Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
755
Views
0
Helpful
7
Replies

InterVLAN routing to gateway - cisco document 41260

Go to solution
pembrokeschool
Level 1
Level 1

‎12-18-2007 08:09 PM - edited ‎03-05-2019 08:04 PM

I am currently planning the transition of our network into a vlan environment, with routing provided by a 3550. I have been using doc 41260 as my guide (see http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml#NetPro).

I am not sure how to proceed with implementing the element in the guide where the connection between the routing switch and the gateway router is configured. In our network there is no direct connection between the switch and router (there is a 2960G in between which is connected to the 3550 by a fibre trunk). Thus the advice to convert the router-connected port on the 3550 to a routed port by issuing a "no switchport" command and assigning an IP address would appear not to apply, but I can't see what to do instead.

Can someone advise me or provide me with a link to a more complicated example than exists in this document?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎12-18-2007 08:57 PM

So, you have:

[3550]->[2960G]->[Router]

Make believe you have F0/0 on router 192.168.1.1/24

Make believe this is Vlan 192

On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.

Layer2 Vlan:

config t

vlan 192

Layer 3 Vlan:

interface vlan 192

ip address 192.168.1.2/24

______________

Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.

Trunk configuration on both switches:

interface fx/x

switchport mode trunk

switchport trunk encapsulation dot1q

Access configuration on both switches:

interface fx/x

switchport mode access

switchport access vlan 192

______________

On the switchport connected to the router:

interface fx/x

switchport mode access

switchport access vlan 192

______________

You should be able to ping from the 3550 to the router on the same Vlan.

______________

As for the gateway:

1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default

3) insert a static route pointing to the router

2) point the workstations to the 3550 as the gateway

View solution in original post

0 Helpful
7 Replies 7

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame

‎12-18-2007 08:57 PM

So, you have:

[3550]->[2960G]->[Router]

Make believe you have F0/0 on router 192.168.1.1/24

Make believe this is Vlan 192

On the 3550, you configure Vlan 192 in Layer2 and Layer3 while in the 2960G, you configure Vlan 192 in layer 2.

Layer2 Vlan:

config t

vlan 192

Layer 3 Vlan:

interface vlan 192

ip address 192.168.1.2/24

______________

Configure a trunk or access switchport between 2960G and 3550. If you decide to carry more than one Vlan on this link, configure a trunk. If you decide to carry only one Vlan (Vlan 192), then configure access port.

Trunk configuration on both switches:

interface fx/x

switchport mode trunk

switchport trunk encapsulation dot1q

Access configuration on both switches:

interface fx/x

switchport mode access

switchport access vlan 192

______________

On the switchport connected to the router:

interface fx/x

switchport mode access

switchport access vlan 192

______________

You should be able to ping from the 3550 to the router on the same Vlan.

______________

As for the gateway:

1) Make sure to turn IP Routing on the router with the command ip routing, since it's off by default

3) insert a static route pointing to the router

2) point the workstations to the 3550 as the gateway

0 Helpful

Go to solution
pembrokeschool
Level 1
Level 1
In response to Edison Ortiz

‎12-18-2007 09:01 PM

Thank you very much. That was just what I needed to know.

On the gateway router, though, should I configure static routes for each VLAN (we will have 8)?

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to pembrokeschool

‎12-18-2007 09:05 PM

If you are planning to have multiple Vlans on the 3550, I recommend configuring a dynamic routing protocol.

If you are running all Cisco devices, configure EIGRP in the 3550 and WAN router. It will dynamically learn all subnets.

0 Helpful

Go to solution
pembrokeschool
Level 1
Level 1
In response to Edison Ortiz

‎12-18-2007 09:10 PM

Alas, I used the term 'router' for clarity, whereas the actual device is a gateway server running Windows 2003 and ISA. The rest of the network is entirely Cisco though (some 80 switches).

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to pembrokeschool

‎12-19-2007 07:41 AM

Then place static routes in the ISA server pointing to the 8 Vlans being hosted in the 3550 switch.

On the 3550 switch, place a static default route towards the ISA server.

0 Helpful

Go to solution
pembrokeschool
Level 1
Level 1
In response to Edison Ortiz

‎12-20-2007 04:28 PM

Will that work, though? Considering that the link from the 2960 to the ISA server will be on one VLAN and not a trunk, will the traffic to the other VLANs be switched through? eg. the ISA server is plugged into a port configured for VLAN 2, but is has a static route directing traffic to the default gateway for VLAN 3, won't the VLAN 3 traffic just be dropped?

Or I suppose the 2960 port could be configured to accept traffic from all VLANs?

0 Helpful

Go to solution
Edison Ortiz
Hall of Fame
Hall of Fame
In response to pembrokeschool

‎12-20-2007 04:55 PM

The ISA only cares about one Vlan and that's the common Vlan between the 3550 (Layer3 device) and itself.

The inter-Vlan is done at the 3550 and hosts on the respective subnets will point to the 3550 as the default-gateway. All packets from the 3550 will be Layer3 switched towards the ISA, which in turned send to the outside.

On the ISA, make sure to include routes back to those subnets with gateway pointing to the 3550 and also have NAT including those subnets for traffic going out to the internet (please remember that).

For instance, common subnet between 3550 and ISA: 192.168.1.1 = ISA / 192.168.1.2 = 3550.

On the ISA,

route add 192.168.2.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan 2)

route add 192.168.3.0 mask 255.255.255.0 192.168.1.2 (Subnet Vlan3)

etc ...

On the 3550

interface Vlan2

ip add 192.168.2.1 255.255.255.0

interface Vlan3

ip add 192.168.3.1 255.255.255.0

On the Clients from Vlan2

ip address: 192.168.2.10

subnet mask: 255.255.255.0

default gateway: 192.168.2.1

____________

No need to make any changes in the 2960 switchport, a common Vlan will flow thru between the switches with no problem.

For instance, common Vlan100

On the 3550

interface Vlan 100

ip add 192.168.1.2 255.255.255.0

interface fx/x

description connection to 2960

switchport mode access

switchport access vlan 100

On the 2960

interface fx/x

description connection to 3550

switchport mode access

switchport access vlan 100

interface fx/x

description connection to ISA

switchport mode access

switchport access vlan 100

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card