VLAN routing issues

I've just installed a Netgear FSM7352S layer 3 switch at our club
(Club LaVela the largest in the states lol in the event anyone is
wondering) to support both our office network and our POS network
(about 40 bar stations / terminals) and I'm having some strange issues
I can't figure out regarding VLAN routing. I'm hoping someone here
might be able to help.

I've got two VLANs:

100 (for the office)
101 (for the pos system)

100 on the same subnet as the router (192.168.0.x) and 101 is on a
seperate one (192.168.1.x). I've got a default route set to the router
(192.168.0.1) so that everything will eventually get to the net (for
credit card processing). What's odd is that from the office VLAN I can
ping any machine on the POS VLAN and reach the internet / router but
when I connect to the POS VLAN the furthest I can access is the office
VLAN gateway (192.168.0.254) and the rest of that subnet and the
internet is unaccessible. I'm pretty sure I'm not routing something
correctly and it seems like a simple fix I just don't know what it
is... the switch seems to pick up the routes between the two vlan
gateways dynamically..

I'd really appreciate it if anyone here might be able to provide some
advice or assistance.

Thanks,

Jonathan

When Pinging from the POS Vlan, what do you see as a response?

> 100 on the same subnet as the router (192.168.0.x) and 101 is on a
> seperate one (192.168.1.x). I've got a default route set to the router
> (192.168.0.1) so that everything will eventually get to the net (for
> credit card processing). What's odd is that from the office VLAN I can
> ping any machine on the POS VLAN and reach the internet / router but
> when I connect to the POS VLAN the furthest I can access is the office
> VLAN gateway (192.168.0.254) and the rest of that subnet and the
> internet is unaccessible. I'm pretty sure I'm not routing something
> correctly and it seems like a simple fix I just don't know what it
> is... the switch seems to pick up the routes between the two vlan
> gateways dynamically..
>
> I'd really appreciate it if anyone here might be able to provide some
> advice or assistance.
>
> Thanks,
>
> Jonathan

(E-Mail Removed) <(E-Mail Removed)> wrote:

> I've got a default route set to the router
> (192.168.0.1) so that everything will eventually get to the net (for
> credit card processing).

Ok, have you got the route to the 192.168.1.0 network set to your
Netgear gateway at 192.168.0.254?

And do the machines on the 192.168.1.0 network have the default gateway
set to the address of the Netgear gateway on the 192.168.1.* network?

Mark.

--
Mark Hobley
Linux User: #370818 http://markhobley.yi.org/

On Jan 31, 2:42*pm, "Bill" <barg...@bellsouth.net> wrote:
> When Pinging from the POS Vlan, what do you see as a response?
>
> > 100 on the same subnet as the router (192.168.0.x) and 101 is on a
> > seperate one (192.168.1.x). I've got a default route set to the router
> > (192.168.0.1) so that everything will eventually get to the net (for
> > credit card processing). What's odd is that from the office VLAN I can
> > ping any machine on the POS VLAN and reach the internet / router but
> > when I connect to the POS VLAN the furthest I can access is the office
> > VLAN gateway (192.168.0.254) and the rest of that subnet and the
> > internet is unaccessible. I'm pretty sure I'm not routing something
> > correctly and it seems like a simple fix I just don't know what it
> > is... the switch seems to pick up the routes between the two vlan
> > gateways dynamically..
>
> > I'd really appreciate it if anyone here might be able to provide some
> > advice or assistance.
>
> > Thanks,
>
> > Jonathan

There is not response from anything past VLAN 100 (office) gateway...

On Jan 31, 11:08*pm, markhob...@hotpop.donottypethisbit.com (Mark
Hobley) wrote:
> jonathantp...@gmail.com <jonathantp...@gmail.com> wrote:
> > I've got a default route set to the router
> > (192.168.0.1) so that everything will eventually get to the net (for
> > credit card processing).
>
> Ok, have you got the route to the 192.168.1.0 network set to your
> Netgear gateway at 192.168.0.254?
>
> And do the machines on the 192.168.1.0 network have the default gateway
> set to the address of the Netgear gateway on the 192.168.1.* network?
>
> Mark.
>
> --
> Mark Hobley
> Linux User: #370818 *http://markhobley.yi.org/

That route shows up as a "learned route" but I haven't specifically
added it.

They might have had the route (192.168.0.1) set as the default
gateway. But I'm pretty sure I set their default gateway to
192.168.0.254..

If you say not response, it is whit I call the 'blank stare'? You get
nothing back on your screen, no errors, or info about lost packets.
Then you do not have a return route.

>> When Pinging from the POS Vlan, what do you see as a response?


>There is not response from anything past VLAN 100 (office) gateway...

Bill wrote:
> If you say not response, it is whit I call the 'blank stare'? You get
> nothing back on your screen, no errors, or info about lost packets.
> Then you do not have a return route.
>
>>> When Pinging from the POS Vlan, what do you see as a response?
>
>
>> There is not response from anything past VLAN 100 (office) gateway...


Please undestand that VLANs are like separate LANs
accidentally sharing a physical cable.

If you need traffic between VLANs, you need to provide
a router connected to both VLANs and routing between them.

In principle, it would also be possible to bridge VLANs,
but there is the question why the VLANs are seprated
in the firs hand.

--

Tauno Voipio
tauno voipio (at) iki fi

(E-Mail Removed) wrote:

> I'd really appreciate it if anyone here might be able to provide some
> advice or assistance.

Sounds similiar to my setup here, though it has an order of magnitude less
machines. The most important this is to have routes being set in both ways,
otherwise packets will find the way to the peer but not the way back. In
Layman's terms this means: You must add static routes to both subnets in
your router (to the internet), too.

On my router, which is in 192.168.10.1 the subnet 192.168.10.0/24 there are
the following static routes set:
192.168.2.0/24 via 192.168.10.22
and
192.168.3.0/24 via 192.168.10.22
where 192.168.10.22 is the address of my server (thor) in 192.168.10.0/24

This is the setup of thor, which routes between the VLANs, and has a default
route to the DSL router set:

thor ~ # ip addr show
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 16436 qdisc noqueue
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 brd 127.255.255.255 scope host lo
inet 127.0.0.1/32 scope host lo
inet 192.168.1.1/32 scope host lo
inet 192.168.1.2/32 scope host lo
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
2: eth0: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
master bond0 qlen 1000
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2e0:81ff:feb3:3546/64 scope link
valid_lft forever preferred_lft forever
3: eth1: <BROADCAST,MULTICAST,SLAVE,UP,LOWER_UP> mtu 1492 qdisc pfifo_fast
master bond0 qlen 1000
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet6 fe80::2e0:81ff:feb3:3546/64 scope link
valid_lft forever preferred_lft forever
4: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1492 qdisc noqueue
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.10.22/24 brd 192.168.10.255 scope global bond0
inet6 fe80::2e0:81ff:feb3:3546/64 scope link tentative
valid_lft forever preferred_lft forever
5: vlan2@bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1492 qdisc
noqueue
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.2.1/24 brd 192.168.2.255 scope global vlan2
inet6 fe80::2e0:81ff:feb3:3546/64 scope link tentative
valid_lft forever preferred_lft forever
6: vlan3@bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1492 qdisc
noqueue
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet 192.168.3.1/24 brd 192.168.3.255 scope global vlan3
inet6 fe80::2e0:81ff:feb3:3546/64 scope link tentative
valid_lft forever preferred_lft forever
7: vlan256@bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1492 qdisc
noqueue
link/ether 00:e0:81:b3:35:46 brd ff:ff:ff:ff:ff:ff
inet 10.0.0.138/8 brd 10.255.255.255 scope global vlan256
inet6 fe80::2e0:81ff:feb3:3546/64 scope link tentative
valid_lft forever preferred_lft forever
8: tun0: <POINTOPOINT,MULTICAST,NOARP,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
qlen 100
link/[65534]
inet 192.168.22.1 peer 192.168.22.2/32 scope global tun0

thor ~ # ip route show
192.168.22.2 dev tun0 proto kernel scope link src 192.168.22.1
192.168.22.0/24 via 192.168.22.2 dev tun0
192.168.3.0/24 dev vlan3 proto kernel scope link src 192.168.3.1
192.168.2.0/24 dev vlan2 proto kernel scope link src 192.168.2.1
192.168.10.0/24 dev bond0 proto kernel scope link src 192.168.10.22
10.0.0.0/8 dev vlan256 proto kernel scope link src 10.0.0.138
127.0.0.0/8 dev lo scope link
default via 192.168.10.1 dev bond0

Also make sure the iptables are set to allow for packets being forward
between the VLANs. I'm blocking IPP, to that printers on either subnet
don't get advertised to the other subnets:

thor ~ # iptables -L
Chain INPUT (policy ACCEPT)
target prot opt source destination

Chain FORWARD (policy ACCEPT)
target prot opt source destination
REJECT udp -- anywhere anywhere udp dpt:ipp
reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp dptrinter
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dpt:ipp
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp dptrinter
reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp spt:ipp
reject-with icmp-port-unreachable
REJECT udp -- anywhere anywhere udp sptrinter
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp spt:ipp
reject-with icmp-port-unreachable
REJECT tcp -- anywhere anywhere tcp sptrinter
reject-with icmp-port-unreachable

Chain OUTPUT (policy ACCEPT)
target prot opt source destination


Wolfgang