Subvlan not accessible across switches

  • 0
  • 1
  • Problem
  • Updated 4 years ago
  • Solved
Hi, I have two switches connect by a 3 port grouping. On each side, there is a vlan called Dedicated and the group is tagged 200 on each side.

One switch is an X450a-48t, this is connected to the outside world and has other networks etc. connected to it. The second switch is an X440-48t which is only connected via the 3 port group to the X450a-48t.

I have configured the IP address of the "Dedicated" vlan on the X440 side with an IP address x.x.x.1/24, this IP is pingable and accessable from the internet.

This "Dedicated" vlan is set up as a supervlan on the X440. I have a subvlan configured called "subvlan1" which is a subvlan of "Dedicated". "subvlan1" is set as a loopback vlan and has a server connected to it.

I have configured addresses from the x.x.x.0/24 range of the supervlan on the server, but the server has no external access past the gateway x.x.x.1/24. I can ping the gateway, but nothing beyond it.

The X450 also cannot ping the address of the server.

I am looking for help in getting the server connected to the subvlan to be accessable past the gateway. Can anyone help?

I can remove the server from the subvlan and connect it directly to the "Dedicated" vlan, and it works perfectly. However I want to be able to use the subvlan-address-range feature to restrict IP access on the server if possible.

Thanks.
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb

Posted 4 years ago

  • 0
  • 1
Photo of Ronald Dvorak

Ronald Dvorak, Embassador

  • 45,024 Points 20k badge 2x thumb
So the X440 should route from the deticated VLAN to the sub VLAN.
Has the X440 also a IP interface in the deticated VLAN ?
Is "enable ipforwarding" set on the X440 - during my XOS training I've learned that you'd to enable it every time you add a new VLAN.
Is OSPF enabled or did you add a static route to the sub VLAN on the X450
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Hi, The X440 has the ip subnet x.x.x.1./24 assigned on it's side, the X450 has no ip assigned on its side of the link. The x.x.x.1 gateway is reachable on both side, but anything on the subvlan's on the X440 side are not accessable.

The server connected to the X440 side in subvlan1 is assigned the IP x.x.x.2, but it can't access outside the gateway of x.x.x.1, trying to ping x.x.y.1 returns "destination unreachable".

I have ip forwarding enabled on all vlan's, apart from the subvlan's, because they need an IP address assigned to have ipforwarding enabled.

My switch only has an Edge license, so I don't have ospf, I am not sure of it's functionality.

Do you have any other suggestions?
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Here is what I have:

X450 - Vlan named Dedicated tagged 200 with connection of 3 links grouped to the X440
X440 - Vlan named Dedicated tagged 200 with connection of 3 links grouped to the X450
         - Vlan Dedicated has ip interface assigned x.x.x.1/24
         - Vlan Dedicated is supervlan, subvlan1 is loopback subvlan of Dedicated
         - Server connected to subvlan1 has ip assigned x.x.x.2

x.x.x.1 IP is accessable on X450 and X440 sides.

The x.x.x.2 ip is not accessable on the X450 side, server with ip x.x.x.2 cannot access to the X450 side.
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
Just discovered I had a misconfiguration, I had the ip x.x.x.1/24 assigned on both sides of the grouping. I have now deleted the assignment on the X450 side, and it is only assigned on the X440 side as I stated above.

Now each side cannot communicate with eachother at all.

Can anyone offer any guidance?
Photo of Michael Goodliffe

Michael Goodliffe

  • 670 Points 500 badge 2x thumb
I have figured it out. I needed to route between the 2 switches.

X450, assign x.x.x.1/24 IP on the vlan Dedicated
X440, assign x.x.x.2/24 IP on the vlan Dedicated

add iproute to X440:
configure iproute add default x.x.x.1