Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1367
Views
0
Helpful
18
Replies

Default route between VLANs

admin_2
Level 3
Level 3

‎07-18-2003 03:11 AM - edited ‎03-02-2019 08:56 AM

Hello everybody out there,

I have a 3550&2950 environment with several VLANs and using the 3550, v12.1{6}EA1, for doing routing between some of them.

In one VLAN [let's supose VLAN1] we have another router for going to the Internet. This router announce the default route for going to the internet using ospf.

From another VLAN [let's supose VLAN2] we can ping all the VLAN1, including the router to the internet, but we cannot go to the internet.

The traceroute ends in the 3550.

The 3550 knows the default route by ospf.

The router to the internet knows the VLAN2 by ospf.

If we put a static default route in the 3550, we cannot go to the internet.

If we put a static route in the 3550 for a certain web page o network, we can acces to this one.

Any one could help us?

Best regards,

Manel

Labels:
0 Helpful
18 Replies 18

deilert
Level 6
Level 6

‎07-18-2003 03:22 AM

Can you paste in a 'sh ip o database external 0.0.0.0' from the 3550 , are you running OSPF on both of these boxes ?

0 Helpful

Not applicable
In response to deilert

‎07-21-2003 10:59 PM

Hi Dave, Thanks for your answer.

Could you be more specific? I mean, the output of this command is very long for pasting it.

What I can say is that as a part of a large network, there are several announces of the default route.

I will appreciate your comments about how to check this issue.

0 Helpful

milan.kulik
Level 10
Level 10

‎07-18-2003 04:48 AM

Hi,

are you sure that when you put a static default route in the 3550 the traceroute stops in 3550?

What about tracert started from 3550 CLI?

If it passes, I would guess some wrong ACL on 3550.

If not, isn't there "no ip classless" command forgotten in the 3550 config? I can't imagine any other reason why router having static default route wouldn't use it.

I would doublecheck sh ip route output to see anything suspicious: routes to null int, summaries, etc.

Regards,

Milan

0 Helpful

Not applicable
In response to milan.kulik

‎07-22-2003 01:14 AM

Hi Milan,

With the static route in the 3550:

- the traceroute from a host in VLAN2 give us one hop to the 3550 (VLAN2 IP address) and then timeout.

- the traceroute from the 3550 CLI give us one hop up to the router in VLAN1 for going to the internet, and then timeout.

- From the 3550 CLI, the ping does not work whatever the source address is

Apart from this:

- I have erased the only ACL in the 3550 and the same results (no works).

- Ip classless is in the configuration

- In the sh ip routes output, the static route appears (as candidate to default; I mean, with *) and nothing more strange.

Regards,

Manel

0 Helpful

sachinraja
Level 9
Level 9

‎07-22-2003 01:46 AM

Hi Manel,

You should configure the Core L3 switch (3550) as VTP server and the edge switch (2950) as VTP client.

In this case, you should configure 2 interfaces on 3550 , VLAN1 and VLAN2.

You configure the link from 3550 - 2950 as a trunk so that it can carry all the VLAN traffic between switches.

" YOU NEED NOT SPECIFY ANY LAYER 3 INFORMATION IN THE DOWNSTREAM SWITCH -2950" and it forwards the packet onto the L3 switch (VTP server) which puts on the packet to the VLAN1 router.

Be sure that you have reverse routes for VLAN2 subnet in the router pointing to VLAN1 IP (of 3550) switch.

Thanks

0 Helpful

Not applicable
In response to sachinraja

‎07-22-2003 05:38 AM

Hello,

I'm not sure about understanding your suggestions, but take in account that other services in VLAN1 (for example, Intranet servers) are completely accessible from VLAN2.

Apart from this I 've discovered that:

- some internet sites are accessibles from VLAN2

- some PCs in VLAN2 can access to the sites while others cannot.

Any suggestion?

Regards,

Manel

0 Helpful

sachinraja
Level 9
Level 9
In response to

‎07-22-2003 06:07 AM

Am giving you an example:

In Cisco 3550 :

VTP status- Server

VLAN1 - 172.16.0.1/24

VLAN2 - 10.100.100.1/24

default route in 3550 pointing to the router or it learns through "default-information-originate" from the router.

2950 -

VTP status - client.

No ip addresses needs to be specified in this switch as it knows to reach the internet router through the trunk configured between the switches.

Just check if you have reverse routes for 10.100.100.0/24 (VLAN 2) in the router pointing to 172.16.0.1.

Just check if there are any additional routes in the PCs which are not able to access the internet. As from some PCs you are able to access, there are no problems with L3 routing.

Thanks

0 Helpful

Not applicable
In response to sachinraja

‎07-22-2003 08:00 AM

Hello,

Al the 2950 were not specified as vtp clients and they appear as vtp servers. I have changed this issue but nothing changes (so we have the same problem).

All the 2950 have an IP address in VLAN2 and the 3550 as their default gateway for management purpose only.

The router for going to the internet knows the VLAN2 network by OSPF, learned from the 3550.

There are no routes in the PCs.

Thanks,

Manel

0 Helpful

deilert
Level 6
Level 6
In response to

‎07-22-2003 09:03 AM

manel can you paste in the config from the 3550 and the 2950,

From the 3550 can you paste in a sh ip route 0.0.0.0 and a sh ip o dat ext 0.0.0.0

0 Helpful

Not applicable
In response to deilert

‎07-24-2003 05:42 AM

Hi,

here you have. I have changed some IP address (basically in Advertising router) for a comment

sh ip o dat ex 0.0.0.0

OSPF Router with ID (VLAN 1 IP Address in the 3550) (Process ID 1)

Type-5 AS External Link States

Routing Bit Set on this LSA

LS age: 1577

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 80000F77

Checksum: 0x90E2

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 667

Routing Bit Set on this LSA

LS age: 93

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 8000A004

Checksum: 0x8CBF

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 667

Routing Bit Set on this LSA

LS age: 1426

Options: (No TOS-capability, No DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 80005A3D

Checksum: 0x7AB0

Length: 36

Network Mask: /0

Metric Type: 1 (Comparable directly to link state metric)

TOS: 0

Metric: 1

Forward Address: 139.158.28.5

External Route Tag: 0

Routing Bit Set on this LSA

LS age: 1824

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 80001491

Checksum: 0x20AD

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

Routing Bit Set on this LSA

LS age: 763

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 80001498

Checksum: 0x605B

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 10

Forward Address: 0.0.0.0

External Route Tag: 1

Routing Bit Set on this LSA

LS age: 46

Options: (No TOS-capability, No DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Router to the internet in VLAN1

LS Seq Number: 80002876

Checksum: 0xEEFA

Length: 36

Network Mask: /0

Metric Type: 1 (Comparable directly to link state metric)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

LS age: 1570

Options: (No TOS-capability, DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: VLAN1 IP address for the 3550

LS Seq Number: 8000002A

Checksum: 0x9B21

Length: 36

Network Mask: /0

Metric Type: 2 (Larger than any link state path)

TOS: 0

Metric: 1

Forward Address: 0.0.0.0

External Route Tag: 1

Routing Bit Set on this LSA

LS age: 1440

Options: (No TOS-capability, No DC)

LS Type: AS External Link

Link State ID: 0.0.0.0 (External Network Number )

Advertising Router: Another router (not the one to the internet) in VLAN1 learns alternatives default routes

LS Seq Number: 800044AF

Checksum: 0x9C28

Length: 36

Network Mask: /0

Metric Type: 1 (Comparable directly to link state metric)

TOS: 0

Metric: 1

Forward Address: VLAN1 IP address for the 3550

External Route Tag: 0

Regarding the routing table:

sboi3550a1#sh ip route 0.0.0.0

Routing entry for 0.0.0.0/0, supernet

Known via "static", distance 1, metric 0, candidate default path

Routing Descriptor Blocks:

* the ip address of the router to the internet in VLAN1

Route metric is 0, traffic share count is 1

0 Helpful

m-stinnette
Level 1
Level 1

‎07-23-2003 09:34 AM

Manel

If I'm reading this right you have a router off of say vlan1 with a static route pointing to say your firewall. You also have ospf on this router going to the internet. Now on the 3550 you have the vlans say vlan1 and vlan2 which are routable. You also have ospf running on this layer 3 switch as well. Also there is a static route pointing to the router going to the internet. What I was thinking you could try is this. First I'm going to assume this. THe only way any internal subnet can get out to the internet is through the router on vlan1 going out to the internet. With that assumed why don't you take out ospf and put a static route in the router going out to the internet with any packet destined for the internal network go to the 3550. That way you have a default route for the internet pointing to say the firewall and a route for internal addresses pointing to the 3550.

Matt

0 Helpful

jcleary
Level 1
Level 1
In response to m-stinnette

‎07-23-2003 09:41 AM

Assuming Vlan 1 can get to the internet.

Do you have a NAT statement in your internet router or firewall allowing the subnet from VLAN 2

0 Helpful

Not applicable
In response to jcleary

‎07-24-2003 05:17 AM

Yes, we do.

It's in a firewall connected to the router in the VLAN1.

Thanks,

MAnel

0 Helpful

Not applicable
In response to m-stinnette

‎07-24-2003 05:26 AM

Hello Matt,

I've already tried to put static routes both in the router to the internet and in the 3550.

I didn't take out OSPF because I would lose some other entries and it's a productive environment.

But, as you probably know, the static routes take precedence over OSPF when both of them exists. In fact, the static routes appears in the sh ip route.

But it does not work.

Besides, some PCs in the VLAN2 can reach the internet with no problem (¿¿??)

Thanks,

Manel

0 Helpful
Customers Also Viewed These Support Documents