InterVLAN Routing

Posted on 2011-10-24
Last Modified: 2012-05-12
Have a Cisco 3550 switch that I am trying to set up with two VLANs in addition to the management VLAN.
VLAN2 is for data and has a DHCP scope assigned to it.
VLAN3 is for voice and has a DHCP scope assigned to it.

Port 17 has been tagged as VLAN2, and the devices plugged into that port do receive their DHCP provisioning appropriately, but those devices cannot access the Internet.

All other devices plugged into any other ports -- members of the default management VLAN, can get to the Internet.

Obviously, the 3550 itself can also access the Internet and all internal devices.

To me, this seems like an inter-VLAN routing issue since devices in VLAN2 are not able to route through the management VLAN.  I have checked the config and I believe I have programmed the 3550 to allow inter-VLAN routing.

I am attaching the config file.
Anyone have any suggestions?

Question by:tchancev
    LVL 18

    Expert Comment

    So first off, and not that it matters a great deal because you're NATing, but you realize that your VLAN 3 addresses are public addresses, not private?  The private range for 172 addresses is, or through

    You have NAT configured but I don't see anywhere that you've indicated where the inside and outside NAT interfaces are.  You might want to consider not trying to NAT on the switch, but leave that at your Internet gateway.  

    Can you ping the Internet gateway device ( sourcing traffic from the VLAN 2 IP address?  It's very possible it doesn't know where that subnet is located.

    Author Comment

    Thank you for the eye-opener on the VLAN 3 subnet.
    Just an oversight with copy and paste.
    Got VLAN 3 corrected to use

    I created the NAT access-list simply to troubleshoot the inability to connect to the Internet via VLAN 2.  I was just trying to see if it was a NAT issue.  

    And no, I cannot ping the gateway at from a VLAN 2 device with a 192.168.1.n address.  I do think it is a routing issue, which is why I believe that inter-VLAN routing, or the lack thereof, is keeping me from getting to the gateway in VLAN 1 from a network device in VLAN 2.

    So, if you picture the prior config file with the VLAN 3 subnet corrections, and the removal of the NAT access list, you now have what my current config looks like.

    The 3550 can still reach all network devices in all VLANs, and can access the gateway, and can receive ICMP responses from public DNS servers.  But devices in VLAN 2 cannot get out to the Internet.

    Any ideas what I may be overlooking?
    LVL 18

    Accepted Solution

    You should absolutely be able to ping from the switch since the switch has a VLAN1 address of  What's unclear is whether the device knows about and  That's the next thing I would check, is the routing table on to see if those networks are listed in its known routes.

    Author Closing Comment

    Yes, the device did have routes created back to the and subnets.
    However, the particular router had those routes disabled.
    Once the routes were enabled, devices in VLAN2 and VLAN3 are able to reach the gateway and Internet.
    Thank you for all your help!

    Featured Post

    Better Security Awareness With Threat Intelligence

    See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

    Join & Write a Comment

    Suggested Solutions

    I see many questions here on Experts Exchange regarding switch port configurations and trunks. This article is meant for beginners in the subject to help to get basic knowledge about Virtual Local Area Network (VLAN (…
    I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
    Sending a Secure fax is easy with eFax Corporate ( First, Just open a new email message.  In the To field, type your recipient's fax number You can even send a secure international fax — just include t…
    Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…

    732 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now