Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Cisco 3550-48-EMI VLAN Routing Issue II

Hi,

Here's our network diagram.

INTERNET

|

|

Cisco 1720

|

|

Nokia IP120 Firewall

| (e0 : 10.140.70.254/24) VLAN 70

|(fa0/48: 10.140.70.253/24)

+-----------------------+

| Cisco 3550 |------(10.140.90.254/24)

+-----------------------+ VLAN 90

| (10.140.100.254/100)

| VLAN 100

I have a host on each VLANs and they can communicate each other.

But...only except for host within VLAN 70 could hit the internet.

Any hosts in VLAN 100 and 90 are not able to hit 10.140.70.254.

Could you please let me know how to resolve this problem?

Here's my configuration.

Using 4843 out of 393216 bytes

!

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname NPBC0001

!

enable secret xxxxx

enable password xxxxx

!

clock timezone GMT -8

clock summer-time GMT recurring

ip subnet-zero

ip routing

!

cluster enable Macsteel 0

!

spanning-tree extend system-id

!

!

!

interface FastEthernet0/1

description Primary Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/2

description Secondary Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/3

description RIB Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/4

description Primary Link for NPBS2S02

switchport access vlan 90

switchport mode access

no ip address

!

:

interface FastEthernet0/47

switchport access vlan 70

switchport mode access

no ip address

!

interface FastEthernet0/48

switchport access vlan 70

switchport mode access

no ip address

duplex full

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

!

interface Vlan1

ip address 10.140.100.18 255.255.255.0

no ip route-cache cef

!

interface Vlan70

ip address 10.140.70.253 255.255.255.0

no ip route-cache cef

!

interface Vlan90

ip address 10.140.90.254 255.255.255.0

!

interface Vlan100

ip address 10.140.100.254 255.255.255.0

no ip address

!

interface Vlan110

ip address 10.140.110.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.140.70.254

ip http server

!

ip access-list extended CMP-NAT-ACL

dynamic Cluster-HSRP deny ip any any

dynamic Cluster-NAT permit ip any any

!

!

!

line con 0

line vty 0 4

password xxxxx

login

line vty 5 15

password xxxxx

login

!

end

Thank you very much for your help in advance.

Thanks.

3 REPLIES
Bronze

Re: Cisco 3550-48-EMI VLAN Routing Issue II

Hi

For me it looks like you forgot to route the

networks from VLAN 90 and 100 and also the others on

the firewall.

You should have routing entries on the firewall like

10.140.110.0/24 pointing to 10.140.70.253

10.140.100.0/24 pointing to 10.140.70.253

10.140.90.0/24 pointing to 10.140.70.253

The config of the 3550 looks o.k.

Hope that helps

Roger

New Member

Re: Cisco 3550-48-EMI VLAN Routing Issue II

Thanks Roger,

Hmm..Why didn't I thought of the firewall??

You're my lifesaver! As soon as I add static routes to firewall, it worked like a magic!

Thanks again.

Bronze

Re: Cisco 3550-48-EMI VLAN Routing Issue II

Hi

I'm glad that i could help you!

Regards

Roger

233
Views
0
Helpful
3
Replies