Cisco 3750 routing vlans

Posted on 2004-11-12
Last Modified: 2008-03-06
Hello experts

I do have a small question for you..

I have 3750 configured with around 30 vlans. The default vlan1 has an ip and one of the ports in that vlan is connected to a PIX. Half of those vlans have access to the PIX as they suppose to. Now I have a different network configured in other vlans with address breaked down in different subnets. Its subnet is a vlan. Now I want all these 11.110.28.x vlans to go to a router (1761) and not to the pix at all. So basically VLANS 1 - 222 go to the PIX (vlan1) and VLANS 600 - 800 go to the router vlan601. If we forget vlans 1 - 222, I have 6 GigabitEthernet, 4 of those go to a vlan600 which are the servers one is going to a 2950 gigabit port and they are trunk auto 802.1q which is seperated in vlan621 vlan 622 and so on, and the other port of 3750 is going to a router (1761) in vlan 601 with the ip address The router has a WIC-4esw and can display the vlans from 3750, I assigned both the 3750 port and the 1761 port to be switchport mode access in vlan 601. I changed the interface for vlan 601 ip address to

Uffffff..... Now I can ping from 3750 the which is the router and also from router the ip which is the 3750. My problem is that I can not ping the router from any other vlan.... WHYYYYYYYYYY?

Question by:HOMS-SA
    LVL 13

    Expert Comment

    You could use policy based routing where you access lists and route maps to define which IP addressees get routed to PIX, and the 1761 using the next hop command.
    LVL 79

    Expert Comment

    Does the 1761 router have any routes to any subnets other than connected, and possibly a default?
    Does it have anything like:
       ip route
       ip route <wherever>


    Author Comment

    To Irmoore

    the only route I have is (PIX). Whatever goes through PIX is going to the internet somehow. Vlans 1 - 222 have ips 192.168.x.x and my private network have ips 11.110.x.x which I don't want them to go to internet. If I remove the default routing and place a route they will not go to internet. I placed also the (28 and 29) which is the router but nothing happened.

    To Dr_IP

    I tried to do a PBR but to enable that I found out that I need to sdm prefer routing. We have two 3750 one with gigabit port and one with 48 Fastethernet and 4 gigabits stacked together. I don't know if you can imagine what happened....... Anyway I reload the switch and after that there was no stacked switch it could't recognise the 48port switch. When I put the sdp prefer default desktop back again then everything was like before (a while ago before but don't mind)...

    So i have to find out more.....I guess???????????
    LVL 13

    Expert Comment

    Sorry policy based routing didn’t work out, but sometimes the only way to find out it doesn’t work is to try it. Also this is one of the reasons I am leery of all in one-box solutions, as they are not always so all in one as they should be. If it had been just a router, it probably would have worked, but since it’s a switch trying to be a router too, one of its idiosyncrasies came out and bit you.

    As for another solution, the only other one I can think of is somewhat messy, and could hurt network performance, as it would mean configuring the 1761 do the primary routing for those VLAN’s that you want it to be the default path to outside of the local network. If you are not dealing with a lot of inter VLAN routing, it’d probably be ok, but if you are, I doubt it’s powerful enough to handle the task, but you could always give it a try. They way you would do this, is configure VLAN’s on the 1761 for the relevant VLAN’s, changes its port on the switch to trunking, and the set the hosts default gateway to the corresponding IP address for that VLAN. This is not what I would call an ideal solution, but it might be ok in your situation.

    Author Comment

    Well hello again

    I managed to bring both the switches in sdm prefer routing desktop (cause 3750-48TS-E switch can only be in desktop version not in an aggregate). Now I created a

    Standard IP access list 50
        permit, wildcard bits (163 matches)

    route-map TST permit 50
     match ip address 50
     set ip next-hop
     set ip next-hop verify-availability

    Ok now the
    interface GigabitEthernet1/0/12
     switchport access vlan 601
    interface Vlan601
     ip address

    I get into a vlan interface lets say vlan 800
    interface Vlan800
     ip address
     ip route-cache policy
     ip policy route-map SQOM

    From the other side of gi1/0/12 to 1761 the fastethernet is configured just with the ip You can ping from  the router the (vlan601).

    But still I can not ping the router but now I can not ping the other side(PIX). any ideas?


    Author Comment

    What I meant is that I can not ping the router from a pc in vlan 800. when i debug ip policy i get

    001379: 18:52:28: IP: route map TST, item 50, permit
    001380: 18:52:28: datagramsize=243, IP 34287: s= (Vlan800), d= (Vlan601), totlen 229, fragment 0, fo 0,
     policy routed
    001381: 18:52:28: IP: Vlan800 to Vlan601

    I suppose the s is the source and d is the destination which in this case is which is the broadcast from the


    Author Comment

    Thank you very much to all of you.


    I did find the solution. As you already know its always the little things.

    I had to configure the ip of the router's (1761) interface to with subnet

    Now everything is going where they should be THANK you again.

    Accepted Solution

    Question answered by asker or dialog valuable.
    Closed, 500 points refunded.
    ee_ai_construct (replacement part #xm34)
    Community Support Admin

    Featured Post

    Free Trending Threat Insights Every Day

    Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

    Join & Write a Comment

    Problem Description:   Couple of months ago we upgraded the ADSL line at our branch office from Home to Business line. The purpose of transforming the service to have static public IP’s. We were in need for public IP’s to publish our web resour…
    In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
    After creating this article (, I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

    733 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now