Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
253
Views
0
Helpful
3
Replies

3550 routing

nh2tc
Level 1
Level 1

‎08-19-2003 05:44 AM - edited ‎03-02-2019 09:42 AM

I have installed a new LAN using a 3550 switch as a central router to route between 3 different VLAN's. The client nodes can ping each other both in their own VLAN's and across other VLAN's, so inter VLAN routing works. My problem is I cannot route out to the internet from any client node in any VLAN. The outward bound Int on FA0/1 is 10.1.1.1 which is connected to our firewall internal Int of 10.1.1.5. I've added a static route of 0.0.0.0 0.0.0.0 10.1.1.5.

I've traced IP route from the 3550 out to the internet via our firewall which works, but when I attempt a tracert from a client it fails after reaching it's own VLAN default-gateway eg.

H:\>tracert 10.1.1.5

Tracing route to 10.1.1.5 over a maximum of 30 hops

1 <10 ms <10 ms <10 ms 10.3.1.1

2 * * * Request timed out.

3 * * ^C

attached are the config of the 3550 and a 2950c. I cannot see why this isn't working? Can anyone see what I'm missing? Help!

3550

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname 3550_MasterSwitch

!

enable secret 5 <removed>

!

ip subnet-zero

ip routing

ip dhcp relay information option

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

!

interface FastEthernet0/1

description 'To Internet_Firewall'

no switchport

ip address 10.1.1.1 255.255.255.0

!

interface FastEthernet0/2

description 'Link to Switch_A Server room'

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

duplex full

!

interface FastEthernet0/3

description 'Link to Switch_B Willows'

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

duplex full

!

interface FastEthernet0/4

description 'Link to Switch_C Aspen'

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

duplex full

!

interface FastEthernet0/5

description 'Link to Switch_D Accomodation Block'

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport mode trunk

no ip address

duplex full

!

interface FastEthernet0/6

no ip address

!

interface FastEthernet0/7

no ip address

!

<output supressed>

interface FastEthernet0/24

no ip address

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

description 'Course_Developement_VLAN'

ip address 10.2.1.1 255.255.255.0

!

interface Vlan3

description 'Tech_Support_VLAN'

ip address 10.3.1.1 255.255.255.0

ip helper-address 10.2.1.4

!

interface Vlan4

description 'NCALT_VLAN'

ip address 10.4.1.1 255.255.255.0

ip helper-address 10.2.1.4

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.1.5

ip http server

!

!

banner motd ^C

Tech Support access only

^C

!

line con 0

password <removed>

login

line vty 0 4

password <removed>

login

line vty 5 15

login

!

end

2950c

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch_A

!

enable secret xxxxx

!

ip subnet-zero

!

spanning-tree extend system-id

!

!

interface FastEthernet0/1

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

!

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/3

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/4

switchport access vlan 2

!

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/5

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/6

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

!

!

interface FastEthernet0/7

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/8

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/9

switchport access vlan 2

no ip address

!

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/10

switchport access vlan 2

no ip address

duplex full

speed 100

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

interface FastEthernet0/11

switchport access vlan 3

no ip address

speed 10

storm-control broadcast level 50.00

storm-control action shutdown

spanning-tree portfast

!

<output Suppressed>

interface FastEthernet0/25

description 'Trunk link to 3550_MasterSwitch'

no ip address

!

interface FastEthernet0/26

no ip address

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan2

ip address 10.2.1.2 255.255.255.0

no ip route-cache

!

ip default-gateway 10.2.1.1

ip http server

!

!

line con 0

login

line vty 0 4

password <removed>

login

line vty 5 15

login

!

end

Labels:
0 Helpful
3 Replies 3

milan.kulik
Level 10
Level 10

‎08-19-2003 06:46 AM

Hi,

1) Are you sure your trunks work OK? I'm not sure if setting switchport mode trunk on 3550 and leaving just default (i.e. desired) on 2950 trunk side is correct. But if you are able to route between your VLANs (i.e. to ping from a PC in VLAN2 to another PC in VLAN3) then it's correct probably.

2) There might be a problem with NAT on your firewall. If you forget to define NAT for VLAN2 and VLAN3 IP address ranges and have defined only NAT for 10.1.1.0 255.255.255.0 then tracert output would be the same (Firewall is not responding to tracert probably. The Internet routers do but the response can't be translated to correct 10.x.x.x because of missing NAT).

Regards,

Milan

0 Helpful

rwiesmann
Level 4
Level 4

‎08-19-2003 06:49 AM

Hi

Most likely you did not route the three vlans

on the firewall. If you do the ping from the 3550

it will use the souce ip 10.1.1.1. This network is

known by the firewall.

So you have to route the following network on the firewall:

10.2.1.0/24

10.3.1.0/24

10.4.1.0/24

Also check on the firewall if the nat is implemented correctly.

Hope that helps you.

Regards

Roger

0 Helpful

nh2tc
Level 1
Level 1
In response to rwiesmann

‎08-19-2003 08:00 AM

Thanks for your thoughts guys. It seems that packets are reaching the firewall and then being droped. Obviously something is wrong on the firewall. On the surface all 3 VLAN's are routed and NAT is implemented as well. I'm looking further into this,

Cheers.

0 Helpful
Customers Also Viewed These Support Documents