Intervlan routing Question

Answered Question
Jul 12th, 2007

I am new to Cisco devices and am working on getting a 4507 Calalyst set up as the core switch for our building. I set up 4 vlans and configured each with an appropriate ranged IP address. I then assigned specified ports on the switch to the appropriate vlan but traffic will not cross the subnets. What am I missing? Any thoughts or ideas? This also happens when I connect any of my 3560 switches over a trunk port if they're on one of the other vlans also. Almost seems like the Catalyst isn't doing the layer 3 routing that it's supposed to?

I have this problem too.
0 votes
Correct Answer by chrihussey about 9 years 4 months ago

The default gateway statement does not provided routing capability. You need to create a static default route for this to happen:

ip route 0.0.0.0 0.0.0.0 164.156.24.1

However, if you are unable to ping work station to workstation that are connected to ports directly on the switch then there is another problem.

With the workstations connected are you able to ping the respective Vlan interfaces associated with these devices?

If you do a "show IP interface brief" do the VLAN interfaces indicate they are up?

Are the workstations connected to ports in the appropriate VLAN and are these interfaces up and do they have the proper default gateway (VLAN IP) configured?

All things to check at this point, and then proceed form there.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
chrihussey Thu, 07/12/2007 - 08:25

Check the configuration....do you see "no ip routing" in the configuration? If so, then it needs to be changed to "ip routing".

jconnacher Thu, 07/12/2007 - 08:37

When doing a show run. I don't see either listed anywhere. I just typed that command at the standard config t location, as well as getting into the interface vlans and trying it there. Did a write first, but I see nothing about routing anywhere when I do another show run.

chrihussey Thu, 07/12/2007 - 08:50

Can you send a config and include "sh vtp status" and "sh version" output?

Edison Ortiz Thu, 07/12/2007 - 09:23

CAT4507 has L3 capabilities and your config looks fine. One thing I want to see in addition to the config you posted, is the 'show ip route' command.

Are you testing the inter-vlan connection from/to a workstation at each vlan ? if so, did you verify the workstation on each vlan has a valid ip address for that vlan and the correct default gateway ?

jconnacher Thu, 07/12/2007 - 09:33

Yes, that's correct. Testing from a laptop to laptop with IP configuration designated correctly for each subnet range. Might it matter that this is not yet on a live network and the default gateway is not yet coming into play? Eg. I don't have it connected to our firewalls yet which actually contain the default gateway as an internal address. Here's the cap of the IP route.

Attachment: 
sundar.palaniappan Thu, 07/12/2007 - 09:49

If you assigned the switchports to the correct VLAN, created VLANs in the switch and configured SVIs for the VLANs then it should work just fine.

Can you make sure the laptops aren't blocking ICMP traffic. If the laptop is running Windows try disabling the firewall and test.

HTH

Sundar

jconnacher Thu, 07/12/2007 - 09:53

Not sure what you mean by SVI, but I'm not hitting the firewall yet. Just trying to go laptop to laptop through two ports on the switch. From the 21_0 laptop, I can ping the 21 vlan interface on the switch. From the 24_0 laptop, I can hit the 24 vlan on the switch. I just can't cross through them and the laptops aren't blocking ping.

sundar.palaniappan Thu, 07/12/2007 - 10:00

SVI (switched virtual intefaces) are nothing but vlan interfaces which you already have configured on your switch as indicated by the show ip route output you posted.

Did you set the default gateway of the laptop to be the IP address of the VLAN interface you've configured on your switch? Both laptops have to use the default gateway address of their respective VLAN interfaces configured on the switch.

HTH

Sundar

Correct Answer
chrihussey Thu, 07/12/2007 - 09:51

The default gateway statement does not provided routing capability. You need to create a static default route for this to happen:

ip route 0.0.0.0 0.0.0.0 164.156.24.1

However, if you are unable to ping work station to workstation that are connected to ports directly on the switch then there is another problem.

With the workstations connected are you able to ping the respective Vlan interfaces associated with these devices?

If you do a "show IP interface brief" do the VLAN interfaces indicate they are up?

Are the workstations connected to ports in the appropriate VLAN and are these interfaces up and do they have the proper default gateway (VLAN IP) configured?

All things to check at this point, and then proceed form there.

jconnacher Thu, 07/12/2007 - 10:03

OK...Thanks for everything. I have added the static route and will begin looking at these other issues. One last question though, are you saying that the interfaces themselves need to be configured with a gateway to the respective vlan IP?

chrihussey Thu, 07/12/2007 - 10:07

The workstations need to have their default gateway be the VLAN interfaces on the 4500. This way they send any packets that are not on their local subnet to the 4500 to be routed accordingly.

sundar.palaniappan Thu, 07/12/2007 - 10:11

Here's a sample configuration.

int vlan 210

ip add 164.156.21.1 255.255.255.128

Laptop;

ip 164.156.21.2

subnet mask: 255.255.255.128

default gateway: 164.156.21.1 --> This is the IP address of int vlan 210 configured on the switch.

HTH

Sundar

jconnacher Thu, 07/12/2007 - 10:22

Thanks everyone. I modified the gateway on my laptops and everything started working.

Actions

This Discussion