X440 IPForwarding Not Working as Expected

  • 1
  • 1
  • Problem
  • Updated 2 years ago
  • Solved
I currently have and X440 at one of my sites that I am creating a new VLAN to add in some additional IP's.  I successfully did this at another site and it worked like a charm, but this one seems to not be cooperating.  I have both rip and ipforwarding enabled on the Default and the new VLAN. The Default VLAN can ping the IP of the new VLAN and the new VLAN can ping the IP of the Default VLAN, but the new VLAN can't ping any devices on the old VLAN and the old VLAN can't ping any devices on the new VLAN. 

I find it odd that the same config worked at another site, but doesn't on this one.  The only difference from one site to another is the IP addresses used. 
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
  • 1
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
In case it is needed, here is a copy of my show config.


#
# Module vlan configuration.
#
configure vlan default delete ports all
configure vr VR-Default delete ports 1-24
configure vr VR-Default add ports 1-24
configure vlan default delete ports 3
create vlan "PHS_WIFI"
configure vlan PHS_WIFI tag 10
enable loopback-mode vlan PHS_WIFI
configure ports 1 display-string PHS-Hall2
configure ports 4 display-string PHS-Hall1
configure ports 7 display-string PHS-Hall3
configure ports 9 display-string PHS-Nurse1
configure ports 14 display-string PHS-Office1
configure ports 15 display-string PHS-OldK
configure ports 21 display-string PHS-Core
configure ports 22 display-string PHS_WLC
configure ports 23 display-string PHS-Lib
configure ports 24 display-string To_ASC
configure ports 24 medium copper auto off speed 100 duplex full
configure vlan Default add ports 1-2,4-24 untagged
configure vlan PHS_WIFI add ports 3 untagged
configure vlan Default ipaddress 10.0.22.210 255.255.252.0
enable ipforwarding vlan Default
configure vlan PHS_WIFI ipaddress 10.1.22.210 255.255.252.0
enable ipforwarding vlan PHS_WIFI
#
# Module fdb configuration.
#
#
# Module rtmgr configuration.
#
configure iproute add default 10.0.20.3
disable iproute ipv4 compression
disable iproute ipv6 compression
#
# Module mcmgr configuration.
#
#
# Module aaa configuration.
#
#
# Module acl configuration.
#

configure access-list zone SYSTEM application Snmp application-priority 14
configure access-list zone SYSTEM application Telnet application-priority 15
configure access-list zone SYSTEM application Http application-priority 16
configure access-list zone SYSTEM application L2PT_PF application-priority 17
#
# Module bfd configuration.
#
#
# Module ces configuration.
#
#
# Module cfgmgr configuration.
#
#
# Module dosprotect configuration.
#
#
# Module dot1ag configuration.
#
#
# Module eaps configuration.
#
#
# Module edp configuration.
#
#
# Module elrp configuration.
#
enable elrp-client
configure elrp-client periodic Default ports 1-2,4-24 interval 15 log-and-trap disable-port ingress permanent
configure elrp-client disable-port exclude 1
configure elrp-client disable-port exclude 2
configure elrp-client disable-port exclude 3
configure elrp-client disable-port exclude 4
configure elrp-client disable-port exclude 5
configure elrp-client disable-port exclude 6
configure elrp-client disable-port exclude 7
configure elrp-client disable-port exclude 8
configure elrp-client disable-port exclude 9
configure elrp-client disable-port exclude 10
configure elrp-client disable-port exclude 11
configure elrp-client disable-port exclude 12
configure elrp-client disable-port exclude 13
configure elrp-client disable-port exclude 14
configure elrp-client disable-port exclude 15
configure elrp-client disable-port exclude 16
configure elrp-client disable-port exclude 17
configure elrp-client disable-port exclude 18
configure elrp-client disable-port exclude 19
configure elrp-client disable-port exclude 20
configure elrp-client disable-port exclude 21
configure elrp-client disable-port exclude 22
configure elrp-client disable-port exclude 23
configure elrp-client disable-port exclude 24
#
# Module ems configuration.
#
#
# Module epm configuration.
#
#
# Module erps configuration.
#
#
# Module esrp configuration.
#
#
# Module ethoam configuration.
#
#
# Module etmon configuration.
#
#
# Module hal configuration.
#
#
# Module idMgr configuration.
#
#
# Module ipSecurity configuration.
#
#
# Module ipfix configuration.
#
#
# Module lldp configuration.
#
disable lldp ports 1
disable lldp ports 2
disable lldp ports 3
disable lldp ports 4
disable lldp ports 5
disable lldp ports 6
disable lldp ports 7
disable lldp ports 8
disable lldp ports 9
disable lldp ports 10
disable lldp ports 11
disable lldp ports 12
disable lldp ports 13
disable lldp ports 14
disable lldp ports 15
disable lldp ports 16
disable lldp ports 17
disable lldp ports 18
disable lldp ports 19
disable lldp ports 20
disable lldp ports 21
disable lldp ports 22
disable lldp ports 23
disable lldp ports 24
#
# Module mrp configuration.
#
#
# Module msdp configuration.
#
#
# Module netLogin configuration.
#
#
# Module netTools configuration.
#
configure dns-client add name-server 10.0.4.4 vr VR-Default
configure dns-client add name-server 10.0.4.194 vr VR-Default
configure dns-client add domain-suffix ccs.local
enable bootprelay ipv4 vlan Default
enable bootprelay ipv4 vlan PHS_WIFI
configure bootprelay vlan PHS_WIFI add 10.0.4.4
#
# Module ntp configuration.
#
#
# Module poe configuration.
#
#
# Module policy configuration.
#
#
# Module rip configuration.
#
enable rip
enable rip export direct cost 1
configure rip add vlan Default
configure rip add vlan PHS_WIFI
#
# Module ripng configuration.
#
#
# Module snmpMaster configuration.
#
#
# Module stp configuration.
#
#
# Module synce configuration.
#
#
# Module techSupport configuration.
#
#
# Module telnetd configuration.
#
#
# Module tftpd configuration.
#
#
# Module thttpd configuration.
#
enable web http
configure ssl certificate hash-algorithm sha512
#
# Module twamp configuration.
#
#
# Module vmt configuration.
#
#
# Module vsm configuration.
#
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Hello Justin,

Based on the configuration it looks like you are adding a PC to port 3 in the wifi VLAN and trying to ping from that device to other devices in the default VLAN?

If this is true is the device receiving a DHCP address from a server? if so, what is the default gateway. In this setup the default gateway would need to be the ip address of the switch it is connected to (10.1.22.210) in order to reach outside the network. Can the device ping this IP?
Photo of OscarK

OscarK, ESE

  • 7,912 Points 5k badge 2x thumb
Please make sure the X440 is not the L2 only model that cannot do routing.
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
It's an x440-24x, where the one that I have configured exactly the same is an x440-48p.  I am fairly certain that it wasn't on the list of ones that wouldn't do routing.
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
If it was it wouldn't let you enable ipforwarding due to the license.
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
It allowed me to enable forwarding, so it should be fine then.
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
I am currently only attempting to ping from the switch itself to a device on the Default VLAN (10.0.20.0/22), port 3 was just added so it would be ready for when it was working.  I am actually using "ping 10.0.20.211 from 10.1.22.210" to attempt to ping a device that I know is on, but does not respond from the WIFI VLAN.  If I just ping the device normally "ping 10.0.20.211" it responds.
Photo of Patrick Voss

Patrick Voss, Alum

  • 11,594 Points 10k badge 2x thumb
Does the device you are pinging have a route back to the WIFI VLAN? From what I can see the WIFI VLAN is completely segregated from the other switches. It is possible that the pings are making it but not making it back.
(Edited)
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
With how all of our sites are set up, we have a Cisco router that our ISP manages.  That router is connected to an Extreme switch, the Extreme switch then connects to all of the other Extreme switches at the site.  On the first switch, I have the Default VLAN and this new WIFI VLAN on, with ipforwarding and rip enabled.  It will be the only switch that will have this new VLAN as port 3 will eventually be a trunk to a Cisco WLAN controller.
I am still uncertain why it would work with this configuration at one site, but not another.... unless my ISP didn't put in the route to the new VLAN properly?

I would be using this first switch as the gateway for anything on the new VLAN.
(Edited)
Photo of Baskar

Baskar, Employee

  • 518 Points 500 badge 2x thumb
Hello Justin,

As you confirmed, if you execute the ping without specific the from option it's working, and if you specify the source ipaddress(10.1.22.210) the ping was unsuccessful. from this, it shows the peer device doesn't have any information about the network 10.1.22.210.

Here you have configured the RIP protocol to advertised this networks, but did you check the rip neighbors status? if not please use the following command and check the neighbors status.
if there is an issue in the RIP  neighborship,  probably the peer device doesn't have the information about 10.1.22.210 and it's led to the unreachable issue.

show rip interface VLAN <vlan name >This RIP specific statistics and configuration for a VLAN in detail. 
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
I think the problem may lie with the router configs from my provider.  After speaking with them a few minutes, I discovered they had placed the static route on their router to go to this first switch... but they also have an interface on their Cisco router that matches the subnet of my new VLAN and some extra routes.I have asked that they remove it since it was unnecessary. 

I used GNS3 with a model of my site to confirm that if there is a router configured the way they have it, the packets won't make it back to where they need to go.  As soon as I disabled that interface on the router, it let everything work normally.

I will confirm that this was the problem after they disable that extra interface and update this once they make their changes.
Photo of Justin Brooks

Justin Brooks

  • 200 Points 100 badge 2x thumb
The problem was indeed, that my provider had put in a route to the wrong address on my switch (they used the IP of the new VLAN instead of the Default VLAN) and had incorrectly created a new interface on their router causing the traffic to not make it back.

Thanks to all of you who helped, you guys are the best!
Photo of Bruno D Annna

Bruno D Annna

  • 154 Points 100 badge 2x thumb