Cisco 3550 Vlan setup

I need help setting up a new vlan on a cisco 3550 switch and I need the new vlan to be able to access the internet. I enabled ip routing on switch and I gave the new vlan an IP Address of 30.30.1.1. Also, I have moved fast 0/29 port to the new vlan and enable switchport mode access and spanning-tree portfast. The computer that I have connected to fast 0/39 port has an IP Address of 30.30.1.100 and a default gateway of 30.30.1.1. I can ping 30.30.1.1 from the computer, but I cannot ping the firewall, 10.1.0.9 and the default gateway, 10.1.0.254. Please help.
henjohn1520Asked:
Who is Participating?
 
that1guy15Commented:
You also need to add a route for that VLAN so the 3550 knows were to send traffic.

You can either use a default route that will route all traffic (from any VLAN) to the internet facing interface:

ip route 0.0.0.0 0.0.0.0 10.1.0.9 <--- either use the next hop address or the internet facing interface (fa0/1)

or a static route

ip route 30.30.1.0 255.255.255.0 10.1.0.9
0
 
JFrederick29Commented:
The firewall needs a route to 30.30.1.0/24 via the VLAN interface on the switch that resides in the 10.1.0.0/24 subnet.
0
 
henjohn1520Author Commented:
What about dns? Do I have to create an access list to allow vlan 3 access to the dns server on vlan 1?
0
Cloud Class® Course: CompTIA Cloud+

The CompTIA Cloud+ Basic training course will teach you about cloud concepts and models, data storage, networking, and network infrastructure.

 
that1guy15Commented:
Unless you already have an ACL in place blocking DNS traffic into VLAN1, DNS traffic should route to VLAN1 and back just fine.
0
 
henjohn1520Author Commented:
No. So no access list is need to route between vlans, just ip routing. I cannot ping any ip address in vlan 1  and ip routing is enabled on the switch. Also, I attached config of the switch. Can you take a look at it?
Building configuration...
 
Current configuration : 3899 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname HBSW01
!
!
no aaa new-model
ip subnet-zero
ip routing
!
vtp interface vlan
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 switchport mode dynamic desirable
!
interface FastEthernet0/2
 switchport mode dynamic desirable
!
interface FastEthernet0/3
 switchport mode dynamic desirable
!
interface FastEthernet0/4
 switchport mode dynamic desirable
!
interface FastEthernet0/5
 switchport mode dynamic desirable
!
interface FastEthernet0/6
 switchport mode dynamic desirable
!
interface FastEthernet0/7
 switchport mode dynamic desirable
!
interface FastEthernet0/8
 switchport mode dynamic desirable
!
interface FastEthernet0/9
 switchport mode dynamic desirable
!
interface FastEthernet0/10
 switchport mode dynamic desirable
!
interface FastEthernet0/11
 switchport mode dynamic desirable
!
interface FastEthernet0/12
 switchport mode dynamic desirable
!
interface FastEthernet0/13
 switchport mode dynamic desirable
!
interface FastEthernet0/14
 switchport mode dynamic desirable
!
interface FastEthernet0/15
 switchport mode dynamic desirable
!
interface FastEthernet0/16
 switchport mode dynamic desirable
!
interface FastEthernet0/17
 switchport mode dynamic desirable
!
interface FastEthernet0/18
 switchport mode dynamic desirable
!
interface FastEthernet0/19
 switchport mode dynamic desirable
!
interface FastEthernet0/20
 switchport mode dynamic desirable
!
interface FastEthernet0/21
 switchport mode dynamic desirable
!
interface FastEthernet0/22
 switchport mode dynamic desirable
!
interface FastEthernet0/23
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport mode dynamic desirable
!
interface FastEthernet0/25
 switchport mode dynamic desirable
!
interface FastEthernet0/26
 switchport mode dynamic desirable
!
interface FastEthernet0/27
 switchport mode dynamic desirable
!
interface FastEthernet0/28
 switchport mode dynamic desirable
!
interface FastEthernet0/29
 switchport mode dynamic desirable
!
interface FastEthernet0/30
 switchport mode dynamic desirable
!
interface FastEthernet0/31
 switchport mode dynamic desirable
!
interface FastEthernet0/32
 switchport mode dynamic desirable
!
interface FastEthernet0/33
 switchport mode dynamic desirable
!
interface FastEthernet0/34
 switchport mode dynamic desirable
!
interface FastEthernet0/35
 switchport mode access
!
interface FastEthernet0/36
 switchport mode dynamic desirable
!
interface FastEthernet0/37
 switchport mode dynamic desirable
!
interface FastEthernet0/38
 switchport mode dynamic desirable
!
interface FastEthernet0/39
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface FastEthernet0/40
 switchport mode dynamic desirable
!
interface FastEthernet0/41
 switchport mode dynamic desirable
!
interface FastEthernet0/42
 switchport mode dynamic desirable
!
interface FastEthernet0/43
 switchport mode dynamic desirable
!
interface FastEthernet0/44
 switchport mode dynamic desirable
!
interface FastEthernet0/45
 switchport mode dynamic desirable
!
interface FastEthernet0/46
 switchport mode dynamic desirable
!
interface FastEthernet0/47
 switchport mode dynamic desirable
!
interface FastEthernet0/48
 switchport mode dynamic desirable
!
interface GigabitEthernet0/1
 switchport mode dynamic desirable
!
interface GigabitEthernet0/2
 switchport mode dynamic desirable
!
interface Vlan1
 ip address 10.1.50.1 255.255.0.0
!
interface Vlan2
 no ip address
!
interface Vlan3
 ip address 30.30.1.1 255.255.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.0.254
ip route 30.30.0.0 255.255.0.0 10.1.0.9
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password dahlia
 login
line vty 5 15
 password dahlia
 login
!
end

Open in new window

0
 
keno44Commented:
Hi HenJohn,

I would recommend you logon to your switch and encrypt your password so the next running-config will not display your password in plain text. You should probably change your passwords to. If you ever do get this switch connected to the Internet and your firewall isn't blocking inbound traffic, the entire forum will know how to logon to your switch (not that anyone here would), just a best practice.

Regards,

HBSW01(config)#service password-encryption

Then change your secret, VTY and console passwords.

HBSW01(config)#enable secret 'yourNewPWD'
HBSW01(config)#line vty 0 4
HBSW01(config-line)#password 'yourNewTelnetPwd'
HBSW01(config)#line con 0
HBSW01(config-line)#password 'yourNewConPwd'
0
 
JFrederick29Commented:
You can remove this:

conf t
no ip route 30.30.0.0 255.255.0.0 10.1.0.9

What is the default gateway for VLAN1 hosts (10.1.0.254 or 10.1.50.1)?  If 10.1.0.254, that router (10.1.0.254) needs a route to 30.30.0.0/16 via 10.1.50.1.

The 30.30.0.0/16 hosts should have a default gateway of 30.30.1.1.

The Firewall also needs a route to 30.30.0.0/16 via 10.1.50.1.  
0
 
henjohn1520Author Commented:
The default gateway for VLAN1 is 10.1.0.254. Can you show me commands for the above?
0
 
JFrederick29Commented:
What model router is 10.1.0.254?  If cisco:

ip route 30.30.0.0 255.255.0.0 10.1.50.1
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.