Pulling out hairs and I'm already balding - ICX routing help

  • 1
  • Question
  • Updated 5 days ago

If you solve this, you could be the one!  

We have a closed network environment with NO ROUTER, but we do have a layer 3 switch.  Please refer to the diagram; we have a server with IP address 192.168.1.3/24 with gateway of 192.168.1.1  The server is connected to Ethernet port 1/1/1 of the Brocade Ruckus ICX 7150 switch which has vlan 192 untagged with ve 192 on IP address of 192.168.1.1.  

We have a fiber link on port 1/3/1 that goes out to a layer 2 switch.  On port 1/3/1 we have vlan 51 tagged with ve 51 on IP address 10.174.241.99 and vlan 351 with tagged ve on IP address 11.174.246.99.  

From the Brocade Ruckus we can ping the Layer 2 switch at 10.174.241.20, the Camera at 11.174.246.30, and the server at 192.168.1.3.  From the server we cannot ping or communicate with the camera at 11.174.246.30.

On the server we even added static routes: 

route add 10.174.241.0 mask 255.255.255.0 192.168.1.1

route add 11.174.246.0 mask 255.255.255.0 192.168.1.1 

What are we missing?

I'll be happy to share our running config if you're interested in making someone's week.

Photo of Tony Butler

Tony Butler

  • 14 Posts
  • 1 Reply Like

Posted 5 days ago

  • 1
Photo of Andrew Giancola

Andrew Giancola

  • 146 Posts
  • 50 Reply Likes
In your diagram, it doesn't show if the other 'Pingable' devices are also on the layer 2. Have you checked the arp tables of each switch independently to see which Vlan each switch thinks the mac address of your non-reachable device is?
Photo of Tony Butler

Tony Butler

  • 14 Posts
  • 0 Reply Likes
Show ARP from the ICX shows the correct MAC addresses of the layer 2 switch and camera.  I've verified the port the camera is on is set to vlan 351, however the layer 2 switch has a different IP subnet than the camera, show arp on that switch doesn't show the mac address of the camera, only the laptop we connected to it to view the arp tables.
Photo of Tony Butler

Tony Butler

  • 14 Posts
  • 0 Reply Likes
To update, let's take the camera out of the equation.  We can't ping the layer 2 switch at 10.174.241.20 from the server at 192.168.1.3 and we can verify the MAC address is correct in arp on the layer 2 and the icx match mac addresses for the switch.
Photo of Andrew Giancola

Andrew Giancola

  • 146 Posts
  • 50 Reply Likes
Was this always broken?also who makes the layer 2 switch, and lacking 'arp' commands on the l2, are you able to run a 'show mac address table interface' to verify the device is registering a mac address and that its appearing on the correct vlan?. 
i wonder if you might be having a spanning tree convergence, or vtp issue.
have you unplugged the Camera, run any packet sniffers? that might show you at least which items on the L3 you can see via broadcast.
(Edited)
Photo of Tony Butler

Tony Butler

  • 14 Posts
  • 0 Reply Likes
Thanks for your input Andrew.  Our original configurations left out gateways on the end devices (camera) as we had no router and were working on layer 2.  After adding the layer 3 switch with ve's we never went back and added the gateways.  Once we added the ve ip's as the gateways for each device in its subnet it worked like a charm.  We appreciate your input.
Photo of Andrew Giancola

Andrew Giancola

  • 146 Posts
  • 50 Reply Likes
Glad you've sorted it out!