7

I have a Dell PowerConnect 5524 that I'm trying to configure.

What I want is simple routing between VLANs and the user guide is less than helpful.

On page 220, it says (or implies) that all you need to do to have routing enabled between two VLANs is create the VLANs on the switch and then plug devices in and everything should automagically work. This is not the case.

You can see my current running-config file here.

I have my PC connected to port 21 (VLAN 2 192.168.2.41) and another PC connected to port 1 (VLAN 3 192.168.3.10) and they cannot reach each other, I just get a timeout when I try and ping (yes both PCs have ICMP echo requests enabled in the firewall).

If you look at the management page on the switch, you can see when you plug devices into different ports that local routes get added for the appropriate subnets but it seems like no traffic is flowing through.

I've done some reading and maybe what I need is a trunk port to connect the different VLANs?

I also tried connecting a cable to create a physical link between the VLANs in some fruitless last-ditch attempt and this didn't work either.

I'm at a loss as to what to do next, I'm no network engineer. Any help is greatly appreciated.

EDIT(s):

console# show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding:          enabled

Codes: C - connected, S - static, D - DHCP

S  0.0.0.0/0          [1/1] via  192.168.2.1  0:18:50              vlan 2
C  192.168.2.0/24     is directly connected                        vlan 2
C  192.168.3.0/24     is directly connected                        vlan 3

As I said in the comments, the PCs in both VLAN 2 and VLAN 3 can ping the addresses for the router on both VLANs, see below for clarification.

PC 1, VLAN 2, IP: 192.168.2.41 ping 192.168.2.254: success ping 192.168.3.1: success ping 192.168.3.10: failure

PC 2, VLAN 3, IP: 192.168.3.10 ping 192.168.3.1: success ping 192.168.2.254: success ping 192.168.2.41: failure

Interestingly, when I have my internet cable plugged in to VLAN 2, the PC in VLAN 3 can ping the router on our internal network (192.168.2.1), tracert as follows:

Tracing route to 192.168.2.1 over a maximum of 30 hops

  1     1 ms     4 ms     3 ms  192.168.3.1
  2     1 ms    <1 ms    <1 ms  192.168.2.1

When I have our internal network disconnected, the routing issues remain.

Traceroute from PC 2 to PC 1:

Tracing route to 192.168.2.41 over a maximum of 30 hops

  1     1 ms     4 ms     4 ms  192.168.3.1
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  etc. etc.
Sean Airey
  • 233
  • 2
  • 10
  • From PC connected in port 21 (VLAN 2): are you able to ping the IP address of the switch interface VLAN 2? From PC connected in port 1 (VLAN 3): are you able to ping the IP address of the switch interface VLAN 3? – Daniel Yuste Aroca Nov 12 '13 at 13:53
  • @DanielYusteAroca Yes, I can ping the switch IP addresses on the other VLANs. So from PC on VLAN 2 I can ping 192.168.3.1 (switch IP on VLAN 3) and vice versa. – Sean Airey Nov 12 '13 at 14:15
  • @DanielYusteAroca Sorry I misread your question, yes the PCs can ping the IP address assigned to the VLAN they are connected to. So a PC from VLAN 3 can ping 192.168.3.1. It can also ping the switch IP on the other VLAN interface, so a PC on VLAN 3 can ping 192.168.2.254 (VLAN 2 IP address). Sorry if there's any confusion. – Sean Airey Nov 12 '13 at 14:41
  • Do you have access to the CLI of the switch? If so, please post the output of "show ip routing". – Sebastian Nov 12 '13 at 16:13
  • @Sebastian See edit. The 0.0.0.0 route is only in there because I was sick of going round the back of my PC and swapping cables so I could access the internet. It hasn't made any difference to the routing between the two VLANs though, I just plug the cable in that was in my PC for our internal network and that's all on VLAN 2. – Sean Airey Nov 12 '13 at 16:27
  • OK, that looks not so bad. Please try the following: In the configuration mode on the CLI, enter "ip routing" (this should be enabled by default, but it's DELL ;) ). Then please ensure that on both PCs the default gateway is set to the corresponding vlans IP address. – Sebastian Nov 12 '13 at 16:39
  • @Sebastian It should be enabled by default and I have entered it many many times beforehand. I've entered it again and ensured that both PCs gateways are set to the appropriate IP address for their VLAN (they've been set correctly all along) but it has made no difference =\ – Sean Airey Nov 12 '13 at 16:42
  • Hm. Then it should work, unless there is any strange on the clients connected to the switch. What is a traceroute 192.168.2.41 from PC2 saying? – Sebastian Nov 12 '13 at 16:57
  • @Sebastian See edit again. It's hitting the router on the VLAN 3 interface and then timing out. Which is broken, seeing as I have the firewall rule for ICMPv4-In enabled on all network profiles, and when I plug the internal network cable in, my colleague can ping the machine fine. – Sean Airey Nov 12 '13 at 17:05
  • @Sebastian You're right, it's working. Goddamn windows firewall. Thanks for the assist o7 – Sean Airey Nov 12 '13 at 17:15
  • Edit: Just saw your post above which of course voids this comment ;) Anyway this looks like a client issue. When you talk about network profiles, you are using windows machines, I guess? Please then - just for the test - turn off the firewall completely. Before that can you ping the PCs from the switch CLI? Can you connect any other device (like wireless access point or something else) to one of the vlans and ping it from another vlan? – Sebastian Nov 12 '13 at 17:17

2 Answers2

3

When testing networking connections, don't use windows machines.

My firewall was set to allow ICMP traffic from any subnet on any domain profile yet it was still blocking the packets.

Turning the firewall off completely allowed the traffic through, so the routing is working.

Also, pings probably aren't the best way to test network connectivity.

For anyone looking to route between two VLANs on the Dell PowerConnect 5524, the commands on page 220 of the user guide are sufficient:

en
config

vlan database
vlan 100-101
exit

interface gi1/0/1
switchport access vlan 100
ip address 1.1.1.1 255.255.255.0
exit

interface gi1/0/2
switchport access vlan 101
ip address 2.1.1.1 255.255.255.0
exit
Sean Airey
  • 233
  • 2
  • 10
2

Sean, your setup seems correct if you're making it from one VLAN to the next; which you can see when you traceroute from one switch IP to the next. If you aren't very familiar with networking, try making your life easier by simplifying your setup. Give this setup a go:

PC1

  • Switchport - Gig1/0/10
  • IP Address - 10.1.10.100/24
  • VLAN - 10

PC2

  • Switchport - Gig1/0/20
  • IP Address - 10.1.20.100/24
  • VLAN - 20

Switch

  • VLAN 10 IP Address - 10.1.10.1/24
  • VLAN 20 IP Address - 10.1.20.1/24
Community
  • 1
Ryan Foley
  • 5,479
  • 4
  • 23
  • 43