Cisco 3550 switch vlan routing
I have a Cisco 3550 switch I am setting up but having some issues with.
We have two different WAN connections from different providers.
We are using many internal vLANs.
Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.
I have vlans 3-31 setup and addressed.
I cant seem to ping the addresses assigned to the vlans, I either get TTL expired or timed out errors. I am assuming this is a routing issue.
Subnets given to us:
ISP 1
162.74.36.32/30 – For router access and management
162.74.36.48/29
162.74.36.56/29
162.74.36.64/29
162.74.36.72/29
ISP 2
38.122.90.32/29 – Router access
183.76.132.0/24
183.76.133.0/24
183.76.134.0/24
183.76.135.0/24
We have two different WAN connections from different providers.
We are using many internal vLANs.
Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.
I have vlans 3-31 setup and addressed.
I cant seem to ping the addresses assigned to the vlans, I either get TTL expired or timed out errors. I am assuming this is a routing issue.
Subnets given to us:
ISP 1
162.74.36.32/30 – For router access and management
162.74.36.48/29
162.74.36.56/29
162.74.36.64/29
162.74.36.72/29
ISP 2
38.122.90.32/29 – Router access
183.76.132.0/24
183.76.133.0/24
183.76.134.0/24
183.76.135.0/24
IPs have been changed.
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
switchport mode dynamic desirable
no ip address
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/3
switchport mode access
no ip address
!!
interface FastEthernet0/5
switchport access vlan 6
switchport mode access
no ip address
!!!!
interface FastEthernet0/17
switchport access vlan 6
switchport mode access
no ip address
!
interface FastEthernet0/18
switchport access vlan 7
switchport mode dynamic desirable
no ip address
!!!!!!!!!
interface FastEthernet0/42
switchport access vlan 31
switchport mode access
no ip address
!
interface FastEthernet0/43
switchport access vlan 3
switchport mode access
no ip address
!!!!
interface FastEthernet0/48
switchport access vlan 3
switchport mode access
no ip address
!
interface Vlan1
ip address 162.74.36.34 255.255.255.252
!
interface Vlan2
ip address 133.152.90.35 255.255.255.248
!
interface Vlan3
ip address 162.74.36.57 255.255.255.248 secondary
ip address 162.74.36.65 255.255.255.248 secondary
ip address 162.74.36.73 255.255.255.248 secondary
ip address 162.74.36.49 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan6
ip address 133.76.132.1 255.255.255.0
!
interface Vlan7
ip address 133.76.133.1 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan8
ip address 133.76.133.9 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan9
ip address 133.76.133.17 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan10
ip address 133.76.133.25 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan11
ip address 133.76.133.33 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan12
ip address 133.76.133.41 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan13
ip address 133.76.133.49 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan14
ip address 133.76.133.57 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan15
ip address 133.76.133.65 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan16
ip address 133.76.133.73 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan17
ip address 133.76.133.81 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan18
ip address 133.76.133.89 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan19
ip address 133.76.133.97 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan20
ip address 133.76.133.105 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan21
ip address 133.76.133.113 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan22
ip address 133.76.133.121 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan23
ip address 133.76.133.129 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan24
ip address 133.76.133.137 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan25
ip address 133.76.133.145 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan26
ip address 133.76.133.153 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan27
ip address 133.76.133.161 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan28
ip address 133.76.133.169 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan29
ip address 133.76.133.177 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan30
ip address 133.76.133.185 255.255.255.248
ip helper-address 133.76.132.12
!
interface Vlan31
ip address 133.76.133.193 255.255.255.248
ip helper-address 133.76.132.12
!
ip classless
ip route 0.0.0.0 0.0.0.0 162.74.36.33
ip route 0.0.0.0 0.0.0.0 133.152.90.33
ip route 133.76.132.0 255.255.255.0 133.152.90.33
ip route 162.74.36.0 255.255.255.0 162.74.36.33
ip http server
!
!
End
Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.That's not what your config says...
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
no ip address
!
interface FastEthernet0/3
switchport mode access
no ip address
!!Also, can you do a show vlan brief to see if the VLANs actually exist on the switch (they should because you've assigned them as access VLANs, but you never know) and show ip interface brief to see if the SVIs are UP/UP?
ASKER
The vlans are all public addresses, as that is what we are trying to setup.
To clarify I can ping the switch on both ports 2 and 3 ( both uplinks) but not the vlans past that.
To clarify I can ping the switch on both ports 2 and 3 ( both uplinks) but not the vlans past that.
So you can ping each ISP router from the switch?
ASKER
Yes I can ping out to both ISPs. All the interfaces and vlans are UP UP that have a device connected to them.
Can a host on one VLAN ping a host on a different VLAN?
ASKER
That I will need to check, it is in a datacenter and devices setup yet.
From what IP subnet are you trying to ping from?
What port is the device connect to that you are ping'ing from?
What port is the device connect to that you are ping'ing from?
ASKER
So I cant ping to the interfaces Vlan 3-31.
I have a device in vlan 6, It can ping Vlan 6's address of 133.76.132.1 but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.
I have a device in vlan 6, It can ping Vlan 6's address of 133.76.132.1 but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.
Are you sure you have the right IP addresses?
In your post you have the 1st octet as 183, in your config you have 133.
The whole range of 183.76.0.0 - 183.77.255.255 is assigned to Asahi Net.
Where as the 133.76.0.0/16 is assigned to National Institute for Fusion Science.
Are you either one of these?
The 38.122.90.32 and all of the 162.74.36.xx addresses is assigned in the USA.
In your post you have the 1st octet as 183, in your config you have 133.
The whole range of 183.76.0.0 - 183.77.255.255 is assigned to Asahi Net.
Where as the 133.76.0.0/16 is assigned to National Institute for Fusion Science.
Are you either one of these?
The 38.122.90.32 and all of the 162.74.36.xx addresses is assigned in the USA.
ASKER
I did change the first 2 octets for anonymity, caught me. Maybe I need routes so that that switch knows the router access (Vlan2) is the way out for the Vlan6 and other 3 subnets? Or do I need some sort of vlan access to classify.
VLan 2 183.122.90.32/29 – Router access assigned to fa 0/2
Vlan 6 183.76.132.0/24 - Using above link but different subnet
Vlan * 183.76.133.0/24
Vlan * 183.76.134.0/24
Vlan * 183.76.135.0/24
VLan 2 183.122.90.32/29 – Router access assigned to fa 0/2
Vlan 6 183.76.132.0/24 - Using above link but different subnet
Vlan * 183.76.133.0/24
Vlan * 183.76.134.0/24
Vlan * 183.76.135.0/24
You have "ip routing" specified. So the 3550 should route to/from all VLAN's it knows about.
If you do do a "show int vlan 3" or any other VLAN number, does it show as active?
From the switch can you ping all of the IP addresses that are configured on the switch?
Dumb question, why do you have "ip helper-address 133.76.132.12" on all of your VLANs?
The main, not the only, but the main reason for ip helper-address is for DHCP.
If you do do a "show int vlan 3" or any other VLAN number, does it show as active?
From the switch can you ping all of the IP addresses that are configured on the switch?
Dumb question, why do you have "ip helper-address 133.76.132.12" on all of your VLANs?
The main, not the only, but the main reason for ip helper-address is for DHCP.
ASKER
There will be a DHCP server with the address specified.
Show int Vlan 6 does show Up/Up and Active
That is the vlan im mostly checking as that has a server attached that is ip'd
The switch can ping to the vlan addresses assigned
For IP routing what how should that look for the subnets
something like ip route 183.76.132.0 255.255.255.0 183.122.90.33
^ ^ ^
Vlan 6 address /24 ISP gateway for that uplink
Show int Vlan 6 does show Up/Up and Active
That is the vlan im mostly checking as that has a server attached that is ip'd
The switch can ping to the vlan addresses assigned
For IP routing what how should that look for the subnets
something like ip route 183.76.132.0 255.255.255.0 183.122.90.33
^ ^ ^
Vlan 6 address /24 ISP gateway for that uplink
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Are the IP addresses assigned to VLANs 3-31 private addresses? If not, that's your problem.