Help getting inter-vlan routing between three switches working
Hello Cisco Experts,
I'm trying to figure out how to configure inter-VLAN routing on a test network of mine. The network consists of three switches and two PCs. One switch (named FLAGSTAFF-SW) is playing the role of a distribution switch. The other two swiches (SALES-SW and ENGINEERING-SW) are playing the role of access level switches.
I configured trunk ports on both the access switches to the distribution switch. On the distribution switch I configured an SVI for each subnet and assigned it an IP. My workstation on each subnet has been configured with the IP of the SVI for that subnet (on the distribution switch) as its gateway. I can ping the SVI from each workstation, so it looks to me like layer 2 is working.
I did change the default vlan from 1 t0 600, but I did that on each trunk port, so there is no mismatch that I'm seeing.
Any ways, I've been pulling my hair out for hours trying to figure out why this setup is not working. Any help any of you can provide will be greatly appreciated.
I may ask questions as I'm trying to learn this stuff.
Configs from each switch are below.
Thanks,
Nick
FLAGSTAFF-SW
FLAGSTAFF-SW#show running-config
Building configuration...
Current configuration : 3035 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname FLAGSTAFF-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
aaa authentication login local local
!
!
!
!
ip routing
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$DqBVb1u9tBBclIYaA.
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
vtp mode transparent
!
spanning-tree mode pvst
!
!
!
!
vlan 10
name SALES
!
vlan 20
name ENGINEERING
!
vlan 250
name MANAGEMENT
!
vlan 513
name DISABLED_PORTS
!
vlan 600
name TRUNKING
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 513
shutdown
!
interface FastEthernet0/3
switchport access vlan 513
shutdown
!
interface FastEthernet0/4
switchport access vlan 513
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
shutdown
!
interface FastEthernet0/23
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
!
interface GigabitEthernet0/2
switchport access vlan 513
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.254 255.255.255.0
!
interface Vlan20
ip address 172.16.20.254 255.255.255.0
!
interface Vlan250
ip address 10.10.250.50 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
The results of show ip route on this switch is as follows:
FLAGSTAFF-SW#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.10.0 is directly connected, Vlan10
C 10.10.250.0 is directly connected, Vlan250
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.20.0 is directly connected, Vlan20
The other two switches are playing the role of access level switches. Their configs are as follows:
SALES-SW
SALES-SW#show running-config
Building configuration...
Current configuration : 3125 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SALES-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
!
!
!
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$PXcLUQB8C/pCiPIS7Z
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
!
interface GigabitEthernet0/2
switchport access vlan 513
!
interface Vlan1
no ip address
shutdown
!
interface Vlan250
ip address 10.10.250.20 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
ENGINEERING-SW
ENGINEERING-SW#show running-config
Building configuration...
Current configuration : 2661 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname ENGINEERING-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
aaa authentication login local local
!
!
!
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$PXcLUQB8C/pCiPIS7Z
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
switchport access vlan 513
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
shutdown
!
interface FastEthernet0/23
switchport access vlan 513
shutdown
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 513
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan250
ip address 10.10.250.21 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
I'm trying to figure out how to configure inter-VLAN routing on a test network of mine. The network consists of three switches and two PCs. One switch (named FLAGSTAFF-SW) is playing the role of a distribution switch. The other two swiches (SALES-SW and ENGINEERING-SW) are playing the role of access level switches.
I configured trunk ports on both the access switches to the distribution switch. On the distribution switch I configured an SVI for each subnet and assigned it an IP. My workstation on each subnet has been configured with the IP of the SVI for that subnet (on the distribution switch) as its gateway. I can ping the SVI from each workstation, so it looks to me like layer 2 is working.
I did change the default vlan from 1 t0 600, but I did that on each trunk port, so there is no mismatch that I'm seeing.
Any ways, I've been pulling my hair out for hours trying to figure out why this setup is not working. Any help any of you can provide will be greatly appreciated.
I may ask questions as I'm trying to learn this stuff.
Configs from each switch are below.
Thanks,
Nick
FLAGSTAFF-SW
FLAGSTAFF-SW#show running-config
Building configuration...
Current configuration : 3035 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname FLAGSTAFF-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
aaa authentication login local local
!
!
!
!
ip routing
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$DqBVb1u9tBBclIYaA.
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
vtp mode transparent
!
spanning-tree mode pvst
!
!
!
!
vlan 10
name SALES
!
vlan 20
name ENGINEERING
!
vlan 250
name MANAGEMENT
!
vlan 513
name DISABLED_PORTS
!
vlan 600
name TRUNKING
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 513
shutdown
!
interface FastEthernet0/3
switchport access vlan 513
shutdown
!
interface FastEthernet0/4
switchport access vlan 513
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
shutdown
!
interface FastEthernet0/23
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
!
interface GigabitEthernet0/2
switchport access vlan 513
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.254 255.255.255.0
!
interface Vlan20
ip address 172.16.20.254 255.255.255.0
!
interface Vlan250
ip address 10.10.250.50 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
The results of show ip route on this switch is as follows:
FLAGSTAFF-SW#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.10.10.0 is directly connected, Vlan10
C 10.10.250.0 is directly connected, Vlan250
172.16.0.0/24 is subnetted, 1 subnets
C 172.16.20.0 is directly connected, Vlan20
The other two switches are playing the role of access level switches. Their configs are as follows:
SALES-SW
SALES-SW#show running-config
Building configuration...
Current configuration : 3125 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname SALES-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
!
!
!
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$PXcLUQB8C/pCiPIS7Z
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/4
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/23
switchport access vlan 513
switchport mode access
shutdown
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
!
interface GigabitEthernet0/2
switchport access vlan 513
!
interface Vlan1
no ip address
shutdown
!
interface Vlan250
ip address 10.10.250.20 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
ENGINEERING-SW
ENGINEERING-SW#show running-config
Building configuration...
Current configuration : 2661 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
service password-encryption
!
hostname ENGINEERING-SW
!
!
!
enable secret 5 $1$mERr$O2pBZlhcXrfdiqVGup
!
!
!
!
!
aaa new-model
!
aaa authentication login local local
!
!
!
!
!
!
!
username ntdcc privilege 15 secret 5 $1$mERr$PXcLUQB8C/pCiPIS7Z
!
!
!
!
!
ip ssh version 2
ip domain-name NTDCC.local
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport access vlan 250
!
interface FastEthernet0/2
switchport access vlan 20
!
interface FastEthernet0/3
switchport access vlan 20
!
interface FastEthernet0/4
switchport access vlan 513
shutdown
!
interface FastEthernet0/5
switchport access vlan 513
shutdown
!
interface FastEthernet0/6
switchport access vlan 513
shutdown
!
interface FastEthernet0/7
switchport access vlan 513
shutdown
!
interface FastEthernet0/8
switchport access vlan 513
shutdown
!
interface FastEthernet0/9
switchport access vlan 513
shutdown
!
interface FastEthernet0/10
switchport access vlan 513
shutdown
!
interface FastEthernet0/11
switchport access vlan 513
shutdown
!
interface FastEthernet0/12
switchport access vlan 513
shutdown
!
interface FastEthernet0/13
switchport access vlan 513
shutdown
!
interface FastEthernet0/14
switchport access vlan 513
shutdown
!
interface FastEthernet0/15
switchport access vlan 513
shutdown
!
interface FastEthernet0/16
switchport access vlan 513
shutdown
!
interface FastEthernet0/17
switchport access vlan 513
shutdown
!
interface FastEthernet0/18
switchport access vlan 513
shutdown
!
interface FastEthernet0/19
switchport access vlan 513
shutdown
!
interface FastEthernet0/20
switchport access vlan 513
shutdown
!
interface FastEthernet0/21
switchport access vlan 513
shutdown
!
interface FastEthernet0/22
switchport access vlan 513
shutdown
!
interface FastEthernet0/23
switchport access vlan 513
shutdown
!
interface FastEthernet0/24
switchport access vlan 600
switchport trunk native vlan 600
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
switchport access vlan 513
shutdown
!
interface GigabitEthernet0/2
switchport access vlan 513
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan250
ip address 10.10.250.21 255.255.255.0
!
interface Vlan600
no ip address
!
ip classless
!
!
!
!
!
!
!
line con 0
password 7 08020D5D0A4926181C1803082F
logging synchronous
line vty 0 4
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
line vty 5 15
password 7 08020D5D0A4931121E050910
logging synchronous
transport input ssh
!
!
!
end
Can you reiterate what exactly is the problem you are having?
I see that you don't have vlan 600 assigned to any access ports, so what exactly are you trying to do with it? Are you using it as a blackhole vlan?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
So far you are on the right track
FLAGSTAFF-SW is an L3 switch (has ip routing enabled) - Excellent
SVI is needed as configured on this switch - Excellent
The 1st thing is to verify that the switches can ping one another on the management vlan (assuming that's what you plan to use vlan 250 for)
Add default gateway to the access switches and try to ping 10.10.10.254 and 10.10.20.254
ip default-gateway 10.10.250.50
Post the results of these tests and we can go from there. We will worry abot computers connecting once we have connection between the switches themselves.
- Layer 1 and 2 verification
show ip int b
connected interfaces should be UP and UP (not administratively down or down)
- Layer 3 verification
switches ability to ping each other
All the best
FLAGSTAFF-SW is an L3 switch (has ip routing enabled) - Excellent
SVI is needed as configured on this switch - Excellent
The 1st thing is to verify that the switches can ping one another on the management vlan (assuming that's what you plan to use vlan 250 for)
Add default gateway to the access switches and try to ping 10.10.10.254 and 10.10.20.254
ip default-gateway 10.10.250.50
Post the results of these tests and we can go from there. We will worry abot computers connecting once we have connection between the switches themselves.
- Layer 1 and 2 verification
show ip int b
connected interfaces should be UP and UP (not administratively down or down)
- Layer 3 verification
switches ability to ping each other
All the best
ASKER
I found the mis-match with the show trunk command.
By looking at the configurations, I assume these are layer 2 switches and not layer 3 or multilayer. For inter vlan to work we need to have a layer 3 device in the network. It can be a router or a layer 3 switch.
By creating VLANs, you are dividing the broadcast domain.
A switch creates an entire broadcast domain of itself (provided that there's only one VLAN) since broadcasts are a layer 2 concept (mac address related)
Whereas, the VLANs breaks the boundaries and creates multiple broadcasts domains.
Number of broadcasts domain = number of VLANs
Since every VLAN belongs to a different VLAN, the traffic will not flow between VLANs unless there is a layer 3 device to route traffic. Hence, you will have to install a Router or a Layer 3 switch in your network to enable Inter VLAN routing.
Additional Info:
Layer 2 Switch: It doesn't understand IP (layer 3 header) and works only on MAC (layer 2 header). Hence, entire layer 2 switch is treated as a single broadcast domain.
What does that mean? If information has to travel within same broadcast domain, the source and destination devices HAVE to be on same Subnet (same network).
By creating VLANs we are tagging VLAN IDs between layer 2 and layer 3. Pict below
Using switch without VLANs compromises the network and makes it vulnerable. How?
Lets say, Person on port 1 is sales and person on port 2 is engineering. You do not want person 1 to be able to look at person 2. You will not be able to accomplish this on a layer 2 switch as all ports will be on same subnet. You will have to get a router and divide the network which in turn divides the broadcast domain and restrict person 1's access to person 2. But, you do not have a router :(
You can very well implement VLANs, and assign switch ports to different VLANs and hence segregate traffic. Once you create VLANs, a VLAN ID will be added to the frame (layer 2) and sent out. The port 1 receives the frame and check for destination MAC address and also the VLAN ID of that frame.
Now, suppose switch has MAC entry in its MAC Table against port 2. The switch now knows where the destination device is (port 2, based on its MAC table). The switch will now check for VLAN ID of incoming frame and check whether the port 2 is a member of same VLAN that this packet has in its VLAN ID? If yes, it will forward the frame; if not, it will discard the frame.
You will need a router to enable inter VLAN. Look for router on a stick.
Hope this helps :)