Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
475
Views
5
Helpful
4
Replies

Correctness check? 3560 Switch with interVLAN Routing

tomtom001
Level 1
Level 1

‎09-17-2007 05:04 AM - edited ‎03-05-2019 06:31 PM

Hi,

I am trying to avoid using subinterfaces on my 2811 Router for the routing between my 3 VLANS (Voice, Data, Infrastructure). Would enabling ip routing on the 3560 Switch allow me to do this? Here is my proposed configuration (Can you check to make sure my static routes are configured correctly also?):

3560 switch (vlans are configured for each port and have 1 port as trunk to router):

...

ip routing

...

interface Vlan10

description Data

ip address 10.1.1.1 255.255.255.0

!

interface Vlan20

description Voice

ip address 10.1.2.1 255.255.255.0

!

interface Vlan30

description Infrastructure

ip address 10.1.3.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 10.1.2.2

Ony my 2811 Router:

interface FA0/0

description Connection to Switch

ip address 10.1.2.2 255.255.255.0

duplex auto

speed auto

!

ip route 10.1.0.0 255.255.255.0 10.1.2.1

Would these statements take care of the routing between VLANS and also for the connection to/from the internet? Thanks again for the critique!

Labels:
0 Helpful
4 Replies 4

Jon Marshall
Hall of Fame
Hall of Fame

‎09-17-2007 05:09 AM

Hi

Change the following

ip route 10.1.0.0 255.255.255.0 10.1.2.1

to

ip route 10.1.1.0 255.255.0.0 10.1.2.1

and the rest is fine.

Edit - your port that connects to the router should not be a trunk port. It should be in vlan 20

HTH

Jon

tomtom001
Level 1
Level 1
In response to Jon Marshall

‎09-18-2007 02:03 PM

Thanks Jon,

I changed the port for the router connection to :

interface FastEthernet0/24

description ***Interface to Router***

switchport access vlan 20

I am able to ping the devices in vlan 20, however am unable to ping any other devices. Never tried routing on a switch before...is there a static route that I am missing?

0 Helpful

lgijssel
Level 9
Level 9

‎09-17-2007 05:13 AM

Almost correct. I assume the proposed static was a typo? Should be something like:

ip route 10.1.0.0 255.255.252.0 10.1.2.1

To enable NAT, add networks 10.1.1 - 10.1.3 to the access-list that defines what should be natted.

regards,

Leo

0 Helpful

tomtom001
Level 1
Level 1
In response to lgijssel

‎09-17-2007 05:48 AM

Thanks Leo! Yes, the static route is something that I am still figuring out.

If I have an IPSEC VPN tunnel to another 2811 router at a remote site with the same setup (their IP ranges are 10.2.0.0 255.255.255.0 with the same VLAN structure), would the ip route command be:

This current 2811:

ip route 10.2.0.0 255.255.255.0 10.2.2.1

Remote 2811:

ip route 10.1.0.0 255.255.255.0 10.1.2.1

Appreciate the help and thank you for the patience!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card