Correctness check? 3560 Switch with interVLAN Routing

Unanswered Question
Sep 17th, 2007

Hi,

I am trying to avoid using subinterfaces on my 2811 Router for the routing between my 3 VLANS (Voice, Data, Infrastructure). Would enabling ip routing on the 3560 Switch allow me to do this? Here is my proposed configuration (Can you check to make sure my static routes are configured correctly also?):

3560 switch (vlans are configured for each port and have 1 port as trunk to router):

...

ip routing

...

interface Vlan10

description Data

ip address 10.1.1.1 255.255.255.0

!

interface Vlan20

description Voice

ip address 10.1.2.1 255.255.255.0

!

interface Vlan30

description Infrastructure

ip address 10.1.3.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 10.1.2.2

Ony my 2811 Router:

interface FA0/0

description Connection to Switch

ip address 10.1.2.2 255.255.255.0

duplex auto

speed auto

!

ip route 10.1.0.0 255.255.255.0 10.1.2.1

Would these statements take care of the routing between VLANS and also for the connection to/from the internet? Thanks again for the critique!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Mon, 09/17/2007 - 05:09

Hi

Change the following

ip route 10.1.0.0 255.255.255.0 10.1.2.1

to

ip route 10.1.1.0 255.255.0.0 10.1.2.1

and the rest is fine.

Edit - your port that connects to the router should not be a trunk port. It should be in vlan 20

HTH

Jon

tomtom001 Tue, 09/18/2007 - 14:03

Thanks Jon,

I changed the port for the router connection to :

interface FastEthernet0/24

description ***Interface to Router***

switchport access vlan 20

I am able to ping the devices in vlan 20, however am unable to ping any other devices. Never tried routing on a switch before...is there a static route that I am missing?

lgijssel Mon, 09/17/2007 - 05:13

Almost correct. I assume the proposed static was a typo? Should be something like:

ip route 10.1.0.0 255.255.252.0 10.1.2.1

To enable NAT, add networks 10.1.1 - 10.1.3 to the access-list that defines what should be natted.

regards,

Leo

tomtom001 Mon, 09/17/2007 - 05:48

Thanks Leo! Yes, the static route is something that I am still figuring out.

If I have an IPSEC VPN tunnel to another 2811 router at a remote site with the same setup (their IP ranges are 10.2.0.0 255.255.255.0 with the same VLAN structure), would the ip route command be:

This current 2811:

ip route 10.2.0.0 255.255.255.0 10.2.2.1

Remote 2811:

ip route 10.1.0.0 255.255.255.0 10.1.2.1

Appreciate the help and thank you for the patience!

Actions

This Discussion