Basically you need layer 3 to do routing. Either Router or Layer 3 switch can do the job.

Please rate if this helps.

Thanks for getingback to me.

right now, both subnet have their own gateway, i.e. our router, s sinfle one have two FA Interfaces and each host a gateway IP address for each subnet.

In this case I need to add another router, correect?

is ther any other way, such as cxonfiguring botn VLAn on each swuitch and give the vlan its own gate way address?

would that work?

Thx,

Masood

Thanks for getingback to me.

right now, both subnet have their own gateway, i.e. our router, s sinfle one have two FA Interfaces and each host a gateway IP address for each subnet.

In this case I need to add another router, correect?

is ther any other way, such as cxonfiguring botn VLAn on each swuitch and give the vlan its own gate way address?

would that work?

Thx,

Masood

Hello Masood,

Returning on the initial question:

Trunks are used to connect 2 switches and pass traffic for more than 1 vlan. But it doesnt mean you can pass traffic from 1 vlan to the other.

As stated before , you'd need a router to do this.

But, from your last post I can see that you do have a router connecting these 2 vlans.

So, I dont see why it shouldnt be working.

could you give us more details on the configuration of this router?

Vlad

Thanks,

This router connects our Mclean office to our Richmond office using a pint to point T1 and i beleive is the best condidate for routing anoungst these two vlans since 10.1.1.0 and 10.1.4.1 subnets (VLAN 2) are on Fa0/1 and 10.1.2.0 subnet (vlan 30) ON THE fa0/0 BY ITSELF.

SO, I need help I guess on how to configure this router for vlan routing porposes but since its a production router, i must be carefull or i can use a totally new Cisco 2621 router that I have at my disposal.

also, on both my switches i have vlan 2 and vlan 3 configured, so i can use a posrt as a trunking port, i guess so they talk to each other, correct?

Please advise.

Thx,

Masood

HI

the thing u can do is on u r switch connect the respective ports from the vlan according to u r router ports.for e.g

on the switch

f0/10 ----it should be in vlan 2

f0/11 ----it shuold be in vlan 3

from the above ports connect f0/10 in fa0/1 on router and f0/11 to fa0/0 on router.

ensure the IP routing in enabled on the router.this is one scenario.

if u r using a single port on u r router then u can go for sub-interfaces.ensure that u have a trunk link from u r switch to the router.

router(config)#interfaces f0/0

router(config-if)#no ip address

router(config-if)# int f0/0.1

router(config-subif)#ip address x.y.z.1 subnetmask

router(config-subif)#encapsulation dot1q

u have to create sub-interfaces for each vlan.

Thanks

Mahmood

Hi,

Your 1st scenario should be working for us but one question?

You wrote:

on the switch

f0/10 ----it should be in vlan 2

f0/11 ----it shuold be in vlan 3

from the above ports connect f0/10 in fa0/1 on router and f0/11 to fa0/0 on router.

ensure the IP routing in enabled on the router.this is one scenario.

OK, if I do as the above then what should the rest of the ports be part of, i mean part of what VLAN?, can be mixed, basd on need? would these two VLAn talk to eachother?

I have three core switches, 1 CAT 4510R, and two CAt 4006 (one 4006 on each floor). the 4500 and a CAt 4006 are on the same floor. I also have many 3550 series and 2948s, do i need to have this done on all the switches or onnly the core?

many questions, I am sorry. I just want to immplement these vlans correctly and expand them as we go since I am not geting any cooperation from the AD guys (server guys). being safe is an issue. so how can I start small and then build upon it slowly?

thanks in advance.

Masood

Hello,

If you could use the switches you have, which are Multi-layer switches, it would be a simple job.

VLAN2---SW-ACCESS fa0/0---trunk----fa0/0 Distribution SW fa0/1 ------trunk----fa0/0-SW-ACCESS---VLAN3

then configure DISTRIBUTUION switch

ip routing

int fa0/0

switchport encap dot1q

switchport mode trunk

int fa0/1

switchport encap dot1q

switchport mode trunk

interface vlan 2

description gateway-to-vlan2

ip address 10.10.1.1 255.255.255.0

no shut

interface vlan 3

description gateway-to-vlan2

ip address 10.1.2.1 255.255.255.0

no shut

on the other switches (ACCESS SWITCH LAYER2 ONLY) remember to set the trunks too.

int fa0/0

description connection-to-Dist-switch

switchport encap dot1q

switchport mode trunk

quite simple, now you have vlan 2 and talking and you dont even need to configure routing !

you can have vlan 2 and 3 both on the same Access switch if you want and Still you'll be able to pass traffic between these 2.

Its hard to give you correct configs, if you dont give us the topology of your network,

but I guess this will help you.

vlad

This will certainly help. I do have mulyilayr switches and can try your solution. one thing though:

i don't understand your first line:

VLAN2---SW-ACCESS fa0/0---trunk----fa0/0 Distribution SW fa0/1 ------trunk----fa0/0-SW-ACCESS---VLAN3

what this means and on which switch this must go?

can my 4500 switch be used as the distribution switch? and if yes, do I need to configure other switches too?

I will send you my switch cloud from the LMS Campus Mnage topology services and that will tell you what and how many switches we have.

Thanks for your attention.

Masood

I'll be glad to help..

vladrac@mail2007.com

Vlad

Hello Masood,

I still dont understand this set up.

You state you have 2 subnets in F0/1 (so, I guess you already have fa0/1.1 and fa0/1.2 (or something like this) and you already have trunking setup in this sub-interfaces? and you say you have 10.1.2.0 on fa0/0.

If this was the case, I still dont see why the router wouldnt be doing its job?

Could you give us a sample of these routers configuration (just partial configs will suffice)?

Vlad

Hi,

sorry for the confusion.

I have a router that connects us to our remote office via a T1 line, think as it as as exoension to our main office. we use the FA0/1 interface of this router for our two main subnets, i.e. 10.1.1.0 and 10.1.4.0 with the interface IP addresses: 10.1.1.251 primary gateway address and 10.1.4.251 secondary gateway address.

on the same router, we have subnet 10.1.2.0 connected to FA0/0 with gateway ip address or interface ip address of 10.1.2.251 used for our Dev environment. our main and dev environment are physically separated and not talking. this is how who ever has designed it years ago and he or they have created VLAN 2 for main environment and VALAn 3 for the Dev environment with no Trunking at all.

when i took over this position, i saw this situation as being laghable and now have decided to build upon it and make the VLANs as they should be and create some other valns too but our Server or AD guys as opposing to this as they don't feel VLAn is needed. they are wrong as they don't see things the way i see and I see a big flat network which will be problem in not too far a future unless we start building real vlans with traunking, say putting all the servers on VLAN 2, users on VLAN 3, DEV environment on VLAn 4 and etc. but I want to do this slowly and want the these two currnt vlans working correcty using the router we have and explained above and slowly build upon it.

I hope I could explain the situation clearly..

Please advise as I can use all the help I can get being the only Network engineer and having AD guys opposing the Idea!

Thx,

Masood

Hello Masood,

My advice to you is to use the layer3 devices to do the job for you.

You can have many vlans and route between them with problem.

But again, this is what I see for you scenario.

router#

int fa0/0

ip address 10.1.2.251 255.255.255.0

int fa0/1

ip address 10.1.1.251 255.255.255.0

ip address 10.1.4.251 255.255.255.0 secondary

So, if you have traffic from these subnets already ending in this router, why cant it route between the 2 vlans?

you said they created the 2 vlans? where ? on a layer 2 device only?

if its not much trouble, could you please attach the configs on this router and the switches with the 2 vlans?

I'd be glad to try to present you with the solution for this problem.

Vlad