Log in to ask questions, share your expertise, or stay connected to content you value. Don’t have a login? Learn how to become a member.
I have an EX2200 48T running version 12.3R6.6. I'm trying to set up RVI to route between VLANs, but it's not working properly. The VLANs in question are listed below:
DHCP Unit 3 10.10.3.253/24Test Unit 5 10.10.4.253/24Test2 Unit 6 10.10.6.253/24
Interfaces ge-0/0/5 and ge-0/0/30 are trunked to access all three of these VLANs.
The EX2200 is running DHCP on these three networks (10.10.3.0/24, 10.10.4.0/24, and 10.10.6.0/24), with the range .1 - .250 for each, and .253 is set as the default gateway.
Laptop A on the DHCP VLAN has address 10.10.3.1.Laptop B on the Test VLAN has address 10.10.4.1.
Laptop A can ping its own gateway (10.10.3.253) and the gateway for the Test VLAN (10.10.4.253), but it cannot ping Laptop B.
The same is true for Laptop B. It can ping its own gateway and the gateway for other VLANs, but it cannot ping anything else on a different VLAN.
I tried to follow this technote:http://www.juniper.net/techpubs/en_US/junos12.3/topics/task/configuration/bridging-routed-vlan-interfaces-ex-series-cli.html
The issue is very similar to the behavior described in the 7th message of this post:http://forums.juniper.net/t5/Ethernet-Switching/EX2200-Inter-Vlan-Routing/m-p/99182/highlight/true#M4361
I created Test2 on 10.10.6.253/24 from scratch to see if I made a mistake in the earlier config, but it behaves in exactly the same way.
The relevant parts of the config are attached. What am I doing incorrectly?
NOTE: This system is in production, so I can't take drastic steps, like rebooting or upgrading/reverting versions.
You do not need those /24 static routes. These are local routes the switch is aware of. I suggest you copy config for ge-0/0/28 and use it to config some other physical interface, say ge-0/0/29, and also change VLAN member to either DHCP or Test 2. You should now be able to ping between these subnets (.4 to either .3 or .6).
When you try to ping from .5/Test (BTW much easier to manage/keep track if you match unit number to vlan number) to either DHCP or Test 2 what is physically connected to ge-0/0/5 or ge-0/0/30, another PC? This will NEVER work unless the PC can strip Dot1Q headers. To test PC to PC pings you need them on access ports, not trunk ports. Of the trunk ports would generally be another switch, and then that switch needs proper VLAN configuration, etc.
Also, when you ping anything that is 10.10.x.253 you are ping the same place. That would be switch CPU/RE. Ping gateways on L3 switches, means very little, except to prove local gateway is up. Id CPU/RE is busy, pings could be either delayed or potentially dropped.
This is all very basic stuff, and it all works, 100% for sure. If not working you are doing something wrong, generally with very basic stuff.
I set ge-0/0/5 and ge-0/0/30 back to access ports and removed the /24 static routes. DHCP VLAN is on ge-0/0/5, and Test2 is on ge-0/0/30.
One PC is one 10.10.3.1 (DHCP VLAN), and another is on 10.10.6.1 (Test2 VLAN), but they still cannot ping each other.
The updated config is attached.
I took your config with some minor modifications, and dumped it directly into an EX2200 switch, with a single trunk link connecting to my laptop with 3x VLANS (10,20,30) configured. As you can see, I can ping fine from each set of hosts, with the traceroute confirming my path to/from each.
VLAN10 received 10.10.10.1 via DHCP
VLAN20 received 10.10.20.1 via DHCP
This doesn't prove reverse routing (the return route will be directly connected), but does show unidirectional test in each direction through the router.
laptop$ traceroute -s 10.10.10.1 10.10.20.1traceroute to 10.10.20.1 (10.10.20.1) from 10.10.10.1, 64 hops max, 52 byte packets1 10.10.10.253 (10.10.10.253) 9.597 ms 2.356 ms 3.416 ms2 10.10.20.1 (10.10.20.1) 0.406 ms 0.386 ms 0.323 ms
## ping forcing source address from VLAN10 to destination in VLAN20laptop$ ping -S 10.10.10.1 10.10.20.1PING 10.10.20.1 (10.10.20.1) from 10.10.10.1: 56 data bytes64 bytes from 10.10.20.1: icmp_seq=0 ttl=63 time=0.278 ms64 bytes from 10.10.20.1: icmp_seq=1 ttl=63 time=0.337 ms^C--- 10.10.20.1 ping statistics ---2 packets transmitted, 2 packets received, 0.0% packet lossround-trip min/avg/max/stddev = 0.278/0.307/0.337/0.030 ms
laptop$ ifconfig | egrep -A 8 -e "vlan" | egrep "inet\s|vlan:|^vlan"vlan0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet 10.10.10.1 netmask 0xffffff00 broadcast 10.10.10.255vlan: 10 parent interface: en3vlan1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet 10.10.20.1 netmask 0xffffff00 broadcast 10.10.20.255vlan: 20 parent interface: en3vlan2: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> mtu 1500inet 10.10.30.1 netmask 0xffff0000 broadcast 10.10.30.255vlan: 30 parent interface: en3
I'd suggest checking the end-systems to see if there's a conflicting interface or route causing the response to be sent somewhere else. You can confim the correct interfaces are configured, and that there aren't routes for networks on the reply path configured locally, or somewhere else.
What modifications did you make? Were you using one host to ping another, or were you pinging the hosts from your laptop on the trunk port?
host to host pings via switch (inter-vlan route). You can run a diff of my config vs yours to get the exact details, but basically vlan numbering, etc. Confirmed the pings were routing correctly source->dest, but the response would likely have been direct (as the vlans co-exist on my laptop - not separate isolated VMs which would have been a more comprehensive test). I did test from both directions though specifying source addresses.
laptop vlan10 -------\
trunk ---------- switch
laptop vlan20 - -----/
RVI still is not working. When I run tracert for an IP on another VLAN, I get results like this:
Tracing route to 10.10.6.1 over a maximum of 30 hops
1 8 ms 10 ms 1 ms 10.10.3.253 2 * * * Request timed out. 3 * * * Request timed out. 4 * * * Request timed out.
In this case, I'm trying to go from VLAN 3 (10.10.3.0 255.255.255.0 with the EX2200 as default gateway on 10.10.3.253) to VLAN 6 (10.10.6.0 255.255.255.0 with EX2200 as gateway on 10.10.6.253).
The same thing happens if I run tracert from VLAN 6 to VLAN 3 or VLAN 5. The packets get to the EX2200 and then time out. The laptops on each VLAN can ping the switch, so they definitely have connectivity. The packets get to the default gateway and then don't go anywhere, because RVI isn't working.
Can someone please tell me what I need to change in my config (posted above) to get RVI to work?
I've investigated some more, and all evidence indicates that the routing table config is correct. The problem seems to be that the EX2200 switch cannot ping the clients that are connected to it, even though the clients can ping the switch.
The clients were getting addresses from DHCP on the EX2200. As an experiment, I set a desktop to a static IP on 10.10.5.1 on vlan.5. That desktop on 10.10.5.1 can ping the switch on 10.10.5.253, but the switch cannot ping 10.10.5.1. The desktop does appear in the switch's arp table.
Does anybody know why the switch cannot ping physical clients that are directly connected?
show arpMAC Address Address Name Interface Flags3c:97:0e:2f:4e:a4 10.10.3.1 10.10.3.1 vlan.3 none44:37:e6:0b:59:3d 10.10.5.1 10.10.5.1 vlan.5 none
ping 10.10.5.1PING 10.10.5.1 (10.10.5.1): 56 data bytes^C--- 10.10.5.1 ping statistics ---15 packets transmitted, 0 packets received, 100% packet loss
2 dumb questions:
1) what are the client OS's?
2) if connect 2 clients on the same VLAN, can they ping each other?
Relating to Q1, if WIn7/8 is the answer, by default ping (reply) is blocked in local firewall rules...this one drove me crazy years ago...still gets me sometimes when I bring up a new Win7 client...also true for W2K8/W2K8-R2.
Thanks, Jeff. This fixed it!