Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
402
Views
0
Helpful
3
Replies

Cisco 3550-48-EMI VLAN Routing Issue II

jonseung
Level 1
Level 1

‎05-01-2003 03:46 AM - edited ‎03-02-2019 07:02 AM

Hi,

Here's our network diagram.

INTERNET

|

|

Cisco 1720

|

|

Nokia IP120 Firewall

| (e0 : 10.140.70.254/24) VLAN 70

|(fa0/48: 10.140.70.253/24)

+-----------------------+

| Cisco 3550 |------(10.140.90.254/24)

+-----------------------+ VLAN 90

| (10.140.100.254/100)

| VLAN 100

I have a host on each VLANs and they can communicate each other.

But...only except for host within VLAN 70 could hit the internet.

Any hosts in VLAN 100 and 90 are not able to hit 10.140.70.254.

Could you please let me know how to resolve this problem?

Here's my configuration.

Using 4843 out of 393216 bytes

!

version 12.1

no service single-slot-reload-enable

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname NPBC0001

!

enable secret xxxxx

enable password xxxxx

!

clock timezone GMT -8

clock summer-time GMT recurring

ip subnet-zero

ip routing

!

cluster enable Macsteel 0

!

spanning-tree extend system-id

!

!

!

interface FastEthernet0/1

description Primary Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/2

description Secondary Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/3

description RIB Link for NPBS2S01

switchport access vlan 90

switchport mode access

no ip address

!

interface FastEthernet0/4

description Primary Link for NPBS2S02

switchport access vlan 90

switchport mode access

no ip address

!

:

interface FastEthernet0/47

switchport access vlan 70

switchport mode access

no ip address

!

interface FastEthernet0/48

switchport access vlan 70

switchport mode access

no ip address

duplex full

!

interface GigabitEthernet0/1

no ip address

!

interface GigabitEthernet0/2

no ip address

!

interface Vlan1

ip address 10.140.100.18 255.255.255.0

no ip route-cache cef

!

interface Vlan70

ip address 10.140.70.253 255.255.255.0

no ip route-cache cef

!

interface Vlan90

ip address 10.140.90.254 255.255.255.0

!

interface Vlan100

ip address 10.140.100.254 255.255.255.0

no ip address

!

interface Vlan110

ip address 10.140.110.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.140.70.254

ip http server

!

ip access-list extended CMP-NAT-ACL

dynamic Cluster-HSRP deny ip any any

dynamic Cluster-NAT permit ip any any

!

!

!

line con 0

line vty 0 4

password xxxxx

login

line vty 5 15

password xxxxx

login

!

end

Thank you very much for your help in advance.

Thanks.

Labels:
0 Helpful
3 Replies 3

rwiesmann
Level 4
Level 4

‎05-01-2003 04:06 AM

Hi

For me it looks like you forgot to route the

networks from VLAN 90 and 100 and also the others on

the firewall.

You should have routing entries on the firewall like

10.140.110.0/24 pointing to 10.140.70.253

10.140.100.0/24 pointing to 10.140.70.253

10.140.90.0/24 pointing to 10.140.70.253

The config of the 3550 looks o.k.

Hope that helps

Roger

0 Helpful

jonseung
Level 1
Level 1
In response to rwiesmann

‎05-01-2003 04:22 AM

Thanks Roger,

Hmm..Why didn't I thought of the firewall??

You're my lifesaver! As soon as I add static routes to firewall, it worked like a magic!

Thanks again.

0 Helpful

rwiesmann
Level 4
Level 4
In response to jonseung

‎05-01-2003 11:23 AM

Hi

I'm glad that i could help you!

Regards

Roger

0 Helpful
Customers Also Viewed These Support Documents