Vlan using Catalyst 3560

Unanswered Question
Jan 13th, 2008
User Badges:

Hi,

I am trying to create VLANs to segment the company network to cater for grow. I have found this document (id: 41860) “How to configure intervlan routing on layer 3 switches” and found it is close to my requirement. I have follow the steps and tried on a catalyst 3560. But I am not able to get the desired result. I can't ping between the VLANs. At the VLANs I can't connect to internet. What have I done and what have I not done? Attached are the running-config and ip routing.

help would be appreciated

thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
Loading.
shrikar.dange Sun, 01/13/2008 - 20:17
User Badges:
  • Bronze, 100 points or more

hi,


Please issue the ip routing command (its not enable by dedfault in L3 switches) in global config mode and remove the deafualt gateway command with no default gateway 10.1.23.251.


Also you have not assign any ports to the vlans.

Use following command to access the vlans


sw(conf-if)#switchport mode access

sw(conf-if)#switchport access vlan (vlan no.)


do you have more than 1 switch over which these vlans have members? Use trunking between them.


for ur reff:


http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml


HTH,


regards,


shri :)

tan.joseph Mon, 01/14/2008 - 02:17
User Badges:

thanks shri,

i have tried what you suggested and i assume for the time being 3560 is the only switch in my network. i still can't ping across the vlans.

you advise would be appreciated

Joseph




Attachment: 
ankbhasi Mon, 01/14/2008 - 02:24
User Badges:
  • Cisco Employee,

Hi Joseph,


I will like to know from where are you trying to ping and to whom? You should be able to ping from vlan 3 to vlan 1 and vice versa and not anything else. I even don't see the default route installed in your routing table.


You have configured a route "ip route 0.0.0.0 0.0.0.0 192.168.23.251" can you confirm 192.168.23.251 is your next hop? Also can you check the status of "sh interface gig0/1" and check if the interface is up and up.


Also try to ping 192.168.23.251 and see if it is reachable?


Regards,


Ankur

shrikar.dange Mon, 01/14/2008 - 02:38
User Badges:
  • Bronze, 100 points or more

hi joseph

I agree with ankur please check the status of your interfaces with sh ip int brie command (including your vlan interfaces).In case they are down give no shut command.If you are testing this config and want to that interface hsould not be down then under interface submode give no keepalive command.

Is 192.168.23.251 reachable?

From your sh ip rou output i suspect that only vlan 1 and vlan 3 interfaces are up.

Issue the no shut command under gig0/1.As well as under other interfaces such as the interfaces you have assigned to particular vlans.


HTH,


regards,


shri :)

glen.grant Mon, 01/14/2008 - 04:30
User Badges:
  • Purple, 4500 points or more

I don't see anywhere in your config where you have created the layer 2 vlan definition . Add the following. Also if you don't have at least one interface in each vlan that is active the layer 3 interfaces will be up/down and you will not be able to ping those.


conf t


vlan 2


vlan 10


vlan 3


exit

wr mem




ankbhasi Mon, 01/14/2008 - 04:38
User Badges:
  • Cisco Employee,

Hi Glen,


If he would have created vlans going to vlan database mode then it will not show up in running config. Also I believe they are created at layer2 level because I can see few vlans in routin table and they will only come in routing table when interfaces are up and interfaces will only be up if vlans are present in vlan database.


Regards,


Ankur

tan.joseph Tue, 01/15/2008 - 20:37
User Badges:

Hi All,

thanks!

i have made changes based on your suggestions. now i'm able to ping between the vlans. however, i still not able to ping devices connected at port 1 with ip address 192.168.23.253. for example i can ping 192.168.23.251 which is my internet router connected at port 1.

whats go wrong, pls. help thanks in adv

Joseph



Attachment: 
ankbhasi Tue, 01/15/2008 - 21:18
User Badges:
  • Cisco Employee,

Hi Friend,


I was not able to understand your problem completely here. Can you please confirm from which subnet you are trying to ping and to which subnet.


I mean what is your source ip address and which is your destination ip address?


Regards,


Ankur

tan.joseph Tue, 01/15/2008 - 21:38
User Badges:

hi,

10.1.3.1 ping 10.1.2.1 both ways ok

10.1.3.1 or 10.1.2.1 ping 192.168.23.253 pot 1 ok


but problem ping the device connected at port 1 e.g. my internet router 192.168.23.251 connected to port 1 and i'm not able to ping from other subnet thus not internet connection for other subnet.


thanks

ankbhasi Tue, 01/15/2008 - 21:46
User Badges:
  • Cisco Employee,

Hi Friend,


When you try to ping your internet router which is 192.168.23.251 from other subnet like vlan 1 and vlan 2 subnet, does this router have reverse router for vlan 1 and vlan 2 subnet.


I am sure this router is missing the route back to your local subnets.


Can you confirm your internet router with routes back to your vlan 1 and vlan 2 subnets something like this


ip route 10.1.23.0 0.0.0.255 192.168.23.253

ip route 10.1.2.0 0.0.0.255 192.168.23.253


Add these routes on yoru internet router and you will be able to ping your internet router from your vlan 1 and vlan 2 subnet. If it is configured with NAT then you will be able to ping internet also.


HTH


Ankur


*Pls rate all helpfull post

tan.joseph Wed, 01/16/2008 - 00:39
User Badges:

Hi Ankur,

thanks for your help, can ping already after adding routing at router.


now! my live network is in 192.168.23.0 subnet and i intend to keep it the same. i tried changing the vlan1 ip address from 10.1.23.1 to 192.168.23.1 thinking ports under the vlan1 can used for clients in the said subnet. but i received message saying "192.168.23.0 overlaps with Gigabitethernet0/1". how do i resolve this? thanks in adv


Joseph

ankbhasi Wed, 01/16/2008 - 00:59
User Badges:
  • Cisco Employee,

Hi Joseph,


What you are trying to do is having 2 different interface in same subnet which is not possible. Your gig0/1 is a routed interface and already have an ip address in 192.168.23.0 subnet and now when you try to configure your vlan 1 interface with same subnet ip address you will get this message.


As of now your vlan 1 and vlan 2 are getting routed to your internet link via gig0/1 and I think it is fine enough. Would you like to change you existing setup and if yes what excactly you are looking for?


Regards,


Ankur

tan.joseph Wed, 01/16/2008 - 20:58
User Badges:

hi ankur,

with the new 3560 switch i would like to keep the existing subnet 192.168.23.0 and the internet router setting 192.168.23.251. i would like to make use of the vlan to cater for the grow of the network. all deivces on the new vlan should able to connect to the internet via the internet router above. also they should able to communicate with devices in the 192.168.23.0 subnet

thanks in adv


Joseph

ankbhasi Wed, 01/16/2008 - 21:03
User Badges:
  • Cisco Employee,

Hi Joseph,


One way can be you assign 192.168.23.1 ip address to your vlan 1 and gig0/1 which is a layer 3 interface connected to internet router , you change that interface to layer 2 interface and assign it as vlan 1.


interface gig0/1

switchport mode access

switchport access vlan 1


In this case your subnet 192.168.23.0 will exist in your network on 3560 as a part of vlan 1 and in future you can create any vlans to scale your network and they will be able to route to your internet router and go on internet.


Only thing you need to change on your internet router is reverse routes back to your vlans and add one defaut route on your 3560 switch to go to internet router.


HTH


Ankur


*Pls rate all helpfull post

tan.joseph Thu, 01/17/2008 - 01:44
User Badges:

thanks ankur,

i can't get he switchport acces vlan1 into interface gig0/1. anyway the switch is working the way i want. i have any question, how do i configure the switch as dhcp server and issue ip address to clients according to the vlan. e.g. a clients connected to vlan 10 it will get the ip 10.1.10.88, a client connected to vlan 1 it will get the ip 10.1.1.99.

thanks in adv


Joseph

ankbhasi Thu, 01/17/2008 - 01:48
User Badges:
  • Cisco Employee,

Hi Joseph,


You have to create seperate DHCP pools for different subnets. Something liket


Switch(config)#service dhcp

Switch(config)#ip dhcp pool

Switch(dhcp-config)#network

Switch(dhcp-config)#default-router


This way you have to create pool for each and every subnet you want and then later exclude the address which you have used for gatway for that subnet.


Switch(config)#ip dhcp excluded-address


HTH


Ankur


*Pls rate all helpfull post

tan.joseph Fri, 01/18/2008 - 01:31
User Badges:

Hi Ankur,

thank you dhcp work for subnet. going further, how do i assigning ip base on client mac address with the subnet.

thanks in adv


Joseph

tan.joseph Tue, 02/19/2008 - 02:08
User Badges:

Hi,

I can't ping any ip at the other side of the wan link e.g. 192.168.22.0 from my vlan e.g. vlan46. i'm in 192.168.23.0 with switch 3560 configured with vlan46 with ip 10.1.46.0. the wan link is connected with lease line and routers.

thanks in adv

mobadder_a Fri, 01/18/2008 - 11:51
User Badges:

i'm having the same problem if u solve it tell me plz

shrikar.dange Sun, 01/20/2008 - 20:55
User Badges:
  • Bronze, 100 points or more

hi,


hi


An address binding is a mapping between the IP address and MAC address of a client. The IP address of a client can be assigned manually by an administrator or assigned automatically from a pool by a DHCP server.


Manual bindings are IP addresses that have been manually mapped to the MAC addresses of hosts that are found in the DHCP database. Manual bindings are stored in NVRAM on the DHCP server. Manual bindings are just special address pools. There is no limit on the number of manual bindings, but you can only configure one manual binding per host pool.


reffer following link for IOS 12.2 mailline:

http://www.cisco.com/en/US/products/sw/iosswrel/ps1835/products_configuration_guide_chapter09186a00800ca75c.html#wp1001108


HTH


regards,


shri :)


tan.joseph Tue, 01/22/2008 - 02:02
User Badges:

Hi,

thanks!

tried but with this error after entering host .

"This command may not be used with network pools."

search cisco with the error but can't find any related doc. any help?

thanks in adv


Joseph

shrikar.dange Tue, 01/22/2008 - 02:34
User Badges:
  • Bronze, 100 points or more

hi,


have you craeted the host pool? To configure a manual binding, first create a host pool, then specify the IP address of the client and client identifier or hardware address.


example:


The following example creates a manual binding for a client named Mars.cisco.com. The MAC address of the client is 02c7.f800.0422 and the IP address of the client is 172.16.2.254.


ip dhcp pool Mars

host 172.16.2.254

hardware-address 02c7.f800.0422 ieee802

client-name Mars


Cisco IOS DHCP Client Example

On the DHCP Server, the configuration is as follows:


ip dhcp pool 1

network 10.1.1.0 255.255.255.0

lease 1 6

On the DHCP client, the configuration is as follows on interface E2:


interface Ethernet2

ip address dhcp

This configuration allows the DHCP client to aquire an IP address from the DHCP Server through an Ethernet interface.



this from the same document i have posted previously.


HTH,


regards,


shri :)





tan.joseph Tue, 01/22/2008 - 16:59
User Badges:

hi,


i'm still having the same problem! below are the command used:

no aaa new-model

clock timezone UTC 8

system mtu routing 1500

ip subnet-zero

ip routing

ip dhcp excluded-address 10.1.46.1

ip dhcp excluded-address 10.1.47.1

!

ip dhcp pool pool46

network 10.1.46.0 255.255.255.0

default-router 10.1.46.1

dns-server 192.168.23.228 192.168.23.205

!


sw3560-253#configure t

Enter configuration commands, one per line. End with CNTL/Z.

sw3560-253(config)#ip dhcp pool pool46

sw3560-253(dhcp-config)#host 10.1.46.113

% This command may not be used with network pools.


thanks

Joseph



shrikar.dange Tue, 01/22/2008 - 20:07
User Badges:
  • Bronze, 100 points or more

hi,


You can not configure manual bindings within the same pool that is configured with the network command.In your case you have created the pool46 with the network command hence you can not used it for manual binding.

For manual binding you have to create a different host pool per host.


try again with the differnt host pool :


example:

ip dhcp pool Mars

host 172.16.2.254 mask 255.255.255.0 (this mask is used by the dhcp cleint(host))

hardware-address 02c7.f800.0422 ieee802(mac address)

client-name Mars

default-router 172.16.2.100 172.16.2.101

domain-name cisco.com

dns-server 172.16.1.102 172.16.2.102

HTH,


regards,


shri :)



mendez_borgez Wed, 11/04/2015 - 05:11
User Badges:

Hi,

How many settings I can make a manual bindings in the DHCP configurations using Switch Catalyst 3560G with IOS 12.2(50) ?


Thanks,

Sergio.

Actions

This Discussion