Cisco 3560 Vlans

rweaver313
rweaver313 used Ask the Experts™
on
I have a Cisco 3560G Layer 2 switch with a Standard Image that I want to put multiple Vlans on. I want to be able to access the Internet from all vlans. I am not an expert on Cisco switches so I am need of help. I am not sure how to setup the switch. I have setup Cisco 3560 switches before with only one vlan and they seem to work okay. All I did was assigne the switch an IP address and default gateway and I was able to access the Internet,  but now I need to create multiple vlans.When I attempted to do this process on my own I was only able to access the Internet from one Vlan, the one with the default gateway. The switch will not allow me to create multiple default gateways. What do I need to do to get all three vlans access to the Internet?

I have a Cisco 6509 and 4507 that both have multiple vlans that are able to access the Internet. I don't know what I am doing wrong. Please HELP!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
vlan database
 vlan 10 name 10
 vlan 20 name 20
 vlan 20 name 20
apply

after that you able to use the vlans

if you have vtp server, you only need the to config the vlans on the server, and the client make syncronize

Commented:
Hi

A 3560G switch supports layer 3 (as does your 6509 and 4507) If you have multiple vlans, they need to be able to route via a layer 3 device to get to a default gateway.

Otherwise you can only have one active vlan.
You can (if you don't already have it) download an image that supports layer 3 and setup the switch to route accordingly:

e.g.
interface Vlan6
 description *** Data - lab ***
 ip address 10.10.10.1 255.255.255.0
!
interface Vlan8
 description *** Data - Server ***
 ip address 10.20.20.1 255.255.255.0
 
ip default-gateway 10.10.10.15
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.15


hth
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
If you want to use L3 on 3560 you must enable ip routing:

conf t
ip routing
Learn SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

Commented:
1. You need to creat your VLANs on your switch with:

(config)# vlan <number>

2. Assign each port to the VLAN that you want:

(conf-if)#switchport access vlan <number>

3. If your switch supports routing, you create an interface for each vlan and assign an IP address:

(config)# interface Vlan 2
(config-if)#ip add 10.1.1.1 255.255.255.0

Otherwise, you need a router to pass traffic between VLANs. The router would need to be plugged in as a trunk and setup with sub interfaces. Let me know if this is the case and I will provide info.

4. Setup each PC to use they're appropriate VLAN interface as they're default gateway.

5. Add an IP route on your switch pointing to the Internet
(config)#ip route 0.0.0.0 0.0.0.0 10.1.1.5

And thats it.
Istvan KalmarHead of IT Security Division
Top Expert 2010

Commented:
Don't forget config the uplink to trunk!

Author

Commented:
The Cisco 6509 that I have was setup to support layer 3. What needs to be done on the 6509?
Since you have multiple vlans you will need to enable routing on the switch and configure a layer three interface for all Vlans. You will then need to connect the switch to your internet device.


!configure vlans
vlan 100
name sales
vlan 200
name test
 
!create layer three interface per vlan
int vlan 100
ip address 10.x.x.x 255.255.255.0
no shut
 
int vlan 200
ip address 10.1.0.0 255.255.255.0
no shut
 
!enalbe routing on the switch
ip routing
 
 
your vlans can now communicate with eachother but they do not know how to access the internet.
 
All devices should point to the ip address of the vlan interface for their default gateway. Your switch should then use a default route to access the internet
 
ip route 0.0.0.0 0.0.0.0 192.x.x.x <--ip address of the next hop device the switch is connected to for internet access. IF this is a router or firewall you will then need to configure a route on it to point traffic back to each vlan. Alternativly you could set up a dynamic routing protocol such as OSPF to do this automatically.
 
Let me know if you need anything else

Open in new window

Commented:
Ok  - if the 6509 already is your core, the 3560 needs to be setup with your vlans and it sounds like you have already done this.
Don't create vlan interfaces on your switch for all vlans - just the native vlan or management vlan.
You will then need to configure a trunk port on your 3560 and a corresponding one on the 6509 to carry the tagged vlan traffic:

interface FastEthernet0/48
 description *** trunk to 6509***
 switchport trunk encapsulation dot1q
 switchport trunk native vlan [native vlan]
 switchport mode trunk

Do you have trunk ports setup on the rest of your network?
"You will then need to configure a trunk port on your 3560 and a corresponding one on the 6509 to carry the tagged vlan traffic"

why would you want to trunk vlan traffic to the 6509 so it can preform routing when the 3560 can do the same thing? You are just causing un-needed overhead

preform the routing on the 3560 and set a default route out the switch.

Commented:
that1guy15

Because he has a standard layer 2 image on the switch and says he is using the 6509 for layer 3 routing already.
From what i understand all 3560 (standard or extended ) support layer three. Am I off?
Yeah the standard image supports :

"Basic RIP and static routing, upgradable to full dynamic IP routing Chart_body Style Sheet"

pulled from
http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps5528/prod_bulletin0900aecd801c5bf2.html

Commented:
You could be right - he mentioned layer 2 switch with standard image.

Either way, the 6509 is doing layer 3 routing as we discovered later in the thread.  Theres no point in having 2 layer 3 devices routing the same vlans as they would need different vlan ips.

At the beginning of the thread, I thought it was just 1 switch at site also.
Oh. did not see were he was using the 6509 for the same VLANS. then yes i would agree to use the 6509 unless it is already being overloaded.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial