T2600G-28TS - cannot access Internet within the switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
12

T2600G-28TS - cannot access Internet within the switch

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
T2600G-28TS - cannot access Internet within the switch
T2600G-28TS - cannot access Internet within the switch
2019-12-19 12:48:22
Hardware Version: V4
Firmware Version: 4.0.0 Build 20190530 Rel.52928(s)

Hello,

I'm having issue - I cannot access Internet within the switch, pinging the Internet / the default gateway is not working (the 0.0.0.0/0 static route is already set):

Pinging the router on VLAN3 (is working):

 

T2600G-28TS#ping 192.168.3.1

Pinging 192.168.3.1 with 64 bytes of data :
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Reply from 192.168.3.1 : bytes=64 time<16ms TTL=255
Ping statistics for 192.168.3.1:
    Packets: Sent = 4 , Received = 4 , Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms

Pinging same router on VLAN1 (is not working):


T2600G-28TS#ping 192.168.1.1

Pinging 192.168.1.1 with 64 bytes of data :
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.1.1:
    Packets: Sent = 4 , Received = 0 , Lost = 4 (100% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms

 

Pinging router from within the PC connected to T2600G-28TS (is working):
 

>ping 192.168.1.1

Pinging 192.168.1.1 with 32 bytes of data:
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255
Reply from 192.168.1.1: bytes=32 time<1ms TTL=255
Reply from 192.168.1.1: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms

 

Pinging some host on 192.168.1.0/24 network within T2600G-28TS (is working):

 

T2600G-28TS#ping 192.168.1.246

Pinging 192.168.1.246 with 64 bytes of data :
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Reply from 192.168.1.246 : bytes=64 time<16ms TTL=64
Ping statistics for 192.168.1.246:
    Packets: Sent = 4 , Received = 4 , Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 1ms , Maximum = 2ms , Average = 1ms

 

Pinging the Internet (is not working):

 

T2600G-28TS#ping 1.1.1.1

Pinging 1.1.1.1 with 64 bytes of data :
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 1.1.1.1:
    Packets: Sent = 4 , Received = 0 , Lost = 4 (100% loss)
Approximate round trip times in milli-seconds:
Minimum = 0ms , Maximum = 0ms , Average = 0ms

 

Pinging the Internet from within the PC connected to T2600G-28TS (is working):


>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:
Reply from 1.1.1.1: bytes=32 time=48ms TTL=53
Reply from 1.1.1.1: bytes=32 time=49ms TTL=53
Reply from 1.1.1.1: bytes=32 time=48ms TTL=53
Reply from 1.1.1.1: bytes=32 time=49ms TTL=53

Ping statistics for 1.1.1.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 48ms, Maximum = 49ms, Average = 48ms

So it seems that something is wrong with T2600G-28TS configuration, which is as follow:
 

  1. The T2600G-28TS is connected via 1/0/24 trunk/general port to main switch
  2. Default VLAN is "1" (and cannot be changed), other VLANs are created
  3. T2600G-28TS IP is 192.168.1.249
  4. Router / gateway IP is 192.168.1.1

 

!T2600G-28TS
#
vlan 2
 name "voip-vlan"
#
vlan 3
 name "wifi-vlan"
#
vlan 4
 name "management-vlan"
#
vlan 5
 name "guest-vlan"
#
serial_port baud_rate 115200
#
system-time ntp UTC+01:00 133.100.9.2 139.78.100.163 12
no system-time dst
#
user name admin privilege admin secret 5 ###
#
spanning-tree
spanning-tree mode rstp
#
voice vlan 2
voice vlan oui 00:15:65 oui-desc "YEALINK"
#
lldp
#
ip route 0.0.0.0 0.0.0.0 192.168.1.1
#
auto-voip
#
interface vlan 1
  ip address 192.168.1.249 255.255.255.0
  ipv6 enable
#
interface vlan 2
  ip address 192.168.2.249 255.255.255.0
  no ipv6 enable
#
interface vlan 3
  ip address 192.168.3.249 255.255.255.0
  no ipv6 enable
#
interface vlan 4
  ip address 192.168.4.249 255.255.255.0
  no ipv6 enable
#
interface vlan 5
  ip address 192.168.5.249 255.255.255.0
  no ipv6 enable
#
interface gigabitEthernet 1/0/1
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/2
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/3
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/4
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/5
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/6
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/7
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/8
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/9
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/10
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/11
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/12
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/13
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/14
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/15
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/16
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/17
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/18
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/19
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/20
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/21
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/22
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/23
  voice vlan
  lldp med-status
  auto-voip 2
#
interface gigabitEthernet 1/0/24
  switchport general allowed vlan 2-5 tagged
  spanning-tree
#
interface gigabitEthernet 1/0/25
#
interface gigabitEthernet 1/0/26
#
interface gigabitEthernet 1/0/27
#
interface gigabitEthernet 1/0/28
#
end

 

Routes:
 

T2600G-28TS#show ip route

Codes: C - connected, S - static
       * - candidate default
S*      0.0.0.0/0 [1/0] via 192.168.1.1, VLAN1
C       192.168.1.0/24 is directly connected, VLAN1
C       192.168.2.0/24 is directly connected, VLAN2
C       192.168.3.0/24 is directly connected, VLAN3
C       192.168.4.0/24 is directly connected, VLAN4
C       192.168.5.0/24 is directly connected, VLAN5


Any ideas what could be wrong with that setup?

Best Regards,

 
  0      
  0      
#1
Options
13 Reply
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-20 06:34:41

@Burczymucha 

 

According to you configuration, port 24 is untagged for VLAN1, right? When you access the gateway, the data will go thorugh VLAN1. So the main switch will receive the untagged packets because your VLAN1 is untagged. In your main switch, which VLAN the packets will belong to, depends on your main switch's native VLAN or PVID. If your main switch's native VLAN cannot access gateway, then T2600 cannot access gateway as well. 

  0  
  0  
#2
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-20 08:16:05

Andone wrote

@Burczymucha 

 

According to you configuration, port 24 is untagged for VLAN1, right? When you access the gateway, the data will go thorugh VLAN1. So the main switch will receive the untagged packets because your VLAN1 is untagged. In your main switch, which VLAN the packets will belong to, depends on your main switch's native VLAN or PVID. If your main switch's native VLAN cannot access gateway, then T2600 cannot access gateway as well. 

 

Yes, it's untagged, but the main switch also has PVID 1 and can access gateway without any problems. For tests I've changed VLAN1 to tagged, but still cannot ping the gateway from within the T2600G-28TS. Any other things to look for? Thanks!

  0  
  0  
#3
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-20 13:59:15

Btw. What more or less works is to set the default route to the gateway on other VLAN (this still goes thru the same trunk port to the same router), e.g.:


T2600G-28TS#show ip route
Codes: C - connected, S - static
       * - candidate default
S*      0.0.0.0/0 [1/0] via 192.168.3.1, VLAN3
C       192.168.1.0/24 is directly connected, VLAN1
C       192.168.2.0/24 is directly connected, VLAN2
C       192.168.3.0/24 is directly connected, VLAN3
C       192.168.4.0/24 is directly connected, VLAN4
C       192.168.5.0/24 is directly connected, VLAN5

T2600G-28TS#ping 1.1.1.1

Pinging 1.1.1.1 with 64 bytes of data :
Reply from 1.1.1.1 : bytes=64 time=71ms TTL=53
Reply from 1.1.1.1 : bytes=64 time=73ms TTL=53
Reply from 1.1.1.1 : bytes=64 time=69ms TTL=53
Reply from 1.1.1.1 : bytes=64 time=48ms TTL=53

Ping statistics for 1.1.1.1:
    Packets: Sent = 4 , Received = 4 , Lost = 0 (0% loss)
Approximate round trip times in milli-seconds:
Minimum = 48ms , Maximum = 73ms , Average = 65ms


Have no idea, why it cannot communicate with the 192.168.1.1 gateway, taking into account that it can communicate with all other devices in 192.168.1.x subnet (VLAN1)... Any ideas?

  0  
  0  
#4
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-23 05:54:06

@Burczymucha 

 

That's strange. Maybe you can check the ARP table for T2600G-28TS and gateway. Make sure they both have the correct ARP information. If you could use wireshark, you also can use it to capture the packets. Check if T2600 has sent ICMP ping, did it reach gateway and did gateway reply it.

  0  
  0  
#5
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-23 21:50:07

Hello,

The ARP tables seems legit to me:

Router (note that VLAN starting index is 0):

 

IP Address        MAC Address           HOST ID                    Interface   VLAN   Port   
192.168.1.249     98-DA-C4-YY-YY-YY                                LAN1        VLAN0  P1     
192.168.2.249     98-DA-C4-YY-YY-YY                                LAN2        VLAN1  P1     
192.168.3.249     98-DA-C4-YY-YY-YY                                LAN3        VLAN2  P1     
192.168.4.249     98-DA-C4-YY-YY-YY                                LAN4        VLAN3  P1     
192.168.5.249     98-DA-C4-YY-YY-YY                                LAN5        VLAN4  P1     

 

Switch:


VLAN1
192.168.1.1
00-1d-aa-xx-xx-xx
Dynamic

VLAN2
192.168.2.1
00-1d-aa-xx-xx-xx
Dynamic

VLAN3
192.168.3.1
00-1d-aa-xx-xx-xx
Dynamic

VLAN4
192.168.4.1
00-1d-aa-xx-xx-xx
Dynamic

VLAN5
192.168.5.1
00-1d-aa-xx-xx-xx
Dynamic


By the way, I also canmot ping the switch from within the router:

 

Pinging 192.168.1.249 with 64 bytes of Data through LAN
Request timed out !!!
Request timed out !!!
Request timed out !!!
Request timed out !!!
Request timed out !!!
Packets: Sent = 5, Received = 0, Lost = 5 (100% loss)


Will try to sniff some traffic with Wireshark, but this will take some time - we are having holidays now.

Best Regards,

 

 

  0  
  0  
#6
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-24 03:54:49

@Burczymucha 

 

As I knew, VLAN 0 means that the packet doesn't belong to any VLAN, but carry 802.1q priority tag. 

This may be the reason. 192.168.1.249 should be in VLAN1. Maybe you can check if there is any related settings on your router.

  0  
  0  
#7
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-24 21:02:44

 

Andone wrote

As I knew, VLAN 0 means that the packet doesn't belong to any VLAN, but carry 802.1q priority tag. 

This may be the reason. 192.168.1.249 should be in VLAN1. Maybe you can check if there is any related settings on your router.

 

It's just a VLAN name in router setup, it doesn't mean that it has 0 ID. VLAN0 in that setup is untagged native VLAN and it is set to 1 everywhere (router / main switch / T2600G).



 

  0  
  0  
#8
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-25 02:17:45

@Burczymucha 

 

All settings seems be right. Do your clients get IP address from the router? If change the switch VLAN1 to dynamic IP, could it work normally? 

I cannot think out other method. Maybe you can use the wireshark to capture the packet. T2600G support to set port mirror for CPU. The you can see whether T2600 sent ICMP packets and receive reply.

  0  
  0  
#9
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-25 22:18:50

 

Andone wrote

All settings seems be right. Do your clients get IP address from the router? If change the switch VLAN1 to dynamic IP, could it work normally? 

I cannot think out other method. Maybe you can use the wireshark to capture the packet. T2600G support to set port mirror for CPU. The you can see whether T2600 sent ICMP packets and receive reply.

 

Yes, all clients are getting IP from VLAN ID 1 DHCP without any problems but T2600G couldn't get the IP, I had to set it to dynamic - maybe that's why it also has the problems with ping / default gateway.

  0  
  0  
#10
Options
Re:T2600G-28TS - cannot access Internet within the switch
2019-12-26 01:44:27

@Burczymucha 

 

Just provide some suggestion for your switch's settings.

 

1. As I know, we should not enable voice vlan and auto voip together. TP-Link has a FAQ to introduce the difference. 

https://www.tp-link.com/en/support/faq/2694/

You just need to use only one of them. It's based on your topology and whether your IP Phone supports vlan tag.

 

2. You enable spanning tree globally but only apply for port 24. If you network isn't a loop, I think you don't need to enable spanning tree. 

 

Above settings may be not related to your problem. But you can have a try to change them. 

If we want to make clear about your issue, it may be better to capture packets between switch and router for checking what happens.

  0  
  0  
#11
Options