Re: Help "VLAN Gateway Problem"

capajaron · ‎09-07-2006

Hi:

I have a problem with my VLAN connection to the Internet,below was my list of configurations and topology attach:

Gateway_Router

Fa 0/0: ip address 10.200.1.1 /16

3750_Switch:DOMAIN: smartport

VLAN 1 : ip address 10.200.7.13 /16

ip default-gateway: 10.200.1.1

3560_Switch:DOMAIN: cisco

ip routing enable

ip default-gateway: 10.200.1.1

VLAN 1 : ip address 10.200.22.254 /16

VLAN 10: ip address 10.201.0.254 /16

Fa 0/1 : switchport access VLAN1

Fa 0/5 : switchport access VLAN10

VLAN1 host:

ip address : 10.200.9.3 /16

gateway : 10.200.22.254

VLAN10 host:

ip address : 10.201.9.5 /16

gateway : 10.201.0.254

* If i use 10.200.22.254 as gateway I can ping VLAN 10 and 10.200.1.1 but i can't connect to the internet.

* If i use 10.200.1.1 as gateway I can't ping VLAN 10 but i can connect to the internet.

* VLAN 10 can't ping 10.200.1.1 and also can't connect to the internet.

Where did i make a mistake?

I really need an advice for this, What will i change or add to my configurations for this to work out my network?

Thanks in Advance

Cliff

Richard Burts · ‎09-07-2006

Cliff

In the 3560 you have enabled IP routing to take advantage of its capability as a layer 3 switch. To do routing it needs a default route. Note that the ip default-gateway that you have configured does not provide a default route. I would suggest configuring on the 3560 ip route 0.0.0.0 0.0.0.0 10.200.1.1. This should fix the problem with vlan 10 since it will provide a route to outside.

HTH

Rick

HTH

Rick

vijayasankar · ‎09-07-2006

Hi,

Points to note:

the command ip default-gateway should only be used when ip routing is disabled on the Cisco router.

Hence on your 3560 switch, you should have the ip route command as follows

ip route 0.0.0.0 0.0.0.0 10.200.1.1

For the hosts connected under this switch, configure the default gateway as 10.200.22.254 for vlan 1 hosts.

Configure the default gateway as

10.201.0.254 for vlan 10 hosts.

Finally in your Gateway router, you should also be having a return route for the vlan 10 network as follows.

ip route 10.201.0.0 255.255.0.0 10.200.22.254.

Also ensure that you have properly configured the Nat in your gateway router to have the internet reachability from the subnets 10.200.0.0/16 and 10.201.0.0/16.

Hope this helps. Rate the post if you find it helpfull

-VJ

capajaron · ‎09-08-2006

Hi VJ

First I really to thank you for your advice, it really solves my problem, now i can ping 10.201.0.254 (VLAN10) and 10.200.22.1(VLAN1) (previously 10.200.22.254)from my gateway router, now VLAN1 hosts can now access the internet using 10.200.22.1 ip address, but VLAN10 hosts still can't access the internet and upon checking the router ACLs config i found that 10.201.0.0 is not on the existing (ACLs 10 and ACLs 110) ACLs for permition.

Can i add another ACLs eg; access-list 20 and correct me if am wrong will i apply it to the outbound,eg;ip access-group 20 out.

thanks

cliff

devang_etcom · ‎09-07-2006

how your both the switches connectd with the router...

will you tell me how your switch connected with you gateway router... i mean ip address of the switch port which is connected with the router...

regards

Devang

sundar.palaniappan · ‎09-07-2006

Cliff,

I see one possible problem here. Given the fact, you are having Internet connectivity the problem isn't NAT related. Can you configure the 'no ip redirect' command on the following interfaces and check the status. Also, make sure there's a default route (not gateway command) on the 3560 pointing to 10.200.1.1.

Gateway_Router:

int f0/0

no ip redirects

3560_switch:

int vlan 10

no ip redirects

int vlan 20

no ip redirects

HTH

Sundar