D-Link Forums

D-Link Enterprise => DGS-1510-Series => Topic started by: ivveh on May 16, 2017, 02:50:49 PM

Title: VLAN Routing
Post by: ivveh on May 16, 2017, 02:50:49 PM
Hi there,

I have a DSG-1510-28X (Build 1.33.B001) HW version A1 and I'm interested in doing some routing.
First of I want to be able to do inter VLAN routing but can't really get that to work. The switch itself can reach any client connected to it. SVI's don't do any help. I can reach SVI's from clients from any VLAN, but it stops there.
Adding a default route works but only for the switch again. Clients are locked inside their vlan/network.
So I've tried static routes, can't get that to work. I'd love to see some examples in this switch.
Tried static&default routes on clients, no cigar.

I'll mention I'm using trunks, but that shouldn't matter?

Someone said something about loopback interfaces for this switch but I can't really find a way to add that to a VLAN or SVI.

Kinda sucks since a lot of retailer advertise this being a L3 switch with inter VLAN routing.

I'd appreciate any help!
Title: Re: VLAN Routing
Post by: patl on December 23, 2018, 06:44:31 AM
hi,

do you have find a solution ?
i have the same issue with a DGS1210  :(
Title: Re: VLAN Routing
Post by: FurryNutz on January 02, 2019, 11:14:50 AM
Have you looked at the user manual on this? Anything regarding VLAN configurations?

Quote from: patl on December 23, 2018, 06:44:31 AM
hi,

do you have find a solution ?
i have the same issue with a DGS1210  :(
Title: Re: VLAN Routing
Post by: patl on January 07, 2019, 06:29:57 AM
DGS-1210 not have default routing, but have L3 features !!??!! each vlan can i have an ip address but not routing inter vlan
DGS-1510 have default routing and it's working with this model
configuration on a 1510 is more pro than a 1210, and i prefer that  :D
Title: Re: VLAN Routing
Post by: PacketTracer on January 08, 2019, 11:49:51 AM
Title: Re: VLAN Routing
Post by: patl on January 10, 2019, 07:17:05 AM
Quote from: PacketTracer on January 08, 2019, 11:49:51 AM
  • DGS-1510: According to this configuration example (https://eu.dlink.com/uk/en/support/faq/switches/layer-2-gigabit/dgs-series/uk_dgs_1510_how_to_setup_vlans_scenario_configuration) DGS-1510 should do routing.
  • DGS-1210: L3 features seem to be implemented only for REVF. Here is what the datasheet (ftp://ftp2.dlink.com/PRODUCTS/DGS-1210-SERIES/REVF/DGS-1210-SERIES_REVF_DATASHEET_2.10_EN_US.pdf) (DGS-1210-SERIES_REVF_DATASHEET_2.10_EN_US.pdf) says about routing within the "Advanced Features" section:

    Quote
    The DGS-1210 Series also supports advanced features such as static routing, With static routing, IP routes are manually entered into a routing table, which allows for communication between different user groups in different VLAN segments in a network. The switch can directly handle inter VLAN routing using multiple interfaces, making the network run faster and more efficiently. Because the switches can manage internal routing, the network router can be assigned to handle external traffic routing only.

    But maybe the present firmware version can't keep that promise. Hence, you could try the latest BETA release (ftp://ftp2.dlink.com/PRODUCTS/DGS-1210-SERIES/REVF/BETA) (v6.11B022_BETA, see release notes (ftp://ftp2.dlink.com/PRODUCTS/DGS-1210-SERIES/REVF/BETA/DGS-1210-SERIES_REVF_RELEASE_NOTES_v6.11B022_BETA.pdf)).

inter vlan routing never works with the 1210, and works fine with same configuration with the 1510.
firmware of the 1210 : 7.11.B008
Title: Re: VLAN Routing
Post by: PacketTracer on January 11, 2019, 02:33:53 PM
Hm, just stating that routing doesn't work without presenting the configuration of the switch (VLAN and SVI definitions, the static routing table), connected devices (IP address/mask, default gateway settings and eventually added static routes) and external routers (interface settings and routing tables) isn't very helpful, because this prevents any analysis that might reveal some configuration error to be the cause for the observed "non-routing" (instead of the assumed switch malfunction).
Title: Re: VLAN Routing
Post by: patl on January 13, 2019, 05:46:00 AM
my configuration is very simple

2 vlans
1/ 192.168.1.0/24 interface vlan on the switch 192.168.1.250
2/ 192.168.0.0/24 interface vlan on the switch 192.168.0.250

each equipment on vlan have a default route to the interface vlan
each equipment can ping all interface vlan on the switch (ex endpoint on vlan 1 can ping 192.168.1.250 and 192.168.0.250)

impossible to ping another endpoint on other vlan.

with my new 1510 all is working fine.
vlan are directly connected, so no routes to add

wireshark indicate that the switch route packet to the wrong Vlan
on the switch all ARP are in the good vlan
mac address table is good.

there is nothing complicated and i tried to add ACL, tried asymetric Vlan
Dlink support indicate to me that i have to take 1510 instead of 1210
 
Title: Re: VLAN Routing
Post by: PacketTracer on January 13, 2019, 12:04:23 PM
Quote
wireshark indicate that the switch route packet to the wrong Vlan

Hm, this means that besides the two VLANs you mentioned, there must be at least a third ("wrong") one (having a switch IP interface), because otherwise the only other (second) one besides the first one would always be the "proper" one - hence routing would work. Second, from what you say follows, that the switch _does_ routing between VLANs, it only selects a wrong VLAN for packet forwarding. Or in case that the "wrong" VLAN doesn't have a switch IP interface, would the packets then be erroneously bridged to that VLAN? Third, how can you see from wireshark running at a device other than the switch, how the switch indeed forwards (or bridges) IP packets? Or did you use Port Mirroring?

Quote
each equipment can ping all interface vlan on the switch (ex endpoint on vlan 1 can ping 192.168.1.250 and 192.168.0.250)

This is probably due to the so called "weak host model (https://en.wikipedia.org/wiki/Host_model)" that any multihoming host (like your switch) might operate, even if it is not configured for (or able to do) routing.

Just for completeness: Can you tell the VLAN settings for the ports involved (untagged/tagged/no memberships, and also important: The PVID settings)?

Let's assume you try to ping from device 192.168.0.10 to 192.168.1.10. Before you start, you delete the ARP caches of both devices and the intermediate switch and start Wireshark on both devices.

Can you restrict the problem to one of the following steps that doesn't work (?):
Up to which step can you proceed or rather which step will fail?

For example, if you can proceed to step 6 (inclusive) and step 7 fails (no echo reply sent), this might be due to a local host's firewall setting that refuses (drops) echo requests that stem from networks other than the local one (default behaviour of Windows).

Quote
Dlink support indicate to me that i have to take 1510 instead of 1210

Did they tell why? I mean: Routing between VLANs is an included/promised product feature, and if it doesn't work, you should return the switch to your dealer and get your money back.
Title: Re: VLAN Routing
Post by: patl on January 19, 2019, 08:36:00 AM
sorry, but i haven't my 1210 anymore
Title: Re: VLAN Routing
Post by: drave on October 25, 2019, 01:00:58 PM
I think i'll hijack this forum back to the original question, ive been given a 1510-28X and cant get any routing between vlans

The switch is reset to factory
The  switch IP address is set to 192.168.0.254
Router is plugged into port 24 with an ip address of 192.168.0.1
I create a single VLAN on ports 1-8 for ip'z of 192.168.2...... ,  ip for the vlan is 192.168.2.254

vlan 20
name testvlan,
interface range ethernet 1/0/1-1/0/8
switchport mode access
switchport access vlan 20
acceptable-frame admit-all
interface vlan 20
ip address 192.168.2.254 255.255.255.0
ip route 0.0.0.0 0.0.0.0 192.168.0.1 primary

No pinging or browseing between vlans, vlan 20 cannot get out to the net.
The documentation would seem to imply that routing is on by default as they only show how create a block between 2 vlans (corporate and guest) and dont show how any vlan connects to the vlan with the router/default route.   Ive tried ACL access lists , Access Maps/Filters. Nothing ive tried works.

any ideas gratefully accepted 
Title: Re: VLAN Routing
Post by: PacketTracer on October 25, 2019, 02:52:56 PM
Hi.

maybe, a route back to 192.168.2.0/24 is missing?

I guess, all devices within 192.168.0.0/24 are configured to use 192.168.0.1 (your router) as their default gateway.
Hence, add the following route to your router:

net 192.168.2.0/24 next hop 192.168.0.254

PT
Title: Re: VLAN Routing
Post by: drave on October 26, 2019, 04:12:52 AM
Hi

Actually "router" as a description of the thing that connects me to the internet is probably an overstatement. Its the box i got from my cable company, so is very basic with no programability.
I could put an external (proper)router between the vlans but isnt this a L3 switch capable of routing on its own ??
Should there be an equivalent to the "next hop" statement and would'nt this be mentioned in the vlan setup examples

regards
Title: Re: VLAN Routing
Post by: PacketTracer on October 26, 2019, 12:50:51 PM
Hi once more,

Quote
Should there be an equivalent to the "next hop" statement and would'nt this be mentioned in the vlan setup examples

No - and I guess the vlan setup examples only focus on routing between directly connected VLANs without the additional routing requirements needed, if one of these VLANs is conected to the Internet via another router.

Quote
I could put an external (proper)router between the vlans but isnt this a L3 switch capable of routing on its own ??

This wouldn't solve the problem, see below:

None of your devices within 192.168.0.0/24 including the router at 192.168.0.1 know the network 192.168.2.0/24 because they don't have a route to it! Hence if they receive a packet from 192.168.2.0/24 (which may only happen if you configured devices within network 192.168.2.0/24 to use the switch's address 192.168.2.254 as their default gateway - did you?) they look at their local routing tables and only find a default route that covers that network. Hence they send a reply for 192.168.2.0/24 to their default gateway which in case of the router is some other router at the provider's network and in case of any other device in network 192.168.0.0/24  is your router at 192.168.0.1. In any case the reply will not be sent back via the switch but to the Internet (and probably be dropped by your router, because traffic with private destination addresses mustn't be routed to the Internet).

You could change the default gateway of any device (except the router) within network 192.168.0.0/24 to 192.168.0.254 (the switch's address). Then any device within network 192.168.0.0/24 (except the router) could talk to devices within network 192.168.2.0/24 and to the Internet (due to the default route configured within your switch). And this would prove your switch is able to route IP traffic (hence check it).

But still your devices within network 192.168.2.0/24 can't talk to the Internet or to your router because this would require your router to be configured for the route I mentioned in my last post (so it would know how to forward reply traffic back from the Internet to recipients in network 192.168.2.0/24).

Internet access for devices at 192.168.2.0/24 would require you to exchange your Internet router by some other model that allows configuration of static routes towards the local network.

If you just want to subdivide the devices within your LAN into two groups that can't talk to each other but may share the Internet access via your router you could configure 'asymmetric' VLANs within your switch (provided your switch model supports this feature - according to the manual it should). In this case you could continue to operate a single IP network (192.168.0.0/24) only while the switch internally blocks any communication between any pair of devices that belong to different groups.

PT
Title: Re: VLAN Routing
Post by: drave on November 06, 2019, 07:11:19 AM
Hello Again

Have been distracted by other things the last days but ....

yes you are absolutely right. Ive modified machines in the 192.168.0.... net with a default route of 192.168.0.254 and now they can route between vlans BUT as you say no access from the 192.168.2... vlan to the Internet. I tried adding a "ip route 192.168.2.0 255.255.255.0 192.168.2.254"  but this is rejected as no reponse from nexthop. What appart from default route is the static route configuration useful for ?? I will investigate this "asymmetric vlan" feature

thanks
Title: Re: VLAN Routing
Post by: PacketTracer on November 06, 2019, 09:05:15 AM
Hello,

Quote
I tried adding a "ip route 192.168.2.0 255.255.255.0 192.168.2.254"  but this is rejected as no reponse from nexthop.

A router (or a layer 3 switch acting as a router) 'knows' any directly connected network per default via the ip configuration of its network interfaces. Hence, you mustn't configure static routes for destinations that represent directly connected networks and where the next hop would be a local IP address of the router itself (and your switch correctly refuses such an attempt). If you look at the routing table of your switch, you would see, that networks 192.168.0.0/24 and 192.168.2.0/24 are already present and marked as "directly connected" (or with a metric value of 1).

Moreover it is your Internet router where you have to place a route for 192.168.2.0/24 (with next hop = 192.168.0.254), not the switch (it already has one implicitely).

Quote
What appart from default route is the static route configuration useful for ?

For example, if you had a 3rd router connected to 192.168.2.0/24 (assumed to have the address 192.168.2.253), that connects to a 3rd LAN 192.168.3.0/24, you would have to configure the route "net 192.168.3.0/24 next hop 192.168.2.253" within your switch.

PT