Correctness check? 3560 Switch with interVLAN Routing

Unanswered Question
Sep 17th, 2007
User Badges:


I am trying to avoid using subinterfaces on my 2811 Router for the routing between my 3 VLANS (Voice, Data, Infrastructure). Would enabling ip routing on the 3560 Switch allow me to do this? Here is my proposed configuration (Can you check to make sure my static routes are configured correctly also?):

3560 switch (vlans are configured for each port and have 1 port as trunk to router):


ip routing


interface Vlan10

description Data

ip address


interface Vlan20

description Voice

ip address


interface Vlan30

description Infrastructure

ip address


ip route

Ony my 2811 Router:

interface FA0/0

description Connection to Switch

ip address

duplex auto

speed auto


ip route

Would these statements take care of the routing between VLANS and also for the connection to/from the internet? Thanks again for the critique!

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Jon Marshall Mon, 09/17/2007 - 05:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN


Change the following

ip route


ip route

and the rest is fine.

Edit - your port that connects to the router should not be a trunk port. It should be in vlan 20



tomtom001 Tue, 09/18/2007 - 14:03
User Badges:

Thanks Jon,

I changed the port for the router connection to :

interface FastEthernet0/24

description ***Interface to Router***

switchport access vlan 20

I am able to ping the devices in vlan 20, however am unable to ping any other devices. Never tried routing on a switch there a static route that I am missing?

lgijssel Mon, 09/17/2007 - 05:13
User Badges:
  • Red, 2250 points or more

Almost correct. I assume the proposed static was a typo? Should be something like:

ip route

To enable NAT, add networks 10.1.1 - 10.1.3 to the access-list that defines what should be natted.



tomtom001 Mon, 09/17/2007 - 05:48
User Badges:

Thanks Leo! Yes, the static route is something that I am still figuring out.

If I have an IPSEC VPN tunnel to another 2811 router at a remote site with the same setup (their IP ranges are with the same VLAN structure), would the ip route command be:

This current 2811:

ip route

Remote 2811:

ip route

Appreciate the help and thank you for the patience!


This Discussion