Test Subnet/Vlan

Unanswered Question
Jan 22nd, 2009

Hi. I have a fairly basic understanding of Cisco routing and switching and have decided I wanted to set up a test subnet at our office in order to segregate a test domain that will be used to test RADIUS authentication.

That being said, I'm having some issues and I'm hoping this might be a good source for help.

I've attached a picture of what the infrastructure looks like which I hope helps. Sorry for the low-brow graphics...paint was the easiest tool available. :)

I fall asleep every time I get to the chapter on subnetting and vlans, so this is probably why I am struggling. Serves me right I guess. :)

I'll also attach the config of the test switch. I created a new vlan (200) that uses the test subnet, and both gig ports are trunking. Does this look right?

Should the test switch be configured with an IP from the test subnet or the existing?

Also, I know I need to set up a subinterface on the router, but do I need to do anything to the switches in between the test switch and the router?

Any help is much appreciated!


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
SJessulat_2 Fri, 01/23/2009 - 05:28

Hi Rob,

you should remove the "Interface VLAN 200" from your 2960, because it is a layer2-device and only needs an IP-Address in the existing VLAN. Instead you should create a Subinterface on your 3725 for each VLAN, so it can route between them.

Also check that every switch in your network has the two layer2-VLANs it needs. Under "show vlan" there should be VLAN001 and VLAN200.

The trunk-ports look alright. On the Router-Subinterfaces you have to enter "encapsulation dot1q xx" (where xx is either 1 or 200) and "ip address x.x.x.x".

That should do it. Otherwise, you should explain what issues you see.



rcoote5902_2 Fri, 01/23/2009 - 08:58

Thank you so much Sebastian. Things are definitely moving in the right direction.

From a workstation on the 2960 I can now ping the gateway (the subinterface on the 3725 -, but I cannot ping the firewall, which suggests I don't have an outside route, although the 3725 has:

ip route

I can ping the firewall from the 2960.

The workstation has the following settings:




Do I need an outside subinterface on the 3725??

Thanks again!


Jon Marshall Fri, 01/23/2009 - 09:21


It sounds like yout firewall doesn't have a route back to the network. So you need to add a route on your firewall eg.

ip route <3725 ip address that connects to firewall>

syntax for adding firewall route may well be different from above.


rcoote5902_2 Fri, 01/23/2009 - 09:53

Nice! Thank you that was it. I just needed an inside route back to the 3725.



This Discussion