• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 5823
  • Last Modified:

Cisco 3750 routing vlans

Hello experts

I do have a small question for you..

I have 3750 configured with around 30 vlans. The default vlan1 has an ip 192.168.1.1 and one of the ports in that vlan is connected to a PIX. Half of those vlans have access to the PIX as they suppose to. Now I have a different network configured in other vlans with address 11.110.28.0 breaked down in different subnets. Its subnet is a vlan. Now I want all these 11.110.28.x vlans to go to a router (1761) and not to the pix at all. So basically VLANS 1 - 222 go to the PIX (vlan1) and VLANS 600 - 800 go to the router vlan601. If we forget vlans 1 - 222, I have 6 GigabitEthernet, 4 of those go to a vlan600 which are the servers one is going to a 2950 gigabit port and they are trunk auto 802.1q which is seperated in vlan621 vlan 622 and so on, and the other port of 3750 is going to a router (1761) in vlan 601 with the ip address 11.110.28.225 255.255.255.252. The router has a WIC-4esw and can display the vlans from 3750, I assigned both the 3750 port and the 1761 port to be switchport mode access in vlan 601. I changed the interface for vlan 601 ip address to 11.110.28.226 255.255.255.252..

Uffffff..... Now I can ping from 3750 the 11.110.28.226 which is the router and also from router the ip 11.110.28.225 which is the 3750. My problem is that I can not ping the router from any other vlan.... WHYYYYYYYYYY?


0
HOMS-SA
Asked:
HOMS-SA
1 Solution
 
Dr-IPCommented:
You could use policy based routing where you access lists and route maps to define which IP addressees get routed to PIX, and the 1761 using the next hop command.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_configuration_guide_chapter09186a00800ca590.html
0
 
lrmooreCommented:
Does the 1761 router have any routes to any subnets other than connected, and possibly a default?
Does it have anything like:
   ip route 11.0.0.0 255.0.0.0 11.110.28.225
   ip route 0.0.0.0 0.0.0.0 <wherever>

0
 
HOMS-SAAuthor Commented:
To Irmoore

the only route I have is 0.0.0.0 0.0.0.0 192.168.1.3 (PIX). Whatever goes through PIX is going to the internet somehow. Vlans 1 - 222 have ips 192.168.x.x and my private network have ips 11.110.x.x which I don't want them to go to internet. If I remove the default routing 0.0.0.0 0.0.0.0 192.168.1.3 and place a route 192.168.0.0 255.255.0.0 192.168.1.3 they will not go to internet. I placed also the 11.110.28.0 255.255.254.0 (28 and 29) 11.110.28.226 which is the router but nothing happened.

To Dr_IP

I tried to do a PBR but to enable that I found out that I need to sdm prefer routing. We have two 3750 one with gigabit port and one with 48 Fastethernet and 4 gigabits stacked together. I don't know if you can imagine what happened....... Anyway I reload the switch and after that there was no stacked switch it could't recognise the 48port switch. When I put the sdp prefer default desktop back again then everything was like before (a while ago before but don't mind)...

So i have to find out more.....I guess???????????
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
Dr-IPCommented:
Sorry policy based routing didn’t work out, but sometimes the only way to find out it doesn’t work is to try it. Also this is one of the reasons I am leery of all in one-box solutions, as they are not always so all in one as they should be. If it had been just a router, it probably would have worked, but since it’s a switch trying to be a router too, one of its idiosyncrasies came out and bit you.

As for another solution, the only other one I can think of is somewhat messy, and could hurt network performance, as it would mean configuring the 1761 do the primary routing for those VLAN’s that you want it to be the default path to outside of the local network. If you are not dealing with a lot of inter VLAN routing, it’d probably be ok, but if you are, I doubt it’s powerful enough to handle the task, but you could always give it a try. They way you would do this, is configure VLAN’s on the 1761 for the relevant VLAN’s, changes its port on the switch to trunking, and the set the hosts default gateway to the corresponding IP address for that VLAN. This is not what I would call an ideal solution, but it might be ok in your situation.
0
 
HOMS-SAAuthor Commented:
Well hello again

I managed to bring both the switches in sdm prefer routing desktop (cause 3750-48TS-E switch can only be in desktop version not in an aggregate). Now I created a

Standard IP access list 50
    permit 11.110.28.0, wildcard bits 0.0.1.255 (163 matches)

route-map TST permit 50
 match ip address 50
 set ip next-hop 11.110.28.226
 set ip next-hop verify-availability

Ok now the
interface GigabitEthernet1/0/12
 switchport access vlan 601
end
interface Vlan601
 ip address 11.110.28.225 255.255.255.252
end

I get into a vlan interface lets say vlan 800
interface Vlan800
 ip address 11.110.29.254 255.255.255.240
 ip route-cache policy
 ip policy route-map SQOM
end

From the other side of gi1/0/12 to 1761 the fastethernet is configured just with the ip 11.110.28.226 255.255.255.252. You can ping from  the router the 11.110.28.225 (vlan601).

But still I can not ping the router but now I can not ping the other side(PIX). any ideas?

0
 
HOMS-SAAuthor Commented:
What I meant is that I can not ping the router from a pc in vlan 800. when i debug ip policy i get

001379: 18:52:28: IP: route map TST, item 50, permit
001380: 18:52:28: datagramsize=243, IP 34287: s=11.110.29.242 (Vlan800), d=11.110.29.255 (Vlan601), totlen 229, fragment 0, fo 0,
 policy routed
001381: 18:52:28: IP: Vlan800 to Vlan601 11.110.28.226

I suppose the s is the source and d is the destination which in this case is 11.110.29.255 which is the broadcast from the 11.110.29.240 255.255.255.240.

0
 
HOMS-SAAuthor Commented:
Thank you very much to all of you.

But

I did find the solution. As you already know its always the little things.

I had to configure the ip of the router's (1761) interface to 11.110.28.226 with subnet 255.255.254.0.

Now everything is going where they should be THANK you again.
0
 
ee_ai_constructCommented:
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now