I am not sure how to setup the L3 routing part.

VLAN 11 122.98.11.0 255.255.255.0

VLAN 12 122.98.12.0 255.255.255.0

I need vlan 11 to be able to access 122.98.12.250 (vlan 12).

I have tried setting up access lists on the router (3745)  but these have not worked.

I think we may be talking at cross purposes here.

Is the question based on the fact that you had the routing working but now you want to use acls to restrict the traffic and with the acls it isn't.

Or is the question you never got the routing working in the first place.

Jon

The routing was never working.

Okay, so what do your configs look like ?

In summary you need to -

1) make sure both vlans have been created on the switch ie. "sh vlan brief"

2) on the switch configure the connection to the router interface to be a trunk link allowing both vlans

3) on the router configure subinterfaces for each vlan using the encapsulation command together with an IP address

4) on the clients assign an IP from the relevant subnet and set the default gateway to be the corresponding router subinterface IP

5) assign the ports on the switch to be in the correct vlan(s) for the clients

If you cannot ping between clients in different vlans then try pinging from a client in one of the vlans to the router subinterface for the other vlan.

If this works make sure you do not have firewalls running on the clients that would block the ICMP requests.

Jon

I can ping within a vlan, but not between two vlans. Here is my router's running config:

!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 3745_Router
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$dJG3$bJtVXeeesSHeu6PjIJfu60
!
no aaa new-model
clock timezone EST -5
clock summer-time DST recurring
no network-clock-participate slot 2
voice-card 2
 dspfarm
!
ip cef
!
!
no ip dhcp use vrf connected
ip dhcp excluded-address 122.98.12.1 122.98.12.99
ip dhcp excluded-address 122.98.12.200 122.98.12.254
!
ip dhcp pool VoIP
   network 192.168.100.0 255.255.255.0
   dns-server 192.168.100.254
   default-router 192.168.100.254
   option 150 ip 192.168.100.254
!
ip dhcp pool admin
   network 122.98.12.0 255.255.255.0
   dns-server 122.98.12.250
   default-router 122.98.12.250
!
ip dhcp pool guest
   network 122.98.10.0 255.255.255.0
   dns-server 122.98.12.250
   default-router 122.98.12.250
!
ip dhcp pool shop
   network 122.98.11.0 255.255.255.0
   dns-server 122.98.12.250
   default-router 122.98.12.250
!
ip dhcp pool default
   network 122.98.1.0 255.255.255.0
   dns-server 122.98.12.250
   default-router 122.98.12.250
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
controller T1 2/0
 framing sf
 linecode ami
!
!
!
!
!
interface Loopback1
 ip address 122.98.0.1 255.255.255.0
!
interface FastEthernet0/0
 no ip address
 duplex auto
 speed auto
!
interface FastEthernet0/0.1
 encapsulation dot1Q 1 native
 ip address 122.98.1.254 255.255.255.0
!
interface FastEthernet0/0.10
 encapsulation dot1Q 10
 ip address 122.98.10.254 255.255.255.0
!
interface FastEthernet0/0.11
 encapsulation dot1Q 11
 ip address 122.98.11.254 255.255.255.0
 ip access-group gateway2 in
 ip access-group gateway2 out
!
interface FastEthernet0/0.12
 description Management Gateway
 encapsulation dot1Q 12
 ip address 122.98.12.254 255.255.255.0
 ip access-group gateway2 in
 ip access-group gateway2 out
!
interface FastEthernet0/0.13
 encapsulation dot1Q 13
 ip address 122.98.13.254 255.255.255.0
!
interface Serial0/0
 no ip address
 shutdown
 clock rate 2000000
!
interface FastEthernet0/1
 description Management Gateway
 ip address 192.168.1.254 255.255.255.0
 duplex auto
 speed auto
!
interface FastEthernet0/1.100
 description VoIP Gateway
 encapsulation dot1Q 100
 ip address 192.168.100.254 255.255.255.0
!
interface Serial0/1
 no ip address
 shutdown
 clock rate 2000000
!
interface Serial1/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial1/3
 no ip address
 shutdown
 serial restart-delay 0
!
!
ip forward-protocol nd
ip route 0.0.0.0 0.0.0.0 122.98.12.250
ip route 122.98.11.0 255.255.255.0 122.98.12.250
!
!
ip http server
ip http secure-server
ip http path flash:/new
!
ip access-list standard gate
 permit 122.98.12.250
ip access-list standard gateway
!
ip access-list extended gateway2
 permit tcp any host 122.98.12.250
 permit ip any any
 deny   ip any 0.0.0.0 255.255.255.0
!
!
!
!
!
!
tftp-server flash:/phone/7940-7960/P00308010200.bin alias P00308010200.bin
tftp-server flash:/phone/7940-7960/P00308010200.loads alias P00308010200.loads
tftp-server flash:/phone/7940-7960/P00308010200.sb2 alias P00308010200.sb2
tftp-server flash:/phone/7940-7960/P00308010200.sbn alias P00308010200.sbn
tftp-server flash:/phone/7912/cmterm-7912-8.0.3-sccp alias cmterm-7912-8.0.3-sccp
tftp-server flash:/ringtones/DistinctiveRingList.xml alias DistinctiveRingList.xml
tftp-server flash:/ringtones/RingList.xml alias RingList.xml
tftp-server flash:/ringtones/Analog1.raw alias Analog1.raw
tftp-server flash:/ringtones/Analog2.raw alias Analog2.raw
tftp-server flash:/ringtones/AreYouThere.raw alias AreYouThere.raw
tftp-server flash:/ringtones/AreYouThereF.raw alias AreYouThereF.raw
tftp-server flash:/ringtones/Bass.raw alias Bass.raw
tftp-server flash:/ringtones/CallBack.raw alias CallBack.raw
tftp-server flash:/ringtones/Chime.raw alias Chime.raw
tftp-server flash:/ringtones/Classic1.raw alias Classic1.raw
tftp-server flash:/ringtones/Classic2.raw alias Classic2.raw
tftp-server flash:/ringtones/ClockShop.raw alias ClockShop.raw
tftp-server flash:/ringtones/Drums1.raw alias Drums1.raw
tftp-server flash:/ringtones/Drums2.raw alias Drums2.raw
tftp-server flash:/ringtones/FilmScore.raw alias FilmScore.raw
tftp-server flash:/ringtones/HarpSynth.raw alias HarpSynth.raw
tftp-server flash:/ringtones/Jamaica.raw alias Jamaica.raw
tftp-server flash:/ringtones/KotoEffect.raw alias KotoEffect.raw
tftp-server flash:/ringtones/MusicBox.raw alias MusicBox.raw
tftp-server flash:/ringtones/Piano1.raw alias Piano1.raw
tftp-server flash:/ringtones/Piano2.raw alias Piano2.raw
tftp-server flash:/ringtones/Pop.raw alias Pop.raw
tftp-server flash:/ringtones/Pulse1.raw alias Pulse1.raw
tftp-server flash:/ringtones/Ring1.raw alias Ring1.raw
tftp-server flash:/ringtones/Ring2.raw alias Ring2.raw
tftp-server flash:/ringtones/Ring3.raw alias Ring3.raw
tftp-server flash:/ringtones/Ring4.raw alias Ring4.raw
tftp-server flash:/ringtones/Ring5.raw alias Ring5.raw
tftp-server flash:/ringtones/Ring6.raw alias Ring6.raw
tftp-server flash:/ringtones/Ring7.raw alias Ring7.raw
tftp-server flash:/ringtones/Sax1.raw alias Sax1.raw
tftp-server flash:/ringtones/Sax2.raw alias Sax2.raw
!
control-plane
!
!
!
voice-port 4/0/0
 description FSX Port 4/0/0
 station-id name FXS Port 4/0/0
 station-id number 2001
 caller-id enable
!
voice-port 4/0/1
 description FSX Port 4/0/1
 station-id name FXS Port 4/0/1
 station-id number 2002
 caller-id enable
!
voice-port 4/1/0
 connection plar opx 5000
!
voice-port 4/1/1
!
!
!
!
!
dial-peer voice 2001 pots
 destination-pattern 2001
 port 4/0/0
!
dial-peer voice 2002 pots
 destination-pattern 2002
 port 4/0/1
!
dial-peer voice 2 pots
 destination-pattern [2-9].........
 port 4/1/0
 forward-digits all
!
dial-peer voice 3 pots
 destination-pattern 1[2-9].........
 port 4/1/0
 forward-digits all
!
dial-peer voice 999020 pots
 service h.323
 port 4/1/0
!
!
!
!
telephony-service
 load 7960-7940 P00308010200
 load 7912 cmterm-7912-8.0.3-sccp
 max-ephones 10
 max-dn 100
 ip source-address 192.168.100.254 port 2000
 auto assign 1 to 10
 system message Anderson VoIP Network
 time-zone 13
 voicemail 2002
 max-conferences 8 gain -6
 moh flash:/mohw.au
 web admin system name jake secret 5 $1$lSG/$erZUKe/c/uoNeu.TnvRLG0
 dn-webedit
 time-webedit
 transfer-system full-consult
 directory entry 1 1001 name Basement
 create cnf-files version-stamp 7960 Apr 23 2013 20:18:58
!
!
ephone-dn  1
 number 1001 secondary 800
 label 1001
 description 1001
 name Basement
 call-forward busy 2002
 call-forward noan 2002 timeout 5
!
!
ephone-dn  2
 number 1002
 label 1002
 description 1002
 name Jake
 call-forward busy 2002
 call-forward noan 2002 timeout 20
!
!
ephone-dn  3
 number 1003
 label 1003
 description 1003
 name 1003
!
!
ephone-dn  4
 number 1004
 label 1004
 description 1004
 name 1004
!
!
ephone-dn  5
 number 1005
 label 1005
 description 1005
 name 1005
!
!
ephone-dn  6
 number 1006
 label 1006
 description 1006
 name 1006
!
!
ephone-dn  7
 number 1007
 label 1007
 description 1007
 name 1007
!
!
ephone-dn  8
 number 1008
 label 1008
 description 1008
 name 1008
!
!
ephone-dn  9
 number 1009
 label 1009
 description 1009
 name 1009
!
!
ephone-dn  10
 number 1010
 label 1010
 description 1010
 name 1010
!
!
ephone-dn  100
 number 5000
!
!
ephone  1
 device-security-mode none
 mac-address 0014.1CCE.24D3
 type 7940
 button  1:1 2:100
!
!
!
ephone  2
 device-security-mode none
 mac-address 000A.F408.90B7
 type 7940
 button  1:2 2:100
!
!
!
line con 0
 logging synchronous
line aux 0
line vty 0 4
 password 7 060506324F41
 logging synchronous
 login
!
!
end

Can you be more specific ie. pick two vlans that you cannot ping between and we can work on those.

Can you from a client in one vlan ping the router subinterfaces for other vlans ?

Jon

Im working on vlans 11 and 12.

From vlan 11 I can ping the vlan 12 sub interface.

From vlan 12 I can't ping the vlan 11 sub interface.

Your DHCP pools are handing out the wrong default gateways ie.

both vlan 11 and vlan 12 are setting the default gateway to be 122.98.12.250 as are most of the other pools. the default gateway should be the corresponding router subinterface IP for each pool.

Also the acl is doing nothing so you may as well remove it.

Jon

How would I then route the router to the gateway so:

client --------> router ----------> gateway

I don't know what the "gateway" is but you have these static routes -

ip route 0.0.0.0 0.0.0.0 122.98.12.250
ip route 122.98.11.0 255.255.255.0 122.98.12.250

the first route is a default route to send all traffic to that next hop IP which is presumably the gateway.

The second route i have no idea what it is meant to do as you are routing that subnet on the router with a subinterface.

Jon

the gateway is 122.98.12.250, however if I set the client default gateway to the router sub interface, I can not ping the gateway or access the internet.

The gateway device will need to have routes for all the non vlan 12 subnets pointing back to 122.98.12.254 otherwise it doesn't know how to get to them.

You can't just set the default gateway for all vlans to be 122.98.12.250 because they don't know how to reach that. So for all non vlan 12 subnets you need to modify your DHCP pools and change the default gateways.

For vlan 12 if you leave the default gateway as the 122.98.12.250 address then that means all inter vlan traffic to and from vlan 12 has to go to the gateway device and then back to the router with the subinterfaces on it.

If you change the vlan 12 default gateway to be the router subinterface then all inter vlan traffic goes via that router but vlan 12 internet traffic goes to that router and back out to the internet gateway device.

Ideally you want the gateway device on a separate subnet ie. not one of the vlan subnets. Then all vlans have their default gateways set to the router subinterfaces and internet traffic is simply routed via that router to the internet gateway device on a separate subnet.

Jon

I have changed the default gateway to the sub interface, however I still can not access the internet.