7

I am in the process of replacing some older Dell Powerconnect switches with a some Dell N2048 switches. While doing this I wanted to go ahead and segregate certain areas of my network using VLANs. Here is a simple example of what I'm trying to do:

VLAN1: default, not used
VLAN10: network devices (printers, servers, etc)
VLAN20: Sales workstations
VLAN30: Support workstations

etc

I have routing enabled on each of the VLAN interfaces.

Right now I have the VLANs setup and I have the required ports set to 'Access' mode and 'untagged' with the PVID set to the appropriate VLAN.

The global gateway is set to the IP of the router. (I tried setting to the interface of the VLAN that has the network devices but it did not accept that IP)

On VLAN10 I have a port that goes to my firewall / router (Watchguard M300).

With this setup I'm able to reach other workstations in the same VLAN and anybody on VLAN10 is able to reach out to the internet. Other VLANs cannot get to the internet and cannot reach other VLANs.

If I set the router up with routes between the VLANs, I can then communicate across the VLANs with no issue and everyone can get to the internet. But, that is not what I want. I want the routing to be handled in the switch itself.

So my question is, what am I missing that is preventing inter-VLAN routing from taking place in the switch itself? I'm assuming I'm just missing something simple but for the life of me I can't figure it out. I've read through the quick-start guide, through the user guide, and watched several Dell youtube videos but I'm not finding anything that helps me out.

-- Some additional setup information:

The router is on VLAN10 (router ip 192.168.10.25, switchport 1/0/1). It (router) is configured with an external interface for the internet and a single internal trusted interface that connects to the switch. Right now it has two routes defined: one points to VLAN10 and one points to VLAN20. The gateway for both of those routes is the IP for the VLAN10 interface (192.168.10.16).

console#show vlan

VLAN Name Ports Type
----- --------------- ------------- --------------
1 default Po1-128, Default
Gi1/0/1,
Gi1/0/4-48,
Te1/0/1-2
10 Corporate Gi1/0/2 Static
20 Network and DevOps Gi1/0/3 Static

console>show ip interface
Default Gateway................................ 192.168.10.25
L3 MAC Address................................. F48E.380A.9AB8

Routing Interfaces:

Interface State IP Address IP Mask Method
---------- ----- --------------- --------------- -------
Vl1 Down 0.0.0.0 0.0.0.0 DHCP
Vl10 Up 192.168.10.16 255.255.255.0 Manual
Vl20 Up 192.168.11.1 255.255.255.0 Manual

console>show dot1x

Administrative Mode............... Disabled
Dynamic VLAN Creation Mode........ Disabled
VLAN Assignment Mode.............. Disabled
Monitor Mode...................... Disabled
EAPOL Flood Mode.................. Disabled

Port Admin Mode Oper Mode Reauth Reauth
Control Period
--------- ------------------ ----------------------- -------- ----------
Gi1/0/1 auto N/A FALSE 3600
Gi1/0/2 auto Authorized FALSE 3600
Gi1/0/3 auto Authorized FALSE 3600

console#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static B - BGP Derived, E - Externally Derived, IA - OSPF Inter Area E1 - OSPF External Type 1, E2 - OSPF External Type 2 N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2 S U - Unnumbered Peer, L - Leaked Route

  • Indicates the best (lowest metric) route for the subnet.

No default gateway is configured. {NOTE: THIS WAS 192.168.10.25. Removed it to see if that would have any impact.}
C *192.168.10.0/24 [0/1] directly connected, Vl10
C *192.168.11.0/24 [0/1] directly connected, Vl20

console#show ip vlan

MAC Address used by Routing VLANs: F48E.380A.9AB8

       Logical

VLAN ID Interface IP Address Subnet Mask
------- -------------- --------------- ---------------
1 Vl1 0.0.0.0 0.0.0.0
10 Vl10 192.168.10.16 255.255.255.0
20 Vl20 192.168.11.1 255.255.255.0

console#show ip brief

Default Time to Live........................... 64
Routing Mode................................... Enabled
ICMP Rate Limit Interval....................... 1000 msec
ICMP Rate Limit Burst Size..................... 100 messages
ICMP Echo Replies.............................. Enabled
ICMP Redirect Mode............................. Enabled
Maximum Next Hops.............................. 1

Improve this question
9
  • 1
    It's not clear how you have things set up. Where is the "router" connected, and how it configured? Can you include the switch configuration? Otherwise, we're just guessing.
    – Ron Trunk
    Commented Jun 2, 2016 at 14:03
  • I added some of the config settings. If I missed something that might help just let me know. The current setup may be totally screwed up since I've been testing various changes. At this point I might be better off just reloading the switch and starting from scratch.
    – Michael Haynes
    Commented Jun 2, 2016 at 14:25
  • For devices on VLAN 20, is the default gateway set to 192.168.11.1?
    – Ron Trunk
    Commented Jun 2, 2016 at 14:28
  • 1
    Let us continue this discussion in chat.
    – Ron Trunk
    Commented Jun 2, 2016 at 14:47
  • 1
    It looks like I just had an incorrect default gateway on my end device. At this point it appears I'm working without the router in the loop. Thanks for taking the time to assist Ron and for providing some suggestions on what to do now.
    – Michael Haynes
    Commented Jun 2, 2016 at 15:01

1 Answer 1

Reset to default
0

On the Dell N2000 series, IP routing is disabled by default and needs to be enabled.

Try adding ip routing or routing via the configuration command line as several major Ethernet switching manufacturers, including Cisco, have ip routing disabled by default.

Improve this answer
5
  • 1
    You could improve your answer by editing it to add more details to make it more useful both for the original poster and future users. Typically short answers like this could provide reasoning why you believe this is the answer, more explanation about the concepts mentioned, references/links to supporting resources, or applicable examples.
    – YLearn
    Commented Jun 3, 2016 at 3:32
  • @YLearn It's a common mistake / gotcha. Cisco switches do not route between VLANs by default, even if you configure interface VLAN1 and interface VLAN2 both with IP addresses in unique subnets, the (layer 3) switch will not route between them. Type "ip routing" from config mode and it works. This is a valuable answer. There are resident trolls here that downvote ad hominem. As a moderator, you should do something about it.
    – Ronnie Royston
    Commented Jun 3, 2016 at 7:23
  • 1
    Your comment is a better answer than your answer. Yes, many of us are aware this is a common problem and we have had several such questions here. Let me put it this way, your answer is more like giving the OP a fish rather than teaching him to fish. Your comment does a much better job of explaining what is going on and how they OP can resolve the problem.
    – YLearn
    Commented Jun 3, 2016 at 7:34
  • 1
    My original post mentions that I had routing configured (the manual actually tells you that it is disabled by default so that was never an issue). While your answer didn't do me any good it is a valid item to look at for those who don't read the manual or who may have glanced over it. My issue was that during testing I had changed the gateway on one device and that gimped up everything. Once I fixed that (thanks to Ron Trunk chatting with me and verifying the basic settings again) I was good to go. Was a reminder to always check the simple stuff and recheck everything as you test changes.
    – Michael Haynes
    Commented Jun 6, 2016 at 19:52
  • Your original post did not say you had routing enabled globally. The 'global gateway is set to the IP of the router' indicates you are not a networking professional as what you mentioned is referred to as a default route, which may only affect management traffic, depending. In any case, I'm glad you got it working. Hire the professionals next time, also buy Cisco. You'll save money and get better results.
    – Ronnie Royston
    Commented Jun 7, 2016 at 21:28

Not the answer you're looking for? Browse other questions tagged or ask your own question.