Re: 3560G Inter-VLAN ip routing?

w-keener · ‎08-24-2006

I'm volunteering my time to help set up a small Cisco network for a local school. Their network consists of a 3560G (core switch), and 5 other "edge" switches of 2950/2960 variety. I've configured the 3560G with several VLANs (LAN, Servers, Mgmt, etc). So far so good, the only problem I'm running into right now is items on different VLANs cannot see each other. I'm pretty sure I've got ip routing set up correctly, but no dice. Here's the basic config of the 3560, what am I missing?

3560G Config:

---------------------------

!

ip subnet-zero

!

ip routing

ip multicast-routing

spanning-tree extend system-id

!

~Some Config Skipped~

!

interface Vlan1

description Default/Management VLAN

ip address 10.160.0.1 255.255.0.0

ip directed-broadcast

ip pim dense-mode

!

interface Vlan10

description Server VLAN

ip address 10.150.255.254 255.255.0.0

ip directed-broadcast

ip pim dense-mode

!

interface Vlan11

description Hard wired VLAN

ip address 10.151.255.254 255.255.0.0

ip helper-address 10.150.0.2

ip directed-broadcast

ip pim dense-mode

!

~Some Config Skipped~

!

router eigrp 1

network 10.150.0.0 0.0.255.255

network 10.151.0.0 0.0.255.255

network 10.161.0.0 0.0.255.255

auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.150.0.1

no ip http server

!

---------------------------

The 3560G is running the following IOS:

c3560-advipservicesk9-tar.122-25.SEE2.tar

The switch ports are all configured correctly for their apporpriate VLANs. "Backbone" ports are configured for trunking.

Any help is GREATLY appreciated!

sundar.palaniappan · ‎08-24-2006

Hi,

It's nice of you to undertake this work!!

Can you be a little bit more specific about the problems you are having. What's not communicating with what and some more details should help us provide an accurate response.

Regards,

Sundar

Edison Ortiz · ‎08-24-2006

Please explain what you mean about items not seeing each other.

Are you talking about Windows browsing services ? If so, you need to configure WINS or AD/DNS in order to browse over routed networks.

You can determine if routing is running by pinging the devices from one subnet to another.

You can also post the output from the following commands:

show ip route

and

show ip interface brief.

w-keener · ‎08-24-2006

EDIT: Sorry, double post.

w-keener · ‎08-24-2006

I'm actually at home right now (was there until 8pm tonight), so I'll have to post the output of those commands either tomorrow (if I can remote in) or when I go back on Saturday.

For each VLAN, I'm able to ping the default gateway for that VLAN (eg. 10.150.255.254 for VLAN 10), and also ping other devices on that same VLAN. However, if I try and ping a device on another VLAN (eg. try and ping a workstation 10.151.0.50 from server 10.150.0.2) it doesn't work.

They have a W2K3 server running AD, DNS/DHCP services. And a second W2K3 server running proxy services to get out. However, none of these services will work on any VLAN other than the server VLAN.

Thanks again for your help and the fast replies! :)

Edison Ortiz · ‎08-24-2006

What's the default gateway set to at the workstations ? It should be the IP listed under their respective VLAN.

The show ip route output should tell us if ip routing is running or not.

w-keener · ‎08-25-2006

The default gateway for a workstation or server is set to the appropriate IP for that VLAN (the address of the VLAN in the configuration).

10.150.255.254 for the Server VLAN

10.151.255.254 for the Workstation VLAN

For some reason they wanted their gateway set higher, whereas in my experience it's usually at the start of he IP range. Would this matter?

Richard Burts · ‎08-25-2006

Walter

It does not matter whether the gateway address is at the start of the range or high in the range. I agree that many people configure router addresses as the first address in the range. I sometimes advocate using addresses high in the range on the basis that if some user configures a PC and assigns an address without understanding what they are doing they are likely to choose the first address as the PC address. If you use a high address you are less likely to have some PC duplicate the address of the router.

But it should work fine either way.

HTH

Rick

HTH

Rick

Anand Narayana · ‎08-24-2006

Hi keener,

make sure that you have created vlan database b4 creating the vlan interface. the command as follows.

switch#vlan database

switch(Vlan)#vtp server

#vtp domain School

#vlan 1 name xyz

#vlan 10 server

#vlan 11 Hardwired

#exit

type EXIT & donnot press ctrl+z or ctrl+c otherwise changes will not happen & then try pinging different vlans also make sure that you have given the gateway ip address in the client machine as the vlan ip address mentioned in the 3560.

hope this helps,

rate this post once it has solved your issue.

glen.grant · ‎08-25-2006

As previous poster indicated make sure you have the layer 2 vlans setup correctly. Do a "show vlan" command and you should see all the vlans you created as active and what ports are assigned to those vlans . Also the 2950's are setup as desirable for trunking as default , check to see if it hasn't gone into trunking mode unless you want to trunk the links which in case you have to make sure each switch and the ports are in the vlan you want them . Actually sounds like a fun project where you don't have the pressure of the workplace , congrats on volunteering your time...