21 -f--------------------------- ANY 29/120 VR-Default

    DCFujitsu-MGMT 930 ------------------------------------------------- ANY 2 /2 VR-Default

    Default 4094 ------------------------------------------------- ANY 0 /0 VR-Default

    didattical 103 172.26.20.254 /24 -f--------------------------- ANY 3 /3 VR-Default

    DMZ 190 ------------------------------------------------- ANY 2 /2 VR-Default

    HiPath 104 172.26.250.254 /24 -f--------------------------- ANY 1 /1 VR-Default

    Mgmt 4095 172.26.0.254 /24 ----------------------------- ANY 0 /1 VR-Mgmt

    NetworkDevice 102 172.26.253.254 /24 -f--------------------------- ANY 32/127 VR-Default

    Radio 160 ------------------------------------------------- ANY 3 /3 VR-Default

    UtentiInterni 120 172.26.39.254 /21 -f--------------------------- ANY 14/16 VR-Default

    VideoConferenza 130 172.26.49.254 /24 -f--------------------------- ANY 3 /4 VR-Default

    VideoSorveglianza 150 172.26.48.254 /24 -f--------------------------- ANY 2 /2 VR-Default

    WebPortal 140 172.26.47.254 /21 ----------------------------- ANY 14/16 VR-Default

    wifi-interni 200 ------------------------------------------------- ANY 5 /6 VR-Default

    wifi-mgmt 220 172.26.68.253 /24 ----------------------------- ANY 32/127 VR-Default

    wifi-ospiti 210 172.26.63.254 /21 ----------------------------- ANY 5 /6 VR-Default

    wifi-tele 230 172.26.70.254 /24 ----------------------------- ANY 4 /5 VR-Default

    -----------------------------------------------------------------------------------------------

    Flags : (B) BFD Enabled, (c) 802.1ad customer VLAN, (C) EAPS Control VLAN,


  • 12.  RE: Default route on VLAN

    Posted 11-19-2018 17:41
    Can you ping 192.168.110.10 from the fortigate? Sourcing from 172.26.15.253?


  • 13.  RE: Default route on VLAN

    Posted 11-19-2018 17:41
    VLAN AP is vlan for mgmt of Access Point.. and is not configured on Fortigate..


  • 14.  RE: Default route on VLAN

    Posted 11-19-2018 17:41
    an is normal fortigate send packet to default route...
    Look:

    FGT3HD3916806256_Master # execute ping 192.168.110.10

    PING 192.168.110.10 (192.168.110.10): 56 data bytes

    ^C

    --- 192.168.110.10 ping statistics ---

    1 packets transmitted, 0 packets received, 100% packet loss



    FGT3HD3916806256_Master #

    FGT3HD3916806256_Master #

    FGT3HD3916806256_Master # execute traceroute 192.168.110.10

    traceroute to 192.168.110.10 (192.168.110.10), 32 hops max, 3 probe packets per hop, 84 byte packets

    1 80.22.x.y


  • 15.  RE: Default route on VLAN

    Posted 11-19-2018 19:12
    Are these newly created networks? I suspect the Fortigate does not have routes back to the 192.168.110.0/24 and 172.26.8.0/21 networks.


  • 16.  RE: Default route on VLAN

    Posted 11-19-2018 19:12
    From 172.26.8.0/21 no problem..is the only vlan when I can use summit as default gw


  • 17.  RE: Default route on VLAN

    Posted 11-19-2018 19:12
    Sorry, I must have grabbed the wrong network from the initial post. Regardless, does the Fortigate have routes to the two networks that are not working?


  • 18.  RE: Default route on VLAN

    Posted 11-19-2018 19:12
    Backroute for 172.26.8.0/21 from fortigate is created when you configure anninterface with this ip..


  • 19.  RE: Default route on VLAN

    Posted 11-19-2018 19:30
    I want to use sunmit as gateway for Radio, didattical, VideoSoveglianza.. where right now I use fortigate as gw


  • 20.  RE: Default route on VLAN

    Posted 11-19-2018 21:30
    Paolo, based on the traceroute it appears the fortigate does not know how to get back to ap subnet. I suspect that the summit is sending all "unknown" traffic to its default route (the fortigate). However when the traffic is coming back (ie a ping reply) it gets lost at the fortigate because the route is not there. Can you add a route on the fortigate for the 192.168.110.0/24 network to 172.26.15.254 and see if the ping goes through?