14.4 C
New York
Wednesday, September 4, 2024

vlan – Routing between SVI and routed port on router


How can I obtain reachability from vlan terminated on the L3 swap to routed port on the router, FW?

F.E

int vlan 10,50 are the SVI’s on L3 swap

vlan 10 - 10.0.10.254 /24
vlan 50 - 10.0.50.254 /24

vlan 50 is the native vlan on trunk hyperlink in the direction of (router, FW)

Routed port is configured on the bodily interface with 10.0.50.1/24

Downside is that I can attain routed port sourcing from each SVI’s however no from the machine being inside vlan 10

Taking tcpdump on the routed interface i can see solely icmp requests however no replies. Change does have default gateway set to 10.0.50.1

I’ve enabled ospf on FW and swap however with no luck.


Thanks @Zac67 for the trace, perhaps I wasn’t clear what I attempt to obtain.

I wish to have few vlans terminated on the L3 swap, a few of them on the FW to have visibility in them. Downside is that I want to use bodily interface on the FW to be their DG to succeed in exterior world or path to the vlans terminated on the FW.

It appears like router on the stick however with utilization of bodily interface by placing ip tackle on it.

So vlans 5,10,15.20 terminating on the L3 swap in order that they have SVI’s created on it.
Vlans 30,40,50 simply present on the swap and going to the router via trunk and so they have their very own subinterfaces created.

I’m in search of a manner to make use of one other vlan only for connectivity between SVI and router bodily interface.

What I did till now’s for instance create SVI for vlan 100 put ip on it – set vlan 100 as a local vlan on the trunk to succeed in the router untagged.

However it does not work sadly…

==========================================================

To start with sorry for all of the errors I made and making on this query – that is first time posting on stack.
Thanks all who’s making an attempt to assist remedy this drawback. Please discover the topology and configs under:

Topology

Change config

Present configuration : 3350 bytes
!
! Final configuration change at 06:18:12 UTC Thu Aug 26 2021
!
model 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Change
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree lengthen system-id
!
vlan inner allocation coverage ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport entry vlan 20
 switchport mode entry
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 40
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/0
 switchport entry vlan 30
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/1
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/2
 media-type rj45
 negotiation auto
!
interface GigabitEthernet1/3
 media-type rj45
 negotiation auto
!
interface Vlan20
 ip tackle 10.0.20.254 255.255.255.0
!
interface Vlan40
 ip tackle 10.0.40.254 255.255.255.0
!
router ospf 1
 community 0.0.0.0 255.255.255.255 space 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 login
!
!
finish

Router config

Router#sh run
Constructing configuration...

Present configuration : 3144 bytes
!
! Final configuration change at 06:18:16 UTC Thu Aug 26 2021
!
model 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
 ip tackle 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
 ip tackle 10.0.40.1 255.255.255.0
 duplex auto
 velocity auto
 media-type rj45
!
interface GigabitEthernet0/0.30
 encapsulation dot1Q 30
 ip tackle 10.0.30.1 255.255.255.0
!
interface GigabitEthernet0/1
 no ip tackle
 shutdown
 duplex auto
 velocity auto
 media-type rj45
!
interface GigabitEthernet0/2
 no ip tackle
 shutdown
 duplex auto
 velocity auto
 media-type rj45
!
interface GigabitEthernet0/3
 no ip tackle
 shutdown
 duplex auto
 velocity auto
 media-type rj45
!
router ospf 1
 community 0.0.0.0 255.255.255.255 space 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS  *
* training. IOSv is supplied as-is and isn't supported by Cisco's      *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any       *
* functions is expressly prohibited besides as in any other case approved by     *
* Cisco in writing.                                                      *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
 login
 transport enter none
!
no scheduler allocate
!
finish

Sourcing from VPC10 I can ping

VPCS> ip 10.0.30.100 /24 10.0.30.1
Checking for duplicate tackle...
PC1 : 10.0.30.100 255.255.255.0 gateway 10.0.30.1

VPCS> ping 10.0.30.1

84 bytes from 10.0.30.1 icmp_seq=1 ttl=255 time=16.253 ms

VPCS> ping 10.0.40.1

84 bytes from 10.0.40.1 icmp_seq=1 ttl=255 time=8.569 ms

VPCS> ping 10.0.40.254

84 bytes from 10.0.40.254 icmp_seq=1 ttl=254 time=12.776 ms

VPCS> ping 10.0.20.254

84 bytes from 10.0.20.254 icmp_seq=1 ttl=254 time=15.602 ms

VPCS> ping 10.0.20.100

10.0.20.100 icmp_seq=1 timeout

VPCS> ping 3.3.3.3

84 bytes from 3.3.3.3 icmp_seq=1 ttl=255 time=11.675 ms

Solely machine which isn't pingable is different VPCS 10.0.20.100

**However from VPC which is terminated on the swap solely SVI's on the swap**

VPCS> ip 10.0.20.100 /24 10.0.20.254
Checking for duplicate tackle...
PC1 : 10.0.20.100 255.255.255.0 gateway 10.0.20.254


VPCS> ping 10.0.20.254

84 bytes from 10.0.20.254 icmp_seq=1 ttl=255 time=25.344 ms

VPCS> ping 10.0.30.1

10.0.30.1 icmp_seq=1 timeout

VPCS> ping 10.0.40.254

84 bytes from 10.0.40.254 icmp_seq=1 ttl=255 time=7.528 ms

Here are the routing tables from switch and router

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest Articles