IP Route on the cnMatrix

William_Ndala · January 28, 2022, 7:47am

Hi All,

I’m trying to configure a “static route” on the cnMatrix EX2028-P to have internet. I’ve already created VLANs and configured DHCP servers for each VLAN as you can see on the below CLI. The Switch is connected straight to our Main Router. The aim is to have internet connectivity on the VLANs but I failed to do so after many attempts. Does someone have an idea, please? And also, how can change the Management VLAN IP and the Switch default IP in VLAN 1 ?

I appreciate any help on this. Please see the configs below:

             Cambium Networks cnMatrix EX2028-P Ethernet Switch

Conn-SW001-51A0# sh run

# Building configuration ...
# Software version : 4.1.3-r1
# Model Name       : cnMatrix EX2028-P
# Switch Name      : Conn-SW001-51A0
!
service dhcp-server
ip dhcp pool 10 "Public-WiFi"
  network 10.0.0.10 255.0.0.0 10.255.255.254
  default-router 10.0.0.1
dns-server 5.11.11.5 8.8.8.8
!
ip dhcp pool 16 "Dedicated-Clts"
  network 172.16.0.10 255.255.0.0 172.16.255.254
  default-router 172.16.0.1
dns-server 5.11.11.5 8.8.8.8
!
ip dhcp pool 17 "Shared-Clts"
  network 172.17.0.10 255.255.0.0 172.17.255.254
  default-router 172.17.0.1
dns-server 5.11.11.5 8.8.8.8
!
!
interface mgmt0
ip address 192.168.0.1 255.255.255.0
no shutdown
!
interface vlan 1
# ip address dhcp
# ip address 172.18.30.94 255.255.0.0
no shutdown
!
interface vlan 10
no ip address
no shutdown
!
interface vlan 16
no ip address
no shutdown
!
interface vlan 17
no ip address
no shutdown
!
!
vlan 10
 ports gigabitethernet 0/19 untagged gigabitethernet 0/19
 name Public-WiFi
!
vlan 16
 ports gigabitethernet 0/7 untagged gigabitethernet 0/7
 name Dedicated-Clts
!
vlan 17
 ports gigabitethernet 0/13 untagged gigabitethernet 0/13
 name Shared-Clts
!
interface gigabitethernet 0/7
switchport pvid 16
switchport acceptable-frame-type untaggedAndPriorityTagged
!
interface gigabitethernet 0/13
switchport pvid 17
switchport acceptable-frame-type untaggedAndPriorityTagged
!
interface gigabitethernet 0/19
switchport pvid 10
switchport acceptable-frame-type untaggedAndPriorityTagged
!
!
ip route 192.168.0.0  255.255.255.0 172.18.1.1
!
!
hostname "Conn-SW001-51A0"

thanks in advance.

mixig · January 28, 2022, 8:33am

Example of default route (change ip of default gateway)

ip route 0.0.0.0 0.0.0.0 172.31.9.1

TamN · January 30, 2022, 9:52pm

Hello,

I notice the switch is configured as dhcp server with dhcp pools 10,16, and 17. However, there are no local interface vlans that match the network addresses in those pools. In your configuration you need to assign the IP address 10.0.0.1 to VLAN 10, 172.16.0.1 to VLAN 16, and 172.17.0.1 to VLAN 17 in order for DHCP server to work properly.

To access the network you need to add a default route/gateway. Assuming the switch is connected to the main router via VLAN 1, the default gateway would look like this:

config terminal
ip route 0.0.0.0 0.0.0.0 172.18.x.x

where 172.18.x.x is the interface address of the main router.

William_Ndala · January 31, 2022, 1:50pm

Hello Tam,

thank you for your answer. I’ve done it all as suggested but I’m still do not have the internet on VLANs.
Please check on the CLI below and let me know if I’ve done anything wrong or I’ve to change or add anything. Thanks for your help.

# Building configuration ...
# Software version : 4.2-r5
# Model Name       : cnMatrix EX2028-P
# Switch Name      : Conn-SW001-51A0
!
service dhcp-server
ip dhcp pool 10 "Public-WiFi"
  network 10.0.0.10 255.0.0.0 10.255.255.254
  default-router 10.0.0.1
dns-server 5.11.11.5 8.8.8.8
!
ip dhcp pool 16 "Dedicated-Clts"
  network 172.16.0.10 255.255.0.0 172.16.255.254
  default-router 172.16.0.1
dns-server 5.11.11.5 8.8.8.8
!
ip dhcp pool 17 "Shared-Clts"
  network 172.17.0.10 255.255.0.0 172.17.255.254
  default-router 172.17.0.1
dns-server 5.11.11.5 8.8.8.8
!
!

interface mgmt0
ip address 192.168.0.1 255.255.255.0
no shutdown
!
interface vlan 1
no ip address
ip address 172.18.1.5 255.255.0.0
no shutdown
!
interface vlan 10
no ip address
ip address 10.0.0.1 255.0.0.0
no shutdown
!
interface vlan 16
no ip address
ip address 172.16.0.1 255.255.0.0
no shutdown
!
interface vlan 17
no ip address
ip address 172.17.0.1 255.255.0.0
no shutdown
!
!
vlan 10
 ports gigabitethernet 0/19 untagged gigabitethernet 0/19
 name "Public-WiFi"
!
vlan 16
 ports gigabitethernet 0/7 untagged gigabitethernet 0/7
 name "Dedicated-Clts"
!
vlan 17
 ports gigabitethernet 0/13 untagged gigabitethernet 0/13
 name "Shared-Clts"
!
interface gigabitethernet 0/7
switchport pvid 16
switchport acceptable-frame-type untaggedAndPriorityTagged
!
interface gigabitethernet 0/13
switchport pvid 17
switchport acceptable-frame-type untaggedAndPriorityTagged
!
interface gigabitethernet 0/19
switchport pvid 10
switchport acceptable-frame-type untaggedAndPriorityTagged
!
!
ip route 0.0.0.0  0.0.0.0 172.18.1.1
!
!
ip name-server ipv4 8.8.8.8
!
hostname "Conn-SW001-51A0"
end

mixig · January 31, 2022, 2:35pm

Does your gateway knows about that networks on your matrix switch (does it have routes to that networks)?
How did you configure uplink port on matrix and on the gateway device?

TamN · January 31, 2022, 3:51pm

As suggested by mixig, please log into your gateway (172.18.1.1) device and ping 10.0.0.1, 172.16.0.1, and 172.17.0.1.

William_Ndala · January 31, 2022, 3:59pm

This is how I’ve done configs on the Switch.
The cnMatrix is straight connected to the Router(172.18.1.1/16) which is its gateway.
then the vlan1 on the switch has an IP route (ip route 0.0.0.0 0.0.0.0 172.18.1.1) only.
So VLAN1 is on 172.18.0.0/16
VLAN 16: 172.16.0.0/16
VLAN 17: 172.17.0.0/16
VLAN 10: 10.0.0.0/8

VLAN1 only has internet connectivity and others no, despite the “IP routing” config

mixig · January 31, 2022, 7:08pm

Can you ping other addresses from other subnets on the the switch from that gateway? !f not, there is no return route on that gateway.

William_Ndala · January 31, 2022, 7:24pm

Okay. i see what you mean.
let me try it then. will let you know in case…
thank you

William_Ndala · February 1, 2022, 11:50am

Hi Mixig,

I’ve been able to ping Vlans, 10.0.0.1, 172.16.0.1, and 172.17.0.1 but from those Vlans, I’m still not able to get internet. All the VLANs are able to ping 172.18.1.1 which Is the gateway for vlan 1, but only VLAN 1 has internet.
there must be something I’m missing for sure. DHCP servers provide IPs for each VLAN but no internet connectivity.
I may ask too much but please, is it possible to guide me step by step-by-step if you don’t mind?

thanks.

TamN · February 1, 2022, 8:25pm

Hi William,

I can also assist you during a remote session. Please raise a Cambium Support ticket, and send me the ticket number.

Thanks,
Tam

William_Ndala · February 2, 2022, 7:36am

Hi Tam,

thanks for your availability.
Here is the ticket number #292421

mixig · February 6, 2022, 12:50pm

Did you manage to solve your issue?

William_Ndala · February 6, 2022, 2:18pm

Hi,
unfortunately no. i still have the ip routing issue on VLANs.
i had share my ticket to Tam so that he can assist me on a remote assistance.
I’m still waiting

amto · August 30, 2022, 2:48am

Has this been resolved?

Springs · September 22, 2022, 11:20am

Guess i won’t be taking up that offer to “try out a switch”.

Michael_Grazier · February 25, 2023, 2:56am

i dont know if you have tried this, or if this thread was ever resolved but your issues could be dhcp snooping interface not being set to trusted on your individual port configs

TamN · February 27, 2023, 3:24am

Hi William,
Are IP addresses in VLAN 10, 16, 17 private? It looks like the router does not NAT the addresses in VLAN 10, 16, 17. cnMatrix does not support NAT.

TamN