InterVlan Routing via Router-on-a-stick

Answered Question
Oct 22nd, 2010

Hi,

i have a problem to configure InterValn Routing with a Catalyst 3550 and a Cisco 1841 Router. I have three VLANs (1, 10, 20) and I want to reach Servers in the foreign subnets.

Here is my Router config:

Current configuration : 1373 bytes<br/>!<br/>version 12.4<br/>service config<br/>service timestamps debug datetime msec<br/>service timestamps log datetime msec<br/>no service password-encryption<br/>!<br/>hostname Router<br/>!<br/>boot-start-marker<br/>boot-end-marker<br/>!<br/>logging message-counter syslog<br/>enable secret 5 $1$8eCu$ezaulgopV.BuaH6/2bWo5.<br/>!<br/>no aaa new-model<br/>dot11 syslog<br/>ip source-route<br/>!<br/>!<br/>!<br/>!<br/>ip cef<br/>multilink bundle-name authenticated<br/>!<br/>!<br/>!<br/>!<br/>!<br/>username XXXX privilege 15 secret 5 $1$dMy2$Z4q8epUUod1rZ.jY6Xpjg.<br/>archive<br/> log config<br/>  hidekeys<br/>!<br/>!<br/>!<br/>!<br/>!<br/>interface FastEthernet0/0<br/> no ip address<br/> duplex auto<br/> speed auto<br/>!<br/>interface FastEthernet0/0.1<br/> encapsulation dot1Q 1 native<br/> ip address 192.168.1.250 255.255.255.0<br/>!<br/>interface FastEthernet0/0.10<br/> encapsulation dot1Q 10<br/> ip address 192.168.10.250 255.255.255.0<br/>!<br/>interface FastEthernet0/0.20<br/> encapsulation dot1Q 20<br/> ip address 192.168.20.250 255.255.255.0<br/>!<br/>interface FastEthernet0/1<br/> no ip address<br/> shutdown<br/> duplex auto<br/> speed auto<br/>!<br/>ip forward-protocol nd<br/>ip route 192.168.1.0 255.255.255.0 FastEthernet0/0.1<br/>ip route 192.168.10.0 255.255.255.0 FastEthernet0/0.10<br/>ip route 192.168.20.0 255.255.255.0 FastEthernet0/0.20<br/>!<br/>no ip http server<br/>no ip http secure-server<br/>!<br/>!<br/>!<br/>!<br/>control-plane<br/>!<br/>!<br/>line con 0<br/> logging synchronous<br/> login<br/>line aux 0<br/>line vty 0 4<br/> login local<br/> transport input telnet<br/>line vty 5 15<br/> login local<br/> transport input telnet<br/>!<br/>scheduler allocate 20000 1000<br/>end

And my Switch config:

Current configuration : 2422 bytes<br/>!<br/>version 12.1<br/>no service pad<br/>service timestamps debug uptime<br/>service timestamps log uptime<br/>no service password-encryption<br/>!<br/>hostname Switch1<br/>!<br/>enable secret 5 $1$UQ1w$wYJtqDoXvSOmGn8ZsjTnn0<br/>!<br/>username XXXX privilege 15 secret 5 $1$X2.M$YwPTNQrNdLTELXSW1J4M71<br/>ip subnet-zero<br/>!<br/>!<br/>!<br/>spanning-tree extend system-id<br/>spanning-tree vlan 1 priority 0<br/>spanning-tree vlan 10 priority 0<br/>spanning-tree vlan 20 priority 0<br/>!<br/>!<br/>!<br/>interface Port-channel1<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/>!<br/>interface Port-channel2<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/>!<br/>interface GigabitEthernet0/1<br/> description connection_to_Router<br/> switchport trunk encapsulation dot1q<br/> switchport trunk allowed vlan 1,10,20,1002-1005<br/> switchport mode trunk<br/> no ip address<br/>!<br/>interface GigabitEthernet0/2<br/> description connection_to_Server1<br/> switchport access vlan 10<br/> no ip address<br/>!<br/>interface GigabitEthernet0/3<br/> description connection_to_Server2<br/> no ip address<br/>!<br/>interface GigabitEthernet0/4<br/> description connection_to_Server3<br/> no ip address<br/>!<br/>interface GigabitEthernet0/5<br/> description connection_to_Server4<br/> no ip address<br/>!<br/>interface GigabitEthernet0/6<br/> description connection_to_Server5<br/> switchport access vlan 10<br/> no ip address<br/>!<br/>interface GigabitEthernet0/7<br/> description connection_to_Server6<br/> no ip address<br/>!<br/>interface GigabitEthernet0/8<br/> description connection_to_Server7<br/> no ip address<br/>!<br/>interface GigabitEthernet0/9<br/> description connection_to_Switch2_1<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/> channel-group 2 mode desirable<br/>!<br/>interface GigabitEthernet0/10<br/> description connection_to_Switch2_2<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/> channel-group 2 mode desirable<br/>!<br/>interface GigabitEthernet0/11<br/> description connection_to_Switch3_1<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/> channel-group 1 mode on<br/>!<br/>interface GigabitEthernet0/12<br/> description connection_to_Switch3_2<br/> switchport trunk encapsulation dot1q<br/> no ip address<br/> channel-group 1 mode on<br/>!<br/>interface Vlan1<br/> ip address 192.168.1.245 255.255.255.0<br/> no ip route-cache<br/>!<br/>interface Vlan10<br/> ip address 192.168.10.245 255.255.255.0<br/> no ip route-cache<br/>!<br/>interface Vlan20<br/> ip address 192.168.20.245 255.255.255.0<br/> no ip route-cache<br/>!<br/>ip classless<br/>ip http server<br/>!<br/>!<br/>!<br/>!<br/>line con 0<br/> logging synchronous<br/>line vty 0 4<br/> login local<br/> transport input telnet<br/>line vty 5 15<br/> login local<br/> transport input telnet<br/>!<br/>end

Can you see anything, why the Routing doesn't work properly? I'm able to ping each address in every subnet from the Router and the other way round, but I'm not able to ping from one subnet to the other.

Thank you for your Tipps in advance

Greetz Daniel

I have this problem too.
0 votes
Correct Answer by cadet alain about 5 years 3 months ago

hi,

To do inter-VLAN routing you may use a Router on a stick solution or use SVIs on the L3 switch.

If you choose the first solution then the hosts in each VLAN must have as a default gateway the ip address of the subinterface belonging to this VLAN

and you don't have to put any static routes or routing protocols and the SVIs are not needed on the switch.

If you choose the second solution you must create the SVIs for each VLAN and enable ip routing on your switch. Don't forget to change the default gateway on your host to ip address of SVI instead of router subinterface.Your router won't be used for routing between VLANs anymore in this case.

If you use SVIs they must be up-up Is it the case?  do a show ip int br | in Vlan   if not then are the VLANs existing on your switch: do a sh vlan brief

From your config output Vlan1 should be ok as well as Vlan10 but what about the others?

Correct Answer by dschoolcraft about 5 years 3 months ago

Not sure what your trying to accomplish,  If you have a 3550, that is a layer 3 switch,  You can essentially do all of your routing from the switch  and create a layer 3 link back to the router if necessary,

Example Config for intervlan routing on layer 3 switch:

Configuration for the 3550
!
!
!enable ip routing on the 3550
!
ip routing
system mtu routing 1500
!
! Note the IP's Listed here would need to be your Default Gateways on the Hosts
!
interface vlan 1
ip address 192.168.1.250 255.255.255.0
!
interface vlan 10
ip address 192.168.10.250 255.255.255.0
!
!
interface vlan 20
ip address 192.168.20.250 255.255.255.0
!
!
!
!Enable a routing protocol for intervlan routing
!
router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
!
! add network for layer 3 link to router if necessary
!
ip route 0.0.0.0 0.0.0.0 (router Ip)  if keeping the router, assuming the router is used for internet/wan edge
!
!
!layer 3 link to router from 3550
interface GigabitEthernet0/1
description connection_to_Router
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 1,10,20,1002-1005
no switchport mode trunk
no switchport
ip address 192.168.30.1 255.255.255.252

!

###################

Add your switchports to the proper vlans as needed

##################

Note: If you were only using the router for intervlan routing the router config & 1841 wouldn't be necessary

Router Configuration for layer 3


interface FastEthernet0/0
ip address 192.168.30.2 255.255.255.252
duplex auto
speed auto
!
!
!enable dynamic routing
router eigrp 1
network 192.168.30.0
network 192.168.0.0

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Dan-Ciprian Cicioiu Fri, 10/22/2010 - 05:37

Hi Daniel ,

On the router delete the static routes and enable the ip routing :

enable

config term

ip routing

no ip route 192.168.1.0 255.255.255.0 FastEthernet0/0.1<br/>no ip route 192.168.10.0 255.255.255.0 FastEthernet0/0.10<br/>no ip route 192.168.20.0 255.255.255.0 FastEthernet0/0.20

end

wr

All the servers /pc on the vlans 1,10 and 20 should have as default gateway the ip on the router (.250 of each vlan )

HTH

Dan

melkoooor Fri, 10/22/2010 - 06:18

Hi Dan,

I have deleted the static routes and typed in ip routing, but the router does not listing this command in the running-config. What could be the problem?

Greetings

Daniel

melkoooor Fri, 10/22/2010 - 06:29

Oh yeah, that's right, but I still can't ping from on subnet to the other.

The default gateway of all clients is set to the IP of the router.

Dan-Ciprian Cicioiu Fri, 10/22/2010 - 06:50

Can you check the following configuration :

Server1,5 default gw 192.168.10.250 Netmask 255.255.255.0
server2,3,4,6,7 default gw 192.168.1.250 Netmask 255.255.255.0

Dan

Correct Answer
dschoolcraft Fri, 10/22/2010 - 08:15

Not sure what your trying to accomplish,  If you have a 3550, that is a layer 3 switch,  You can essentially do all of your routing from the switch  and create a layer 3 link back to the router if necessary,

Example Config for intervlan routing on layer 3 switch:

Configuration for the 3550
!
!
!enable ip routing on the 3550
!
ip routing
system mtu routing 1500
!
! Note the IP's Listed here would need to be your Default Gateways on the Hosts
!
interface vlan 1
ip address 192.168.1.250 255.255.255.0
!
interface vlan 10
ip address 192.168.10.250 255.255.255.0
!
!
interface vlan 20
ip address 192.168.20.250 255.255.255.0
!
!
!
!Enable a routing protocol for intervlan routing
!
router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
!
! add network for layer 3 link to router if necessary
!
ip route 0.0.0.0 0.0.0.0 (router Ip)  if keeping the router, assuming the router is used for internet/wan edge
!
!
!layer 3 link to router from 3550
interface GigabitEthernet0/1
description connection_to_Router
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 1,10,20,1002-1005
no switchport mode trunk
no switchport
ip address 192.168.30.1 255.255.255.252

!

###################

Add your switchports to the proper vlans as needed

##################

Note: If you were only using the router for intervlan routing the router config & 1841 wouldn't be necessary

Router Configuration for layer 3


interface FastEthernet0/0
ip address 192.168.30.2 255.255.255.252
duplex auto
speed auto
!
!
!enable dynamic routing
router eigrp 1
network 192.168.30.0
network 192.168.0.0

dschoolcraft Fri, 10/22/2010 - 08:19

Its also worth noting your configuration would work with just enabling a routing protocol on the router like eigrp/rip etc..  jsut remove your static routes on the router & do something like this on the router.

router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0

Your Default gateways on the hosts would need to be the IP addresses of your sub interfaces on the router.

glen.grant Fri, 10/22/2010 - 09:40

  The problem is you have L3 routing setup on both the router and the 3550 .   Check and make sure you created the layer 2 vlans on the 3550. Do a show vlan and 10,20 ,1 should show active .  Get rid of the statics on the router and on the  3550

get rid of the L3  SVI's,they do not belong there .

  no interface Vlan1<br/>  no interface Vlan10<br/>  no interface Vlan20<br/> 
Jon Marshall Fri, 10/22/2010 - 09:45

Daniel

Just to add to what the others have said. If you are doing this for educational purposes then fine but if for a live environment it doesn't make sense to use routing on a stick because the performance of the 3550 will be far better for inter-vlan routing than the 1841.

Jon

melkoooor Mon, 10/25/2010 - 01:17

Good Morning and thank you for your answers.

I have now tried all of your solutions and it's still not working.

I'm using the Cisco 1841, because I have no other router to test this network. In a real environment it would not be a 1841. So you (@jon.marshall) see, it is for educational purposes

@dancicioiu I have configured the default gateway on all servers connected (There are only two servers connected at all).

@glen.grant That doesn't fit the problem.

@dschoolcraft I tried to implement your solution, but it also doesn't work.

I don't understand whats the difference about static routing and dynamic routing on the router, because the VLANs are directly connected. I think I don't need a routing either. Am I true?

Do you have any other suggestions?

Thanks in advance for your effort

Correct Answer
cadet alain Mon, 10/25/2010 - 03:19

hi,

To do inter-VLAN routing you may use a Router on a stick solution or use SVIs on the L3 switch.

If you choose the first solution then the hosts in each VLAN must have as a default gateway the ip address of the subinterface belonging to this VLAN

and you don't have to put any static routes or routing protocols and the SVIs are not needed on the switch.

If you choose the second solution you must create the SVIs for each VLAN and enable ip routing on your switch. Don't forget to change the default gateway on your host to ip address of SVI instead of router subinterface.Your router won't be used for routing between VLANs anymore in this case.

If you use SVIs they must be up-up Is it the case?  do a show ip int br | in Vlan   if not then are the VLANs existing on your switch: do a sh vlan brief

From your config output Vlan1 should be ok as well as Vlan10 but what about the others?

Actions

This Discussion

Related Content