InterVLAN routing to gateway - cisco document 41260

Answered Question
Dec 18th, 2007
User Badges:

I am currently planning the transition of our network into a vlan environment, with routing provided by a 3550. I have been using doc 41260 as my guide (see http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml#NetPro).


I am not sure how to proceed with implementing the element in the guide where the connection between the routing switch and the gateway router is configured. In our network there is no direct connection between the switch and router (there is a 2960G in between which is connected to the 3550 by a fibre trunk). Thus the advice to convert the router-connected port on the 3550 to a routed port by issuing a "no switchport" command and assigning an IP address would appear not to apply, but I can't see what to do instead.


Can someone advise me or provide me with a link to a more complicated example than exists in this document?

Correct Answer by Edison Ortiz about 9 years 6 months ago

So, you have:


[3550]->[2960G]->[Router]


Make believe you have F0/0 on router 192.168.1.1/24

Make believe this is Vlan 192


On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.


Layer2 Vlan:


config t

vlan 192


Layer 3 Vlan:


interface vlan 192

ip address 192.168.1.2/24


______________


Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.


Trunk configuration on both switches:


interface fx/x

switchport mode trunk

switchport trunk encapsulation dot1q



Access configuration on both switches:


interface fx/x

switchport mode access

switchport access vlan 192


______________


On the switchport connected to the router:


interface fx/x

switchport mode access

switchport access vlan 192


______________


You should be able to ping from the 3550 to the router on the same Vlan.


______________


As for the gateway:


1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default


3) insert a static route pointing to the router


2) point the workstations to the 3550 as the gateway




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
Edison Ortiz Tue, 12/18/2007 - 20:57
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

So, you have:


[3550]->[2960G]->[Router]


Make believe you have F0/0 on router 192.168.1.1/24

Make believe this is Vlan 192


On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.


Layer2 Vlan:


config t

vlan 192


Layer 3 Vlan:


interface vlan 192

ip address 192.168.1.2/24


______________


Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.


Trunk configuration on both switches:


interface fx/x

switchport mode trunk

switchport trunk encapsulation dot1q



Access configuration on both switches:


interface fx/x

switchport mode access

switchport access vlan 192


______________


On the switchport connected to the router:


interface fx/x

switchport mode access

switchport access vlan 192


______________


You should be able to ping from the 3550 to the router on the same Vlan.


______________


As for the gateway:


1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default


3) insert a static route pointing to the router


2) point the workstations to the 3550 as the gateway




pembrokeschool Tue, 12/18/2007 - 21:01
User Badges:

Thank you very much. That was just what I needed to know.


On the gateway router, though, should I configure static routes for each VLAN (we will have 8)?

Edison Ortiz Tue, 12/18/2007 - 21:05
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

If you are planning to have multiple Vlans on the 3550, I recommend configuring a dynamic routing protocol.


If you are running all Cisco devices, configure EIGRP in the 3550 and WAN router. It will dynamically learn all subnets.

pembrokeschool Tue, 12/18/2007 - 21:10
User Badges:

Alas, I used the term 'router' for clarity, whereas the actual device is a gateway server running Windows 2003 and ISA. The rest of the network is entirely Cisco though (some 80 switches).

Edison Ortiz Wed, 12/19/2007 - 07:41
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

Then place static routes in the ISA server pointing to the 8 Vlans being hosted in the 3550 switch.


On the 3550 switch, place a static default route towards the ISA server.

pembrokeschool Thu, 12/20/2007 - 16:28
User Badges:

Will that work, though? Considering that the link from the 2960 to the ISA server will be on one VLAN and not a trunk, will the traffic to the other VLANs be switched through? eg. the ISA server is plugged into a port configured for VLAN 2, but is has a static route directing traffic to the default gateway for VLAN 3, won't the VLAN 3 traffic just be dropped?


Or I suppose the 2960 port could be configured to accept traffic from all VLANs?

Edison Ortiz Thu, 12/20/2007 - 16:55
User Badges:
  • Super Bronze, 10000 points or more
  • Hall of Fame,

    Founding Member

The ISA only cares about one Vlan and that's the common Vlan between the 3550 (Layer3 device) and itself.


The inter-Vlan is done at the 3550 and hosts on the respective subnets will point to the 3550 as the default-gateway. All packets from the 3550 will be Layer3 switched towards the ISA, which in turned send to the outside.


On the ISA, make sure to include routes back to those subnets with gateway pointing to the 3550 and also have NAT including those subnets for traffic going out to the internet (please remember that).


For instance, common subnet between 3550 and ISA: 192.168.1.1 = ISA / 192.168.1.2 = 3550.


On the ISA,


route add 192.168.2.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan 2)

route add 192.168.3.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan3)


etc ...


On the 3550


interface Vlan2

ip add 192.168.2.1 255.255.255.0


interface Vlan3

ip add 192.168.3.1 255.255.255.0


On the Clients from Vlan2


ip address: 192.168.2.10

subnet mask: 255.255.255.0

default gateway: 192.168.2.1


____________


No need to make any changes in the 2960 switchport, a common Vlan will flow thru between the switches with no problem.


For instance, common Vlan100


On the 3550


interface Vlan 100

ip add 192.168.1.2 255.255.255.0


interface fx/x

description connection to 2960

switchport mode access

switchport access vlan 100


On the 2960


interface fx/x

description connection to 3550

switchport mode access

switchport access vlan 100


interface fx/x

description connection to ISA

switchport mode access

switchport access vlan 100



Actions

This Discussion