vburshteyn
asked on
vlan routing
Hi folks,
I asked this question before but i want to clarify it:
I have two networks:
Network A
ds3 router - ASA 5505 -- Catalyst 4507 (172.17.20.x /24 range)
Network B
(10.59.1.x/range)
MPLS router - ASA 5500 --- Cisco Catalyst WS-C2950T-48 (this network does not have a data line yet)
I have connected a cross over cable to port fa3/25 ( i created vlan 10 and assigned this port to it ) on the 4507 model and to port 0/48 ( on the 2950 its also vlan 10)
Ill put the configuration later, but
on the 4507
vlan 10 is set with 10.59.1.2
the ip route table:
Gateway of last resort is 172.17.20.1 to network 0.0.0.0
205.132.168.0/32 is subnetted, 1 subnets
S 205.132.168.191 [1/0] via 10.59.1.1
is directly connected, Vlan10
172.17.0.0/24 is subnetted, 2 subnets
C 172.17.30.0 is directly connected, Vlan2
C 172.17.20.0 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 1 subnets
C 10.59.1.0 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 172.17.20.1
So my problem is that i can hit the 10.59.1.2 ip. but i cant hit anything else on that subnet.
This is the 4507 config file. the other switch has basic configuration.
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service compress-config
service sequence-numbers
!
hostname BW4507
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$..TJ$eVZs7a9JgfF2SAJgEQ
!
no aaa new-model
qos
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 3 to dscp 26
qos map cos 5 to dscp 46
ip subnet-zero
!
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
redundancy
mode sso
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name VoiceVLAN
!
vlan 10
name BAA
!
policy-map autoqos-voip-policy
class class-default
dbl
!
!
interface TenGigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
qos trust cos
macro description cisco-switch
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree link-type point-to-point
service-policy output autoqos-voip-policy
!
interface FastEthernet3/3
switchport mode access
switchport voice vlan 2
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
qos trust cos
qos trust device cisco-phone
macro description cisco-phone
auto qos voip cisco-phone
tx-queue 3
--More--
interface FastEthernet3/25
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface Vlan1
ip address 172.17.20.2 255.255.255.0
!
interface Vlan2
ip address 172.17.30.2 255.255.255.0
!
interface Vlan10
ip address 10.59.1.2 255.255.255.0
!
ip route profile
ip route 0.0.0.0 0.0.0.0 172.17.20.1 permanent
ip route 10.59.1.0 255.255.255.0 Vlan10
ip route 205.132.168.191 255.255.255.255 10.59.1.1 permanent
ip route 205.132.168.191 255.255.255.255 Vlan10
ip http server
!
!
!
!
control-plane
I asked this question before but i want to clarify it:
I have two networks:
Network A
ds3 router - ASA 5505 -- Catalyst 4507 (172.17.20.x /24 range)
Network B
(10.59.1.x/range)
MPLS router - ASA 5500 --- Cisco Catalyst WS-C2950T-48 (this network does not have a data line yet)
I have connected a cross over cable to port fa3/25 ( i created vlan 10 and assigned this port to it ) on the 4507 model and to port 0/48 ( on the 2950 its also vlan 10)
Ill put the configuration later, but
on the 4507
vlan 10 is set with 10.59.1.2
the ip route table:
Gateway of last resort is 172.17.20.1 to network 0.0.0.0
205.132.168.0/32 is subnetted, 1 subnets
S 205.132.168.191 [1/0] via 10.59.1.1
is directly connected, Vlan10
172.17.0.0/24 is subnetted, 2 subnets
C 172.17.30.0 is directly connected, Vlan2
C 172.17.20.0 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 1 subnets
C 10.59.1.0 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 172.17.20.1
So my problem is that i can hit the 10.59.1.2 ip. but i cant hit anything else on that subnet.
This is the 4507 config file. the other switch has basic configuration.
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service compress-config
service sequence-numbers
!
hostname BW4507
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$..TJ$eVZs7a9JgfF2SAJgEQ
!
no aaa new-model
qos
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 3 to dscp 26
qos map cos 5 to dscp 46
ip subnet-zero
!
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
redundancy
mode sso
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name VoiceVLAN
!
vlan 10
name BAA
!
policy-map autoqos-voip-policy
class class-default
dbl
!
!
interface TenGigabitEthernet1/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
qos trust cos
macro description cisco-switch
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree link-type point-to-point
service-policy output autoqos-voip-policy
!
interface FastEthernet3/3
switchport mode access
switchport voice vlan 2
switchport port-security
switchport port-security maximum 2
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
qos trust cos
qos trust device cisco-phone
macro description cisco-phone
auto qos voip cisco-phone
tx-queue 3
--More--
interface FastEthernet3/25
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface Vlan1
ip address 172.17.20.2 255.255.255.0
!
interface Vlan2
ip address 172.17.30.2 255.255.255.0
!
interface Vlan10
ip address 10.59.1.2 255.255.255.0
!
ip route profile
ip route 0.0.0.0 0.0.0.0 172.17.20.1 permanent
ip route 10.59.1.0 255.255.255.0 Vlan10
ip route 205.132.168.191 255.255.255.255 10.59.1.1 permanent
ip route 205.132.168.191 255.255.255.255 Vlan10
ip http server
!
!
!
!
control-plane
ASKER
Yup, we are already routing between vlan 1 and 2.
sorry if i am wrong, i am new to cisco.
sorry if i am wrong, i am new to cisco.
What about the clients on subnet 10.59.1.0 network? Do they have default-gateway set to 10.59.1.2 ?
If they have another router as default gateway. Does that router have routes to 172.17.20.0/24 and 172.17.30.0/24 ?
If they have another router as default gateway. Does that router have routes to 172.17.20.0/24 and 172.17.30.0/24 ?
ASKER
10.59.1.x/32 is its own network it goes out via MPLS.
I just want to connect the two networks so that all data that is destined to go to 10.59.1.x will go to vlan 10 and out through the mpls
I just want to connect the two networks so that all data that is destined to go to 10.59.1.x will go to vlan 10 and out through the mpls
Then the MPLS-router has to have routes to 172.31.20.0/24 and 172.31.30.0/24 with next-hop 10.59.1.2
If you can do it yourself its a breeze. But if it is a service provider that handles the MPLS-router you have to place an order to them.
If you can do it yourself its a breeze. But if it is a service provider that handles the MPLS-router you have to place an order to them.
ASKER
ok sorry for the confusion..
I am trying to route the data from network a to network b via level 3 switch and network A side. I am not touching the routers
I am trying to route the data from network a to network b via level 3 switch and network A side. I am not touching the routers
If you are logged in to the 4507.
Can you ping the MPLS router?
Can you also ping 172.31.20.1?
If it doesn't work you have connectivity problems on the vlans.
If you reach both addresses you don't have any connectivity problems.
The only thing you have to do is to configure routing in the MPLS-router as I said before, and (as I forgot before) you probably also want to add a route in the ASA5505 to network 10.59.1.0/24 with next hop 172.31.20.2 depending on what you want to do.
Can you ping the MPLS router?
Can you also ping 172.31.20.1?
If it doesn't work you have connectivity problems on the vlans.
If you reach both addresses you don't have any connectivity problems.
The only thing you have to do is to configure routing in the MPLS-router as I said before, and (as I forgot before) you probably also want to add a route in the ASA5505 to network 10.59.1.0/24 with next hop 172.31.20.2 depending on what you want to do.
I sent my last comment before I saw yours.
Please tell me between wich IP-addresses you want to reach. (Just give two addresses as an example)
Please tell me between wich IP-addresses you want to reach. (Just give two addresses as an example)
ASKER
the problem is that the 4507 is not routing the data between the vlans.
Even though i have the
IP route 10.59.1.x /24 vlan 2 rule i cant hit the opposite switch.
so from 172.17.20.2 -> 10.59.1.4 via cross over cable
Even though i have the
IP route 10.59.1.x /24 vlan 2 rule i cant hit the opposite switch.
so from 172.17.20.2 -> 10.59.1.4 via cross over cable
172.17.20.2 is the 4507 itself so that should not have any problem to send packets to 10.59.1.4
But how does it look from 10.59.1.4 point of view. What kind of equipment is it?
If it is a PC, what default gateway does it have?
If it is a router, L3 switch or firewall, does it have a route to 172.31.20.0/24 ?
But how does it look from 10.59.1.4 point of view. What kind of equipment is it?
If it is a PC, what default gateway does it have?
If it is a router, L3 switch or firewall, does it have a route to 172.31.20.0/24 ?
ASKER
10.59.1.4 is a Cisco Catalyst WS-C2950T-48
What routes or default-gateway does that have?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Open in new window
excuted on the switch to activate L3 ?