Inter-VLAN Routing and existing network

Answered Question
Dec 9th, 2008

Good afternoon!

Maybe you fine folks can help me - Trying to add another subnet to internal network (to eventually transition to this new subnet). Going to use VLAN's for this, but don't know how to create a VLAN and have it route to the existing network for web access, etc. Any suggestions?

(I've got a Catalyst 3560E That i'd like to use to create the VLAN and do the routing between the new subnet and the old)

Thanks!

I have this problem too.
0 votes
Correct Answer by Jon Marshall about 8 years 2 days ago

Daniel

First thing that stands out -

"on the 206.97.124.0 side, a machine with the ip 206.97.124.4 w/ a gateway of 206.97.124.1"

I thought you wanted to do inter-vlan routing on the switch ? but you are using a different device 206.97.124.1 as the default-gateway.

If you want to use 206.97.124.1 as the default-gateway for vlan 1 machines then you need to add a route to that device to tell it how to get to the new vlan 2 network ie.

ip route 10.5.0.0 255.255.255.0 206.97.124.28

OR

change the default-gateway on the vlan 1 machine to 206.97.124.28

I'll have a look at files and get back to you if there are other issues.

Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (3 ratings)
Loading.
Jon Marshall Tue, 12/09/2008 - 10:41

Daniel

Lets assume you have vlan 1 already on the 3560 with a L3 SVI ie. in the config

interface vlan 1

ip address x.x.x.x

Basic steps to add a new vlan. Assume new vlan is vlan 2 and uses IP subnet of 192.168.5.0/24

1) Create vlan at layer 2

3560(config)# vlan 2

3560(config-vlan)# name v2

2) Create L3 interface for vlan 2

int vlan 2

ip address 192.168.5.1 255.255.255.0

3) enable IP routing on your switch

3560(config)# ip routing

4) vlan 2 L3 interface will not come up until you add at least one port into it or if you have a trunk link on the 3560.

int gi0/10

switchport access vlan 2

the above would add int gi0/10 into vlan 2

5) Any machines you put into vlan 2 must use an address from the 192.168.5.x range and have their default-gateway set to 192.168.5.1

Jon

danielsormsby Tue, 12/09/2008 - 12:12

Jon,

I still can't seem to get it to work. Config is below:

Switch#show run

Building configuration...

Current configuration : 2370 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

interface FastEthernet0

no ip address

shutdown

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

switchport access vlan 2

!

interface GigabitEthernet0/11

!

interface GigabitEthernet0/12

!

interface GigabitEthernet0/13

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet0/25

!

interface GigabitEthernet0/26

!

interface GigabitEthernet0/27

!

interface GigabitEthernet0/28

!

interface GigabitEthernet0/29

!

interface GigabitEthernet0/30

!

interface GigabitEthernet0/31

!

interface GigabitEthernet0/32

!

interface GigabitEthernet0/33

!

interface GigabitEthernet0/34

!

interface GigabitEthernet0/35

!

interface GigabitEthernet0/36

!

interface GigabitEthernet0/37

!

interface GigabitEthernet0/38

!

interface GigabitEthernet0/39

!

interface GigabitEthernet0/40

!

interface GigabitEthernet0/41

!

interface GigabitEthernet0/42

!

interface GigabitEthernet0/43

!

interface GigabitEthernet0/44

!

interface GigabitEthernet0/45

!

interface GigabitEthernet0/46

!

interface GigabitEthernet0/47

!

interface GigabitEthernet0/48

!

interface GigabitEthernet0/49

!

interface GigabitEthernet0/50

!

interface GigabitEthernet0/51

!

interface GigabitEthernet0/52

!

interface TenGigabitEthernet0/1

!

interface TenGigabitEthernet0/2

!

interface Vlan1

ip address 206.97.124.28 255.255.255.0

shutdown

!

interface Vlan2

ip address 10.5.0.2 255.255.252.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 206.97.124.1

ip http server

!

!

control-plane

!

!

line con 0

line vty 5 15

!

end

Current subnet is 206.97.124.0 255.255.255.0 (I know, don't tell me)

New Subnet is 10.5.0.0 255.255.252.0

I have a connection to the existing network in int0/5 and my desktop in int0/10.

Any suggestions?

Thanks!

Jon Marshall Tue, 12/09/2008 - 12:13

Daniel

interface Vlan1

ip address 206.97.124.28 255.255.255.0

shutdown

your vlan 1 interface is shutdown - any reason ?

int vlan 1

no shut

Jon

Jon Marshall Tue, 12/09/2008 - 12:21

Daniel

Can you post output of

1) sh ip route

2) sh vlan

3) sh ip int br

which machines/IP addresses are you using to test the connectivity and do these machines have their respective default-gateways set ie.

machine in vlan 1 - 206.97.124.28

machine in vlan 2 - 10.5.0.2

Jon

danielsormsby Tue, 12/09/2008 - 12:36

Jon,

Thanks for all the help!

Various outputs exceeded the limit, they are in a .txt attached.

I'm using the following to test connectivity:

on the 10.5.0.0 Side, a machine with the ip of 10.5.0.3 w/ a gateway of 10.5.0.2

on the 206.97.124.0 side, a machine with the ip 206.97.124.4 w/ a gateway of 206.97.124.1

Again, thanks for all the help!

Attachment: 
Correct Answer
Jon Marshall Tue, 12/09/2008 - 12:40

Daniel

First thing that stands out -

"on the 206.97.124.0 side, a machine with the ip 206.97.124.4 w/ a gateway of 206.97.124.1"

I thought you wanted to do inter-vlan routing on the switch ? but you are using a different device 206.97.124.1 as the default-gateway.

If you want to use 206.97.124.1 as the default-gateway for vlan 1 machines then you need to add a route to that device to tell it how to get to the new vlan 2 network ie.

ip route 10.5.0.0 255.255.255.0 206.97.124.28

OR

change the default-gateway on the vlan 1 machine to 206.97.124.28

I'll have a look at files and get back to you if there are other issues.

Jon

Jon Marshall Tue, 12/09/2008 - 12:42

Daniel

Just checked the file and everything looks okay so i suspect it is the default-gateway issue on vlan 1.

Jon

danielsormsby Tue, 12/09/2008 - 13:53

Jon,

You are the man.

Once I did a ip route from the gateway on the 206.97.124.X subnet, everything worked marvelously.

Thanks again!

viyuan700 Tue, 12/09/2008 - 12:45

"on the 10.5.0.0 Side, a machine with the ip of 10.5.0.3 w/ a gateway of 10.5.0.2 "

hope u r using 255.255.252.0

"on the 206.97.124.0 side, a machine with the ip 206.97.124.4 w/ a gateway of 206.97.124.1 "

Gateway for this should be 206.97.124.28 it is the ip address of ur vlan 1.

vfrolov77 Wed, 12/10/2008 - 06:24

Hi Jon, your explanations are really useful!

I have a tech. problem with 3750. I have configured vlan1 10.20.20.1 (10.20.20.0/24 net) with fa2/0/2-12, ip routing up. I'm going to have vlan2 10.20.25.1 (net 10.20.25.0/24) with fa2/0/14-20. I'm trying to get them visible with each other (unsuccessfully yet), it means interVLANs routing on the same switch. If I assign IP to the vlan, then they have L3 interfaces and they have fastE. interface assigned and up. I cannot understand where routing interface should be. Can I use gigEthernet for it? Should I assign GE to vlan and what vlan? Switch is VTP server. Apart of that I'm going to use ge2/0/2 as connection to 7200. Can I use one interface for routing purposes? Didn't manage to dig up answers on site yet.

Thanks a lot,

Vlad

Jon Marshall Wed, 12/10/2008 - 06:31

Vlad

Do you want the 3750 to route between your vlans or do you want the 7200 to do it. Ideally i suspect you want the 3750. If so can you post config of both 3750 and 7200 and we can go from there.

Jon

vfrolov77 Wed, 12/10/2008 - 06:36

you are cisco Star. You understand everything =). I'm interested in internal 3750 (two vlans on one switch). I didn't start 7200 yet and 3750 I process, but I'll send config. I'm trying to realise where L3 interface should be for interVLANs.

Thank,

Vlad

Jon Marshall Wed, 12/10/2008 - 06:47

Vlad

First have you created vlan 2 at layer 2 ie.

1) run "sh vlan" on the 3750. Do you see entry for vlan 2 as well as vlan 1. If not

3750(config)# vlan 2

3750(config)# name v2

2) Next you need to create routed interfaces for the vlans. On a layer 3 switch you use SVI's (Switched Virtual Interfaces). To create an SVI for vlan 2

3750(config)# int vlan 2

3750(config-if)# ip address 10.20.25.1 255.255.255.0

3750(config-if)# no shut

3) You should already have a L3 SVI for vlan 1. If you but no ip address has been assigned -

3750(config)# int vlan 1

3750(config-if)# ip address 10.20.20.1 255.255.255.0

4) All clients connected to ports in vlan 1 should have an address from 10.20.20.x subnet and their default-gateway should be 10.20.20.1

5) All clients connected to ports in vlan 2 should have an address from 10.20.25.x subnet with default-gateway 10.20.25.1

If you get this working we can then look at your 7200 if you want to add that in later.

Jon

vfrolov77 Wed, 12/10/2008 - 07:02

Great! i will config and let you know, you are genuis.

Thanks,

Vlad

Actions

This Discussion