Layer 3 switching issue (or vlans?)

ashrobbo · 30 Aug 2014 at 22:23

Hi All,

I've been tasked this week with implementing some Allied Telesis switches, these are for a fairly large IP camera setup. Kit isnt working so we have been drafted in to assist.

Heres the diagram,

for simplicity sake.

two switches - one connected to camera is a standard layer 2 allied telesis switch, ports with cameras connected are untagged in vlan30. Trunk port (port 1) is tagged in all vlans (10,20,30).

the other is an allied telesis layer 3 switch, it has 3 vlans (same ID's 10,20,30) and has an ip of .254 on each.

Cameras have a default gateway of 192.168.30.254
Laptop connected to an untagged port has a default gateway of 192.168.1.254

FOr some reason I cannot ping a camera on the .30 subnet, at all. Even if i change my ip address to 192.168.30.xx on the laptop and untag the port in vlan 30 on the layer 3 side i cannot ping the camera.

Other cameras work in the same setup (but not using allied telesis layer 2 switch on the camera side)

where am I going wrong?

Here's my scenario in detail

If laptop has 192.168.1.2 ip address
- I can ping 192.168.1254, 10.254, 20.254, 30.254 (all interfaces on L3 switch)
- I cannot ping any of the Cameras (192.168.30.2-4)
- L3 switch diagnostics cannot ping the cameras (192.168.30.2-4)
- I can access IP of the L2 switch (192.168.1.230) no issue at all
- Reboot of L2 or L3 switch doesn't resolve issue (if only!)

I know on a cisco you have to enable IP routing but i cant find any similar functionality on the allied telesis CLI, is there a dark secret somebody knows that I don't?

My next step is to setup a different switch with the same config and see if it works.

The layer 2 switch is situated 30ft in the air so ill need to get work permit etc sorted to access the switch directly and do any further testing.

Please help!

Ash

Caged · 30 Aug 2014 at 22:51

Can you ping the cameras from the L3 switch CLI?

Edit: Just saw that you can't. Are you sure your trunk is setup properly?

blueboy2001 · 31 Aug 2014 at 08:00

You are correct in that you need to set up the routing on your L3 switch.

Usually you create VLAN interface for this.

You've not given a model number but it'll be something like this on AT kit:

Code:

interface vlan 30
ip address 192.168.30.254 255.255.255.0

I can't see any enable/disable IP routing commands in the manual, so I think that should do it but have a look at the manual for your specific switch.

ashrobbo · 31 Aug 2014 at 12:12

blueboy2001 said:
You are correct in that you need to set up the routing on your L3 switch.

Usually you create VLAN interface for this.

You've not given a model number but it'll be something like this on AT kit:

Code:

interface vlan 30 ip address 192.168.30.254 255.255.255.0

I can't see any enable/disable IP routing commands in the manual, so I think that should do it but have a look at the manual for your specific switch.

Each vlan has an IP assigned to it - i know its doing my nut in!!

Model number is allied telesis x610-24ts

shouldn't a layer 3 switch route automatically being as it work sat layer 3? Seems silly it may need enabling as otherwise whats the point?

Caged · 31 Aug 2014 at 15:19

What does your routing table look like?

ashrobbo · 31 Aug 2014 at 16:22

I am back on site tomorrow so will run a sh ip route and see what I get.

If I plug into the L3 switch directly and change a Port and IP to Untagged on VLAN30 all works as intended. IM also going to try a different L2 switch to see if it happens again, if so i guess im looking at an issue on the L2 switch (i may factory reset it and start fresh)

Caged · 31 Aug 2014 at 17:11

Connecting to the L3 switch with a port untagged on 30 shows the trunk is working, so your issue isn't with the L2 switch.

I'd say a route table will show you what's going wrong. You might be trying to send all traffic that isn't on-link to a router which doesn't know about the other subnets.

blueboy2001 · 31 Aug 2014 at 20:18

Can you post the output from show running-config?

ashrobbo · 1 Sep 2014 at 09:09

Here is said config and ip route

Codes: C - connected, S - static, R - RIP, B - BGP
O - OSPF, D - DHCP, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
* - candidate default

C 192.168.1.0/24 is directly connected, vlan1
C 192.168.10.0/24 is directly connected, vlan10
C 192.168.20.0/24 is directly connected, vlan20
C 192.168.30.0/24 is directly connected, vlan30

awplus#show running-config
!
service password-encryption
!
no banner motd
!
username manager privilege 15
no service ssh
!
service telnet
!
service http
!
no clock timezone
!
snmp-server
!
aaa authentication enable default local
aaa authentication login default local
!
ip domain-lookup
!
!
!
no service dhcp-server
!
no ip multicast-routing
!
spanning-tree mode rstp
!
switch 1 provision x610-24
!
vlan database
vlan 10 name VLAN10
vlan 20 name VLAN20
vlan 30 name VLAN30
vlan 10,20,30 state enable
!
interface port1.0.1-1.0.6
switchport
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
!
interface port1.0.7-1.0.20
switchport
switchport mode access
!
interface port1.0.21-1.0.24
switchport
switchport mode trunk
switchport trunk allowed vlan add 10,20,30
!
interface vlan1
ip address 192.168.1.254/24
!
interface vlan10
ip address 192.168.10.254/24
!
interface vlan20
ip address 192.168.20.254/24
!
interface vlan30
ip address 192.168.30.254/24
!
!
line con 0
line vty 0 4
!
end

Caged · 1 Sep 2014 at 19:42

I'm surprised at the complete lack of any routing information in that config - there's no upstream gateway defined anywhere, no information about what interface it's on etc.

wasc · 1 Sep 2014 at 22:33

ashrobbo said:
shouldn't a layer 3 switch route automatically being as it work sat layer 3? Seems silly it may need enabling as otherwise whats the point?

A layer 3 switch simply means it understands IP addresses. But it still needs to be told what to do with them.

Switches I've worked with usually need;

- an IP address on each vlan (which devices use as the default gateway)
- routing to be enabled on the switch itself
- A route for the switch itself to use to find non local traffic, i.e. the internet

For example on Dell Powerconnects, you'd use;

## Setup the IP address on the vlan and configure it for routing##
interface vlan 10
routing
ip address 10.100.0.1 255.255.255.0
exit

##Enable routing on the switch itself ##
ip routing

## Route for non local traffic ##
ip route 0.0.0.0 0.0.0.0 10.0.0.1

ashrobbo · 2 Sep 2014 at 20:15

Well - I had enough couldnt find any information in regards to routing at all.

Therefore I simple set the entire port as untagged on VLAN30 and set the ip addresses of the devices all to 30

this worked but means i wont be trunking any other vlans, not an issue at the minute.
As soon as I put in a TP Link device, it all started working!

NIghtmare!