VLAN configuration on x450e, routing issue


I have a very basic network and am simply trying to get my VLANs to allow clients to their destination gateway which is the firewall.

Firewall > Core (x450e) > Access Switch 1 (x450e)
> Access Switch 2 (x450e)

On the Core switch, I have several VLAN's, Mgmt, Voice, Client, etc... The default route on all the switches point to the Management VLAN gateway on the Firewall. When on the management network I can ping between all switches as expected.

I then add a client in the client vlan and I am unable to get anywhere. A traceroute shows that it is by default trying to route via the management gateway. I don't believe I need to add routes for all the VLANs but am essentially just trying to make them access ports as I am familiar doing on Cisco switches.

Thanks for the help.

8 replies

Hi Andrew,

- Have you enable ipforwarding on all vlans?
- Could you please share the output of

a. rtlookup
b. show vlan
Userlevel 6
Hi Andrew,

As Ajo pointed out, please check for the ipforwarding if it is enabled or not.

Below article might help you.

https://gtacknowledge.extremenetworks.com/articles/How_To/How-to-enable-inter-VLAN-routing-in-EXOS

Also, from the firewall, make sure that there is a return route to all the other VLAN destination IP address.

Hope this helps!
Also, make sure return traffic is allowed to your internal network.
Hi all,

So on the switch where my client is attached, when I add

configure vlan Client ipaddress 10.10.0.6 255.255.255.0
enable ipforwarding vlan Client

From that switch, I can ping the client, however from other switches including core I cannot ping the client or the VLAN IP.

Per Ajo's request here is the output of the commands.

* Extreme-A-4.20 # rtlookup 10.10.0.1Ori Destination Gateway Mtr Flags VLAN Duration
#d 10.10.0.0/24 10.10.0.6 1 U------um--f Data 0d:0h:19m:1 3s

* Extreme-A-4.21 # show vlan---------------------------------------------------------------------------------------
Name VID Protocol Addr Flags Proto Ports Virtual
Active router
/Total
---------------------------------------------------------------------------------------
Data 3 10.10.0.6 /24 ----------------------- ANY 2 /50 VR-Default
Default 1 --------------------D---------------------- ANY 0 /0 VR-Default
Mgmt 4095 ------------------------------------------- ANY 0 /1 VR-Mgmt
Mgmt99 99 10.10.99.6 /24 ----------------------- ANY 1 /1 VR-Default
Voice 2 ------------------------------------------- ANY 0 /0 VR-Default
---------------------------------------------------------------------------------------

Total number of VLAN(s) : 5
Ok, so I setup 3 of my other switches with an IP for that Data VLAN (Clients) and those are all working. I took a look at the other two that are not working and the VLAN details are different.

Here is the working switch:

Extreme-A-1.15 # show vlan detailVLAN Interface with name Data created by user
Admin State: Enabled Tagging: 802.1Q Tag 3
Virtual router: VR-Default
Primary IP : 10.10.0.3/24
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 49. (Number of active ports=1)
Untag: 4, 5, 6, 7, 8, 9, 10,
11, 12, 13, 14, 15, 16, 17,
18, 19, 20, 21, 22, 23, 24,
25, 26, 27, 28, 29, 30, 31,
32, 33, 34, 35, 36, 37, 38,
39, 40, 41, 42, 43, 44, 45,
46, 47, 49, 50
Tag: 2, 3,*48(Trunk_to_Core)

This is the non-working switch:

Extreme-A-4.6 # show vlan detailVLAN Interface with name Data created by user
Admin State: Enabled Tagging: 802.1Q Tag 3
Virtual router: VR-Default
Primary IP : 10.10.0.6/24
IPv6: None
STPD: None
Protocol: Match all unfiltered protocols
Loopback: Disabled
NetLogin: Disabled
QosProfile: None configured
Egress Rate Limit Designated Port: None configured
Flood Rate Limit QosProfile: None configured
Ports: 50. (Number of active ports=2)
Untag: *1, 2, 3, 4, 5, 6, 7,
8, 9, 10, 11, 12, 13, 14,
15, 16, 17, 18, 19, 20, 21,
22, 23, 24, 25, 26, 27, 28,
29, 30, 31, 32, 33, 34, 35,
36, 37, 38, 39, 40, 41, 42,
43, 44, 45, 46, 47, 49, 50
Tag: *48(Trunk_to_Core)

It appears they are both trunks on port 48 but they look different and I'm not figuring that out yet.
I figured out the issue. Very simple and I feel dumb for not seeing this immediately. On the core switch, the trunk ports to my access switches were not tagged, they were untagged for the Data (client) vlan. All is working now. Thanks for the assistance with the ipaddress and forwarding. That helped.

Andrew
Userlevel 7
Andrew Schulz wrote:

I figured out the issue. Very simple and I feel dumb for not seeing this immediately. On the core switch, the trunk ports to my access switches were not tagged, they were untagged for the Data (client) vlan. All is working now. Thanks for the assistance with the ipaddress and forwarding. That helped.

Andrew

Glad you got it working. Thanks for coming back and letting us know.
Userlevel 6
Andrew Schulz wrote:

I figured out the issue. Very simple and I feel dumb for not seeing this immediately. On the core switch, the trunk ports to my access switches were not tagged, they were untagged for the Data (client) vlan. All is working now. Thanks for the assistance with the ipaddress and forwarding. That helped.

Andrew

Second that and awesome profile image Andrew. I like it.

Welcome to the Hub. Really glad you joined us.

Reply