Hi singh

Thanks for reply, I don't know how to configure port-channel !! and can't find help in this link, so please can u give me some details ??

what I would like to do is set VLAN5 as a common VLAN not VLAN1 as u explained..

by other meaning I want to make all PCs witch is members of VLAN2, 3 and 4 can communicate with any PC connected to the port assigned to VLAN5 but without any communication between VLANs 2,3 and 4

and if I asigned all ports to VLAN5 by the command set vlan 5 (x/Z) then I will shift these ports from other VLANS to Vlan5 ... Correct ??

Hope you got my idea and please try to help me urgently .. I'm in trouble

Thanks

UP

Please, anybody try to help URGENT

Hi Friend,

I see that you have not configured port channel between supervisor and 4232 L3 blade.

In your post you have updated that DHCP server is on vlan 3 and all the machines in other vlan pick an ip address from the DHCP server which will only work when intervlan routing works. Intervlan routing means routing between different vlans and as you have posted that the vlans are not able to communicate with each other.

So I am confuse here because you say that vlans are not able to talk to each other then how can they pick an ip address from DHCP server which is on vlan 3.

Anyways to make the communication between vlans intervlan routing should work and they way it works on 4k switch with 4232 l3 blade is little bit different.

Create a port channel and trunk between sup and 4232 l3 blade.

Just read this lines

The WS-X4232-L3 module has 32 Fast Ethernet ports and two Gigabit Ethernet ports.

These two Gigabit Ethernet ports correspond to interfaces gigabit 1 and gigabit 2 in the router configuration. These Gigabit Ethernet ports are routed ports.

Internally, the module has two Gigabit Ethernet interfaces (gigabit 3 and gigabit 4) that connect the router to the switch backplane. The switch backplane uses the first two ports in that slot to connect to the router module. When you insert the WS-X4232-L3 module in slot 3, Gigabit Ethernet interfaces 3 and 4 connect to the backplane ports 3/1 and 3/2. Ports 3/1 and 3/2 are Layer 2 (L2) ports with configuration on the switch Supervisor Engine.

Gigabit Ethernet interfaces 3 and 4 are L3 ports with configuration on the router module.

Now you have to configure something like this on supervisor on module 3

#module 3 : 34-port Router Switch Card

set vlan 5 3/1-2

set trunk 3/1 nonegotiate dot1q 1-1005

set trunk 3/2 nonegotiate dot1q 1-1005

set port channel 3/1-2 mode on

Configure something like this on router 4232-L3 blade

interface GigabitEthernet3

no ip address

no ip directed-broadcast

no negotiation auto

channel-group 1

interface GigabitEthernet4

no ip address

no ip directed-broadcast

no negotiation auto

channel-group 1

Now you can create subinterface for port channel for routing between vlans like this

interface Port-channel1.2

encapsulation dot1Q 2

ip address

ip helper-address

no ip redirects

no ip directed-broadcast

interface Port-channel1.5

encapsulation dot1Q 5 native

ip address

ip helper-address

no ip redirects

no ip directed-broadcast

This way intervlkan rotuing will start between vlan 2 and vlan 5 and same way you will create port channel subinterface for other vlans and get it route first.

Once routing start working between all the valns we can go with ACl to restrict the traffic.

Lets start and finish it.

Regards,

Ankur

Dear Ankur,

Thanks for your help, what I want to explain is

1- I have 5 Vlans 1 – 5 with IPs

- (VLAN 2) 172.16.2.10 – 172.16.2.254

- (VLAN 3) 172.16.3.10 – 172.16.3.254

- (VLAN 4) 172.16.4.10 – 172.16.4.254

All PC’s connected to these Vlans has a Deferent Gateway witch is ISA server witch is PC inside the same VLAN For Ex. VLAN3 PCs has gateway (172.16.3.8) and it’s picking up this gateway config automatically from DHCP server

I have One DHCP Server witch is a part of VLAN3 with IP (172.16.3.6) and it’s gateway is our inside interface for PIX (172.16.1.5)

Right now any PC is connected to VLAN2 or 3 or 4 with gateways witch picking it from DHCP server (172.16.3.8 for VLAN3 and 172.16.2.10 for VLAN 2 and 172.16.4.10 for VLAN4) those PCs are NOT ABLE TO COMMUNICATE WITH OTHER PCs IN OTHER Vlans

Meaning VLAN2 PC not able to communicate with VLAN3 PC

And Also VLAN2 and 4 PC’s not able to communicate with DHCP Server (only picking up an IP but there is no ability to communicate and ping command showing host is not reachable

But all PCs in any Vlan with gateway 172.16.1.5 (the inside interface for PIX) are able to communicate together

I don’t have any ACL running on my router

Hope that can give u some details about my network

Right now I would like to make VLAN 5 witch is like a common VLAN I want to connect around 3 or 4 PCs only to this VLAN and these 4-5 PC’s are able to communicate with all other PCs on my network in any VLAN

I have create this vlan

set vlan 5 3/35

Router# config term

Interface gigaethernet 3.5

Encapsulation dot1Q 5

IP-helper address 172.16.3.6

Now PC on port 3/35 able to picking IP from DHCP server but not able to communicate with others Vlans

The WS-X4232-L3 module is connected to slot 2 so I have set a trunk for this slot like this

set trunk 2/1 noneg dot1q 1-1005

but still there is no communication between Vlans

Please try to give me a clear steps so I can follow it to oslve this Problem

Thank you very much and waiting for reply ASAP

Ahmed

Ahmed,

Let me take it for you... first of ALL the Gateway defined on your DHCP server which is in Vlan 3 is wrong..172.16.3.8. It should be 172.16.3.10 which is the IP address of Vlan 3 as the router is doing the inter-vlan routing between differnt vlans not your DHCP server.

Now to make it more clear you have to do the following things :

1. Make sure you 4232-l3 Blade is in slot 3 as it is supported in that slot only.

2. Make sure that you all the hosts in the respective vlans have the Default Gateway set as the Vlan's IP as that's what it should be for inter-vlan routing. Ig you have a wrong Gateway defined your routing will not work.

3. Set up the inter-vlan ruting as Ankur sugested in his Last Post, just follow it and create the port-channels have your port-channel sub-interfaces defined for the respective vlans and it will work. Do not defined the gig 3 or 4 with sub-interfaces.

4. If your Vlan 1 hosts have the gateway as the inside interface of the PIX, please change it to the Vlan 1 IP as when a host wants to get to another vlan from Vlan1 it will hit the PIX first and then if the PIX has a route back to another Vlan it will send it to switch and then it will again do the routing which is not a good design.

Please revert in case of any problem.

regards,

-amit singh

Dear Singh

Thanks for reply, I got ur idea and I'm sure it's correct and inter-vlan routing should work fine, and I can manage it bu ACL.

but my problem is I have ISA server witch is using to manage internet usage for users in VLAN3 and VLAN4 so I have 2 ISA server - one for each VLAN, what I know is this ISA server should be set as a GW for the computers so it will work like a firewall to manage the internet connection.

then if I set the GW as the VLAN rounting blade IP the ISA can't manage this VLAN computers.

PLease if have any sugesst let me know

Thanks

Hi,

I think we can also manage it using your present scenario.

What you need to do it set reverse route on your hosts in vlan 3 and vlan 4 pointing towards the Vlan 3 and Vlan 4 gateway.

Lets say.. you have Vlan 1 ip as 1.1.1.1 and vlan 2 ip as 2.2.2.2, vlan 4 ip as 4.4.4.4 and vlan 5 ip as 5.5.5.5. If you want to go to vlan 1 from vlan 3 (IP of Vlan 3 = 3.3.3.3 )then set a route on your host as

route add 1.1.1.0 mask 255.255.255.0 3.3.3.3

route add 2.2.2.0 mask 255.255.255.0 3.3.3.3

route add 4.4.4.0 mask 255.255.255.0 3.3.3.3

route add 5.5.5.0 mask 255.255.255.0 3.3.3.3

Do the same for your Vlan 4 hosts with Vlan 4 as gateway.

I think it should work fine.

Please revert on this.

regards,

-amit singh

Thnaks Singh

do u mean by (IP of Vlan 3 = 3.3.3.3) is IP for sub int of VLAN3 on routing blade ??

Yes, Sir. You are right aboout it.It is the IP of the interface vlan 3 on the routing blade.

Do it and I am pretty sure that it will work for us.

regards,

-amit singh

Dear singh

I had try what did u explained but I got the following error

Router(config)#ip route 172.16.5.0 255.255.255.0 172.16.3.1

%Invalid next hop address (it's this router)

Router(config)#

172.16.5.0 <--- VLAN 5 witch I need to access from other VLANs

172.16.3.1 <---- IP for subinterface Gigaethernet3.3 for VLAN3

when I'm tryed with 172.16.3.8 (IP for ISA server witch is GW for computers in VLAN3) it's accepet routing command but the inter-routing is not working meaning I'm still not able to access any pc connected to Vlan 5 from any PC connected to VLAN3

Please try to advice

Thanks

Thanks sing, I'm so sorry for this misunderstanding,

it's working fine now through ur idea

But Pls I have one more request because your Idea open a new problem to me :)

how I can make ACL to prevent users from VLAN2 for IPs starting from 172.16.2.10 to 172.16.2.255 to access PCs in VLAN3 with IPs 172.16.3.10-172.16.3.255 ?? I can't apply access list for all IP range from 0-255 cuz I they should be able to access the DHCP server witch in VLAN3 with IP 172.16.3.6 to picking up an IP only.. and I don't know if we apply a ACL for a full class they will be able to do that or no !!

Thanks again

I'm so sorry sing,

in my last post I just test it quickly .. but I think I did somthing wrong .. or ping a wrong host to checking connectivity..

now it's not working and this is my print rout result

Interface List

0x1 ........................... MS TCP Loopback interface

0x2 ...00 01 2e 02 78 27 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC

acket Scheduler Miniport

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 172.16.3.8 172.16.3.101 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

172.16.2.0 255.255.255.0 172.16.3.1 172.16.3.101 1

172.16.3.0 255.255.255.0 172.16.3.101 172.16.3.101 20

172.16.3.101 255.255.255.255 127.0.0.1 127.0.0.1 20

172.16.4.0 255.255.255.0 172.16.3.1 172.16.3.101 1

172.16.255.255 255.255.255.255 172.16.3.101 172.16.3.101 20

224.0.0.0 240.0.0.0 172.16.3.101 172.16.3.101 20

255.255.255.255 255.255.255.255 172.16.3.101 172.16.3.101 1

Default Gateway: 172.16.3.8

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

172.16.4.0 255.255.255.0 172.16.3.1 1

172.16.2.0 255.255.255.0 172.16.3.1 1

and attached is the technical support report for my routing blade

Please check and advice

Thanks