cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2377
Views
8
Helpful
26
Replies

Vlan using Catalyst 3560

tan.joseph
Level 1
Level 1

Hi,

I am trying to create VLANs to segment the company network to cater for grow. I have found this document (id: 41860) “How to configure intervlan routing on layer 3 switches” and found it is close to my requirement. I have follow the steps and tried on a catalyst 3560. But I am not able to get the desired result. I can't ping between the VLANs. At the VLANs I can't connect to internet. What have I done and what have I not done? Attached are the running-config and ip routing.

help would be appreciated

thanks

26 Replies 26

shrikar.dange
Level 1
Level 1

hi,

Please issue the ip routing command (its not enable by dedfault in L3 switches) in global config mode and remove the deafualt gateway command with no default gateway 10.1.23.251.

Also you have not assign any ports to the vlans.

Use following command to access the vlans

sw(conf-if)#switchport mode access

sw(conf-if)#switchport access vlan (vlan no.)

do you have more than 1 switch over which these vlans have members? Use trunking between them.

for ur reff:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

HTH,

regards,

shri :)

thanks shri,

i have tried what you suggested and i assume for the time being 3560 is the only switch in my network. i still can't ping across the vlans.

you advise would be appreciated

Joseph

Hi Joseph,

I will like to know from where are you trying to ping and to whom? You should be able to ping from vlan 3 to vlan 1 and vice versa and not anything else. I even don't see the default route installed in your routing table.

You have configured a route "ip route 0.0.0.0 0.0.0.0 192.168.23.251" can you confirm 192.168.23.251 is your next hop? Also can you check the status of "sh interface gig0/1" and check if the interface is up and up.

Also try to ping 192.168.23.251 and see if it is reachable?

Regards,

Ankur

hi joseph

I agree with ankur please check the status of your interfaces with sh ip int brie command (including your vlan interfaces).In case they are down give no shut command.If you are testing this config and want to that interface hsould not be down then under interface submode give no keepalive command.

Is 192.168.23.251 reachable?

From your sh ip rou output i suspect that only vlan 1 and vlan 3 interfaces are up.

Issue the no shut command under gig0/1.As well as under other interfaces such as the interfaces you have assigned to particular vlans.

HTH,

regards,

shri :)

glen.grant
VIP Alumni
VIP Alumni

I don't see anywhere in your config where you have created the layer 2 vlan definition . Add the following. Also if you don't have at least one interface in each vlan that is active the layer 3 interfaces will be up/down and you will not be able to ping those.

conf t

vlan 2

vlan 10

vlan 3

exit

wr mem

Hi Glen,

If he would have created vlans going to vlan database mode then it will not show up in running config. Also I believe they are created at layer2 level because I can see few vlans in routin table and they will only come in routing table when interfaces are up and interfaces will only be up if vlans are present in vlan database.

Regards,

Ankur

Hi All,

thanks!

i have made changes based on your suggestions. now i'm able to ping between the vlans. however, i still not able to ping devices connected at port 1 with ip address 192.168.23.253. for example i can ping 192.168.23.251 which is my internet router connected at port 1.

whats go wrong, pls. help thanks in adv

Joseph

Hi Friend,

I was not able to understand your problem completely here. Can you please confirm from which subnet you are trying to ping and to which subnet.

I mean what is your source ip address and which is your destination ip address?

Regards,

Ankur

hi,

10.1.3.1 ping 10.1.2.1 both ways ok

10.1.3.1 or 10.1.2.1 ping 192.168.23.253 pot 1 ok

but problem ping the device connected at port 1 e.g. my internet router 192.168.23.251 connected to port 1 and i'm not able to ping from other subnet thus not internet connection for other subnet.

thanks

Hi Friend,

When you try to ping your internet router which is 192.168.23.251 from other subnet like vlan 1 and vlan 2 subnet, does this router have reverse router for vlan 1 and vlan 2 subnet.

I am sure this router is missing the route back to your local subnets.

Can you confirm your internet router with routes back to your vlan 1 and vlan 2 subnets something like this

ip route 10.1.23.0 0.0.0.255 192.168.23.253

ip route 10.1.2.0 0.0.0.255 192.168.23.253

Add these routes on yoru internet router and you will be able to ping your internet router from your vlan 1 and vlan 2 subnet. If it is configured with NAT then you will be able to ping internet also.

HTH

Ankur

*Pls rate all helpfull post

Hi Ankur,

thanks for your help, can ping already after adding routing at router.

now! my live network is in 192.168.23.0 subnet and i intend to keep it the same. i tried changing the vlan1 ip address from 10.1.23.1 to 192.168.23.1 thinking ports under the vlan1 can used for clients in the said subnet. but i received message saying "192.168.23.0 overlaps with Gigabitethernet0/1". how do i resolve this? thanks in adv

Joseph

Hi Joseph,

What you are trying to do is having 2 different interface in same subnet which is not possible. Your gig0/1 is a routed interface and already have an ip address in 192.168.23.0 subnet and now when you try to configure your vlan 1 interface with same subnet ip address you will get this message.

As of now your vlan 1 and vlan 2 are getting routed to your internet link via gig0/1 and I think it is fine enough. Would you like to change you existing setup and if yes what excactly you are looking for?

Regards,

Ankur

hi ankur,

with the new 3560 switch i would like to keep the existing subnet 192.168.23.0 and the internet router setting 192.168.23.251. i would like to make use of the vlan to cater for the grow of the network. all deivces on the new vlan should able to connect to the internet via the internet router above. also they should able to communicate with devices in the 192.168.23.0 subnet

thanks in adv

Joseph

Hi Joseph,

One way can be you assign 192.168.23.1 ip address to your vlan 1 and gig0/1 which is a layer 3 interface connected to internet router , you change that interface to layer 2 interface and assign it as vlan 1.

interface gig0/1

switchport mode access

switchport access vlan 1

In this case your subnet 192.168.23.0 will exist in your network on 3560 as a part of vlan 1 and in future you can create any vlans to scale your network and they will be able to route to your internet router and go on internet.

Only thing you need to change on your internet router is reverse routes back to your vlans and add one defaut route on your 3560 switch to go to internet router.

HTH

Ankur

*Pls rate all helpfull post

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco