1

Background:

I've been tasked to setup a VLAN and routing at our DC. The VLAN ID is 25, which I've configured on an HP v1910 switch by way of a trunk port and tagged with VLAN 25.

I also have an ESXi host with a portgroup tagged with VLAN 25 connected to a port on the v1910 switch that's a hybrid port belonging to VLAN 5 untagged and VLAN 25 tagged.

The VLAN works as far as I can tell, since the IPs I've been instructed to use seemingly can ping to the remote device just fine. The IP I've been assigned:

10.10.25.10/30, or 10.10.25.10 mask 255.255.255.252 The remote IP used to test is 10.10.25.9/30, which I can ping (traceroute works as well, one hop to 10.10.25.9)

The issue now though is this:

The IP 10.10.25.10/30 has been assigned to a VM directly on my side, with the vNIC connecting to the port group belonging to VLAN 25. The device at the remote site though is 192.168.78.10, meaning that I need to route traffic to 192.168.78.10 via the NIC belonging to VLAN 25 and the next hop as 10.10.25.9 (instruction given from network admin at remote site, assuming 10.10.25.9 is a router or routing-capable device).

Here's what I've tried doing on the VM running a Windows OS (interface 25 is the NIC belonging to VLAN 25):

route add 192.168.78.10 mask 255.255.255.255 10.10.25.9 if 25

I cannot connect to 192.168.78.10 at this point though. What confuses me more is that doing a traceroute to 192.168.78.10 does not produce any visible hops, even though I can ping 10.10.25.9 fine, which should surely show up as a network hop?

My questions:

Is the problem on my side, or at the remote site? If it's on my end, am I missing something perhaps?

techraf
  • 4,243
  • 8
  • 29
  • 44
kooper
  • 13
  • 3
  • I've tried to illustrate the issue, but seemingly can't. Visual representation: http://i.imgur.com/tCKoIVg.jpg – kooper Nov 15 '16 at 13:01
  • Your description isn't clear and visual representation too. Router must have two Interfaces in networks 10.10.25.8/30 and 192.168.78.0/?. Whitch of these networks is used in vlan 25? – Mikhail Khirgiy Nov 16 '16 at 05:30
  • Hi Mikhail, sorry about the lack of clarity. Unfortunately I cannot say for sure what the router on the remote site is configured like as I just don't have access to it at all. For the configs I have control over, the VLAN 25 network consists of 10.10.25.8/30, i.e. from my VM 10.10.25.10/30, the connection goes to the remote device (assume it's a router) 10.10.25.9/30. What happens from that point on, I don't know just yet. – kooper Nov 16 '16 at 06:52
  • What ip address has router in network 192.168.78.0/? ? The host 192.168.78.10 must have route to 10.10.25.8/30 network via that router's ip address. – Mikhail Khirgiy Nov 16 '16 at 09:39
  • Hi Mikhail, thanks for pointing that out. It makes complete sense, but whether the host 192.168.78.10 has the proper routing in place to the 10.10.25.8/30 network I unfortunately cannot confirm. I have asked the remote network admin to confirm this. – kooper Nov 16 '16 at 10:22

1 Answers1

0

From you description you have an Ethernet connection from the remote router to your switch.

  • Your route statement is OK, you can check with route print.
  • The remote admin needs to ensure that the router has an arp entry for your VM.
  • The remote admin needs to ensure that the 192.168.78.10 host and any intervening routers have a route back to you 10.10.25.8/30
  • Don't worry about traceroute, the remote router may not send/allow it for policy reasons.

If after all that it's still not working ask the remote admin for the router's far interface IP and add that to your routing table and try pinging it. If all else fails you can prove your config using wireshark which will reval whether or not your VM is behaving correctly.

marctxk
  • 329
  • 1
  • 4
  • Hi marctxk, many thanks for the feedback, appreciate it. I've marked your answer as helpful, not sure why it isn't showing as such yet. Wireshark is a great idea, going to give that a go. – kooper Nov 16 '16 at 06:59
  • Hi marctxk, thanks again for suggesting Wireshark. I'm not entirely sure if I'm reading the capture correctly, but if I test connectivity to 192.168.78.10 from my VM 10.10.25.10/30, it seems like the traffic reaches a Cisco device with IP 10.10.25.9/30. I think that conclusively proves that the traffic from our side intended for 192.168.78.10 is a) routed correctly, and b) reaches 10.10.25.9/30 at the remote site. That's essentially what I was after when I asked this question, so going to mark your answer as the correct one. Thanks for your help :) – kooper Nov 16 '16 at 11:09