Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3495
Views
0
Helpful
24
Replies

Connecting to Gateway from 2 Vlans

Go to solution
mauricelk
Level 1
Level 1

‎12-15-2009 07:13 AM - edited ‎03-06-2019 08:57 AM

We have 2 L3 Cisco 3550 switches and a few L2 Cisco 3550 switch. All the switches are in the same domain. There are 3 vlans, one for management, one for internal use (10.x.x.x) and one for guests (172.x.x.x). From the internal vlan, we can access internet, but not from the guest vlan. There is a gateway IP on the L3 switch for each vlan. Though each vlan also has a gateway IP on the router.

My problem is when I am on our 10.x.x.x network, I can ping the gateway IP meant for our 172.x.x.x network. When I am on the 172.x.x.x network I cannot ping it's own gateway IP address. The 10.x.x.x network has no problem getting to it's own gateway IP address. The gateway IP addresses are configured on the gateway Cisco router. Eventually, there should be no communication between both networks.

Could someone help me figure out why I cannot ping the gateway IP for the guest vlan when connected on the guest vlan. Thanks.

Labels:
0 Helpful
24 Replies 24

Go to solution
sachinraja
Level 9
Level 9

‎12-15-2009 09:34 AM

I was just going through the configuration, and had a query.. are these guest PCs directly connected to the switch for which you gave the config ? or connecting onto someother switch trunked to this device ? I see etherchannels configured on ports, but interface portchannel config isnt given.. Can you give us more info on how your network is laid out? If the trunk allows all vlans (including internal, and guest), it should work good.. you should be able to get onto the internet either by giving the hsrp virtual IP, or the real IPs of switches 1 or 2...

Raj

0 Helpful

Go to solution
mauricelk
Level 1
Level 1
In response to sachinraja

‎12-15-2009 10:32 AM

The PCs are connected to L2 Cisco 3550 switches, which in turn connect to the L3 switches. I have verified that Vlan4 is in the list under "Vlans allowed and active in management domain". This is where I am running into a problem, I cannot ping the gateway IP on the router. Though I can ping everything else on the vlan.

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to mauricelk

‎12-16-2009 09:24 AM

r u able to browse with dgw as .4? can u post us the config of router?

Raj

0 Helpful

Go to solution
mauricelk
Level 1
Level 1
In response to sachinraja

‎12-16-2009 09:49 AM

The router is managed by an outside vendor who rarely shares the router configurations. This instance they wont share it knowing that I can ping it when I am on the internal vlan (vlan 100).

0 Helpful

Go to solution
mauricelk
Level 1
Level 1
In response to mauricelk

‎12-16-2009 09:51 AM

I am unable to browse if I use .4 for the gateway.

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mauricelk

‎12-16-2009 10:59 AM

I am a little confused about your setup. If the gateway for the PCs in both vlans is the router then why have you even bothered to setup HSRP on the switches ?

Because you have no visibility of the router config how do you know whether the NAT is setup correctly or whether the subinterfaces are ? Note i'm assuming the router is using subinterfaces and that it is connected to your switch via a L2 trunk ?

Please don't take this the wrong way but this really isn't how to set this sort of network up. You don't have L3 switches running HSRP only to then completely ignore that and set the default-gateway to the router.

What you should be doing is -

1) routing the vlans off the 3550s so the default-gateways of the clients is the HSRP address of it's respective vlan on the 3550s

2) have a routed P2P link to the router.

3) on the 3550s have a default-route pointing to the router

4) on the router have routes for the internal vlans pointing back to the 3550s

Or instead of 3&4

5) use a dynamic routing protocol between the 3550s and the router

6) the provider who manages the router would have to setup the NAT etc. for the internet.

Currently you have a sort of halfway house.

Could you explain the logic of having HSRP on the 3550s but then not using the VIP as a gateway for the clients ?

Can you get a copy of the router config ?

Jon

0 Helpful

Go to solution
mauricelk
Level 1
Level 1
In response to Jon Marshall

‎12-16-2009 11:29 AM

Sorry, but my hands are tied. I am trying to work with what I have + my novice knowledge of Cisco/switching/routing. The admin who manages the router (contracted), explained that all NAT for internet has been configured. However, they don't don't share the router config. The router's gateway ip (172 subnet) has been routed to 172.72.195.4. But I can have that changed with a phone call.

The router is connected to our network via a L2 switch on a switchport mode access port. I guess I have to change this to trunk, right? When I issue the command (show ip route) on our layer 3 Cisco 3550 switch, I get the following:

Gateway of last resort is not set


172.72.0.0/24 is subnetted, 1 subnets
C       172.72.195.0 is directly connected, Vlan4
172.13.0.0/32 is subnetted, 2 subnets
O       172.13.126.13 [110/2] via 172.72.195.3, 7w0d, Vlan4
[110/2] via 10.126.29.3, 7w0d, Vlan20
C       172.13.126.12 is directly connected, Loopback0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C       10.126.48.0/22 is directly connected, Vlan100
C       10.126.29.0/24 is directly connected, Vlan20

3. What is the best way to set a default-route that point to the router? or

5. What command can I run to check if there dynamic routing protocol exists between the 3550s and the router?


I configured HSRP on the 3550s because I saw it had been used on the switches for the internal vlan by the previous network admin. I was trying to duplicate configurations to the guest vlan. This responsibility was put in my hands without much choice. I am new at this and I appreciate all the help everyone is giving.

0 Helpful

Go to solution
sachinraja
Level 9
Level 9
In response to mauricelk

‎12-16-2009 11:40 AM

3. What is the best way to set a default-route that point to the router? static default route 0.0.0.0 0.0.0.0 pointing to the router.. but Jon was right.. you can have a seperate layer 3 domain between the router and L3 switch , say vlan 500 - 10.50.50.0/30 or something like that.. have a default route towards the routers inside interface...

5. What command can I run to check if there dynamic routing protocol exists between thea 3550s and the router? - show ip route will show all the routing protocols used in your network.. You can see "O" routes in the table, telling that there can be OSPF configured on your switch, but it depends on what the router configs are.. see if you have any dynamic routes via ospf/eigrp etc towards your routers iterface .1

talk to ur contractor and find out what exactly his configs are, since we really arent sure of what is happening after the L3 switch connectivity..

Raj

0 Helpful

Go to solution
Jon Marshall
Hall of Fame
Hall of Fame
In response to mauricelk

‎12-16-2009 11:44 AM 

mauricelk wrote:
Sorry, but my hands are tied. I am trying to work with what I have + my novice knowledge of Cisco/switching/routing. The admin who manages the router (contracted), explained that all NAT for internet has been configured. However, they don't don't share the router config. The router's gateway ip (172 subnet) has been routed to 172.72.195.4. But I can have that changed with a phone call.
The router is connected to our network via a L2 switch on a switchport mode access port. I guess I have to change this to trunk, right? When I issue the command (show ip route) on our layer 3 Cisco 3550 switch, I get the following:
Gateway of last resort is not set

 172.72.0.0/24 is subnetted, 1 subnets
 C       172.72.195.0 is directly connected, Vlan4
 172.13.0.0/32 is subnetted, 2 subnets
 O       172.13.126.13 [110/2] via 172.72.195.3, 7w0d, Vlan4
 [110/2] via 10.126.29.3, 7w0d, Vlan20
 C       172.13.126.12 is directly connected, Loopback0
 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
 C       10.126.48.0/22 is directly connected, Vlan100
 C       10.126.29.0/24 is directly connected, Vlan20
3. What is the best way to set a default-route that point to the router? or
5. What command can I run to check if there dynamic routing protocol exists between the 3550s and the router?

I configured HSRP on the 3550s because I saw it had been used on the switches for the internal vlan by the previous network admin. I was trying to duplicate configurations to the guest vlan. This responsibility was put in my hands without much choice. I am new at this and I appreciate all the help everyone is giving.

Apologies if i came across a bit stroppy, it wasn't intended

If the link between the switch and the router is an switchport access mode then do you know which vlan it is in ? By the sounds of it i'm guessing your internal lan which is working is the vlan on the L2 link. If this is the case then it just won't work for your guest vlan if both the default-gateways for the internal lan and the guest lan are on the router. You are right in that it would have to be a trunk link but it's not quite that simple. It would also require the router to have subinterfaces.

Where things are a little confusing is that it sounds like you have both default-gateways on the router but the router connects via a switchport access rather than a trunk. This really needs clarifying with your provider who manages the router.

What i can say is that if you are using the router as DG for both vlans then HSRP gives you nothing on the 3550s. There are a number of options you have

1) use subinterfaces on the router and set these as DG for clients. Set the link between the router and the switch to be trunk. However you would only really revert to this solution if you didn't have L3 switch

2) Do as previously suggested ie. route vlans off 3550s and have a routed link to router. This would also give you the ability to control the traffic between the internal lan and the guest lan on your 3550.

3) You could route the guest vlan on the 3550s and have a next-hop IP of the internal LAN subnet IP address on the router. This is messy really but it may work.

However none of the above can be implemented wtithout a full understanding of the current router config. If as suspected it is an access port in your internal LAN vlan and they have definitely set up NAT and a return route to the guest vlan you could implement option 3) above without their intervention. But i would strongly recommend talking it all through with them ie.

ask them if they have setup the NAT for a second range of IPs ie. the guest vlan but they are only connecting to the switch with an access port, how do they expect the other vlan traffic to get to the router ?

Jon

0 Helpful

Go to solution
mauricelk
Level 1
Level 1
In response to Jon Marshall

‎12-22-2009 11:54 AM

Using subinterfaces on the router resolved the problem. Thanks.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card