Problems with InterVLAN routing on Single Switch

steve2like · ‎02-11-2014

Hello all,

I am currenlty trying to set up InterVLAN routing and failing.

I have a single Catalyst 3750G switch in which I want to configure two VLANs and route between them.

Firewall: 192.168.100.1 255.255.255.0

Vlan 1: 192.168.100.2 255.255.255.0

Vlan 2: 192.168.101.1 255.255.255.0

Host A: 192.168.100.3 255.255.255.0

Host B: 192.268.101.2 255.255.255.0

I have successfuly created VLAN 1 & 2. From the switch I can ping both 192.168.100.1 & 192.168.101.1. From the switch I can also ping both Host A & Host B. From Host A I can't ping Host B and vice versa.

I have enable the ip route command. There are no access control lists that would prevent communication.

Ideas?

Jan Rolny · ‎02-11-2014

Hi James,

it seems you don't have default gateway configured on hosts.

Can you please confirm that you have configure default gateway on host computers and also could you please post configuration of your switch?

Thanks,

Jan

steve2like · ‎02-11-2014

Jan,

Thanks for the reply. I can confirm that both hosts have a default gateway:

Host A: 192.168.100.3 255.255.255.0 DG 192.168.100.1

Host B: 192.268.101.2 255.255.255.0 DG 192.168.101.1

Jan Rolny · ‎02-11-2014

Hi James,

ok so you want to filter access between vlans and thats' why you have configured for default gw IP of your Firewall.

Because if you just wnat to make simple interVlan routing without filtering you can setup default gw to IP address of vlan interface where host resides.

Jan

paul driver · ‎02-11-2014

Hello

can you please post your configuration of this switch?

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

cadet alain · ‎02-11-2014

Hi,

To confirm intervlan routing is ok try to ping vlan 2 interfacesourcing from vlan 1 interface.

if it is ok then try to disable software firewalls on hosts and try to ping from host A to host B

Regards

Alain

Don't forget to rate helpful posts.

Ankur Arora · ‎02-11-2014

James,

Change the default gateway on the Hosts to the SVI of the respective VLANs.

Turn off the windows firewall on both the hosts. Firewall create lots of connectivity issues.

Thanks

Ankur

"Please rate the post if found useful"

Martin Carr · ‎02-11-2014

On host A the G/W is the firewall, this should be the SVI.

Martin.

steve2like · ‎02-12-2014

Many thanks Martin and Ankur. I changed the G/W on Host A and now it can communicate with Host B.

Now my problem is that Host B cannot communicated with the firewall 172.23.10.1.

Any further ideas?

Jon Marshall · ‎02-12-2014

James

Do you have a route on the firewall for the 192.168.101.0/24 subnet. Don't know what make your firewall is but basically you need to tell it to get to 192.168.101.0/24 it needs to send packets to 192.168.100.2. If the firewall was an ASA it would be -

route inside 192.168.101.0 255.255.255.0 192.168.100.2

assuming the name of the interface was "inside".

Jon

Ankur Arora · ‎02-12-2014

You need to have a return route on the firewall, pointing towards the SVI on the switch as the firewall is not aware of the other subnet/vlan. So you point the firewall towards the network address via the next hop as mentioned by Jon.

Thanks

Ankur

"Please rate the post if found useful"