I am configuring a Catalyst 3750-X switch. I created a second VLAN (VLAN 3). I assigned an IP address to the vlan3 interface (192.168.22.250). I enabled IP routing, and enabled RIP. I assigned a port to the VLAN and the vlan3 interface came up. "show ip route" shows both 10.17.0.0 and 192.168.22.0 as directly connected.
There is a device connected to the VLAN 3 port with the IP address of 192.168.22.2. When I have a laptop on VLAN 1, I can ping 192.168.22.250, but pings to 192.168.22.2 time out. Why can't I ping the device on VLAN 3 from VLAN 1?
Did I miss a step here?
In my case it looks like:
But I just realized that looks wrong. The netmask for VLAN 1 is 255.255.0.0, not 255.0.0.0. Maybe that's the issue?
I believe it may be the problem. Try being less specific with your networks under RIP.
Your networks should be named as 192.168.0.0 and 10.0.0.0 regardless of your interface IP/mas configuration.
RIP should have nothing to do with it as both networks are directly connected. Check things like the default gateway on the nics are set correctly and that the devices have any firewalls turned off . You would be able to ping the vlan 3 interface even without a default gateway on the nic but it would not be able to route the packet without the correct default gateway on the nic on both devices.
You posted: When I have a laptop on VLAN 1, I can ping 192.168.22.250, but pings to 192.168.22.2 time out.
What is 192.168.22.250?
What is the gateway and mask to VLAN3?
Are you able to ping the VLAN3 gateway?
Is your host on VLAN3 that cannot be pinged have the correct gateway and mask set?
When you put the device on the new VLAN, What is your default gateway? Can
you set it to 192.168.22.250? That should fix your issue.
Rip is nothing to do with this. Since both are directly connected device to the switch . Check your default gateway in both laptop. ie. laptop connected with vlan 3 should have default gateway of 192.168.22.250. And laptop connected with Vlan 1 should have that vlan interface ip address.And make sure that you are enabled IP routing command in the globel configuration mode
Thanks, all. This brings up a whole different issue. This is a new construction site, and our ISP has not yet delivered services or a router to it. Normally, the router would be the default gateway, with the IP addresses 10.17.1.1 (for VLAN 1) and 192.168.22.1 (for VLAN 3). Devices are already being configured on the LAN with those gateways, but the gateway isn't there.
I've been thinking that if the devices have the router (10.17.1.1 / 192.168.22.1) as a gateway, but the VLANs are defined on the switch (10.17.1.10 / 192.168.22.250), that the router will have to be participating in RIP on the LAN side. Is that correct?
OR, would it make more sense to have all devices use the switch as the gateway?
You can configure switch as the gateway and on the switch, you can configure
the router as the gateway. When you configure router as default gateway on
the switch, then you do not need two interfaces on the router (one for VLAN
1 and 1 for VLAN 3). You can enable RIP on both switch and the Router. In
that way, the router learns all the new VLANs you introduce on the switch
and will be able to route properly. Making the switch as the default gateway
for all your clients will ensure that the clients can talk across the VLAN
I agree with NT.
The participating gateways should be on the switch.
Using the router as the gateway means you would need to use sub-interfaces.
and the IP on each sub-interface would be the gateway.
Keep it simple. Use the IP you have on the switch as the gateway.
Use a single VLAN (10.17.x.x) between he router and the switch.
Create your other VLANs on the switch using the the VLANs gateway IP on the SVI.
Add your RIP with the correct networks and you should be good.
Yes make sure IP Routing is enabled (global command). If it's not it probably wont let you add RIP; not sure.
Thanks again. This is all very helpful.
My only question is on using a single VLAN (10.17.x.x) between the router and the switch. The whole point of the 192.168.22.x addresses is that they will be used by IP phones. Our ISP has a class of service set up for 192.168.22.x and it is routed across our MPLS WAN. So the router does need to have 192.168.22.1 on it. Does that mean I should use a subinterface on the switch?
Is the QOS marking done on your router? If yes, you can move the QoS
configurations to the interface that connects to the switch and match the IP
address instead of the ingress interface. So, essentially, there will not be
any change in the QoS settings for the voice traffic. Only thing is that the
Voice traffic needs to go through an extra hop.
Alternatively, if you want, you can leave the settings as it is (pointing to
the router as default gateway for all hosts). Once the router comes into
picture, the routing between the VLANs will be taken care of by the router.
At that point, the switch will act just as a layer 2 device.
Yep NT makes a good point too.
I was thinking or setting things up for the switch to layer 3 jsut in case there will be other VLANs (networks) in the future.
The QOS marking is being done on the router, and it should be matching IP address already. At least that's how I understood that our ISP was setting it up; I give the IP subnets, they match them for QOS.
And yes, there will be a third VLAN. At this point I don't even have a due date for the router so I would just as soon have the routing handled by the switch. We have vendors trying to set up equipment already.