management on Switch with vlan

Unanswered Question
Sep 3rd, 2008
User Badges:

Dear Expert,

Please help me to solve this problem,I had Cisco Core Switch 3560 and Cisco access switch CE500 and i did Vlan(Vlan 10,11,12,13,14,15,........)so i want PC on Vlan 13(IP: can access to other swith and other Vlan)

Please see in the attach file.

Best Regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3.7 (3 ratings)
Joseph W. Doherty Wed, 09/03/2008 - 03:27
User Badges:
  • Super Bronze, 10000 points or more

Have you enable routing on the 3560? (I.e. have an IP routing in the config?)

How are the VLANs defined on the 3560 and on the links between the 3560 and CE500s? (From your diagram, you wouldn't need to define any VLANs on the CE500s, just need port based VLANs on the 3560.)

Calin Chiorean Wed, 09/03/2008 - 03:31
User Badges:
  • Silver, 250 points or more


Your problem is a little bit unclear to me. You said that you have the c3560 as core and CE500 as access switch, but from the drawing I see that your gateways are on the access switches actually. According to your drawing your access switches are not L2 but L3. You have some IP routing protocol or statics between c3560 and CE500?

The easiest and elegant solution to your problem is to move the gateways from the CE500 to the core (c3560) under "interface vlan x" and have between the access sw and core sw trunks that allow your desired vlans.

As you draw your topology is a matter of L3 (routing) problem and not L2 (switching).

Tell me if you need additional info about this or if you understood what is my point here.

Good luck!


Joseph W. Doherty Wed, 09/03/2008 - 04:02
User Badges:
  • Super Bronze, 10000 points or more

CE500s, I believe, are only L2 devices. However, Calin raises an good point about gateways.

I might guess the IP addresses shown on the diagram on the CE500s are their device addresses, but you should still define IP addresses on the 3560, for each VLAN, which can be used as the subnet gateway address that hosts can direct traffic to for non-local subnet traffic. (Often .1 is used as the gateway address. If you want to follow this convention, readdress the CE500 device addresses, if now .1, to something like .10.)

rechard_david Wed, 09/03/2008 - 18:01
User Badges:

Dear josephdoherty,chiorean.calin,

Thanks you for your help me!!!

Sorry for didnot detail, ok i will let u know again ...

my core switch used 3560 and access switch CE500.All access switch connect to core switch my Vlan base on attach file that i gave the way on IP address CE, is ip management on CE not IP gateway on client.

and Pc on vlan 13 ( can control all switch ( i mean can change configuration can do every thing on swith).

one more could you advice me how can i do one this or you have other idea on this case please let me know....

Note: my idea mean want to manage all switch on my system.

if you not clear please let me know!!!!

Best Regards,


Calin Chiorean Wed, 09/03/2008 - 22:15
User Badges:
  • Silver, 250 points or more


In my network the devices like your access switches have administrative IP from the same subnet (let's say under interface vlan100 with the gateway setup on the access switches to (which is the core). Between the core and the access switch I have trunk witch allow transport of vlan 100.

Let's take one in your case to show an example.First one in vlan 10.

You bring UP an interface vlan 10 on the core switch with IP and an interface vlan 10 (I hope ce500 support it) with IP Then on the access switch you set the default gw to, and configure L2 interface between core and access sw as trunk allowing at leat vlan 10 (and of course your users vlan).You have to do the steps above for each access switch that you have there with their corespondent Vlan on the cores switch.

More simpliest would be to have the management IP from the same subnet. But it's your topology and you decide.

If you need more explanation please reply.

Good luck!


Joseph W. Doherty Thu, 09/04/2008 - 04:17
User Badges:
  • Super Bronze, 10000 points or more

I'm guessing this might be a first time for you using multiple LAN routing?

What you must first do, is define each VLAN you're going to use on your 3560. For each VLAN you will also assign an address used by the 3560. This address is often either the first or the last address in the subnet being defined. (If using /24 subnet addresses, either .1 or .254.)

You're also going to need to define how the 3560 ports correspond to the VLANs. There are two methods, either can be used. Either a 3560 port is member of just one VLAN or it's a trunk port, which allows multiple VLANs to be shared between switches. This sharing is a very powerful technique, but from your original design, and if this is all new to you, something you might want to avoid for now.

So assuming we avoid VLAN trunk ports, assign one 3560 port to each VLAN. Any device then connected to that port will be on that VLAN. If you don't define any VLANs on another switch, such as your CE500s, when you connect it to a 3560 port, all the CE500's ports should also be on the same 3560's port VLAN.

E.g., if VLAN 13 is defined the 3560 with an IP address of, and then the 3560's port 5 is defined to be a member VLAN 13, any device connected to port 5 should be defined with an address of 192.168.4.(2..253)/24 and a gateway address of (This includes the device or management address for the CE500).

Lastly, enable routing on the 3560.

Calin Chiorean Thu, 09/04/2008 - 04:50
User Badges:
  • Silver, 250 points or more

josephdoherty , very accurate info.

You have my "rate" for this :)




This Discussion