Routing Issue

abbas.ali · ‎05-26-2010

I have a Core 6513 connected to ASA-VPN Firewall where I have defined my user pool for remote VPN Clients 172.16.1.0.

6513 is connected to Distribution Layer switch 6509 with Layer II Trunk.

6509 DL switch is connected to one of my WAN 7206 router for one of the Branch Locations.

I have created static route 172.16.1.0 in 7206 router pointing to my DL 6509 switch. How do I route 172.16.1.0 from DL switch to my Core 6513 since the connectivity between Core 6513 and DL 6509 are connected via Layer II Trunk. Routing is failed because of this and wondering how to resolve this issue.

I thought that since Core 6513 and DL 6509 are connected via Layer II Trunk, DL 6509 would be able to send route 172.16.1.0 directly to ASA-5520, but it didn't happen. I then statically added 172.16.1.0 in DL 6509 pointing to ASA-5520 interface, but no luck.

Any feedback will be appreciated.

Giuseppe Larosa · ‎05-26-2010

Hello Abbas,

on the L2 trunk between the two switches you can use one vlan for routing

example:

if the L2 trunk carries vlans 10,20,30,40 you can add a vlan 100 to be used for routing purposes

you need to create the L2 vlan 100, to add it to permitted vlans on the trunk on both sides, to configure on each switch the associated L3 interface SVI interface vlan 100

vlan 100

name p-t-p routing DL-6513

exit

int Vlan100

ip address 10.10.100.1 255.255.255.252

! important

no shutdown

ip route 172.16.1.0 255.255.255.0 10.10.100.2

! this can be necessary if you are allowing only specific vlans on LII trunk:

interface gx/y

desc LII trunk

switchport trunk allowed vlan add 100

on other switch

! note you may need to create the vlan also in this switch depending on VTP use in your environment

! you may need to add vlan 100 to allowed vlan list as decribed above.

int Vlan100

ip address 10.10.100.2 255.255.255.252

! important

no shutdown

ip route 0.0.0.0 0.0.0.0 10.10.100.1

! or less specific static route(s) as needed

Hope to help

Giuseppe