Skip to main content
neonbit
neonbit
New Member
June 7, 2017
Question

VLAN traffic is getting routed out of wrong interface

  • June 7, 2017
  • 1 reply
  • 10997 views

I've been testing a WLC config in my lab and ran into a strange issue regarding VLANs. I have eth1 configured with 10.1.1.1/24 and created VLAN100 on eth2 (VLAN id:100 IP: 10.0.1.1/24 GW: 10.0.1.254).

 

The problem is that I can't ping VLAN100's GW (10.0.1.254) from the WLC. When I ping 10.0.1.254 I can see that the packets are exiting out of eth1 instead of VLAN100.

 

If I ping VLAN100's interface from the gateway, I can see the ICMP request packets hitting VLAN100, but the reply packets are all going out of eth1.

 

Has anyone run into this problem before?

    1 reply

    rwpatterson
    rwpatterson
    New Member
    June 7, 2017

    neonbit wrote:

    I've been testing a WLC config in my lab and ran into a strange issue regarding VLANs. I have eth1 configured with 10.1.1.1/24 and created VLAN100 on eth2 (VLAN id:100 IP: 10.0.0.1/24 GW: 10.0.1.254).

     

    The problem is that I can't ping VLAN100's GW (10.0.1.254) from the WLC. When I ping 10.0.1.254 I can see that the packets are exiting out of eth1 instead of VLAN100.

     

    If I ping VLAN100's interface from the gateway, I can see the ICMP request packets hitting VLAN100, but the reply packets are all going out of eth1.

     

    Has anyone run into this problem before?

    If what you wrote is correct, the gateway for VLAN 100 is not in the same subnet range as the IP on that interface. The network from the gateway perspective is 10.0.1 but the interface has 10.0.0. Check these and get back to us.

    neonbit
    neonbitAuthor
    New Member
    June 8, 2017

    I wish my problems were that simple :) Thanks Bob but unfortunately that was just a typo. Can confirm the IP/Subnet/GW are in the correct ranges.

     

    Another thing I've noticed is that if I do a packet capture on the gateway (a FGT), I can see the ARP requests come out from the WLC for 10.0.1.254 and it gets the response (arp lookup on the WLC can see the GW IP and MAC).

     

    All fingers point towards the gateway/subnet being incorrect but they are. I've tried to change the IP around just incase but still no go.

     

    I've been looking for a way to bring up the routing table on the WLC but it's CLI is very simplistic, can't see anyway of displaying this. :(

    neonbit
    neonbitAuthor
    New Member
    June 8, 2017

     

    Below is a quick capture from the WLC. I've changed the VLAN interface here to be 10.0.7.1/24 and the GW is 10.0.7.254.

     

    I pinged from the GW (.254) to the WLC (.1). The first capture shows the ICMP packets hitting the VLAN interface (INT 6). It also shows the WLC responding to an ARP request to the GW.

     

    The second capture shows the ICMP replies going out of INT1.

     

    The VLAN interface configuration looks like this:

     

    VLAN Name : TEST-VLAN Tag : 100 Ethernet Interface Index : 2 IP Address : 10.0.7.1 Netmask : 255.255.255.0 IP Address of the Default Gateway : 10.0.7.254 Override Default DHCP Server Flag : off DHCP Server IP Address : 0.0.0.0 DHCP Relay Pass-Through : on Owner : controller Maximum number of clients : 253

     

    Not sure if it matters, but this WLC is unlicensed. From my understanding this is fine as long as you have only 2 APs to manage (I'm only testing 1 AP), but not sure if it would also screw around with the routing.

    Terms & ConditionsAccessibility statement