Default route for layer 3 switching on MS225-48FP

Solved
TravisFleming1
Conversationalist

Default route for layer 3 switching on MS225-48FP

Hello,

Helping a company that has an MX 100 as their primary firewall\default gateway. They also have an MS225-48FP switch stack with two switches in the stack. They also have off one of the sfp ports, a 10 Gb SFP to a heathen brand Netgear 10 Gb switch. When they do file transfers from one vlan to another on the switch using the MX as a router on a stick, they are seeing very bad packet loss. I'm guessing because the server on the netgear is going for 10 Gb speeds, and the line from the MS to the MX is only 100 Mbps. If they put two computers on the same vlan, they get great throughput if we take the MX router on a stick out of the situation.

 

My thought was to move the layer 3 routing for the vlan's from the MX to the MS. We added SVI's on the MS, and the computers on the two vlans can now talk at fast speeds, when they skip the MX, and use the MS as their default gateway. SVI interfaces still exist on the MX on the same vlan as well.

 

I have a static route setup for subnet 0.0.0.0/0 and next hop IP is on the MX that is on vlan 27. However the computer on vlan 30 can't get to the internet, but the one on vlan 27 can. Also, if I switch the route to have the next hop route of the vlan 30 subnet on the MX the roles are reversed and vlan 27 can no longer get to the internet.

 

Normal cisco world tells me to run the command "ip route" on the layer 3 switch to enable layer 3 routing. What do I need to do on the MS switch to set a default route of the MX for ALL vlan's on the MS?

1 Accepted Solution
Bruce
Kind of a big deal

@TravisFleming1, I believe what you may be seeing is a consequence of asymmetric routing. I’m guessing you have an interface for VLAN 27 on both the MX and MS, and likewise for VLAN 30.

 

I would suggest you create a transit VLAN between the MX and MS, say VLAN 99 if you’re not already using it. Create VLAN 99 on the MX and a corresponding SVI on the MS stack, and make sure it’s permitted on the trunk between the MX and the MS. Set the default route (0.0.0.0/0) on the MS stack to use the VLAN 99 interface on the MX. Then remove VLAN 27 and VLAN 30 from the MX, so they only have interfaces on the MS stack. You then need to add a static route on the MX for the subnets of VLAN 27 and VLAN 30 with a next hop of the VLAN 99 MS stack SVI.

 

The only other thing to be aware of is that the management interface on the MS switches can’t be in the same subnet as a Layer 3 interface on the MS. Hopefully all your MS management interfaces are in a separate VLAN and the Layer 3 interface for that VLAN remains on the MX - if not then this is probably a good time to separate them.

View solution in original post

6 Replies 6
ww
Kind of a big deal
Kind of a big deal

Your ms config  is fine. But you need to create routes  on the mx to the ms (to ms vlan27 ip) for the vlans/subnets  that are now on the ms

cmr
Kind of a big deal
Kind of a big deal

@TravisFleming1 is there a reason that the MS-MX link is running at 100Mbps?  The ports on both devices are capable of 1Gbps.

If my answer solves your problem please click Accept as Solution so others can benefit from it.
TravisFleming1
Conversationalist

I fat fingered that, it IS 1 Gbps. Still odd I would see soooo much packet loss going from 10 Gb to 1 Gb. If I didn't see it dramatically change when routing moved off the MX I woudn't have believed it.

TravisFleming1
Conversationalist

Goofy, but now that I think about it that makes since. It's not a connected interface like traditional router just connected via a trunk port, so it wouldn't know about the subnets via connected interface. Thanks!

TravisFleming1
Conversationalist

When we try this we get the below error:

 

There were errors in saving this configuration:

  • Static lan route subnets cannot be contained by (or be equal to) a VLAN subnet.
Bruce
Kind of a big deal

@TravisFleming1, I believe what you may be seeing is a consequence of asymmetric routing. I’m guessing you have an interface for VLAN 27 on both the MX and MS, and likewise for VLAN 30.

 

I would suggest you create a transit VLAN between the MX and MS, say VLAN 99 if you’re not already using it. Create VLAN 99 on the MX and a corresponding SVI on the MS stack, and make sure it’s permitted on the trunk between the MX and the MS. Set the default route (0.0.0.0/0) on the MS stack to use the VLAN 99 interface on the MX. Then remove VLAN 27 and VLAN 30 from the MX, so they only have interfaces on the MS stack. You then need to add a static route on the MX for the subnets of VLAN 27 and VLAN 30 with a next hop of the VLAN 99 MS stack SVI.

 

The only other thing to be aware of is that the management interface on the MS switches can’t be in the same subnet as a Layer 3 interface on the MS. Hopefully all your MS management interfaces are in a separate VLAN and the Layer 3 interface for that VLAN remains on the MX - if not then this is probably a good time to separate them.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels