VLAN Routing

Unanswered Question
Sep 9th, 2010

Hi all,

I am configuring a Catalyst 3750-X switch.  I created a second VLAN (VLAN 3).  I assigned an IP address to the vlan3 interface (192.168.22.250).  I enabled IP routing, and enabled RIP.  I assigned a port to the VLAN and the vlan3 interface came up.  "show ip route" shows both 10.17.0.0 and 192.168.22.0 as directly connected.

There is a device connected to the VLAN 3 port with the IP address of 192.168.22.2.  When I have a laptop on VLAN 1, I can ping 192.168.22.250, but pings to 192.168.22.2 time out.  Why can't I ping the device on VLAN 3 from VLAN 1?

Did I miss a step here?

Thanks,

- Steve

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (5 ratings)
Loading.
rstevek Thu, 09/09/2010 - 13:32

Hi,

Thanks for the response.  Yes, I did that as well.

- Steve

rstevek Thu, 09/09/2010 - 13:38

In my case it looks like:

router rip
network 10.0.0.0
network 192.168.22.0

But I just realized that looks wrong.  The netmask for VLAN 1 is 255.255.0.0, not 255.0.0.0.  Maybe that's the issue?

Cisco Contracts Thu, 09/09/2010 - 13:57

I believe it may be the problem.  Try being less specific with your networks under RIP.

Your networks should be named as 192.168.0.0 and 10.0.0.0 regardless of your interface IP/mas configuration.

Ven

glen.grant Thu, 09/09/2010 - 14:25

   RIP should have nothing to do with it as both networks are directly connected.   Check things like the default gateway on the nics are set correctly and that the devices have any firewalls turned off .  You would be able to ping the vlan 3 interface even without a default gateway on the nic  but it would not be able to route the packet without the correct default gateway on the nic on both devices.

collinc Thu, 09/09/2010 - 14:26

You posted: When I have a laptop on VLAN 1, I can ping 192.168.22.250, but pings to 192.168.22.2 time out.

What is 192.168.22.250?

What is the gateway and mask to VLAN3?

Are you able to ping the VLAN3 gateway?

Is your host on VLAN3 that cannot be pinged have the correct gateway and mask set?

Nagaraja Thanthry Thu, 09/09/2010 - 14:57

Hello,

When you put the device on the new VLAN, What is your default gateway? Can

you set it to 192.168.22.250? That should fix your issue.

Regards,

NT

madathilsiva Thu, 09/09/2010 - 23:22

Hi,

Rip is nothing to do with this. Since both are directly connected device to the switch . Check your default gateway in both laptop. ie. laptop connected with vlan 3 should have default gateway of 192.168.22.250. And laptop connected with Vlan 1 should have that vlan interface ip address.And make sure that you are enabled IP routing command in the globel configuration mode

Regards

Siva

rstevek Fri, 09/10/2010 - 06:44

Thanks, all.  This brings up a whole different issue.  This is a new construction site, and our ISP has not yet delivered services or a router to it.  Normally, the router would be the default gateway, with the IP addresses 10.17.1.1 (for VLAN 1) and 192.168.22.1 (for VLAN 3).  Devices are already being configured on the LAN with those gateways, but the gateway isn't there.

I've been thinking that if the devices have the router (10.17.1.1 / 192.168.22.1) as a gateway, but the VLANs are defined on the switch (10.17.1.10 / 192.168.22.250), that the router will have to be participating in RIP on the LAN side.  Is that correct?

OR, would it make more sense to have all devices use the switch as the gateway?

Thanks,

- Steve

Nagaraja Thanthry Fri, 09/10/2010 - 06:48

Hello,

You can configure switch as the gateway and on the switch, you can configure

the router as the gateway. When you configure router as default gateway on

the switch, then you do not need two interfaces on the router (one for VLAN

1 and 1 for VLAN 3). You can enable RIP on both switch and the Router. In

that way, the router learns all the new VLANs you introduce on the switch

and will be able to route properly. Making the switch as the default gateway

for all your clients will ensure that the clients can talk across the VLAN

boundaries.

Regards,

NT

collinc Fri, 09/10/2010 - 07:08

I agree with NT.

The participating gateways should be on the switch.

Using the router as the gateway means you would need to use sub-interfaces.

and the IP on each sub-interface would be the gateway.

Keep it simple.  Use the IP you have on the switch as the gateway.

Use a single VLAN (10.17.x.x) between he router and the switch.

Create your other VLANs on the switch using the the VLANs gateway IP on the SVI.

Add your RIP with the correct networks and you should be good.

Yes make sure IP Routing is enabled (global command).  If it's not it probably wont let you add RIP; not sure.

Chuck

rstevek Fri, 09/10/2010 - 07:40

Thanks again.  This is all very helpful.

My only question is on using a single VLAN (10.17.x.x) between the router and the switch.  The whole point of the 192.168.22.x addresses is that they will be used by IP phones.  Our ISP has a class of service set up for 192.168.22.x and it is routed across our MPLS WAN.  So the router does need to have 192.168.22.1 on it.  Does that mean I should use a subinterface on the switch?

Thanks,

- Steve

Nagaraja Thanthry Fri, 09/10/2010 - 08:56

Hello Steve,

Is the QOS marking done on your router? If yes, you can move the QoS

configurations to the interface that connects to the switch and match the IP

address instead of the ingress interface. So, essentially, there will not be

any change in the QoS settings for the voice traffic. Only thing is that the

Voice traffic needs to go through an extra hop.

Alternatively, if you want, you can leave the settings as it is (pointing to

the router as default gateway for all hosts). Once the router comes into

picture, the routing between the VLANs will be taken care of by the router.

At that point, the switch will act just as a layer 2 device.

Regards,

NT

collinc Fri, 09/10/2010 - 10:12

Yep NT makes a good point too.

I was thinking or setting things up for the switch to layer 3 jsut in case there will be other VLANs (networks) in the future.

Chuck

rstevek Fri, 09/10/2010 - 10:54

The QOS marking is being done on the router, and it should be matching IP address already.  At least that's how I understood that our ISP was setting it up; I give the IP subnets, they match them for QOS.

And yes, there will be a third VLAN.  At this point I don't even have a due date for the router so I would just as soon have the routing handled by the switch.  We have vendors trying to set up equipment already.

Thanks,

- Steve

Actions

This Discussion

Related Content