screwbash
asked on
Inter-VLAN routing on a 3Com 4200G Switch
Pasted Below is the Current Configuration on the switches. It is two switches a 12port 4200G and 48 port 4200G. I have all the servers on one vlan and all host on a swperate vlan. I want to get both VLAN's to talk to each other.
Configuring login access control
sysname switch12fl1
system-view
acl number 2000 match-order config
rule 1 permit source 192.168.10.1 0
rule 2 permit source 192.168.20.1 0
rule 3 permit source 10.100.200.1 0
rule 4 deny source any
user-interface aux 0
authentication-mode none
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
speed 19200
protocol inbound telnet
user-interface vty 0 4
acl 2000 inbound
ip http acl 2000
acl number 3000
rule 1 deny ip source 192.168.10.0 255.255.255.0 destination 10.100.200.0 255.255.255.0
rule 2 deny ip source 192.168.20.0 255.255.255.0 destination 10.100.200.0 255.255.255.0
rule 3 deny ip source 10.100.200.0 255.255.255.0 destination 192.168.10.0 255.255.255.0
rule 3 deny ip source 10.100.200.0 255.255.255.0 destination 192.168.20.0 255.255.255.0
--------------------------
vlan 10
vlan 20
interface Vlan-interface 10
ip address 192.168.10.80 255.255.255.0
interface Vlan-interface 20
ip address 192.168.20.80 255.255.255.0
ip route-static 10.100.200.0 255.255.255.0 192.168.20.81
vlan 10
port GigabitEthernet1/0/1
vlan 20
port GigabitEthernet1/0/2
interface GigabitEthernet 1/0/1
port access vlan 10
Interface GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 10 20 30
--------------------------
sysname switch48fl1
system-view
acl number 2000 match-order config
rule 1 permit source 192.168.10.1 0
rule 2 permit source 192.168.20.1 0
rule 3 permit source 10.100.200.1 0
rule 4 deny source any
vlan 20
vlan 30
interface Vlan-interface 20
ip address 192.168.20.81 255.255.255.0
ip route-static 192.168.10.0 255.255.255.0 192.168.20.80
interface Vlan-interface 30
ip address 10.100.200.3 255.255.255.0
vlan 20
port GigabitEthernet1/0/33
vlan 30
port GigabitEthernet1/0/34
interface GigabitEthernet 1/0/34
port access vlan 30
Interface GigabitEthernet 1/0/33
port link-type trunk
port trunk permit vlan 10 20 30
Configuring login access control
sysname switch12fl1
system-view
acl number 2000 match-order config
rule 1 permit source 192.168.10.1 0
rule 2 permit source 192.168.20.1 0
rule 3 permit source 10.100.200.1 0
rule 4 deny source any
user-interface aux 0
authentication-mode none
user privilege level 2
history-command max-size 20
idle-timeout 6 0
screen-length 30
speed 19200
protocol inbound telnet
user-interface vty 0 4
acl 2000 inbound
ip http acl 2000
acl number 3000
rule 1 deny ip source 192.168.10.0 255.255.255.0 destination 10.100.200.0 255.255.255.0
rule 2 deny ip source 192.168.20.0 255.255.255.0 destination 10.100.200.0 255.255.255.0
rule 3 deny ip source 10.100.200.0 255.255.255.0 destination 192.168.10.0 255.255.255.0
rule 3 deny ip source 10.100.200.0 255.255.255.0 destination 192.168.20.0 255.255.255.0
--------------------------
vlan 10
vlan 20
interface Vlan-interface 10
ip address 192.168.10.80 255.255.255.0
interface Vlan-interface 20
ip address 192.168.20.80 255.255.255.0
ip route-static 10.100.200.0 255.255.255.0 192.168.20.81
vlan 10
port GigabitEthernet1/0/1
vlan 20
port GigabitEthernet1/0/2
interface GigabitEthernet 1/0/1
port access vlan 10
Interface GigabitEthernet 1/0/2
port link-type trunk
port trunk permit vlan 10 20 30
--------------------------
sysname switch48fl1
system-view
acl number 2000 match-order config
rule 1 permit source 192.168.10.1 0
rule 2 permit source 192.168.20.1 0
rule 3 permit source 10.100.200.1 0
rule 4 deny source any
vlan 20
vlan 30
interface Vlan-interface 20
ip address 192.168.20.81 255.255.255.0
ip route-static 192.168.10.0 255.255.255.0 192.168.20.80
interface Vlan-interface 30
ip address 10.100.200.3 255.255.255.0
vlan 20
port GigabitEthernet1/0/33
vlan 30
port GigabitEthernet1/0/34
interface GigabitEthernet 1/0/34
port access vlan 30
Interface GigabitEthernet 1/0/33
port link-type trunk
port trunk permit vlan 10 20 30
Did you by any chance, use a crosscable between the switches ? When connecting two switches ít is required that you use a crosscable and not a normal cable. you can easily make these, it's just that if you have connectors 1 to 8 turned around at the other end of the cable.
ASKER
Thats a very good question Anacondah. I am not sure a to they type of cable that is being used. By chance have you looked at the configuration to see if it is configured correctly. I am unable to test the inter-vlan routing by a simple test of ping.
Is it possible to put the "deny all" on top? so that the router doesnt think: 'Hm, permit that one, check, permit this, check. Oh. now i need to disable any IP, so i'm going to override the IP's i already set.'
Rather set it to Deny all, and then the 3 permitted IP's on both configurations.
about identifying a crosscable:
Please look at this: http://en.wikipedia.org/wiki/Ethernet_crossover_cable
even a ping wont work if theres a normal cable between both switches.
For the rest i have little sense for the configurations Screwbash, im guessing you know more than I do :P
Rather set it to Deny all, and then the 3 permitted IP's on both configurations.
about identifying a crosscable:
Please look at this: http://en.wikipedia.org/wiki/Ethernet_crossover_cable
even a ping wont work if theres a normal cable between both switches.
For the rest i have little sense for the configurations Screwbash, im guessing you know more than I do :P
ASKER
The access list hasn't been applied to the configuration. I checked the makeup of the cables between the switches and it is a crosscable. There are 3 cables from the 12 port 4200G switch going into 3 ports of the 48 port 4200 G. The 12 port is on vlan 10 and the 48 port is on vlan 20. Attached is arawing as to the layout.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Too bad i couldnt give any quick good answer. Anyhow, im glad to help. You gave yourself the points now tho :)