Whats Next?

Unanswered Question
Apr 26th, 2007
User Badges:

Ok guys I'm totally lost here.


Right now I have 2 3750 switches with 2 vlans created.


Vlan1 10.4.10.10 255.255.0.0


Vlan300 10.5.10.10 255.255.255.0


Vlan 1 holds everything servers, J box, DHCP server, everything, its completely flat network [working great].


VTP is on and working.


I have one workstation in vlan300 I need to have this 1 workstation be able to access vlan1 to get to all the network resources and get out on the internet.


Whats is next?


See attached jpg




Attachment: 
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
sachinraja Thu, 04/26/2007 - 18:25
User Badges:
  • Red, 2250 points or more

Ok.. you need to do the following:


1) Configure VLAN 300 IP address 10.5.10.10/24 on the main 3750 switch...

2) hope you have configured stacking between these switches, if so, both the switches will look like one..

3) Configure the PC on VLAN 300 from the subnet 10.5.10.x, i can now see that the PC on VLAN 300 have 10.4.55.29, which is a VLAN 1 IP... have the def g/w of the PC to the VLAN 300 IP defined on the switch

4) enable ip routing on the 3750 switch, where the L3 vlan ip s are defined.. once enabled, the VLAN 300 PC can talk to any server on VLAN 1 and go to internet...

5) If you have dhcp on VLAN 1, then you need to configure " ip helper-address x.x.x.x " on VLAN 300 interface, to forward the DHCP broadcasts as a unicast to the server...


Hope this helps.. all the best. rate replies if found useful...


Raj

albolabris Thu, 04/26/2007 - 19:12
User Badges:

1)Configure VLAN 300 IP address 10.5.10.10/24 on the main 3750 switch...


>>This is done<<


2) hope you have configured stacking between these switches, if so, both the switches will look like one..


>>Switches are at different ends of the building connected by cat 5<<


3) Configure the PC on VLAN 300 from the subnet 10.5.10.x, i can now see that the PC on VLAN 300 have 10.4.55.29, which is a VLAN 1 IP... have the def g/w of the PC to the VLAN 300 IP defined on the switch


>>The new PC address is

ip address is 10.5.10.29

Subnet 255.255.255.0

Gateway is 10.5.10.10<<


4) enable ip routing on the 3750 switch, where the L3 vlan ip s are defined.. once enabled, the VLAN 300 PC can talk to any server on VLAN 1 and go to internet...


>>At the config command on 10.4.10.10 switch I typed ip routing<<


5) If you have dhcp on VLAN 1, then you need to configure " ip helper-address x.x.x.x " on VLAN 300 interface, to forward the DHCP broadcasts as a unicast to the server...


>>This is done<<


I still can not get out on the PC on Vlan300. I can ping vlan 1 (10.4.10.10) but I can not access my servers or get out on the internet...


sachinraja Thu, 04/26/2007 - 19:43
User Badges:
  • Red, 2250 points or more

Hello,


if you are able to ping VLAN 1 ip address 10.4.10.10 (configured on the switch) from VLAN 300 PC, and not ping the server, it is a problem with the default gateway configured on the server or that there is no route for the VLAN 300 IP subnet from the server to reach back.. make sure this is corrected and you will then be able to ping the VLAN 1 servers from VLAN 300. Just go hop by hop and put a next hop for the packets ...


Hope this helps..


Raj

albolabris Fri, 04/27/2007 - 20:25
User Badges:

Hey Raj,


I got it working [kind of] my problem was I created the Vlan's using the Network Assistant 5.1 it said they were there and allowed me to assign them to a port but when I ran sh run at the command line nothing I created was listed. I re-created everything using the command line now things are working.


I can see the servers and log in but I can not get out to the internet, I also can not ping 10.4.9.1 the juniper box from Vlan 300 any ideas?


Iain Thu, 04/26/2007 - 18:34
User Badges:

In order for the workstation in VLAN300 to access the Internet and resources in VLAN1, you will need to have some sort of inter-VLAN routing.


I would recommend reading this best practices document. There are a few things with your design that you may want to consider changing (such as the way you are currently using VLAN1).


http://www.cisco.com/en/US/products/hw/switches/ps700/products_white_paper09186a00801b49a4.shtml


The 3750 should support inter-VLAN routing. Depending on if you bought the "-E" enhanced image, you may or may not be able to use a full-featured routing protocol such as EIGRP.


In addition to the document above you might want to look into getting a CCNA study guide. It covers these topics (and many more).


HTH - Pls rate if helpful

albolabris Thu, 04/26/2007 - 19:25
User Badges:

I do now that its setup incorrectly right now but I can not do any major changes till this summer.


Could you walk me through the steps to get inter-VLAN routing running for now though?


Jon Marshall Thu, 04/26/2007 - 23:44
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi


Raj has covered what you need to do to get inter-vlan routing working.


Looking at your diagram it looks like the Juniper box is responsible for routing the vlan 1 traffic. Does this juniper box have a route back to the vlan 300 subnet as all your servers will go to this juniper box when they try and respond to your vlan 300 client.


What would be better although i appreciate this may have to wait is


1) Make the link between your 3750 and the juniper box a routed link.

2) Move the 10.4.9.1 address off the juniper box and assign it to vlan 1 on the 3750 switch where you have also created vlan 300 interface.

3) Use a P2P subnet for the link between the juniper box and your 3750 switch eg


3750 (192.168.5.1/30) -> (192.168.5.2/30) Juniper


4) Add a default route to your 3750 switch pointing to 192.168.5.2


Also as previous poster suggested using vlan 1 is not best practice and when you get the time you should look to migrate all vlan 1 servers etc into a new separate vlan.


But for now please check the routing on the Juniper box.


HTH


Jon



Actions

This Discussion