Skip to main content
Start a Conversation

Solved!

Go to Solution

Mr.Larry91

3 Posts

987

October 14th, 2020 09:00

Powerconnect 8024F routing issue

Hi all,

Currently in the process of setting up routing and DHCP in order to use the switch as a default gateway instead of the router since the router is on a heavy load.

The topology is the following ROUTER - Dell Switch - Other switches 

Currently, the problem is the following: if a client from VLAN 20(10.1.20.0/24) connects he won't be able to access the internet without an additional default route being set (0.0.0.0 0.0.0.0 10.1.20.1). 10.1.20.1 is the router's IP address.

My question is shouldn't the switch use the default route that is already in place?

Here is my entire config:

console(config)#show running-config

!Current Configuration:
!System Description "Powerconnect 8024F, 5.1.15.2, VxWorks 6.6"
!System Software Version 5.1.15.2
!Cut-through mode is configured as disabled
!
configure
vlan 8,20,30-32,40,100,250-251,253-254
exit
vlan 8
name "MNG"
exit
vlan 20
name "SEC"
exit
vlan 30
name "EMP"
exit
vlan 31
name "Accounting"
exit
vlan 32
name "Wireless"
--More-- or (q)uit
exit
vlan 40
name "SRV"
exit
vlan 100
name "VOIP"
exit
vlan 251
name "Native"
exit
vlan 253
name "Motorola_Primary"
exit
vlan 254
name "Motorola_Secondary_Lan"
exit
sntp unicast client enable
sntp server 129.128.12.20
sntp server 158.69.243.189
clock summer-time recurring USA
clock timezone -5 minutes 0 zone "EST"
stack
member 1 2 ! PC8024F
--More-- or (q)uit
exit
interface out-of-band
ip address 10.10.250.1 255.255.255.0 0.0.0.0
exit
ip name-server "8.8.8.8"
ip name-server "1.1.1.1"
logging file informational
no ip http server
class-map match-all DSCP-ALL ipv4
!match ip dscp 46(ef)
match ip dscp 46
exit
policy-map input_trush_dscp in
exit
policy-map input_trist_dscp in
exit
policy-map VOIP in
class DSCP-ALL
mark ip-dscp 46
exit
exit
ip routing
ip route 0.0.0.0 0.0.0.0 10.1.30.1
--More-- or (q)uit
ip route 0.0.0.0 0.0.0.0 10.1.20.1
ip route 10.50.20.0 255.255.255.0 10.250.0.1
ip route 10.51.20.0 255.255.255.0 10.250.0.1
ip route 10.52.20.0 255.255.255.0 10.250.0.1
ip route 10.53.20.0 255.255.255.0 10.250.0.1
ip route 10.79.20.0 255.255.255.0 10.250.0.1
ip route 10.80.8.0 255.255.255.0 10.250.0.1
ip route 10.80.20.0 255.255.255.0 10.250.0.1
ip route 10.81.1.0 255.255.255.0 10.250.0.1
ip route 10.81.8.0 255.255.255.0 10.250.0.1
ip route 10.81.20.0 255.255.255.0 10.250.0.1
ip route 10.82.8.0 255.255.255.0 10.250.0.1
ip route 10.82.20.0 255.255.255.0 10.250.0.1
ip route 10.83.8.0 255.255.255.0 10.250.0.1
ip route 10.83.20.0 255.255.255.0 10.250.0.1
ip route 10.84.8.0 255.255.255.0 10.250.0.1
ip route 10.84.20.0 255.255.255.0 10.250.0.1
ip route 10.85.20.0 255.255.255.0 10.250.0.1
ip route 10.87.8.0 255.255.255.0 10.250.0.1
ip route 10.87.20.0 255.255.255.0 10.250.0.1
ip route 10.88.8.0 255.255.255.0 10.250.0.1
ip route 10.88.20.0 255.255.255.0 10.250.0.1
ip route 192.168.2.0 255.255.255.0 10.250.0.1
--More-- or (q)uit
ip route 10.89.8.0 255.255.255.0 10.250.0.1
ip route 10.89.20.0 255.255.255.0 10.250.0.1
ip route 10.90.8.0 255.255.255.0 10.250.0.1
ip route 10.90.20.0 255.255.255.0 10.250.0.1
ip route 10.90.21.0 255.255.255.0 10.250.0.1
ip route 10.90.22.0 255.255.255.0 10.250.0.1
ip route 10.90.23.0 255.255.255.0 10.250.0.1
ip route 10.90.24.0 255.255.255.0 10.250.0.1
ip route 10.90.25.0 255.255.255.0 10.250.0.1
ip route 10.90.26.0 255.255.255.0 10.250.0.1
ip route 10.90.30.0 255.255.255.0 10.250.0.1
ip route 10.91.8.0 255.255.255.0 10.250.0.1
ip route 10.91.20.0 255.255.255.0 10.250.0.1
ip route 192.168.27.0 255.255.255.0 10.250.0.1
ip route 10.92.20.0 255.255.255.0 10.250.0.1
ip route 10.93.8.0 255.255.255.0 10.250.0.1
ip route 10.93.20.0 255.255.255.0 10.250.0.1
ip route 10.94.8.0 255.255.255.0 10.250.0.1
ip route 10.94.20.0 255.255.255.0 10.250.0.1
ip route 10.94.21.0 255.255.255.0 10.250.0.1
ip route 10.95.8.0 255.255.255.0 10.250.0.1
ip route 10.95.20.0 255.255.255.0 10.250.0.1
ip route 192.168.0.0 255.255.255.0 10.250.0.1
--More-- or (q)uit
ip route 10.96.8.0 255.255.255.0 10.250.0.1
ip route 10.96.20.0 255.255.255.0 10.250.0.1
ip route 10.98.8.0 255.255.255.0 10.250.0.1
ip route 10.98.20.0 255.255.255.0 10.250.0.1
ip route 10.99.8.0 255.255.255.0 10.250.0.1
ip route 10.99.20.0 255.255.255.0 10.250.0.1
ip route 10.99.50.0 255.255.255.0 10.250.0.1
ip route 10.100.20.0 255.255.255.0 10.250.0.1
ip route 10.100.8.0 255.255.255.0 10.250.0.1
ip route 192.168.36.0 255.255.255.0 10.250.0.1
ip route 10.101.8.0 255.255.255.0 10.250.0.1
ip route 10.101.20.0 255.255.255.0 10.250.0.1
ip route 10.102.8.0 255.255.255.0 10.250.0.1
ip route 10.102.20.0 255.255.255.0 10.250.0.1
ip route 10.103.8.0 255.255.255.0 10.250.0.1
ip route 10.103.20.0 255.255.255.0 10.250.0.1
ip route 10.104.8.0 255.255.255.0 10.250.0.1
ip route 10.104.20.0 255.255.255.0 10.250.0.1
ip route 10.105.8.0 255.255.255.0 10.250.0.1
ip route 10.105.20.0 255.255.255.0 10.250.0.1
ip route 10.107.8.0 255.255.255.0 10.250.0.1
ip route 10.107.20.0 255.255.255.0 10.250.0.1
ip route 10.108.8.0 255.255.255.0 10.250.0.1
--More-- or (q)uit
ip route 10.108.20.0 255.255.255.0 10.250.0.1
ip route 10.109.8.0 255.255.255.0 10.250.0.1
ip route 10.109.20.0 255.255.255.0 10.250.0.1
ip route 10.110.8.0 255.255.255.0 10.250.0.1
ip route 10.110.20.0 255.255.255.0 10.250.0.1
ip route 10.110.21.0 255.255.255.0 10.250.0.1
ip route 10.111.8.0 255.255.255.0 10.250.0.1
ip route 10.111.20.0 255.255.255.0 10.250.0.1
ip route 10.112.8.0 255.255.255.0 10.250.0.1
ip route 10.112.20.0 255.255.255.0 10.250.0.1
ip route 10.113.8.0 255.255.255.0 10.250.0.1
ip route 10.113.20.0 255.255.255.0 10.250.0.1
ip route 10.114.8.0 255.255.255.0 10.250.0.1
ip route 10.115.8.0 255.255.255.0 10.250.0.1
ip route 10.115.20.0 255.255.255.0 10.250.0.1
ip route 10.117.8.0 255.255.255.0 10.250.0.1
ip route 10.117.20.0 255.255.255.0 10.250.0.1
ip route 10.118.8.0 255.255.255.0 10.250.0.1
ip route 10.118.20.0 255.255.255.0 10.250.0.1
ip route 10.119.8.0 255.255.255.0 10.250.0.1
ip route 10.119.20.0 255.255.255.0 10.250.0.1
ip route 10.120.8.0 255.255.255.0 10.250.0.1
ip route 10.120.20.0 255.255.255.0 10.250.0.1
--More-- or (q)uit
ip route 10.121.1.0 255.255.255.0 10.250.0.1
ip route 10.121.20.0 255.255.255.0 10.250.0.1
ip route 192.168.37.0 255.255.255.0 10.250.0.1
ip route 10.125.8.0 255.255.255.0 10.250.0.1
ip route 10.125.20.0 255.255.255.0 10.250.0.1
ip route 10.126.8.0 255.255.255.0 10.250.0.1
ip route 10.126.20.0 255.255.255.0 10.250.0.1
ip route 10.3.40.0 255.255.255.0 10.250.0.1
ip route 10.127.20.0 255.255.255.0 10.250.0.1
ip route 10.2.20.0 255.255.255.0 10.250.0.1
ip route 10.2.8.0 255.255.255.0 10.250.0.1
ip route 10.2.30.0 255.255.255.0 10.250.0.1
ip route 10.106.20.0 255.255.255.0 10.250.0.1
ip route 10.106.8.0 255.255.255.0 10.250.0.1
ip route 10.78.20.0 255.255.255.0 10.250.0.1
ip route 10.90.1.0 255.255.255.0 10.250.0.1
ip route 10.119.1.0 255.255.255.0 10.250.0.1
ip route 10.54.20.0 255.255.255.0 10.250.0.1
ip route 10.54.8.0 255.255.255.0 10.250.0.1
ip route 10.129.20.0 255.255.255.0 10.250.0.1
ip route 10.86.1.0 255.255.255.0 10.250.0.1
ip route 10.86.20.0 255.255.255.0 10.250.0.1
ip route 10.86.21.0 255.255.255.0 10.250.0.1
--More-- or (q)uit
ip route 10.128.20.0 255.255.255.0 10.250.0.1
ip route 10.131.20.0 255.255.255.0 10.250.0.1
ip route 10.49.20.0 255.255.255.0 10.250.0.1
ip route 10.107.1.0 255.255.255.0 10.250.0.1
ip route 10.48.20.0 255.255.255.0 10.250.0.1
ip route 10.10.20.0 255.255.255.0 10.250.0.1
ip route 10.46.20.0 255.255.255.0 10.250.0.1
ip route 10.130.20.0 255.255.255.0 10.250.0.1
ip route 0.0.0.0 0.0.0.0 10.250.0.1 2
no ip helper enable
service dhcp
ip dhcp excluded-address 10.1.20.1 10.1.20.1
ip dhcp pool "VLAN20"
dns-server 10.1.30.2 1.1.1.1
default-router 10.1.20.200
network 10.1.20.0 255.255.255.0
domain-name bvp.local
exit
interface vlan 1 1
exit
interface vlan 8 6
ip address 10.1.8.200 255.255.255.0
exit
--More-- or (q)uit
interface vlan 20 5
ip address 10.1.20.200 255.255.255.0
exit
interface vlan 30 3
ip address 10.1.30.200 255.255.255.0
exit
interface vlan 31 7
ip address 10.1.31.200 255.255.255.0
exit
interface vlan 40 4
ip address 10.1.40.200 255.255.255.0
exit
interface vlan 100 8
ip address 10.1.100.200 255.255.255.0
exit
interface vlan 250 2
ip address 10.250.0.4 255.255.255.0
exit
interface vlan 253 9
ip address 192.168.1.200 255.255.255.0
exit
interface vlan 254 10
ip address 192.168.254.200 255.255.255.0
--More-- or (q)uit
exit
username "admin" password 8074871d45db5fd313f8da4284607d3e privilege 15 encrypted
no spanning-tree
spanning-tree bpdu flooding
classofservice trust ip-dscp
classofservice ip-dscp-mapping 46 6
cos-queue random-detect 5
cos-queue strict 0 1 2 3 4 5 6
udld enable
!
interface Te1/0/1
description "MX250_Uplink"
switchport mode general
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30-32,40,100,250,253-254 tagged
switchport general allowed vlan remove 1
switchport trunk allowed vlan 1,40,250
exit
!
interface Te1/0/2
description "Warm_Spare_MX250_Uplink"
switchport mode general
switchport general acceptable-frame-type tagged-only
--More-- or (q)uit
switchport general allowed vlan add 8,20,30-31,40,100,250-251,253-254 tagged
switchport general allowed vlan add 1 tagged
exit
!
interface Te1/0/3
description "MS-120-48P_Top_Trunk"
switchport mode general
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,253-254 tagged
switchport access vlan 250
exit
!
interface Te1/0/4
description "MS-120-48P_Middle_Trunk"
switchport mode general
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,253-254 tagged
switchport general allowed vlan remove 1
switchport access vlan 250
switchport trunk native vlan 8
switchport trunk allowed vlan 8,20,30,40,100,253-254
exit
!
--More-- or (q)uit
interface Te1/0/5
description "MS-120-48P_Bottom_Trunk"
switchport mode trunk
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,253-254 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 8
switchport trunk allowed vlan 8,20,30,40,100,253-254
exit
!
interface Te1/0/6
speed 1000
duplex full
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,254
switchport general allowed vlan add 253 tagged
switchport general allowed vlan remove 1
switchport access vlan 250
switchport trunk native vlan 8
switchport trunk allowed vlan 8,20,30,40,100,254
exit
!
interface Te1/0/7
--More-- or (q)uit
speed 1000
duplex full
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,253-254 tagged
switchport general allowed vlan remove 1
switchport trunk native vlan 8
switchport trunk allowed vlan 8,20,30,40,100,253-254
exit
!
interface Te1/0/8
duplex full
exit
!
interface Te1/0/9
speed 1000
duplex full
description "Small_Office_Uplink"
switchport mode trunk
switchport trunk native vlan 8
udld enable
exit
!
interface Te1/0/10
--More-- or (q)uit
speed 1000
duplex full
description "Middle_Row_Uplink"
switchport mode trunk
switchport access vlan 8
switchport trunk native vlan 251
udld enable
exit
!
interface Te1/0/11
speed 1000
duplex full
description "Middle_Row_VOIP_Access"
switchport general acceptable-frame-type tagged-only
switchport general allowed vlan add 8,20,30,40,100,253-254 tagged
switchport general allowed vlan remove 1
switchport access vlan 100
switchport trunk native vlan 8
udld enable
exit
!
interface Te1/0/12
speed 1000
--More-- or (q)uit
duplex full
description "Hik_Central_Access"
switchport general allowed vlan remove 1
switchport access vlan 30
switchport trunk native vlan 8
switchport trunk allowed vlan 8,20,30,40,100,253-254
udld enable
exit
!
interface Te1/0/13
speed 1000
duplex full
description "Top_Floor_Uplink_Trunk"
switchport mode general
switchport general allowed vlan add 8,30-32 tagged
switchport general allowed vlan remove 1
switchport access vlan 31
exit
!
interface Te1/0/14
speed 1000
duplex full
description "Accounting_Server"
--More-- or (q)uit
switchport access vlan 40
exit
!
interface Te1/0/15
duplex full
exit
!
interface Te1/0/16
speed 1000
exit
!
interface Te1/0/19
mtu 9216
switchport access vlan 250
exit
!
interface Te1/0/20
description "MPLS_Uplink"
mtu 9216
switchport access vlan 250
exit
snmp-server engineid local 800002a2035c260a979669
exit
--More-- or (q)uit

 

Mr.Larry91

3 Posts

October 15th, 2020 07:00

Hi guys,

Have an update. Did a packet capture and saw that the router that is doing the nat is not replying to pings.

I double-checked the config and saw that "source IP address spoofing protection" was enabled, once it was turned off the default route was working and I was able to ping.

So basically the router decided that my client was a spoof attack.

DELL-Josh Cr

Moderator

 • 

9.2K Posts

October 14th, 2020 13:00

Hi Mr.Larry91,

When the clients are being assigned DHCP do they show the proper ip address for their default gateway?

Mr.Larry91

3 Posts

October 14th, 2020 23:00

Hi,

The clients are showing the proper IP address of their default gateway.

For example when a client received a DHCP lease from 10.1.20.0/24 (client ip 10.1.20.2, default gateway 10.1.20.200), the client on that network could not ping 10.1.30.1 which was originally the default route on the switch while directly from the switch 10.1.30.1 was replying to pings.

All vlan interfaces have IP assigned to them and clients are able to communicate in between vlans. There are no ACL set on the router.

Current workaround that I am using is adding default route with same priority for each vlan 10.1.20.1, 10.1.30.1, 10.1.40.1 and so on.

I will run a packet capture today hopefully that will provide additional insight into the problem.

Was this post helpful?

View All

No Events found!

Top