I am in the process of replacing some older Dell Powerconnect switches with a some Dell N2048 switches. While doing this I wanted to go ahead and segregate certain areas of my network using VLANs. Here is a simple example of what I'm trying to do:
VLAN1: default, not used
VLAN10: network devices (printers, servers, etc)
VLAN20: Sales workstations
VLAN30: Support workstations
etc
I have routing enabled on each of the VLAN interfaces.
Right now I have the VLANs setup and I have the required ports set to 'Access' mode and 'untagged' with the PVID set to the appropriate VLAN.
The global gateway is set to the IP of the router. (I tried setting to the interface of the VLAN that has the network devices but it did not accept that IP)
On VLAN10 I have a port that goes to my firewall / router (Watchguard M300).
With this setup I'm able to reach other workstations in the same VLAN and anybody on VLAN10 is able to reach out to the internet. Other VLANs cannot get to the internet and cannot reach other VLANs.
If I set the router up with routes between the VLANs, I can then communicate across the VLANs with no issue and everyone can get to the internet. But, that is not what I want. I want the routing to be handled in the switch itself.
So my question is, what am I missing that is preventing inter-VLAN routing from taking place in the switch itself? I'm assuming I'm just missing something simple but for the life of me I can't figure it out. I've read through the quick-start guide, through the user guide, and watched several Dell youtube videos but I'm not finding anything that helps me out.
—
Some additional setup information:
The router is on VLAN10 (router ip 192.168.10.25, switchport 1/0/1). It (router) is configured with an external interface for the internet and a single internal trusted interface that connects to the switch. Right now it has two routes defined: one points to VLAN10 and one points to VLAN20. The gateway for both of those routes is the IP for the VLAN10 interface (192.168.10.16).
console#show vlan
VLAN Name Ports Type
—– ————— ————- ————–
1 default Po1-128, Default
Gi1/0/1,
Gi1/0/4-48,
Te1/0/1-2
10 Corporate Gi1/0/2 Static
20 Network and DevOps Gi1/0/3 Staticconsole>show ip interface
Default Gateway………………………….. 192.168.10.25
L3 MAC Address…………………………… F48E.380A.9AB8Routing Interfaces:
Interface State IP Address IP Mask Method
———- —– ————— ————— ——-
Vl1 Down 0.0.0.0 0.0.0.0 DHCP
Vl10 Up 192.168.10.16 255.255.255.0 Manual
Vl20 Up 192.168.11.1 255.255.255.0 Manualconsole>show dot1x
Administrative Mode…………… Disabled
Dynamic VLAN Creation Mode…….. Disabled
VLAN Assignment Mode………….. Disabled
Monitor Mode…………………. Disabled
EAPOL Flood Mode……………… DisabledPort Admin Mode Oper Mode Reauth Reauth
Control Period
——— —————— ———————– ——– ———-
Gi1/0/1 auto N/A FALSE 3600
Gi1/0/2 auto Authorized FALSE 3600
Gi1/0/3 auto Authorized FALSE 3600console#show ip route
Route Codes: R – RIP Derived, O – OSPF Derived, C – Connected, S – Static
B – BGP Derived, E – Externally Derived, IA – OSPF Inter Area
E1 – OSPF External Type 1, E2 – OSPF External Type 2
N1 – OSPF NSSA External Type 1, N2 – OSPF NSSA External Type 2
S U – Unnumbered Peer, L – Leaked Route
- Indicates the best (lowest metric) route for the subnet.
No default gateway is configured. {NOTE: THIS WAS 192.168.10.25. Removed it to see if that would have any impact.}
C *192.168.10.0/24 [0/1] directly connected, Vl10
C *192.168.11.0/24 [0/1] directly connected, Vl20console#show ip vlan
MAC Address used by Routing VLANs: F48E.380A.9AB8
Logical
VLAN ID Interface IP Address Subnet Mask
——- ————– ————— —————
1 Vl1 0.0.0.0 0.0.0.0
10 Vl10 192.168.10.16 255.255.255.0
20 Vl20 192.168.11.1 255.255.255.0console#show ip brief
Default Time to Live……………………… 64
Routing Mode…………………………….. Enabled
ICMP Rate Limit Interval………………….. 1000 msec
ICMP Rate Limit Burst Size………………… 100 messages
ICMP Echo Replies………………………… Enabled
ICMP Redirect Mode……………………….. Enabled
Maximum Next Hops………………………… 1
Best Answer
Try adding
ip routing
orrouting
via the configuration command line as several major Ethernet switching manufacturers, including Cisco, have ip routing disabled by default.