InterVLAN Routing

Have a Cisco 3550 switch that I am trying to set up with two VLANs in addition to the management VLAN.
 
VLAN2 is for data and has a DHCP scope assigned to it.
VLAN3 is for voice and has a DHCP scope assigned to it.

Port 17 has been tagged as VLAN2, and the devices plugged into that port do receive their DHCP provisioning appropriately, but those devices cannot access the Internet.

All other devices plugged into any other ports -- members of the default management VLAN, can get to the Internet.

Obviously, the 3550 itself can also access the Internet and all internal devices.

To me, this seems like an inter-VLAN routing issue since devices in VLAN2 are not able to route through the management VLAN.  I have checked the config and I believe I have programmed the 3550 to allow inter-VLAN routing.

I am attaching the config file.
Anyone have any suggestions?

cisco-3550-run-confg-masked.txt
tchancevAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John MeggersNetwork ArchitectCommented:
So first off, and not that it matters a great deal because you're NATing, but you realize that your VLAN 3 addresses are public addresses, not private?  The private range for 172 addresses is 172.16.0.0/12, or 172.16.0.0 through 172.31.255.255.

You have NAT configured but I don't see anywhere that you've indicated where the inside and outside NAT interfaces are.  You might want to consider not trying to NAT on the switch, but leave that at your Internet gateway.  

Can you ping the Internet gateway device (10.1.1.1?) sourcing traffic from the VLAN 2 IP address?  It's very possible it doesn't know where that subnet is located.
0
tchancevAuthor Commented:
Thank you for the eye-opener on the VLAN 3 subnet.
Just an oversight with copy and paste.
Got VLAN 3 corrected to use 172.16.30.0/24.

I created the NAT access-list simply to troubleshoot the inability to connect to the Internet via VLAN 2.  I was just trying to see if it was a NAT issue.  

And no, I cannot ping the gateway at 10.1.1.1 from a VLAN 2 device with a 192.168.1.n address.  I do think it is a routing issue, which is why I believe that inter-VLAN routing, or the lack thereof, is keeping me from getting to the gateway in VLAN 1 from a network device in VLAN 2.

So, if you picture the prior config file with the VLAN 3 subnet corrections, and the removal of the NAT access list, you now have what my current config looks like.

The 3550 can still reach all network devices in all VLANs, and can access the gateway, and can receive ICMP responses from public DNS servers.  But devices in VLAN 2 cannot get out to the Internet.

Any ideas what I may be overlooking?
0
John MeggersNetwork ArchitectCommented:
You should absolutely be able to ping 10.1.1.1 from the switch since the switch has a VLAN1 address of 10.1.1.2.  What's unclear is whether the 10.1.1.1 device knows about 172.16.30.0 and 192.168.1.0.  That's the next thing I would check, is the routing table on 10.1.1.1 to see if those networks are listed in its known routes.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
tchancevAuthor Commented:
Yes, the 10.1.1.1 device did have routes created back to the 192.168.1.0/24 and 172.16.30.0/24 subnets.
However, the particular 10.1.1.1 router had those routes disabled.
Once the routes were enabled, devices in VLAN2 and VLAN3 are able to reach the gateway and Internet.
Thank you for all your help!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.