Inter-vlan routing with only one L3 Catalyst Switch

Answered Question
Jun 23rd, 2009

Hi,

I have two Internet dedicated links and a Switch L3 with two vlans, each one for each ISP subnet.

I'm trying to configure Inter-vlan routing between this two vlans, on a Switch Catalyst 3560 that it's connected directly to this two ISPs (by the moment).

I want to route the packets between both vlans on the same Catalyst Switch, without any other router, and without exit to Internet and then go back to the subnet by the other ISP.

Is this possible?

I had only configured inter-vlan routing with more than one device, never with all-in-one L3 switch.

Thanks.

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 5 months ago

Hello Peter,

all you need is:

conf t

ip routing

vlan x

vlan y

int vlan x

ip address x.x.x.x mask

! important

no shut

int vlan y

ip address y.y.y.y mask

! important

no shut

then you can associate L2 ports to desired L2 vlan with

int g0/w

switchport

switcport mode access

switchport access vlan x

int g0/z

switchport

switcport mode access

switchport access vlan y

as desired

this is enough for inter vlan routing to work.

Logical interfaces Vlanx and Vlany come up as soon as a L2 port is in up/up (in STP forwarding state)

To configure routing to the internet other efforts may be necessary to be sure that traffic originated in vlan x with source address the ip subnet of ISP1 is sent out link to ISP1 and the same for the other vlan/subnet

you can use PBR for this

access-list 110 deny ip x.x.x.0 wildcard y.y.y.y wildcard

access-list 110 permit ip x.x.x.0 wildcard any

route-map pbr_isp1 permit 10

match ip address 110

set ip next-hop isp1-ipaddress

int vlan x

ip policy route-map pbr_isp1

a similar can be done for vlany to ISP2.

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
petero007 Wed, 06/24/2009 - 05:04

Hi,

Here is the configuration:

sh run

Building configuration...

Current configuration : 3300 bytes

!

version 12.2

no service pad

!

hostname SW_3560

!

!

!

aaa session-id common

vtp domain domain.com

vtp mode transparent

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 10

name ISP1

!

vlan 20

name ISP2

!

interface FastEthernet0/1

description LINK_TO_ISP1

duplex full

speed 100

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlln 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/16

switchporttaccess vlan 20

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 20

switchport mode access

!

interface FastEthernet0/24

description LINK_TO_ISP2

switchport access vlan 20

switchport mode access

duplex full

speed 100

!

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

description INTERNET_ISP1

ip address 200.100.50.252 255.255.255.240

!

interface Vlan20

description INTERNET_ISP2

ip address 50.100.200.68 255.255.255.248

!

ip classless

ip http server

!

radius-server source-ports 1645-1646

!

control-plane

!

end

SW_3560#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

50.100.0.0/29 is subnetted, 1 subnets

C 50.100.200.64 is directly connected, Vlan20

200.100.50.0/28 is subnetted, 1 subnets

C 200.100.50.240 is directly connected, Vlan10

Correct Answer
Giuseppe Larosa Tue, 06/23/2009 - 23:10

Hello Peter,

all you need is:

conf t

ip routing

vlan x

vlan y

int vlan x

ip address x.x.x.x mask

! important

no shut

int vlan y

ip address y.y.y.y mask

! important

no shut

then you can associate L2 ports to desired L2 vlan with

int g0/w

switchport

switcport mode access

switchport access vlan x

int g0/z

switchport

switcport mode access

switchport access vlan y

as desired

this is enough for inter vlan routing to work.

Logical interfaces Vlanx and Vlany come up as soon as a L2 port is in up/up (in STP forwarding state)

To configure routing to the internet other efforts may be necessary to be sure that traffic originated in vlan x with source address the ip subnet of ISP1 is sent out link to ISP1 and the same for the other vlan/subnet

you can use PBR for this

access-list 110 deny ip x.x.x.0 wildcard y.y.y.y wildcard

access-list 110 permit ip x.x.x.0 wildcard any

route-map pbr_isp1 permit 10

match ip address 110

set ip next-hop isp1-ipaddress

int vlan x

ip policy route-map pbr_isp1

a similar can be done for vlany to ISP2.

Hope to help

Giuseppe

petero007 Wed, 06/24/2009 - 06:41

Thanks Giuseppe,

but you can see that actually, I have done the ip routing, vlans are created, int vlan is up, and ports are associated with each vlan. Even I can do ping between each ISP subnets.

The questions are:

How to do ping between each ISP subnets, without exit to the Internet?

How to keep traffic inter-vlan on the catalyst switch?

because i have a few services on both ISP subnets and I want to connect them locally, without other device participate in this process.

Thanks a lot!

petero007 Fri, 06/26/2009 - 04:34

Thank's a lot!

...and the only thing that I made after all, it was configure the default gateway of my servers pointing to de IP address of the interface vlan that are attached.

Then, I used PBR for configure routing to the Internet.

Thanks for everything.

Actions

This Discussion