06-23-2009 07:47 PM - edited 03-06-2019 06:25 AM
Hi,
I have two Internet dedicated links and a Switch L3 with two vlans, each one for each ISP subnet.
I'm trying to configure Inter-vlan routing between this two vlans, on a Switch Catalyst 3560 that it's connected directly to this two ISPs (by the moment).
I want to route the packets between both vlans on the same Catalyst Switch, without any other router, and without exit to Internet and then go back to the subnet by the other ISP.
Is this possible?
I had only configured inter-vlan routing with more than one device, never with all-in-one L3 switch.
Thanks.
Solved! Go to Solution.
06-23-2009 11:10 PM
Hello Peter,
all you need is:
conf t
ip routing
vlan x
vlan y
int vlan x
ip address x.x.x.x mask
! important
no shut
int vlan y
ip address y.y.y.y mask
! important
no shut
then you can associate L2 ports to desired L2 vlan with
int g0/w
switchport
switcport mode access
switchport access vlan x
int g0/z
switchport
switcport mode access
switchport access vlan y
as desired
this is enough for inter vlan routing to work.
Logical interfaces Vlanx and Vlany come up as soon as a L2 port is in up/up (in STP forwarding state)
To configure routing to the internet other efforts may be necessary to be sure that traffic originated in vlan x with source address the ip subnet of ISP1 is sent out link to ISP1 and the same for the other vlan/subnet
you can use PBR for this
access-list 110 deny ip x.x.x.0 wildcard y.y.y.y wildcard
access-list 110 permit ip x.x.x.0 wildcard any
route-map pbr_isp1 permit 10
match ip address 110
set ip next-hop isp1-ipaddress
int vlan x
ip policy route-map pbr_isp1
a similar can be done for vlany to ISP2.
Hope to help
Giuseppe
06-23-2009 09:51 PM
Can you paste the configuration..
MSK :)
06-24-2009 05:04 AM
Hi,
Here is the configuration:
sh run
Building configuration...
Current configuration : 3300 bytes
!
version 12.2
no service pad
!
hostname SW_3560
!
!
!
aaa session-id common
vtp domain domain.com
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
name ISP1
!
vlan 20
name ISP2
!
interface FastEthernet0/1
description LINK_TO_ISP1
duplex full
speed 100
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/9
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/10
switchport access vlln 10
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/16
switchporttaccess vlan 20
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/24
description LINK_TO_ISP2
switchport access vlan 20
switchport mode access
duplex full
speed 100
!
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description INTERNET_ISP1
ip address 200.100.50.252 255.255.255.240
!
interface Vlan20
description INTERNET_ISP2
ip address 50.100.200.68 255.255.255.248
!
ip classless
ip http server
!
radius-server source-ports 1645-1646
!
control-plane
!
end
SW_3560#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
50.100.0.0/29 is subnetted, 1 subnets
C 50.100.200.64 is directly connected, Vlan20
200.100.50.0/28 is subnetted, 1 subnets
C 200.100.50.240 is directly connected, Vlan10
06-23-2009 11:10 PM
Hello Peter,
all you need is:
conf t
ip routing
vlan x
vlan y
int vlan x
ip address x.x.x.x mask
! important
no shut
int vlan y
ip address y.y.y.y mask
! important
no shut
then you can associate L2 ports to desired L2 vlan with
int g0/w
switchport
switcport mode access
switchport access vlan x
int g0/z
switchport
switcport mode access
switchport access vlan y
as desired
this is enough for inter vlan routing to work.
Logical interfaces Vlanx and Vlany come up as soon as a L2 port is in up/up (in STP forwarding state)
To configure routing to the internet other efforts may be necessary to be sure that traffic originated in vlan x with source address the ip subnet of ISP1 is sent out link to ISP1 and the same for the other vlan/subnet
you can use PBR for this
access-list 110 deny ip x.x.x.0 wildcard y.y.y.y wildcard
access-list 110 permit ip x.x.x.0 wildcard any
route-map pbr_isp1 permit 10
match ip address 110
set ip next-hop isp1-ipaddress
int vlan x
ip policy route-map pbr_isp1
a similar can be done for vlany to ISP2.
Hope to help
Giuseppe
06-24-2009 06:41 AM
Thanks Giuseppe,
but you can see that actually, I have done the ip routing, vlans are created, int vlan is up, and ports are associated with each vlan. Even I can do ping between each ISP subnets.
The questions are:
How to do ping between each ISP subnets, without exit to the Internet?
How to keep traffic inter-vlan on the catalyst switch?
because i have a few services on both ISP subnets and I want to connect them locally, without other device participate in this process.
Thanks a lot!
06-26-2009 04:34 AM
Thank's a lot!
...and the only thing that I made after all, it was configure the default gateway of my servers pointing to de IP address of the interface vlan that are attached.
Then, I used PBR for configure routing to the Internet.
Thanks for everything.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: