?
Solved

InterVLAN Routing

Posted on 2011-10-24
4
Medium Priority
?
231 Views
Last Modified: 2012-05-12
Have a Cisco 3550 switch that I am trying to set up with two VLANs in addition to the management VLAN.
 
VLAN2 is for data and has a DHCP scope assigned to it.
VLAN3 is for voice and has a DHCP scope assigned to it.

Port 17 has been tagged as VLAN2, and the devices plugged into that port do receive their DHCP provisioning appropriately, but those devices cannot access the Internet.

All other devices plugged into any other ports -- members of the default management VLAN, can get to the Internet.

Obviously, the 3550 itself can also access the Internet and all internal devices.

To me, this seems like an inter-VLAN routing issue since devices in VLAN2 are not able to route through the management VLAN.  I have checked the config and I believe I have programmed the 3550 to allow inter-VLAN routing.

I am attaching the config file.
Anyone have any suggestions?

cisco-3550-run-confg-masked.txt
0
Comment
Question by:tchancev
  • 2
  • 2
4 Comments
 
LVL 18

Expert Comment

by:jmeggers
ID: 37018870
So first off, and not that it matters a great deal because you're NATing, but you realize that your VLAN 3 addresses are public addresses, not private?  The private range for 172 addresses is 172.16.0.0/12, or 172.16.0.0 through 172.31.255.255.

You have NAT configured but I don't see anywhere that you've indicated where the inside and outside NAT interfaces are.  You might want to consider not trying to NAT on the switch, but leave that at your Internet gateway.  

Can you ping the Internet gateway device (10.1.1.1?) sourcing traffic from the VLAN 2 IP address?  It's very possible it doesn't know where that subnet is located.
0
 

Author Comment

by:tchancev
ID: 37020487
Thank you for the eye-opener on the VLAN 3 subnet.
Just an oversight with copy and paste.
Got VLAN 3 corrected to use 172.16.30.0/24.

I created the NAT access-list simply to troubleshoot the inability to connect to the Internet via VLAN 2.  I was just trying to see if it was a NAT issue.  

And no, I cannot ping the gateway at 10.1.1.1 from a VLAN 2 device with a 192.168.1.n address.  I do think it is a routing issue, which is why I believe that inter-VLAN routing, or the lack thereof, is keeping me from getting to the gateway in VLAN 1 from a network device in VLAN 2.

So, if you picture the prior config file with the VLAN 3 subnet corrections, and the removal of the NAT access list, you now have what my current config looks like.

The 3550 can still reach all network devices in all VLANs, and can access the gateway, and can receive ICMP responses from public DNS servers.  But devices in VLAN 2 cannot get out to the Internet.

Any ideas what I may be overlooking?
0
 
LVL 18

Accepted Solution

by:
jmeggers earned 2000 total points
ID: 37025124
You should absolutely be able to ping 10.1.1.1 from the switch since the switch has a VLAN1 address of 10.1.1.2.  What's unclear is whether the 10.1.1.1 device knows about 172.16.30.0 and 192.168.1.0.  That's the next thing I would check, is the routing table on 10.1.1.1 to see if those networks are listed in its known routes.
0
 

Author Closing Comment

by:tchancev
ID: 37026328
Yes, the 10.1.1.1 device did have routes created back to the 192.168.1.0/24 and 172.16.30.0/24 subnets.
However, the particular 10.1.1.1 router had those routes disabled.
Once the routes were enabled, devices in VLAN2 and VLAN3 are able to reach the gateway and Internet.
Thank you for all your help!
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
Screencast - Getting to Know the Pipeline
Suggested Courses

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question