InterVlan Routing via Router-on-a-stick

Answered Question
Oct 22nd, 2010

Hi,

i have a problem to configure InterValn Routing with a Catalyst 3550 and a Cisco 1841 Router. I have three VLANs (1, 10, 20) and I want to reach Servers in the foreign subnets.

Here is my Router config:

Current configuration : 1373 bytes
!
version 12.4
service config
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
enable secret 5 $1$8eCu$ezaulgopV.BuaH6/2bWo5.
!
no aaa new-model
dot11 syslog
ip source-route
!
!
!
!
ip cef
multilink bundle-name authenticated
!
!
!
!
!
username XXXX privilege 15 secret 5 $1$dMy2$Z4q8epUUod1rZ.jY6Xpjg.
archive
log config
  hidekeys
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.1
encapsulation dot1Q 1 native
ip address 192.168.1.250 255.255.255.0
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.250 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.250 255.255.255.0
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
ip forward-protocol nd
ip route 192.168.1.0 255.255.255.0 FastEthernet0/0.1
ip route 192.168.10.0 255.255.255.0 FastEthernet0/0.10
ip route 192.168.20.0 255.255.255.0 FastEthernet0/0.20
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
login
line aux 0
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
!
scheduler allocate 20000 1000
end

And my Switch config:

Current configuration : 2422 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch1
!
enable secret 5 $1$UQ1w$wYJtqDoXvSOmGn8ZsjTnn0
!
username XXXX privilege 15 secret 5 $1$X2.M$YwPTNQrNdLTELXSW1J4M71
ip subnet-zero
!
!
!
spanning-tree extend system-id
spanning-tree vlan 1 priority 0
spanning-tree vlan 10 priority 0
spanning-tree vlan 20 priority 0
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
no ip address
!
interface Port-channel2
switchport trunk encapsulation dot1q
no ip address
!
interface GigabitEthernet0/1
description connection_to_Router
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,1002-1005
switchport mode trunk
no ip address
!
interface GigabitEthernet0/2
description connection_to_Server1
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/3
description connection_to_Server2
no ip address
!
interface GigabitEthernet0/4
description connection_to_Server3
no ip address
!
interface GigabitEthernet0/5
description connection_to_Server4
no ip address
!
interface GigabitEthernet0/6
description connection_to_Server5
switchport access vlan 10
no ip address
!
interface GigabitEthernet0/7
description connection_to_Server6
no ip address
!
interface GigabitEthernet0/8
description connection_to_Server7
no ip address
!
interface GigabitEthernet0/9
description connection_to_Switch2_1
switchport trunk encapsulation dot1q
no ip address
channel-group 2 mode desirable
!
interface GigabitEthernet0/10
description connection_to_Switch2_2
switchport trunk encapsulation dot1q
no ip address
channel-group 2 mode desirable
!
interface GigabitEthernet0/11
description connection_to_Switch3_1
switchport trunk encapsulation dot1q
no ip address
channel-group 1 mode on
!
interface GigabitEthernet0/12
description connection_to_Switch3_2
switchport trunk encapsulation dot1q
no ip address
channel-group 1 mode on
!
interface Vlan1
ip address 192.168.1.245 255.255.255.0
no ip route-cache
!
interface Vlan10
ip address 192.168.10.245 255.255.255.0
no ip route-cache
!
interface Vlan20
ip address 192.168.20.245 255.255.255.0
no ip route-cache
!
ip classless
ip http server
!
!
!
!
line con 0
logging synchronous
line vty 0 4
login local
transport input telnet
line vty 5 15
login local
transport input telnet
!
end

Can you see anything, why the Routing doesn't work properly? I'm able to ping each address in every subnet from the Router and the other way round, but I'm not able to ping from one subnet to the other.

Thank you for your Tipps in advance

Greetz Daniel

I have this problem too.
0 votes
Correct Answer by Cadet Alain about 3 years 5 months ago

hi,

To do inter-VLAN routing you may use a Router on a stick solution or use SVIs on the L3 switch.

If you choose the first solution then the hosts in each VLAN must have as a default gateway the ip address of the subinterface belonging to this VLAN

and you don't have to put any static routes or routing protocols and the SVIs are not needed on the switch.

If you choose the second solution you must create the SVIs for each VLAN and enable ip routing on your switch. Don't forget to change the default gateway on your host to ip address of SVI instead of router subinterface.Your router won't be used for routing between VLANs anymore in this case.

If you use SVIs they must be up-up Is it the case?  do a show ip int br | in Vlan   if not then are the VLANs existing on your switch: do a sh vlan brief

From your config output Vlan1 should be ok as well as Vlan10 but what about the others?

Correct Answer by dschoolcraft about 3 years 5 months ago

Not sure what your trying to accomplish,  If you have a 3550, that is a layer 3 switch,  You can essentially do all of your routing from the switch  and create a layer 3 link back to the router if necessary,

Example Config for intervlan routing on layer 3 switch:

Configuration for the 3550
!
!
!enable ip routing on the 3550
!
ip routing
system mtu routing 1500
!
! Note the IP's Listed here would need to be your Default Gateways on the Hosts
!
interface vlan 1
ip address 192.168.1.250 255.255.255.0
!
interface vlan 10
ip address 192.168.10.250 255.255.255.0
!
!
interface vlan 20
ip address 192.168.20.250 255.255.255.0
!
!
!
!Enable a routing protocol for intervlan routing
!
router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
!
! add network for layer 3 link to router if necessary
!
ip route 0.0.0.0 0.0.0.0 (router Ip)  if keeping the router, assuming the router is used for internet/wan edge
!
!
!layer 3 link to router from 3550
interface GigabitEthernet0/1
description connection_to_Router
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 1,10,20,1002-1005
no switchport mode trunk
no switchport
ip address 192.168.30.1 255.255.255.252

!

###################

Add your switchports to the proper vlans as needed

##################

Note: If you were only using the router for intervlan routing the router config & 1841 wouldn't be necessary

Router Configuration for layer 3


interface FastEthernet0/0
ip address 192.168.30.2 255.255.255.252
duplex auto
speed auto
!
!
!enable dynamic routing
router eigrp 1
network 192.168.30.0
network 192.168.0.0

  • 1
  • 2
  • 3
  • 4
  • 5
Average Rating: 5 (2 ratings)
dancicioiu Fri, 10/22/2010 - 05:37

Hi Daniel ,

On the router delete the static routes and enable the ip routing :

enable

config term

ip routing

no ip route 192.168.1.0 255.255.255.0 FastEthernet0/0.1
no ip route 192.168.10.0 255.255.255.0 FastEthernet0/0.10
no ip route 192.168.20.0 255.255.255.0 FastEthernet0/0.20

end

wr

All the servers /pc on the vlans 1,10 and 20 should have as default gateway the ip on the router (.250 of each vlan )

HTH

Dan

melkoooor Fri, 10/22/2010 - 06:18

Hi Dan,

I have deleted the static routes and typed in ip routing, but the router does not listing this command in the running-config. What could be the problem?

Greetings

Daniel

melkoooor Fri, 10/22/2010 - 06:29

Oh yeah, that's right, but I still can't ping from on subnet to the other.

The default gateway of all clients is set to the IP of the router.

dancicioiu Fri, 10/22/2010 - 06:50

Can you check the following configuration :

Server1,5 default gw 192.168.10.250 Netmask 255.255.255.0
server2,3,4,6,7 default gw 192.168.1.250 Netmask 255.255.255.0

Dan

Correct Answer
dschoolcraft Fri, 10/22/2010 - 08:15

Not sure what your trying to accomplish,  If you have a 3550, that is a layer 3 switch,  You can essentially do all of your routing from the switch  and create a layer 3 link back to the router if necessary,

Example Config for intervlan routing on layer 3 switch:

Configuration for the 3550
!
!
!enable ip routing on the 3550
!
ip routing
system mtu routing 1500
!
! Note the IP's Listed here would need to be your Default Gateways on the Hosts
!
interface vlan 1
ip address 192.168.1.250 255.255.255.0
!
interface vlan 10
ip address 192.168.10.250 255.255.255.0
!
!
interface vlan 20
ip address 192.168.20.250 255.255.255.0
!
!
!
!Enable a routing protocol for intervlan routing
!
router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0
!
! add network for layer 3 link to router if necessary
!
ip route 0.0.0.0 0.0.0.0 (router Ip)  if keeping the router, assuming the router is used for internet/wan edge
!
!
!layer 3 link to router from 3550
interface GigabitEthernet0/1
description connection_to_Router
no switchport trunk encapsulation dot1q
no switchport trunk allowed vlan 1,10,20,1002-1005
no switchport mode trunk
no switchport
ip address 192.168.30.1 255.255.255.252

!

###################

Add your switchports to the proper vlans as needed

##################

Note: If you were only using the router for intervlan routing the router config & 1841 wouldn't be necessary

Router Configuration for layer 3


interface FastEthernet0/0
ip address 192.168.30.2 255.255.255.252
duplex auto
speed auto
!
!
!enable dynamic routing
router eigrp 1
network 192.168.30.0
network 192.168.0.0

dschoolcraft Fri, 10/22/2010 - 08:19

Its also worth noting your configuration would work with just enabling a routing protocol on the router like eigrp/rip etc..  jsut remove your static routes on the router & do something like this on the router.

router eigrp 1
network 192.168.1.0
network 192.168.10.0
network 192.168.20.0

Your Default gateways on the hosts would need to be the IP addresses of your sub interfaces on the router.

glen.grant Fri, 10/22/2010 - 09:40

  The problem is you have L3 routing setup on both the router and the 3550 .   Check and make sure you created the layer 2 vlans on the 3550. Do a show vlan and 10,20 ,1 should show active .  Get rid of the statics on the router and on the  3550

get rid of the L3  SVI's,they do not belong there .

  no interface Vlan1
  no interface Vlan10
  no interface Vlan20
 

Jon Marshall Fri, 10/22/2010 - 09:45

Daniel

Just to add to what the others have said. If you are doing this for educational purposes then fine but if for a live environment it doesn't make sense to use routing on a stick because the performance of the 3550 will be far better for inter-vlan routing than the 1841.

Jon

melkoooor Mon, 10/25/2010 - 01:17

Good Morning and thank you for your answers.

I have now tried all of your solutions and it's still not working.

I'm using the Cisco 1841, because I have no other router to test this network. In a real environment it would not be a 1841. So you (@jon.marshall) see, it is for educational purposes

@dancicioiu I have configured the default gateway on all servers connected (There are only two servers connected at all).

@glen.grant That doesn't fit the problem.

@dschoolcraft I tried to implement your solution, but it also doesn't work.

I don't understand whats the difference about static routing and dynamic routing on the router, because the VLANs are directly connected. I think I don't need a routing either. Am I true?

Do you have any other suggestions?

Thanks in advance for your effort

Correct Answer
Cadet Alain Mon, 10/25/2010 - 03:19

hi,

To do inter-VLAN routing you may use a Router on a stick solution or use SVIs on the L3 switch.

If you choose the first solution then the hosts in each VLAN must have as a default gateway the ip address of the subinterface belonging to this VLAN

and you don't have to put any static routes or routing protocols and the SVIs are not needed on the switch.

If you choose the second solution you must create the SVIs for each VLAN and enable ip routing on your switch. Don't forget to change the default gateway on your host to ip address of SVI instead of router subinterface.Your router won't be used for routing between VLANs anymore in this case.

If you use SVIs they must be up-up Is it the case?  do a show ip int br | in Vlan   if not then are the VLANs existing on your switch: do a sh vlan brief

From your config output Vlan1 should be ok as well as Vlan10 but what about the others?

Actions

Login or Register to take actions

This Discussion

Posted October 22, 2010 at 5:27 AM
Stats:
Replies:12 Avg. Rating:5
Views:7487 Votes:0
Shares:0

Related Content

Discussions Leaderboard

Rank Username Points
1 15,007
2 8,150
3 7,725
4 7,083
5 6,742
Rank Username Points
165
82
69
65
55