Layer 3 switch and ISP Router
I'm having a hard time getting vlan traffic past the L3 switch to the internet. I have a couple of L2 switches and some vlans and a L3 switch. All hosts on all vlans can ping each other, but I cant get them past the L3 switch, only the L3 switch can ping the router which is directly connected.
vlans
10 - 10.1.10.0
20 - 10.1.20.0
30 - 10.1.30.0
40 - 10.1.40.0
50 - 10.1.50.0
60 - 10.1.60.0 (vlan to ISP) (10.1.10.62 is the inside interface of the ISP router)
100 - 10.1.00.0 (Management vlan)
I created vlan interfaces for all the vlans on the L3 switch, all hosts point to the L3 switch as their default gateway. On the L3 switch I set a route to the ISP router as:
ip route 0.0.0.0 0.0.0.0 10.1.10.62
I also enabled ip routing
Since the switch is directly connected to the router I learned that I do not need to set static routes on on it, correct?
Where did I go wrong, why can I ping from the L3 switch to the router but thats it?
Show run on the L3 switch:
hostname Switch
!
!
!
!
!
ip routing
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 60
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 100
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description SERVERS_VLAN
ip address 10.1.10.1 255.255.255.0
!
interface Vlan20
description SALES_VLAN
ip address 10.1.20.1 255.255.255.0
!
interface Vlan30
description ACCOUNTING_VLAN
ip address 10.1.30.1 255.255.255.0
!
interface Vlan40
description IT_VLAN
ip address 10.1.40.1 255.255.255.0
!
interface Vlan50
description VOICE_VLAN
ip address 10.1.50.1 255.255.255.0
!
interface Vlan60
description TO_ISP
ip address 10.1.60.1 255.255.255.0
!
interface Vlan100
ip address 10.1.0.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.60.2
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Switch#show int gi0/1 switchport
Name: Gig0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 60 (TO_ISP)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
ROUTER:
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.60.0/24 is directly connected, GigabitEthernet0/0
L 10.1.60.2/32 is directly connected, GigabitEthernet0/0
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.1.60.2 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
FastEthernet0/0/0 unassigned YES unset administratively down down
FastEthernet0/0/1 unassigned YES unset administratively down down
FastEthernet0/0/2 unassigned YES unset administratively down down
FastEthernet0/0/3 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
vlans
10 - 10.1.10.0
20 - 10.1.20.0
30 - 10.1.30.0
40 - 10.1.40.0
50 - 10.1.50.0
60 - 10.1.60.0 (vlan to ISP) (10.1.10.62 is the inside interface of the ISP router)
100 - 10.1.00.0 (Management vlan)
I created vlan interfaces for all the vlans on the L3 switch, all hosts point to the L3 switch as their default gateway. On the L3 switch I set a route to the ISP router as:
ip route 0.0.0.0 0.0.0.0 10.1.10.62
I also enabled ip routing
Since the switch is directly connected to the router I learned that I do not need to set static routes on on it, correct?
Where did I go wrong, why can I ping from the L3 switch to the router but thats it?
Show run on the L3 switch:
hostname Switch
!
!
!
!
!
ip routing
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
interface FastEthernet0/1
switchport mode access
!
interface FastEthernet0/24
switchport mode access
!
interface GigabitEthernet0/1
switchport access vlan 60
switchport trunk encapsulation dot1q
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 100
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description SERVERS_VLAN
ip address 10.1.10.1 255.255.255.0
!
interface Vlan20
description SALES_VLAN
ip address 10.1.20.1 255.255.255.0
!
interface Vlan30
description ACCOUNTING_VLAN
ip address 10.1.30.1 255.255.255.0
!
interface Vlan40
description IT_VLAN
ip address 10.1.40.1 255.255.255.0
!
interface Vlan50
description VOICE_VLAN
ip address 10.1.50.1 255.255.255.0
!
interface Vlan60
description TO_ISP
ip address 10.1.60.1 255.255.255.0
!
interface Vlan100
ip address 10.1.0.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.60.2
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Switch#show int gi0/1 switchport
Name: Gig0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 60 (TO_ISP)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: All
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
ROUTER:
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.60.0/24 is directly connected, GigabitEthernet0/0
L 10.1.60.2/32 is directly connected, GigabitEthernet0/0
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.1.60.2 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
FastEthernet0/0/0 unassigned YES unset administratively down down
FastEthernet0/0/1 unassigned YES unset administratively down down
FastEthernet0/0/2 unassigned YES unset administratively down down
FastEthernet0/0/3 unassigned YES unset administratively down down
Serial0/1/0 unassigned YES unset administratively down down
Serial0/1/1 unassigned YES unset administratively down down
Vlan1 unassigned YES unset administratively down down
ASKER
I thought since it was directly connected it didnt need a route back since it already has one?
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.60.0/24 is directly connected, GigabitEthernet0/0
L 10.1.60.2/32 is directly connected, GigabitEthernet0/0
What command should I enter?
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.1.60.0/24 is directly connected, GigabitEthernet0/0
L 10.1.60.2/32 is directly connected, GigabitEthernet0/0
What command should I enter?
On int gi0/2, remove this line "switchport access vlan 100"
Also, since the VLAN IP addresses did not appear in the "sh ip int brief" command, run the command "sh vlan br" and make sure the VLAN interfaces are not shut. On newly created VLAN's, it is sometimes necessary to issue the "no shut" command for each VLAN.
One odd thing I noticed, the config shows int gi0/1 and gi0/2. But "sh ip int brief" shows int gi0/0 and gi0/1. So perhaps there is a problem with the Packet Tracer config?
Also, since the VLAN IP addresses did not appear in the "sh ip int brief" command, run the command "sh vlan br" and make sure the VLAN interfaces are not shut. On newly created VLAN's, it is sometimes necessary to issue the "no shut" command for each VLAN.
One odd thing I noticed, the config shows int gi0/1 and gi0/2. But "sh ip int brief" shows int gi0/0 and gi0/1. So perhaps there is a problem with the Packet Tracer config?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
eeRoot., I think the "sho ip int brief" is from the router, not the switch.
ASKER
I cant even ping the L3 switch now from any device. Why did you instruct me to remove the switchport access vlan 100 from gi0/2, just tryin gto understand?
On the L3 switch
I removed the vlan 100
Switch(config-if)#no switchport access vlan 100
On the L3 switch the "show ip int brief" shows all vlans up
Vlan1 unassigned YES unset administratively down down
Vlan10 10.1.10.1 YES manual up up
Vlan20 10.1.20.1 YES manual up up
Vlan30 10.1.30.1 YES manual up up
Vlan40 10.1.40.1 YES manual up up
Vlan50 10.1.50.1 YES manual up up
Vlan60 10.1.60.1 YES manual up up
Vlan100 10.1.0.1 YES manual up up
On the L3 switch
I removed the vlan 100
Switch(config-if)#no switchport access vlan 100
On the L3 switch the "show ip int brief" shows all vlans up
Vlan1 unassigned YES unset administratively down down
Vlan10 10.1.10.1 YES manual up up
Vlan20 10.1.20.1 YES manual up up
Vlan30 10.1.30.1 YES manual up up
Vlan40 10.1.40.1 YES manual up up
Vlan50 10.1.50.1 YES manual up up
Vlan60 10.1.60.1 YES manual up up
Vlan100 10.1.0.1 YES manual up up
Try pinging the ISP addresses from the other vlans.
Ping 10.1.10.62 source vlan (place number here)
This will truly verify if vlan routing is working
Ping 10.1.10.62 source vlan (place number here)
This will truly verify if vlan routing is working
VLAN routing on the L3 switch was working. All VLAN's on the L3 switch were talking to each other, via the L3 switch.
What was not working was the VLAN's could not talk to the router. This was because the router did not have any routes back to the VLAN's on the L3 switch except for the 1 VLAN that was used to interconnect the L3 switch and the router.
tolinrome:
On the L3 device Gi0/2 has "switchport mode trunk". This means it is operating in trunk mode. When a port is in trunk mode:
switchport access vlan ##
is ignored and of no use. It only confuses people.
What was not working was the VLAN's could not talk to the router. This was because the router did not have any routes back to the VLAN's on the L3 switch except for the 1 VLAN that was used to interconnect the L3 switch and the router.
tolinrome:
On the L3 device Gi0/2 has "switchport mode trunk". This means it is operating in trunk mode. When a port is in trunk mode:
switchport access vlan ##
is ignored and of no use. It only confuses people.
ASKER
Thanks your comment makes sense to me, why though Did i need to create the route manually on the router,i read if they are directly connected to the network it routes automatically?
Well sort of. Hosts that are in the same network do not need to route.
Routing is what is done in order to get IP packets to/from hosts that are not in the same IP subnet. When two hosts are in the same IP subnet they talk directly to each other.
Routing is what is done in order to get IP packets to/from hosts that are not in the same IP subnet. When two hosts are in the same IP subnet they talk directly to each other.
At a minimum it needs a route for 10.1.0.0/16 via 10.1.60.1.