Setting up VLAN and InterVLAN routing

Unanswered Question
Feb 9th, 2007

Hello,

I am pretty new to Cisco so please bare with me.

I am setting up a 4506 switch w/ a sup IV as a core switch with 5 Dell 3348 Switches as my access points.

I intend on trunking each Dell switch to the one of the Cisco ports obviously with dot1q.

As a pre-test I tried trunking one Dell switch and test the current network which is 192.168.1.0. I created VLAN's on the Cisco and assigned VLAN 2 with 192.168.1.254.

I created additional VLAN's:

VLAN 10 192.168.10.1

VLAN 20 192.168.20.1

VLAN 30 192.168.30.1

etc... I have a total of 9 VLAN's.

We have a PIX that is 192.168.1.1 that is our GW to the Inet. From the Cisco switch console I can ping any ip on the existing 1.0 network.

From the pix I can ping the Cisco switch 1.254 but I can not ping any vlan IP on the cisco. If I add route from the PIX such as ip route 192.168.10.0 255.255.255.0 192.168.1.254 I can then ping the 10.0 subnet.

Now if I connect a node on the Cisco switch and assign it any of the vlans (not vlan 2) and give it an IP of lets say 192.168.10.5 and GW of 10.1 I can ping anything on the cisco switch switch is obviously handling the InterVLAN fine. But if I ping outside of the switch such as the pix I can't get out.

Also if I add a static route on the node connected to a Dell switch:

route add 192.168.10.0 MASK 255.255.255.0 192.168.1.254

The routing works fine.

On the cisco switch I added

ip route 0.0.0.0 0.0.0.0 192.168.1.1

I enabled

ip routing

From what I have read this config should be ok for the InterVLAN and having the route out of the switch to 1.1 for Inet.

Do I need to enable RIP/EIGRP/OSPF?

I was hoping to avoid enabling one of these as I haven't messed with much of the routing protocols.

I attached excerpts of the cisco config.

Attachment: 
I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
handoko.wiyanto Fri, 02/09/2007 - 09:55

hi there,

your understanding about intervlan routing in multilayer switch are good :)

but since you are trying to ping the pix, did you configured the pix to be ping able from that network?

and the second, if you are trying to ping to the internet, such as ping www.cisco.com, is it failed?

did you allready configured NAT on pix? since per my understanding, internet is public ip address, and your inside network is private ip address.

private address will not be permited, or routed through the isp router.

regards,

handoko

pru_admit Fri, 02/09/2007 - 09:59

Hey, thanks!

From the Cisco I can ping the pix (yes ICMP is on internal but not external) and I can ping out to Inet google.com etc...

From a node connected to the Cisco I can not ping anything outside of the Cisco switch but everything connected with in the Switch, such as all the VLAN IP's or another node connected to the Cisco.

The PIX is the GW out to the Inet and NAT is turned on for some internal IP's (OWA, WWW, SMTP etc).

Also, if I do need to enable a routing protocol can anyone provide an example?

cisconoobie Fri, 02/09/2007 - 09:59

Are you sure IP Routing is enabled ?

Show me a readout of

"Show VLan Brief"

"Show ip route"

pru_admit Fri, 02/09/2007 - 10:04

Yes, but currently I only have 1 Dell switch trunked no IP's have changed on the current network.

sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

C 192.168.30.0/24 is directly connected, Vlan30

C 192.168.15.0/24 is directly connected, Vlan15

C 192.168.60.0/24 is directly connected, Vlan60

C 192.168.10.0/24 is directly connected, Vlan10

C 192.168.20.0/24 is directly connected, Vlan20

C 192.168.1.0/24 is directly connected, Vlan2

C 192.168.100.0/24 is directly connected, Vlan100

S* 0.0.0.0/0 [1/0] via 192.168.1.1

C 192.168.40.0/23 is directly connected, Vlan40

C 192.168.50.0/23 is directly connected, Vlan50

VLAN Brief

2 VLAN0002 active Gi2/2

10 VLAN0010 active Gi2/3, Gi2/4, Gi2/5, Gi2/6, Gi2/7, Gi2/8, Gi2/9, Gi2/10, Gi2/11, Gi2/12, Gi2/13, Gi2/14

Gi2/15, Gi2/16, Gi2/17, Gi2/18, Gi2/19, Gi2/20, Gi2/21, Gi2/22, Gi2/23, Gi2/24, Gi2/25

Gi2/26, Gi2/27, Gi2/28, Gi2/29, Gi2/30, Gi2/31, Gi2/32, Gi2/33, Gi2/34, Gi2/35, Gi2/36

Gi2/37, Gi2/38, Gi2/39, Gi2/40, Gi2/41, Gi2/42, Gi2/43, Gi2/44, Gi2/45, Gi2/46, Gi2/47

Gi2/48

15 VLAN0015 active

20 VLAN0020 active

30 VLAN0030 active

40 VLAN0040 active Gi4/1

50 VLAN0050 active Gi4/2

60 VLAN0060 active

100 VLAN0100 active

handoko.wiyanto Fri, 02/09/2007 - 10:18

hi there,

supervisor engine 4 can do routing protocol, but it's depends on the ios feature set that you are using. is it basic, or advanced? with basic, you cant use the routing protocol.

try to draw the network diagram. and then, we can understand whether it needs routing protocol or not.

regards,

handoko

cisconoobie Fri, 02/09/2007 - 13:01

Do this as a trial and let me know;

conf t

interface vlan 10

ip address 192.168.10.1 255.255.255.0

On Pix

ip route 192.168.10.0 255.255.255.0 192.168.10.1

If your PC has a 192.168.10.x Ip and 192.168.10.1 GW, then you should ping from the machine and from the pic with no problem.

pru_admit Fri, 02/09/2007 - 14:00

Yes, I did that test previously and it worked.

I am about to actually connect all the switches up tonight. I haven't actually trunked all the switches as stated above, once this is done and if I still can't route out then I will probably need help with one of the routing protocols.

So I am still wondering if this will work with out using RIP/OSPF/EIRGP or some other routing protocol?

Attached is a quick logical look at what I am attempting to do. It's not detailed, I have other more detailed but for this question I thought it might suffice.

Thanks

cisconoobie Fri, 02/09/2007 - 14:17

For such a small network, routing protocols are over kill. layer 2 will work perfectly.

Give me your running config and I will see what your doing wrong.

pru_admit Fri, 02/09/2007 - 14:23

Ok, thats what I figured, I really think it is an issue with not having all the switches trunked. Once I have that setup and if I still can't get it to work I will post back here.

Also I attached most of the config up above, I just omitted all the line cards and other crap that is not needed :). Right now the only trunk that is going is to one of the dell switches and port 2/1 on the cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

service compress-config

!

hostname

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

vtp domain

vtp mode transparent

ip subnet-zero

ip name-server 192.168.1.10

ip dhcp relay information trust-all

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

power redundancy-mode redundant

!

!

!

vlan internal allocation policy ascending

!

vlan 2,10,15,20,30,40,50,60,100

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet2/1

description trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport mode trunk

switchport block multicast

!

interface Vlan1

no ip address

!

interface Vlan2

ip address 192.168.1.254 255.255.255.0

!

interface Vlan10

description PRUSRVLAN10

ip address 192.168.10.1 255.255.255.0

!

interface Vlan15

description INTSRVLAN15

ip address 192.168.15.1 255.255.255.0

!

interface Vlan20

description PGCSVLAN20

ip address 192.168.20.1 255.255.255.0

!

interface Vlan30

description PELSVLAN30

ip address 192.168.30.1 255.255.255.0

!

interface Vlan40

description PRUVLAN40

ip address 192.168.40.1 255.255.254.0

ip helper-address 192.168.1.3

!

interface Vlan50

description PGCSVLAN

ip address 192.168.51.1 255.255.254.0

ip helper-address 192.168.1.3

!

interface Vlan60

description PELSVLAN

ip address 192.168.60.1 255.255.255.0

ip helper-address 192.168.1.3

!

interface Vlan100

description ADMIN

ip address 192.168.100.1 255.255.255.0

ip helper-address 192.168.1.3

!

no ip route static inter-vrf

ip route 0.0.0.0 0.0.0.0 192.168.1.1

no ip http server

cisconoobie Mon, 02/12/2007 - 14:40

Ok so let me get this straight.

You have a PC connected to the dell switch.

Did you assign the port on the dell switch the proper vlan its suppose to be in ?

From the PC, can you ping one of the vlan gateways ?

If your pc is on Vlan 20, is the gateway set to 192.168.20.1 ?

From the switch you should be able to ping 192.168.1.1

Go to the PIX and setup ip routes like this.

192.168.1.0 255.255.255.0 192.168.1.254

192.168.10.0 255.255.255.0 192.168.10.1

192.168.15.0 255.255.255.0 192.168.15.1

etc,etc

Why are vlan 40 and 50 23 bit subnet masks ?

Do show int trunk and see if your trunk is trunking.

Hi there,

If I am understanding this right, you do not have the static routes on the PIX back to the cisco switch for all of you other networks. All you will need is the default route that you currently have on your switch to the PIX but the PIX will need to know where the other networks are (10.0, 20.0, etc.). You could summerize the routes like,

PIX

ip route 192.168.0.0 255.255.128.0 192.168.1.254

ip route 192.168.0.0 255.255.0.0 null0

or just list them each individually.

To utilize the routing protocols you will need an enhanced image on the switch. If this is the extent of the network I think static is the easiest, unless you see the need for scaling the network larger.

pru_admit Mon, 02/12/2007 - 17:22

Update:

Sorry took so long; I did the install Friday night and I was able to successfully trunk (for the most part) the Dell switches to the Ciso.

Port Mode Encapsulation Status Native vlan

Gi4/3 on 802.1q trunking 10

Gi4/4 on 802.1q trunking 10

Gi4/5 on 802.1q trunking 10

Gi4/6 on 802.1q trunking

Now I am able to route between networks successfully. I set one port on the cisco for one route out to the pix. Most everything works great except for a couple major issues.

On the dell switches I can not seem to get different vlan's working. On the cisco I have VLAN's setup. Originally I wanted VLAN 2, 10, 20, 30, 40, 50, 60, and 100). VTP is in transparent mode.

I can't seem to get the VLAN's to work correctly on the Dell switches. The only way I can get the Dell switches communicating is by giving each Dell switch an IP address in the VLAN I want it to communicate.

So lets say I want to allow VLAN 10 on dell switch 1. I assign VLAN 1 and IP of 192.168.10.254 on the dell switch 1. I set the 1/g1 port to trunk, I set default gateway 192.168.10.1 (the VLAN IP). I then set on the cisco port trunking, but I set native vlan 10.

Now all nodes on the Dell switch will communicate across all VLAN's. But I can't assign a vlan by port.

Here are excerpts of the configs:

Dell switch 1:

interface ethernet 1/g1

switchport mode trunk

exit

interface vlan 1

ip address 192.168.10.254 255.255.255.0

exit

ip default-gateway 192.168.10.1

Cisco Port:

!

interface GigabitEthernet4/4

description trunk to prusw254

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport block multicast

end

If I set another Dell switch to VLAN 20 and give it an IP address 192.168.20.254 and set the port on the Cisco to the native vlan 20 it works as well. I can still communicate but I can't figure out how or why I can't assign VLAN's by port. If I change the port to VLAN 20 it does not seem to allow connectivity on that port. I have read Dells manual's and so far I do not see anything beyond intial vlan setup.

My other issue (which is very close to my first problem) is I originally had multiple VLAN's, including 50, 60 and 100. For some reason when I would do the same setup as above none of the nodes on the Dell switches would get out of the cisco to the pix and beyond. I Could still communicate Intervlan but just not beyond the Cisco.

Sorry so long winded.

Actions

This Discussion