cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
New Contributor

3448 VLAN Routing

Hi All

I must be missing something stupid - the 3448 is layer 3 light - when VLANS have IP's they are routable. In other words a device in vlan 10 should be able to ping a device in vlan 1. In short I am not able to ping devices within different vlans. When troubleshooting from the 3448 i can ping the devices just fine. Computer A in vlan 10 cannot ping computer B in vlan 1 and vice versa.

Note: eth0 the ISP uplink is not configured yet so there is no default route.

What am I missing?

Thanks

Labels (2)
0 Kudos
10 Replies
Highlighted
New Contributor

Re: 3448 VLAN Routing

What am I missing?

VLAN 10 - 10.0.10.1

VLAN 1 - 10.0.0.1

ClientA - 10.0.0.2

ClientB - 10.0.10.11

DHCP Scopes for both the 10.0.0.0/24 and the 10.0.10.0/24 networks.

When on 3448 I can ping all devices

When on network 10.0.10.0/24 with port set to VLAN 10 (or trunk port with native 10) I'm not able to ping the client at 10.0.0.2. I can ping the other gateways such as 10.0.10.1 and 10.0.0.1

Wjhen on network 10.0.0.0/24 with port set to VLAN 1 (or trunk port with native 1) Im not  able ot ping the client at 10.0.10.11 I can ping all other gateways such as 10.0.0.1, and 10.0.10.1

Highlighted
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Because your DHCP scopes are local, remove the helper addresses from the VLAN interfaces.

It may be just cosmetic, but your description of the DHCP pool for 10.0.0.0 says /29 and both the scope and interface are configured for /24.

You should also allow subnets in the Private policy class to reach other subnets within the Private class.

ip access-list extended allow-private

  permit ip any 10.0.0.0 0.255.255.255

ip policy-class Private

  allow list self self

  allow list allow-private policy Private

  nat source list wizard-ics interface eth 0/1 overload

!

Highlighted
New Contributor

Re: 3448 VLAN Routing

Jayh -

Thank you for replying! I've been banging my head against the wall. I have updated the config with your suggestions with no luck. I am still unable to ping across VLANs.

To clarify from the 3448 I can ping all the clients within any subnet.

From the 10.0.0.0/24 network I am unable to ping clients in the 10.0.10.0/24 network

From the 10.0.10.0/24 network I am unable to ping clients in the 10.0.0.0/24 network

Updated Config Here

Any other ideas?

Thanks

Highlighted
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Your web-acl-6 is wrong. All of your private subnets are within 10.0.0.0/8 so the mask should be /8 or in wildcard form 0.255.255.255. You have it as a /24. or 0.0.0.255.

You've made VLAN 1 a /21 but your description still says /29. This is cosmetic assuming that you really want a /21 mask. If you're really going to have in excess of about 500 hosts on a subnet, you may run into some issues with excessive broadcasts.

Highlighted
New Contributor

Re: 3448 VLAN Routing

Hi Jayh -

This makes sense - I have adjusted the config - thank you very much.

Everything appears to be working aside from a single host on the 10.0.0.0 network. An access point 10.0.0.2 is only reachable from the 10.0.0.0 network. Granted the AP does pass DHCP for each VLAN from the NV3448. In other words clients get IP's and are placed in the correct VLAN. For some reason the management ip 10.0.0.2 is not reachable from other networks such as 10.0.10.0 however the clients on the AP are.

Thanks again for the help!

Highlighted
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

Is the access point on 10.0.0.2 configured by DHCP or manually? Check its default gateway and netmask for accuracy.

Highlighted
New Contributor

Re: 3448 VLAN Routing

Jayh -

The Ruckus AP is configured with a static - 10.0.0.2/24 with a 10.0.0.1 default gateway.  The netmask here should work no?

Highlighted
Honored Contributor
Honored Contributor

Re: 3448 VLAN Routing

I thought you set the netmask on that subnet to /21. If so, all devices on the subnet should have a /21 mask. However, it should still work for that circumstance.

Highlighted
New Contributor

Re: 3448 VLAN Routing

That is correct - I will test with a /21 on the 10.0.0.2 device. I assumed it would work with a 255.255.255.0 - I do not see a reason it would not.