Re: Single switch 3560 - Intervlan routing - DHCP

darcy · ‎10-28-2010

I need to create 2 separate VLAN's on one 3560 which needs to also hand out DHCP. This will be an isolated network. The user's need to be able to communicating between each other. I have setup up the 3560 in the following manner. Ports 1-12 are configured for VLAN 10 and ports 13-24 for VLAN 20. Can someone verify that the following will work.

ip routing

ip dhcp excluded-address 192.168.10.250 192.168.10.254
ip dhcp excluded-address 192.168.20.250 192.168.20.254
!
ip dhcp pool VLAN10
network 192.168.10.0 255.255.255.0
!
ip dhcp pool VLAN20
network 192.168.20.0 255.255.255.0

!

interface FastEthernet0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast

!

interface FastEthernet0/13
switchport access vlan 20
switchport mode access
spanning-tree portfast

I need the device on Fa0/1 to be able to ping fa0/13. Will my config above work?

vragotha · ‎10-28-2010

Assuming that you have already configured the SVIs for vlan 10 and vlan 20, you may want the dhcp pools to hand out the default router IP. Rest of it looks fine.

darcy · ‎10-28-2010

I did create the SVI's:

I will test and let you know. Thank you for the quick response!

Darcy

darcy · ‎10-29-2010

I connected 2 clients to the device; one in each VLAN and the user's weren't able to ping each other. Here is the final config that I used. Any suggestions?

ip routing
ip dhcp excluded-address 192.168.10.250 192.168.10.254
ip dhcp excluded-address 192.168.20.250 192.168.20.254
!
ip dhcp pool VLAN10
   network 192.168.10.0 255.255.255.0
   default-router 192.168.10.254
   option 252 ip 192.168.50.1
   lease infinite
!
ip dhcp pool VLAN20
   network 192.168.20.0 255.255.255.0
   default-router 192.168.20.254
   option 252 ip 192.168.50.1
   lease infinite

!

interface FastEthernet0/12
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 20
switchport mode access
spanning-tree portfast

interface Vlan10
ip address 192.168.10.254 255.255.255.0
!
interface Vlan20
ip address 192.168.20.254 255.255.255.0

!

Jon Marshall · ‎10-29-2010

Do the clients get IP addresses from the DHCP pool. If so can they ping their default-gateway ?

Can you post a "sh vlan brief" and a "sh ip int brief" from the 3560.

Jon

darcy · ‎10-29-2010

LAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2
10   VLAN10                           active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
20   VLAN20                           active    Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Testlab#

Interface IP-Address OK? Method Status Protocol

Vlan1 192.168.1.1 YES NVRAM administratively down down

Vlan10 192.168.10.254 YES NVRAM up down

Vlan20 192.168.20.254 YES NVRAM up up

FastEthernet0/1 unassigned YES unset down down

FastEthernet0/2 unassigned YES unset down down

FastEthernet0/3 unassigned YES unset down down

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset down down

FastEthernet0/8 unassigned YES unset down down

FastEthernet0/9 unassigned YES unset down down

FastEthernet0/10 unassigned YES unset down down

FastEthernet0/11 unassigned YES unset down up

FastEthernet0/12 unassigned YES unset down down

FastEthernet0/13 unassigned YES unset up up

Darcy

Jon Marshall · ‎10-29-2010

Darcy

The reason it isn't working is your vlan 10 L3 interface is up/down.

The port in vlan 20 that has a port connected to it is up/up but the only other port showing anything is port fa0/11 which is down/up, although your config shows fa0/12 as being in vlan 10 ?? You have to get both physical ports ie. the one in vlan 10 and the one in vlan 20 in the up/up state.

Jon

darcy · ‎10-29-2010

I had unplugged the other machine. I will check the firewall settings.

Thank you for the quick responses!

Darcy

Scott_O'Brien · ‎10-29-2010

Hi Darcy,

Jhon is correct, you need to have an active port in Vlan 10 for it to be in the UP/UP state.

glen.grant · ‎10-29-2010

Did you have the users turn off their windows firewall before testing this ???

James Hardman · ‎10-30-2010

Hi Darcy,

I would advise having both PC's connected to their respective VLANs, then from the PC in VLAN 10 (192.168.10.x) attempt to ping it's default gateway 192.168.10.254. If this is unsuccessful, perform a 'show arp' on the switch to ensure it can actually see the PC and it has an IP address within he VLAN 10 range (192.168.10.x). If it can but the switch cannot ping the PCs IP, then it is probably a firewall issue on the PC or mis-configuration of network settings on the PC.

Once successful, from the PC in VLAN 10, attempt to ping the VLAN 20 default gateway, i.e. 192.168.20.254. If this does not work, then there is an issue with the routing on the switch or access-group although very unlikely as you don't seem to have any restrictions in place. If you can then attempt to ping the PC in VLAN 20 but it fails, again, this is more than likely down to a firewall setting on the PCs or network misconfiguration.

To be fair, it sounds like this should be working already.

Regards,

Jimmy