InterVLAN routing question

jmbinette

Honorable
Jan 7, 2014
8
0
10,510
Hi to all,

I am currently trying to reach a printer on another network using a Layer 3 switch (Cisco 3750)

Here is a simplified diagram :

WIFI ROUTER ------------------- CISCO 3750
(10.1.100.1) VLAN 1 (10.1.100.4) -------------------- Business network (10.1.100.xx)
VLAN 20 (192.168.2.92) --------------- Second network (192.168.2.xxx)

I am trying to reach a printer at address 192.168.2.50

From the 3750 CLI, I can successfully ping 192.168.2.92 and 192.168.2.50
After setting up a static route in the Wifi router (192.168.2.0 255.255.255.0 10.1.100.4), I can ping 192.168.2.92
The router is a Asus RT-N66U with default gateway at 10.1.100.1

I still cannot find a way to reach 192.168.2.50

Could someone help me ?

Thanks & regards,

*********************************************** CISCO 3750 config ************************************************
Switch4#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route


Gateway of last resort is 10.1.100.1 to network 0.0.0.0


10.0.0.0/24 is subnetted, 1 subnets
C 10.1.100.0 is directly connected, Vlan1
C 192.168.2.0/24 is directly connected, Vlan20
S* 0.0.0.0/0 [1/0] via 10.1.100.1

Switch4#sh vlan


VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23, Fa1/0/24
Fa1/0/25, Fa1/0/26, Fa1/0/27
Fa1/0/28, Fa1/0/29, Fa1/0/30
Fa1/0/31, Fa1/0/32, Fa1/0/33
Fa1/0/34, Fa1/0/35, Fa1/0/36
Fa1/0/37, Fa1/0/38, Fa1/0/39
Fa1/0/40, Fa1/0/41, Fa1/0/42
Fa1/0/43, Fa1/0/44, Fa1/0/45
Fa1/0/47, Fa1/0/48, Gi1/0/1
Gi1/0/2, Gi1/0/3, Gi1/0/4
20 VLAN0020 active Fa1/0/46
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
--More--

Switch4#sh int vlan 1
Vlan1 is up, line protocol is up
Hardware is EtherSVI, address is 001b.90a9.6640 (bia 001b.90a9.6640)
Internet address is 10.1.100.4/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:00, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 3 packets/sec
5 minute output rate 1000 bits/sec, 1 packets/sec
406783 packets input, 29302594 bytes, 0 no buffer
Received 0 broadcasts (1255 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
23639 packets output, 1948644 bytes, 0 underruns
0 output errors, 2 interface resets
0 output buffer failures, 0 output buffers swapped out
Switch4#sh int vlan 20
Vlan20 is up, line protocol is up
Hardware is EtherSVI, address is 001b.90a9.6641 (bia 001b.90a9.6641)
Internet address is 192.168.2.92/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:00:00, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 1000 bits/sec, 1 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
147138 packets input, 10454310 bytes, 0 no buffer
Received 0 broadcasts (561 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
5391 packets output, 392013 bytes, 0 underruns
0 output errors, 1 interface resets
0 output buffer failures, 0 output buffers swapped out
 
G

Guest

Guest
All of that looks right. I'm thinking the problem may be in the printer config. Since it's on vlan 20, it may not know how to route back to vlan 1. I'd be curious what a tracert does.
 

jmbinette

Honorable
Jan 7, 2014
8
0
10,510
No because all the rest of the network (192.168.2.xx) has 192.168.2.1 as gateway.

I added 192.168.2.92 in my switch in order to be able to reach that printer.

Does that mean I need a route inside 192.168.2.1 to route all traffic to 10.1.100.xx to 192.168.2.92 ?
 
G

Guest

Guest
What interface did you apply 192.168.2.92 to?

Edit: just saw that's on the router.

I think the issue is in the last statement you made. I would try adding that static route to see if that fixes the issue.
 
Yes that is your problem. If you can put a route in the 192.168.2.1 it should fix it. The only downside is the traffic will run async. The outbound traffic will go to the mac for 192.168.2.1 but the return traffic will come from the mac of 192.168.2.92. It may or may not make any difference. Sometime firewall software will detect this and complain
 

jmbinette

Honorable
Jan 7, 2014
8
0
10,510
Is there any other solution if I don't have access to 192.168.2.1 ?

Thinking about it, I am able to get a reply about 10% of the time and I have a hard time understanding why ...
 
You would have to put routes in the end device. Easy for a PC not so sure about a printer.

Otherwise you could change the gateway on the printer to be the switch and if some traffic still needs to go to 192.168.2.1 you could use policy routing to redirect it back. I would not recommend using policy routing unless you cannot make it work another way.
 

jmbinette

Honorable
Jan 7, 2014
8
0
10,510
Thanks guys for your answers.
Now I asked to add a route as per discussed.

I can now ping but cannot print or access web interface.
Any ideas why ? Could that be the firewall ?
 

jmbinette

Honorable
Jan 7, 2014
8
0
10,510
Anyone can help me troubleshoot this ? :

When connected to 192.168.2.xx network


>tracert -d 10.1.100.1

Tracing route to 10.1.100.1 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 192.168.2.1
2 7 ms 2 ms 3 ms 192.168.2.92
3 1 ms 1 ms 1 ms 10.1.100.1

Trace complete.

>tracert -d 10.1.100.10

Tracing route to 10.1.100.10 over a maximum of 30 hops


1 1 ms 1 ms 1 ms 192.168.2.1
2 7 ms 3 ms 3 ms 192.168.2.92
3 *

When connected to 10.1.100.xx network

>tracert -d 192.168.2.1

Tracing route to 192.168.2.1 over a maximum of 30 hops

1 1 ms 1 ms 5 ms 10.1.100.1
2 3 ms 1 ms 1 ms 10.1.100.4
3 1 ms 2 ms 7 ms 192.168.2.1

Trace complete.

>tracert -d 192.168.2.50

Tracing route to 192.168.2.50 over a maximum of 30 hops

1 1 ms <1 ms <1 ms 10.1.100.1
2 3 ms 1 ms 1 ms 10.1.100.4
3 1 ms 1 ms 1 ms 192.168.2.50

Trace complete.
 
The only reason I could see it run one way and not the other is some firewall rule.

On the trace that does not work clear the arp table in the switch. Then run the trace and see if the arp appears. If it does it means the end device will respond to arp but icmp/traceroute.