I have Cisco Catalyst Switch 4006 with Supervisor II OS with 4232-L3 routing module, witch is configured for 5 VLANS, each VLAN cann't communicate with others.
I want to make VLAN 5 as a common VLAN so it can communicate with all others VLANS.
Attached is a copy of my show running-config on the routing blade
I assume your gigabit interface are trunks to other switches??
Create 5 VLAN interfaces. i.e. Interface VLAN1 thru VLAN5. Move your 'ip address' and 'ip helper' commands under their respective VLAN interface. Don't forget to enable the vlan interfaces by issuing the 'no shutdown' command under each interface.
Your InterVlan routing should function provided you are using the proper IOS feature set.
Thanks sir for you comment, I don't have other switches I have only one Cisco Catalyst Switch 4006 with Supervisor II OS with 4232-L3 routing module.
Sorry I don't understand what do u mean by "Create 5 VLAN interfaces. i.e. Interface VLAN1 thru VLAN5. Move your 'ip address' and 'ip helper' commands under their respective VLAN interface"
the exact setuation is I have 5 Vlan with 1 DHCP server in VLAN3, all Vlans Picking IP address from this DHCP, all VLANS is not comunicated together, what I would like to do is make VLAN5 is able to access and communicate with all other VLANs but keep other VLANs (2,3,4) not communicated as it is..
Thank you in advance and please try to help me ASAP cuz it's very urgent for me
it's a little bit different to configure inter vlan routing in 4000 series. First, check this link
1.Console your SUP, create vlan 1-5.
2.There are 2 virtual gigabit link, between SUP and the routing module (4233), you can configure them as ether channel. Then,
configure this link as trunk. In 4006, they don't support isl, so you must use dot1q.
3.COnsole your routing module, after configure the gigabit link as ether channel, then don't forget to configure this link as
4.configure sub interface on gigabit link,
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 1
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 2
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 5
at this point, vlan 1-5 can communicate each other well. That's all to make intervlan routing in 4000 series. But our goal
to make only vlan 5 is accessible for the others, that's why we must congigure accesst-list. for example, the ip address are
for vlan 1 192.168.1.x
for vlan 2 192.168.2.x
for vlan 3 192.168.3.x
for vlan 4 192.168.4.x
for vlan 5 192.168.5.x
and then we can create accesst-list, in this case i refer to use extended accesst-list,
ip access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
then apply to sub-interface for vlan 1
ip access-group 101
well, i think that's all, now you can make access-list for the rest.
i hope this can help,
Thanks for your help, right now I have some confusion after submiting my case in the forum I got so many replies and right now I don't know if the inter-vlan routing is working on my switch or not !!!my current setiuation is:
1- I have 5 Vlans 1 5 with IPs
- (VLAN 2) 172.16.2.10 172.16.2.254
- (VLAN 3) 172.16.3.10 172.16.3.254
- (VLAN 4) 172.16.4.10 172.16.4.254
All PCs connected to these Vlans has a Deferent Gateway witch is ISA server witch is PC inside the same VLAN For Ex. VLAN3 PCs has gateway (172.16.3.8) and its picking up this gateway config automatically from DHCP server
I have One DHCP Server witch is a part of VLAN3 with IP (172.16.3.6) and its gateway VLAN3 IP (172.16.1.5) IP for routing blade in Vlan3
Right now any PC is connected to VLAN 2 or 3 or 4 with gateways witch picking it from DHCP server (172.16.3.8 for VLAN3 and 172.16.2.10 for VLAN 2 and 172.16.4.10 for VLAN4) those PCs are NOT ABLE TO COMMUNICATE WITH OTHER PCs IN OTHER Vlans
Meaning VLAN2 PC not able to communicate with VLAN3 PC
And Also VLAN 2 and 4 PCs not able to communicate with DHCP Server (only picking up an IP but there is no ability to communicate and ping command showing host is not reachable
But all PCs in any Vlan with gateway as IP of subinterface for routing blade for the same VLAN are able to communicate together
I dont have any ACL running on my router
Hope that can give u some details about my network
Right now I would like to make VLAN 5 witch is like a common VLAN I want to connect around 3 or 4 PCs only to this VLAN and these 4-5 PCs are able to communicate with all other PCs on my network in any VLAN
I have create this vlan
set vlan 5 3/35
Router# config term
Interface gigaethernet 3.5
IP address 172.16.5.1
Encapsulation dot1Q 5
IP-helper address 172.16.3.6
Now PC on port 3/35 able to picking IP from DHCP server but not able to communicate with others Vlans
The WS-X4232-L3 module is connected to slot 2 so I have set a trunk for this slot like this
set trunk 2/1 noneg dot1q 1-1005
but still there is no communication between Vlans
Please try to give me a clear steps so I can follow it to oslve this Problem
Thank you very much and waiting for reply ASAP
do you have a diagram of your network? if you don't mind, pleas attach the diagram.
and please attach also:
1.sh version from SUP and Routing module
2.sh run from SUP and Routing module
sorrie, just came back from long holliday...
according to your file, vlan 5 is still down,
GigabitEthernet3.5 is up, line protocol is down
Hardware is xpif_port, address is 000a.425b.1409 (bia 000a.425b.1409)
Internet address is 172.16.5.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 5.
ARP type: ARPA, ARP Timeout 04:00:00
this is happen because no host/port on vlan 5 is up.
try to make vlan 5 on switching module, and then make one or two port as vlan 5.
then, please update the file that you uploaded here.
is the gigabit subinfterface for vlan 5 is up then?
which port is your laptop attached to?
please give us the copy of show vlan in the switching module, and show interface gigabitEthernet3.5
because last time the 'line protocol' of gigabitethernet3.5 is still down, line protocol status indicate that there is 'something' wrong with layer 2.
this could be the vlan assignments in switching module, or the configuration between switching module and the routing module.
just searching my old doc's
and find this useful links
i allready see the file "show vlan.txt", status of vlan 5 in switching module is active,
but i don't know whether the status of interface gigabitethernet3.5 is up or down
let's cek those 3 links first, maybe we missed some step.