Hello! I am trying to setup a vlan for a department in a separate building. I come from the Cisco side of networking, so I am familiar with what I need to do. However, I am having some difficulty with getting IP connectivity on a vlan.
So, I uploaded the most incredible MS Paint representation I could make of the network in 45 seconds.
Basically, we have a core switch with 10.33.16.1 as the ip address. It has two vlans on one port. Vlan1 is tagged, and vlan2 is untagged. Both are on port 48.
On the stack side in the other building. We have the two same VLANs. vlan1 ip is 10.33.224.20 and vlan2 ip is 10.33.64.16.
Both are on VR-Default.
I have added both gateways to VR-Default
configure iproute add default 10.33.224.1
configure iproute add default 10.33.64.1
Vlan 2 with ip 10.33.64.16 has IP connectivity to everything in the network. It’s also able to browse the internet.
However, if I add a port to vlan1, I cannot get an IP address and can no longer ping anything. I can ping vlan 2 from vlan 1 and vice versa. But once I add the default route 10.33.224.1 to the table I can no longer ping 10.33.224.1 on either vlan.
I have tried enabling ipforwarding as well. Not sure what I am doing wrong.
Best answer by Tomasz
When all VLANs are set with consistent IDs and egress tagging both sides, switches should see each other in their fdb (‘show fdb port’, ‘show fdb vlan’, you can also try to find a neighbor with show edp command) on both VLANs in that case. Once a PC gets an IP (or please try some static one for now) it should be seen on both devices as well.
There should be no such behavior that an IP address in a VLAN to alter the flooding behavior of a switch in case of broadcast traffic (ARP requests or DHCP in that case). It will only make that switch is also possible to perform IP-based communication within that VLAN (pings, telnet etc.).
Once I add an IP to Vocational_Data, I can no longer ping our dhcp server, the 10.33.224.1 (the core switch vlan for Vocational_data), or anything else unless I specify it is from the HS_Data vlan.
Before IP set on Vocational VLAN, it will try to use the existing HS_Data-based default gateway (that was shown few posts above - assuming its still in place, perhaps it would be better to not put any default routes on the stack unless you want your stack to reach some outside networks thru just one of these VLANs).
After IP set on Vocational VLAN it will try to use that exact VLAN to egress. But it doesn’t work and you see no switches both sides in that VLAN fdb. I would double check tagging and VLAN ID itself just in case as this seems like an L2 thing. But if they are consistent I run out of ideas for the moment, vlan/port/ip config of both devices in an erroneous scenario would give much more visibility. Might there be some other protocol blocking the port in Vocational vlan (flags associated to the port number when issued ‘show vlan Vocational’)?
Hope that helps,