cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2373
Views
0
Helpful
12
Replies

Inter vlan routing in 3560 Switch

kpsajinkp
Level 1
Level 1

Hi,

I have a cisco 3560 switch which is connected to other two 2960 switches. I have created multiple vlans in 3560 switch and are replicating to the 2960 switches. I have Vlan2 which is used for the servers and network devices, vlan3 for the clients, vlan4 for the VOIP, vlan5 for DMZ and vlan 6 for the WLAN.

I have enabled IP routing and can communcate between all these vlans except VLAN4 which is used for VOIP. I have a server in this vlan and I cannot ping or connect to this server from any pcs or servers in the other vlans. I can ping this server from the coreswitch vlan4 IP. I can reach any servers from this VOIP server. Could you please help me to resolve this issue. There is no firewall enabled on this server and I have tried this using other laptops connected on the same vlan and checked.

Regards

Sajin

12 Replies 12

Ali Bahnam
Level 1
Level 1

Good day,

For VLAN 4 is for VOIP so the configured ports on the 2960 switch is (switchport voice vlan 4)??

if yes , so the port that u connected the server to it try to make it (switchport access vlan4).

Please update me??

Hi,

Its aleardy switch port access vlan 4

Regards

Sajin

the switchport the voice server is connected to should be in trunk mode and allow only the VLAN's you want to access the the VoIP server from.

for eg:2

if the VoIP server is connected to port 19 on the 2960 switch configure as below:

switcport mode trunk

switchport trunk allowed vlan 2, 4, 3 ( you can use all if you want all your VLAN's to be able to contact the VoIP server)

that will fix your issues.

also, make sure the default gateway for all the devices is the corresponding VLAN interface IP address from the L3 switch.

Hi Mikull Kiznozki

Not only the VOIP server I need to access. There are couple of other servers and phones which are to be added on the VLAN4 and hence trunking the port will not be a proper solution.

Hi siddhartham

When I traceroute to the VOIP server IP from the other server which is on VLAN2, it reaches till the gateway ie VLAN 2 IP and then timeout.

well as far as I know if you want other VLAN's to access your VLAN 4 servers, there has to be a trunk created or you could create  private VLAN's as well.

But I would still recommend a trunk port as if you make it an access port it definitely wont work

Hi Mikull Kiznozki

The connection between 3560 Switch and 2960 switches are via trunk ports.

And as far as I know, for the interVLAN communication, we need to add the ip routing command which is already added.

I still dont understand why you are saying that a server connected to an access port will not be able to communcate with other vlans?

Regards

Sajin

You are right Sajin, you just need to configure the link between the switches as a trunk and the edge port thats connected to the server as an access port since that server is going to be in single VLAn only.

Can you configure another port on the 2960 in the same VLAn as the VOIP server and connect a laptop to it and ping the laptop from a different VLAN, this will atleast isolate the problem to the VOIP server.

Siddhartha

Dear Siddartham,

Thanks for the reply. Infact I have added one of the ports in 3560 switch to the VLAN 4 and connected my laptop to that port. I can connect to any servers in the other vlans from my laptop, but cant reach my laptop from the other VLAN. I tried ping from 3560 switch to my laptop and the voice servers, I get the reply. But when I use extended ping commands and use the other VLAN IP to ping, it is not getting reply which means that the other vlans are unable to reach these IP addresses.

Regards

Sajin

So you can reach the server in other VLANS from the laptop but can't rech the laptop from other VLANs, thats weird.Did you chekc the firewall on your laptop, did you try anything other than Ping ( RDP?). Can you post your VLAN 4 config and also the config on the edge port where the laptop is connected.

Siddhartha

AFAIK VoIP is a little different..it expects the packets to be tagged with a vlan id.

since ur laptop is sending untagged packets, it wont reply.. i say this from past experience.. so many voip implementations, and all of the times i had to do a trunk as I was thinking on the same lines as you are.. but maybe there is a solution to this..hopefully u do not have an acl to block your inter vlan traffic on the voip vlan..

can the phones reach the voip server for thier boot files?? maybe echo requests is blocked on the voip server. just a thought o.O

        also check dg on voip server

siddhartham
Level 4
Level 4

Sajin,

If I understand you correctly, you can ping the VOIP server from the core switch and also ping other servers and clients from the VOIP server, is that right?

can you do s traceroute to that VOIP server and post the output and also can you post the config of the accessport and trunkports

Siddhartha

Hi Sajin,

Please allow me to join this thread.

Can you please share the configuration of the switches in question. that would help us to troubleshoot it better.

-Vijay

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: