Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN Routing

Hello,

I have a Catayst 3550 with EMI that I created two VLANs on.

VLAN 1: 10.4.4.0/24

VLAN 2: 10.5.5.0/24

After routing was enabled, I was able to send packets between VLANs with no problems. I have a PIX 506E that acts as my gateway (and is connected to a port in VLAN 1), which does NAT to a real IP on the outside interface that shares a /29 with my gateway router. The issue I have now is that I can't access the Internet from other VLANs with this setup. All hosts on VLAN 1 with the VLAN interface IP set as their gateway have no problems going out (I've also configured a default route on the switch to forward packets toward the PIX internal interface). Other than enabling NAT on the switch (which I don't think it supports), how would I be able to provide internet access to hosts residing on other VLANs? Put another way, is there anything I can do with my existing hardware, or will I require something extra?

Thanks in advance for any help (any tutorial links would also be appreciated),

Andy Hsu

Current setup:

(10.4.4.2) (10.4.4.1) (Real IP) (Real IP)

|VLAN 1|--------------------------|PIX 506E|---------------|Cisco 2621|-----|Internet|

|Catalyst 3550 - EMI|

|VLAN 2|

(10.5.5.1)

|

|

|Host| (10.5.5.100) <---Can't access Internet

3 REPLIES

Re: VLAN Routing

Have you tried to traceroute from VLAN2 to Internet? Where does it stop?

According to your description I'd guess there is something wrong with your NAT.

How does it look like? Is it translating IP addresses from VLAN2?

Regards,

Milan

New Member

Re: VLAN Routing

Thanks for the advice. The fix was actually very easy. The problem stemmed from the fact that there was no route from the PIX back to VLAN 2. The data was able to go out, but didn't know where to go after it came back in. I simply added a static route to the PIX, and everything was fine after that.

--Andy

New Member

Re: VLAN Routing

Check whether NATing is enable for VLAN 2 subnet on PIX.

I am assuming that you are having internal router for inter VLAN routing so define route for subnet (VLAN 2) on PIX pointing internal router ( which knows both the VLAN)

87
Views
0
Helpful
3
Replies
CreatePlease login to create content