Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2031
Views
0
Helpful
16
Replies

Inter VLAN Routing

Go to solution
leejones365
Level 1
Level 1

‎02-18-2008 08:45 AM - edited ‎03-03-2019 08:45 PM

Hi all, I have an issue at the momment in regards to two VLANs trying to communicate with each other. I have basically started work for this company and they have recently had a new network installed, we are still negotiating a support contact with the suppliers of the equipment but until then I need to resolve an issue with routing between VLANs.

I have one VLAN (ID = 10) and other VLAN (ID = 11) the 11 vlan houses a product demo suite, so basically a second dummy network. I need to be able to control one of the devices on VLAN 11 from VLAN 10, now this sounds easy right? It is all setup with trunk ports etc, there is a trunk between the Router and main switch, all encapsulation is set to DOT1Q, here is the weird part I can ping to the device (10.11.x.x on vlan 11) from any device on the VLAN 10 (10.10.x.x) but if I try and connect to the management console which uses port 80 it does not want to know. I have tried setting up another IIS website to see if i can access that, still no joy. I cannot access devices on VLAN 10 from VLAN 11 either buit again I can ping. Whats even stranger is that I am able to connect when incoming through a VPN connection to the network which uses a 10.50.x.x range and is VLSM.

Any ideas would be great I have tried everything and its really starting to annoy me. (Plus ive got my CCNA3 final tonight argggh)

Cheers

Lee

Labels:
0 Helpful
16 Replies 16

Go to solution
leejones365
Level 1
Level 1
In response to Richard Burts

‎02-20-2008 04:27 AM

Rick,

Thanks again and to Bart for supplying me with the answer I needed. I will continue to use this forum for issues I may encounter, I might also try to aid other users where possible, as I mentioned earlier I had my CCNA3 final on monday (passed by the way :-))but the forum has helped me in areas such as this (route-maps) before I wouldnt have known what they do but now I do :)

Cheers again.

Lee

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to leejones365

‎02-19-2008 08:51 AM

Lee

I have been looking at this as an issue of routing between the 2 VLANs and assuming that there was no connectivity. The response from Craig made me go back and read again your original post and I see that I was way off track. Your description clearly says that there is basic connectivity between the VLANs and that you are able to ping the device in VLAN 11. So it is not a basic connectivity/routing issue as I had been thinking. And Craig is exactly right that the issue is the Policy Based Routing that is configured on the VLAN subinterface. That Policy Based Routing says that any packet received on that interface which is tcp port 80 (which you say is how you need to access the device in VLAN 11) will be sent out the dialer interface. This is exactly why you can not web to the device from VLAN 10 but can do so with no issue on your VPN connection (which is not doing the PBR).

To fix this you will need to modify access list 153 so that it denies traffic with source address in VLAN 10 and destination address in VLAN 11.

HTH

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card