Inter vlan routing on Avaya 5520 routing switch

[Zandolee]

Hi guys, I really need some help with something, been at it a while now and can't seem to get it working, I have pounded the forums with no luck.
I have an avaya 5520 routing switch with 3 vlans:

Data11 Vlan Ip 10.92.11.9 Ports 1-1 1-47 Pvid 11 untagpvid only
Voice12 Vlan Ip 10.92.12.9 Ports 1-` `-47 Pvid 11 untagpvid only
WAN Vlan Ip 172.20.0.13 1-48 Pvid 11 tag all

Vlan control is set to auto pvid

IP forwarding is enabled
Vlan routing is set to true

static route 0.0.0.0 0.0.0.0 172.20.0.20 (switch in another building connected to Wan vlan port)

When I connect a laptop with IP 10.92.11.5 with a gateway of 10.92.11.9 to any port besides the Wan port, I can ping all Vlans' IP, 11.9, 12.9, 0.13 but I cannot ping a laptop with 10.92.12.5 with a gateway of 10.92.12.9.

I can ping machines behind 172.20.0.20 but not 0.20 itself, when a ping is done from the other building connected to 172.20.0.20, we can ping all the vlans but not the laptop with the IP 11.5

How do you get the laptops to ping each other? Any help with this would be highly appreciated.

 

[andy88]

The PVID is the vlan that the port puts incoming un-tagged traffic into. So with all ports having a PVID of 11 all incoming traffic from your laptop connected to an access port is in vlan 11.

Assuming you want the ports for dual role with a laptop and IP phone you need to set the phone to tag it's traffic in vlan 12 and give it an IP address in the voice subnet.

With that setup traffic on any access port will do the following,
incoming un-tagged will go into vlan 11 (pivid)
incoming tagged 12 will go into vlan 12
outgoing tagged 11 will be untagged to 11 (untagpvid)
outgoing tagged 12 will be tagged 12

Not sure what you are using the WAN vlan for.
If you are using it for a L3 link then you only need it for the uplink port (48). That the doesn't need to be tagged and have a pvid of WAN vlan.

If you want to span the data and voice vlans at L2 accross to the other switch then make port 48 tag-all and add to all vlans.

 

[Zandolee]

Hi, Thank you for the reply,
I understand all that you are saying and it makes sense.
The Wan vlan is to link to another network in an adjacent building.
They want to be on the Wan network and be able to ping laptops and phones on the data and voice vlan.
I was going to apply the wan vlan to all ports also, but the customer was worried about all traffic being broadcasted across the wan. I i apply the Wan vlan across all ports, would they be able to ping into the vlans?

 

[andy88]

You have the switch setup to route between vlans so everything in one vlan will be able to ping anything in another vlan.

If you add the WAN vlan to all ports as well, then any PC connected with a WAN vlan ip address will have to support tagging otherwise it will be dropped into the pvid vlan.

Usually you will have a port in only one vlan unless it is a trunk port between switches or has an IP phone connected which supports tagging.

If you setup the switch like the following it should be more what you are after

port 1 - WAN Vlan - WAN PVID
port 2 - WAN Vlan - WAN PVID
port 3 - Data, Voice Vlan - Data PVID untagpvid only
port 4 - Data, Voice Vlan - Data PVID untagpvid only
etc
port 48 - Data, Voice, WAN Vlan - TaggAll (Link to other switches)

All devices will be able to route between vlans

 

[Zandolee]

Hi Andy,
Thanks a lot for the help, I did it exactly as you said and I still can't ping devices on the wan or any other vlan. I can ping internally and I can ping the other vlans once I have an ip in the data vlan range, but if I try to ping a machine connected to the voice vlan or the wan vlan I can't ping it.
What is it that I am missing?

 

[VinceWhirlwind]

The device that is connected to the VOIce VLAN - what is its default GW set as? Can it ping it?

 

[Zandolee]

the gateway is the ip of the voice vlan, and no it cannot ping anything other than another device with a voice vlan ip and voice vlan as it's gateway,

laptop 1: IP 10.92.12.5 Gateway: 10.92.12.9 can ping laptop 2: IP 10.92.12.6 Gateway: 10.92.12.9

laptop 1: IP 10.92.11.5 Gateway: 10.92.11.9 cannot ping laptop 2: IP 10.92.12.6 Gateway: 10.92.12.9

laptop 1: IP 10.92.11.5 Gateway: 10.92.11.9 can ping laptop 2: IP 10.92.11.6 Gateway: 10.92.11.9

laptop 1: IP 10.92.12.5 Gateway: 10.92.12.9 can ping Voice vlan 10.92.12.9 Data vlan 10.92.11.9 and Wan vlan 172.20.0.13 but cannot ping 172.20.0.20

The customer's expectation is that when you connect the link from 0.20 to the wan vlan, he will be able to ping machines on the data and voice vlan.
Just before i created this thread I could ping machines connected to 0.20 when I'm connected to the data vlan, today however "mysteriously" this doesn't work anymore.
From all the documentation I have read, and forums visited, this should be simple, yet here I am.

 

[andy88]

Do the devices in the voice vlan support 802.1q tagging, and are they tagging vlan 12 (voice vlan)?

With the config you have with 2 vlans configured on the port, any untagged traffic coming into the switch from a laptop will be put in the untagged data vlan. If you have a device with a voice ip address it will not be able to get out of the vlan.

 

[Zandolee]

hi, Thanks for all the help. Turned out that my config was sound, and the customer stuffed up the static route back to my side.