Vlan routing using L3 managed and unmanaged switches

Unanswered Question

Hi,

I have cisco 3750 L3 switch.Terminated the link on this switch from firewall.

I created some 15 Vlans on this L3 switch.Now used 8 and 16 port switches after this switch.But it doesn't working at all.Able to ping the gateway i.e IP of the respective VLAN but doesn't allow to access the internet.

IP routing is enabled on L3 switch.


I attached say the fastethernet 04 with 8 port switch and fastethernet 05 with 16 port switch.

Any idea would be of gr8 help.

Is it something related to trunking?As I cann't do trunk on unmaanged switch.


Reg,

Sushil


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
robertblasey Sat, 03/08/2008 - 04:39
User Badges:

does your firewall have all the routes to your internal vlans, or just a default route and the route to it's inside interface/subnet?

Robert

Robert it is just having a default rout to inside interface.i.e 192.168.0.1/24.


Now I created VTP mode server mode on L3.

Assigned Vlan like Vlan 3,Vlan 4,Vlan 5 or so on with ip like 192.168.1.1/24 for Vlan 3,192.168.2.1/24 for Vlan 5 and so on.


I routed the traffic from L3 using 0.0.0.0 0.0.0.0 192.168.0.1 i.e the IP of my internal interface of firewall.


I desperatly in need the solution.


Suggest/Help.


Reg,

Sushil

Jon Marshall Sat, 03/08/2008 - 06:49
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


Few things to check


1) You have a default route on your L3 switch pointing to the ASA internal interface. Does the ASA have routes to get back to your vlans on the 3750 ?


2) If you are not trunking from the unmanaged switches then all the devices you attach to each of this switches must be in the same vlan ie. you cannot have 2 devices attached to the 8 port unmanaged switch which are in different vlans.


3) Do you have default route on your ASA pointing to the next hop router that leads to the Internet and have you setup NAT on your ASA because your 192.168.x.x addresses are not routable on the Internet.


Jon

1) You have a default route on your L3 switch pointing to the ASA internal interface. Does the ASA have routes to get back to your vlans on the 3750 ?


There is no entry as such on my firewall to get back to my switch.

2) If you are not trunking from the unmanaged switches then all the devices you attach to each of this switches must be in the same vlan ie. you cannot have 2 devices attached to the 8 port unmanaged switch which are in different vlans.


My requirement is like that.Say one 24 port L3 3750 switch.Now some 20 different Vlans.One unmanaged 8 port switch to each Vlan of the L3 switch.Here some 5-6 user in one subnet.

3) Do you have default route on your ASA pointing to the next hop router that leads to the Internet and have you setup NAT on your ASA because your 192.168.x.x addresses are not routable on the Internet.


Yes my firewall route to Next hop router,Natted and working perfectly with default Vlan i.e Vlan1.



Don't know what I am missing.Need expert opinion.Do I need to define trunking anywhere?Only L3 is there.Rest are small unmanaged switches.


Do let me know if something is to be done from Firewall side as well.


Reg,

sushil






Jon Marshall Sat, 03/08/2008 - 09:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Sushil


If you are routing all the vlans on the 3750 switch then the ASA needs to know how to get to these vlans. So the IP address of your ASA is 192.168.0.1 ?


if so what is the 3750 vlan IP address from that same subnet. Lets assume it is 192.168.0.2. So on the ASA you need to have routes


route (inside) 192.168.2.0 255.255.255.0 192.168.0.2

route (inside) 192.168.3.0 255.255.255.0 192.168.0.2

etc..


for all the vlans that are on the 3750 switch.


Jon

Thanks John,


I think you pointed the right configuration.Well will check it and let you know the results.



I have one more question for the same scenario.If I use ASA 5510 Sec model and one 2960 L2 switch and again small unamanaged switches of 8 or 16 port to as in aobve requirement.Can I create subinterfaces on physical interface of ASA and allow trunking from ASA to Cisco 2960 L2 managed switch configured in transparent mode.And again for cost cutting can use 8/16 port switches for 5-6 users in one subnet and so on.


Can you refer me some config link for the above said scenarios.

Curious to know how many VLAN can one create in ASA 5510 Sec bundle.As this part is little confusing.


Reg,

Sushil


Actions

This Discussion