cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2240
Views
0
Helpful
32
Replies

cannot route between VLANs on 6509 switch

gflorescu
Level 1
Level 1

I have just installed a new Cisco 6509 switch and I have 2 VLANs:

VLAN 2

VLAN 3

I setup 2 interfaces on it:

int vlan 2

ip address 192.168.6.4

int vlan 3

ip address 192.168.7.1

I verified they're in no shutdown mode. I can ping both ip addresses when logged into the switch but I cannot ping between 2 hosts on the different subnets.

I have a default static route going to 192.168.6.1

(i.e. ip route 0.0.0.0 0.0.0.0 192.168.6.1 )

If I do sho ip route, it shows the 2 vlans that are directly connected and it shows the static route as well.

I want the 6509 to do the layer 3 routing between the VLANs.

1 Accepted Solution

Accepted Solutions

Excellent, please make sure to mark the thread as 'resolved'. I'm sure it will help others with similar problems.

Thanks

View solution in original post

32 Replies 32

Jon Marshall
Hall of Fame
Hall of Fame

Have you set the default-gateways on your hosts to the relevant interface address on your 6509

ie. host in vlan 2 should have default-gateway 192.168.6.4

host in vlan 3 should have default-gateway 192.168.7.1

Have you got any firewalls on the hosts.

Jon

yes, they are pointed to the correct gateway. No firewalls.

FYI

If I go on the switch and issue the ping command by itself, I can specify source and destination addresses and when I do that I can't get a reply there either.

mattcalderon
Level 4
Level 4

If you issue the command sh vlan do you see vlans 2 and 3? If you do good then your vlans are created.

Also if you can do a sh ip route, your ip routing is enabled.

Have you put the switchports in the vlans that your hosts are in?

Example

int fa1/1

switchport access vlan 2

int fa1/2

switchport access vlan 2

Your ports need to be a member of the vlan that the pc is assigned to.

yes, all the switchports are in the correct vlans.

If I issue the command sh vlan, yes it shows the vlans.

If I go on the switch and ping each ip, I get a response, it's just that I can't go between the VLANs.

Edison Ortiz
Hall of Fame
Hall of Fame

The hosts were configured with a default gateway pointing to their respective Vlan?

For instance, on host in Vlan 2, this device must be connected on a switchport with 'access vlan 2'. In addition, the IP address must be in the 192.168.6.1-254 range (excluding 192.168.6.4, of course). The gateway must be 192.168.6.4

The same idea should be implemented on the device sitting on Vlan3.

HTH,

__

Edison.

yes, the hosts are configured with the default gateway for the respective vlan.

and yes the ports are setup correctly.

FYI

If I go on the switch and issue the ping command by itself, I can specify source and destination addresses and when I do that I can't get a reply there either.

Please post the switch config along with show ip route and show vlan.

Please also post the output from typing ipconfig /all from both devices.

__

Edison.

Just a hunch could ICMP redirects be the causing this problem.

Can you configure this command 'no ip redirects' under the vlan interface(s) and do the ping again. If possible, post the output of 'route print' from the PC itself.

HTH

Sundar

interface FastEthernet4/25

no ip address

switchport

switchport access vlan 2

spanning-tree portfast

!

interface FastEthernet4/26

no ip address

switchport

switchport access vlan 2

spanning-tree portfast

!

interface FastEthernet4/27

no ip address

switchport

switchport access vlan 2

spanning-tree portfast

...

...

interface FastEthernet8/17

no ip address

switchport

switchport access vlan 3

spanning-tree portfast

!

interface FastEthernet8/18

no ip address

switchport

switchport access vlan 3

spanning-tree portfast

!

interface FastEthernet8/19

no ip address

switchport

switchport access vlan 3

spanning-tree portfast

...

interface Vlan2

description Data

ip address 192.168.6.4 255.255.255.0

!

interface Vlan3

description Servers

ip address 192.168.7.1 255.255.255.0

!

ip default-gateway 192.168.6.1

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.6.1

ip route 192.168.7.0 255.255.255.0 192.168.6.1

ip http server

---------------------------

sho ip route

Gateway of last resort is 192.168.6.1 to network 0.0.0.0

C 192.168.6.0/24 is directly connected, Vlan2

C 192.168.7.0/24 is directly connected, Vlan3

S* 0.0.0.0/0 [1/0] via 192.168.6.1

------------------------------------

sho vlan

2 Data active Fa3/1, Fa3/2, Fa3/3, Fa3/4

Fa3/5, Fa3/6, Fa3/7, Fa3/8

Fa3/9, Fa3/10, Fa3/11, Fa3/12

Fa3/13, Fa3/14, Fa3/15, Fa3/16

Fa3/17, Fa3/18, Fa3/19, Fa3/20

etc.

3 Servers active Fa8/1, Fa8/2, Fa8/3, Fa8/4

Fa8/5, Fa8/6, Fa8/7, Fa8/8

Fa8/9, Fa8/10, Fa8/11, Fa8/12

etc.

------------------------

There's a PIX firewall that's connected to one of the ports in VLAN 2 and that has the ip address 192.168.6.1.

The switch configuration looks fine.

1) Vlans were created in Layer2 and Layer3

2) The port membership is correctly assigned

3) You have ip routing running per the show ip route output. Both routes are shown as connected.

The problem indicates something wrong in the workstation configs.

Can you ping the PIX from the 6509 while source from Vlan3 ?

Please remember, the PIX needs to have a route to 192.168.7.0/24 in order to work.

(route add 192.168.7.0 255.255.255.0 192.168.6.4)

__

Edison.

That fixed it. That's all it was, a route add issue.

Thanks a lot guys.

Excellent, please make sure to mark the thread as 'resolved'. I'm sure it will help others with similar problems.

Thanks

Edison:

Can you clarify something for me?

When you recommended adding a route to the 192.168.7.0 network on the PIX so that "it" would work, you were talking about PINGing from the switch to the PIX and sourcing vlan3, right?

Because it doesn't make sense to me that he should have to add a route to the 7.0 subnet to have successfuly inter-vlan routing, UNLESS the PIX is indeed proxy arping and hosts on the 6.0 subnet are forwarding their traffic to the PIX. Without a route to the 192.168.7.0 network, the PIX was dropping the traffic.

Why would a host on vlan 2 that is trying to communicate with a host on vlan 3 be effected by the routing on the firewall? It shouldn't. All the traffic should stay local to the switch.

Set me straight...

Victor

When you recommended adding a route to the 192.168.7.0 network on the PIX so that "it" would work, you were talking about PINGing from the switch to the PIX and sourcing vlan3, right?

Yes.

Why would a host on vlan 2 that is trying to communicate with a host on vlan 3 be effected by the routing on the firewall?

I wasn't targeting the hosts with my reply. I was trying another device to test inter-vlan routing in the switch. It seems the hosts have a problem on their own but it also seems the OP got that part working.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: