Cisco 3750 routing vlans

Hello experts

I do have a small question for you..

I have 3750 configured with around 30 vlans. The default vlan1 has an ip and one of the ports in that vlan is connected to a PIX. Half of those vlans have access to the PIX as they suppose to. Now I have a different network configured in other vlans with address breaked down in different subnets. Its subnet is a vlan. Now I want all these 11.110.28.x vlans to go to a router (1761) and not to the pix at all. So basically VLANS 1 - 222 go to the PIX (vlan1) and VLANS 600 - 800 go to the router vlan601. If we forget vlans 1 - 222, I have 6 GigabitEthernet, 4 of those go to a vlan600 which are the servers one is going to a 2950 gigabit port and they are trunk auto 802.1q which is seperated in vlan621 vlan 622 and so on, and the other port of 3750 is going to a router (1761) in vlan 601 with the ip address The router has a WIC-4esw and can display the vlans from 3750, I assigned both the 3750 port and the 1761 port to be switchport mode access in vlan 601. I changed the interface for vlan 601 ip address to

Uffffff..... Now I can ping from 3750 the which is the router and also from router the ip which is the 3750. My problem is that I can not ping the router from any other vlan.... WHYYYYYYYYYY?

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

You could use policy based routing where you access lists and route maps to define which IP addressees get routed to PIX, and the 1761 using the next hop command.
Does the 1761 router have any routes to any subnets other than connected, and possibly a default?
Does it have anything like:
   ip route
   ip route <wherever>

HOMS-SAAuthor Commented:
To Irmoore

the only route I have is (PIX). Whatever goes through PIX is going to the internet somehow. Vlans 1 - 222 have ips 192.168.x.x and my private network have ips 11.110.x.x which I don't want them to go to internet. If I remove the default routing and place a route they will not go to internet. I placed also the (28 and 29) which is the router but nothing happened.

To Dr_IP

I tried to do a PBR but to enable that I found out that I need to sdm prefer routing. We have two 3750 one with gigabit port and one with 48 Fastethernet and 4 gigabits stacked together. I don't know if you can imagine what happened....... Anyway I reload the switch and after that there was no stacked switch it could't recognise the 48port switch. When I put the sdp prefer default desktop back again then everything was like before (a while ago before but don't mind)...

So i have to find out more.....I guess???????????
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

Sorry policy based routing didn’t work out, but sometimes the only way to find out it doesn’t work is to try it. Also this is one of the reasons I am leery of all in one-box solutions, as they are not always so all in one as they should be. If it had been just a router, it probably would have worked, but since it’s a switch trying to be a router too, one of its idiosyncrasies came out and bit you.

As for another solution, the only other one I can think of is somewhat messy, and could hurt network performance, as it would mean configuring the 1761 do the primary routing for those VLAN’s that you want it to be the default path to outside of the local network. If you are not dealing with a lot of inter VLAN routing, it’d probably be ok, but if you are, I doubt it’s powerful enough to handle the task, but you could always give it a try. They way you would do this, is configure VLAN’s on the 1761 for the relevant VLAN’s, changes its port on the switch to trunking, and the set the hosts default gateway to the corresponding IP address for that VLAN. This is not what I would call an ideal solution, but it might be ok in your situation.
HOMS-SAAuthor Commented:
Well hello again

I managed to bring both the switches in sdm prefer routing desktop (cause 3750-48TS-E switch can only be in desktop version not in an aggregate). Now I created a

Standard IP access list 50
    permit, wildcard bits (163 matches)

route-map TST permit 50
 match ip address 50
 set ip next-hop
 set ip next-hop verify-availability

Ok now the
interface GigabitEthernet1/0/12
 switchport access vlan 601
interface Vlan601
 ip address

I get into a vlan interface lets say vlan 800
interface Vlan800
 ip address
 ip route-cache policy
 ip policy route-map SQOM

From the other side of gi1/0/12 to 1761 the fastethernet is configured just with the ip You can ping from  the router the (vlan601).

But still I can not ping the router but now I can not ping the other side(PIX). any ideas?

HOMS-SAAuthor Commented:
What I meant is that I can not ping the router from a pc in vlan 800. when i debug ip policy i get

001379: 18:52:28: IP: route map TST, item 50, permit
001380: 18:52:28: datagramsize=243, IP 34287: s= (Vlan800), d= (Vlan601), totlen 229, fragment 0, fo 0,
 policy routed
001381: 18:52:28: IP: Vlan800 to Vlan601

I suppose the s is the source and d is the destination which in this case is which is the broadcast from the

HOMS-SAAuthor Commented:
Thank you very much to all of you.


I did find the solution. As you already know its always the little things.

I had to configure the ip of the router's (1761) interface to with subnet

Now everything is going where they should be THANK you again.
Question answered by asker or dialog valuable.
Closed, 500 points refunded.
ee_ai_construct (replacement part #xm34)
Community Support Admin

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.