[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

Cisco 3550 switch vlan routing

Posted on 2013-12-30
15
Medium Priority
?
976 Views
Last Modified: 2014-01-15
I have a Cisco 3550 switch I am setting up but having some issues with.
 
We have two different WAN connections from different providers.
We are using many internal vLANs.

Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.

I have vlans 3-31 setup and addressed.

I cant seem to ping the addresses assigned to the vlans, I either get TTL expired or timed out errors.  I am assuming this is a routing issue.

Subnets given to us:
ISP 1
162.74.36.32/30 – For router access and management
162.74.36.48/29
162.74.36.56/29
162.74.36.64/29
162.74.36.72/29

ISP 2
38.122.90.32/29 – Router access
183.76.132.0/24
183.76.133.0/24
183.76.134.0/24
183.76.135.0/24

IPs have been changed.
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport mode dynamic desirable
 no ip address
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface FastEthernet0/3
 switchport mode access
 no ip address
!!
interface FastEthernet0/5
 switchport access vlan 6
 switchport mode access
 no ip address
!!!!
interface FastEthernet0/17
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/18
 switchport access vlan 7
 switchport mode dynamic desirable
 no ip address
!!!!!!!!!
interface FastEthernet0/42
 switchport access vlan 31
 switchport mode access
 no ip address
!
interface FastEthernet0/43
 switchport access vlan 3
 switchport mode access
 no ip address
!!!!
interface FastEthernet0/48
 switchport access vlan 3
 switchport mode access
 no ip address
!
interface Vlan1
 ip address 162.74.36.34 255.255.255.252
!
interface Vlan2
 ip address 133.152.90.35 255.255.255.248
!
interface Vlan3
 ip address 162.74.36.57 255.255.255.248 secondary
 ip address 162.74.36.65 255.255.255.248 secondary
 ip address 162.74.36.73 255.255.255.248 secondary
 ip address 162.74.36.49 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan6
 ip address 133.76.132.1 255.255.255.0
!
interface Vlan7
 ip address 133.76.133.1 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan8
 ip address 133.76.133.9 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan9
 ip address 133.76.133.17 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan10
 ip address 133.76.133.25 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan11
 ip address 133.76.133.33 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan12
 ip address 133.76.133.41 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan13
 ip address 133.76.133.49 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan14
 ip address 133.76.133.57 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan15
 ip address 133.76.133.65 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan16
 ip address 133.76.133.73 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan17
 ip address 133.76.133.81 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan18
 ip address 133.76.133.89 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan19
 ip address 133.76.133.97 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan20
 ip address 133.76.133.105 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan21
 ip address 133.76.133.113 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan22
 ip address 133.76.133.121 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan23
 ip address 133.76.133.129 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan24
 ip address 133.76.133.137 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan25
 ip address 133.76.133.145 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan26
 ip address 133.76.133.153 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan27
 ip address 133.76.133.161 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan28
 ip address 133.76.133.169 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan29
 ip address 133.76.133.177 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan30
 ip address 133.76.133.185 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan31
 ip address 133.76.133.193 255.255.255.248
 ip helper-address 133.76.132.12
!
ip classless
ip route 0.0.0.0 0.0.0.0 162.74.36.33
ip route 0.0.0.0 0.0.0.0 133.152.90.33
ip route 133.76.132.0 255.255.255.0 133.152.90.33
ip route 162.74.36.0 255.255.255.0 162.74.36.33
ip http server
!
!
End


   

Open in new window

0
Comment
Question by:Daeta42
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
  • 3
  • +1
15 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39746497
Personally, I would have made the two ports to the ISP's layer-3 ports and assigned the IP addresses to the ports.  But it works the way you did too.

Are the IP addresses assigned to VLANs 3-31 private addresses? If not, that's your problem.
0
 
LVL 47

Expert Comment

by:Craig Beck
ID: 39746520
Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.
That's not what your config says...
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface FastEthernet0/3
 switchport mode access
 no ip address
!!

Open in new window

Have you tried swapping the interfaces to see if that helps?

Also, can you do a show vlan brief to see if the VLANs actually exist on the switch (they should because you've assigned them as access VLANs, but you never know) and show ip interface brief to see if the SVIs are UP/UP?
0
 

Author Comment

by:Daeta42
ID: 39746530
The vlans are all public addresses, as that is what we are trying to setup.

To clarify I can ping the switch on both ports 2 and 3 ( both uplinks)  but not the vlans past that.
0
Are You Ready for GDPR?

With the GDPR deadline set for May 25, 2018, many organizations are ill-prepared due to uncertainty about the criteria for compliance. According to a recent WatchGuard survey, a staggering 37% of respondents don't even know if their organization needs to comply with GDPR. Do you?

 
LVL 47

Expert Comment

by:Craig Beck
ID: 39746542
So you can ping each ISP router from the switch?
0
 

Author Comment

by:Daeta42
ID: 39746561
Yes I can ping out to both ISPs. All the interfaces and vlans are UP UP that have a device connected to them.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 39746596
Can a host on one VLAN ping a host on a different VLAN?
0
 

Author Comment

by:Daeta42
ID: 39746668
That I will need to check, it is in a datacenter and devices setup yet.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39747234
From what IP subnet are you trying to ping from?

What port is the device connect to that you are ping'ing from?
0
 

Author Comment

by:Daeta42
ID: 39747344
So I cant ping to the interfaces Vlan 3-31.
 I have a device in vlan 6, It can ping Vlan 6's address of  133.76.132.1  but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39747366
Are you sure you have the right IP addresses?

In your post  you have the 1st octet as 183, in your config you have 133.

The whole range of 183.76.0.0 - 183.77.255.255 is assigned to Asahi Net.

Where as the 133.76.0.0/16 is assigned to National Institute for Fusion Science.

Are you either one of these?


The 38.122.90.32 and all of the 162.74.36.xx addresses is assigned in the USA.
0
 

Author Comment

by:Daeta42
ID: 39747376
I did change the first 2 octets for anonymity, caught me. Maybe I need routes so that that switch knows the router access (Vlan2) is the way out for the Vlan6 and other 3 subnets? Or do I need some sort of vlan access to classify.

VLan 2 183.122.90.32/29 – Router access assigned to fa 0/2
Vlan 6 183.76.132.0/24 - Using above link but different subnet
Vlan * 183.76.133.0/24
Vlan * 183.76.134.0/24
Vlan * 183.76.135.0/24
0
 
LVL 57

Expert Comment

by:giltjr
ID: 39747401
You have "ip routing" specified.  So the 3550 should route to/from all VLAN's it knows about.

If you do do a "show int vlan 3" or any other VLAN number, does it show as active?

From the switch can you ping all of the IP addresses that are configured on the switch?

Dumb question, why do you have "ip helper-address 133.76.132.12" on all of your VLANs?

The main, not the only, but the main reason for ip helper-address is for DHCP.
0
 

Author Comment

by:Daeta42
ID: 39747422
There will be a DHCP server with the address specified.

Show int Vlan 6 does show Up/Up  and Active
That is the vlan im mostly checking as that has a server attached that is ip'd

The switch can ping to the vlan addresses assigned

For IP routing what how should that look for the subnets
something like ip route 183.76.132.0 255.255.255.0 183.122.90.33
                                                 ^                    ^                      ^
                                       Vlan 6 address       /24               ISP gateway for that uplink
0
 
LVL 57

Accepted Solution

by:
giltjr earned 1000 total points
ID: 39747467
Are you talking about routing outbound from your 3550 to the Internet?

Since a 3550 is not that powerful of a L3 device the best you can do with load blancing outbound traffic is to to have two default routes and let the 3550 do round robin, at least I think the 3550 will do that.

So if you are talking about outbound from your 3550, then you need two default routes like:

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2

Where 1.1.1.1 is the IP address of ISP#1' router and 2.2.2.2 is the IP address of ISP#2's router.

Unless you have internal subnets that the 3550 does not have an IP address for, you should not need any other routes.

Based on these routes:

ip route 133.76.132.0 255.255.255.0 133.152.90.33
ip route 162.74.36.0 255.255.255.0 162.74.36.33

I am assuming the 133.152.90.33 and 162.74.36.33 are the IP addresses of ISP#1 and #2's routers.  I don't see those addresses on your 3550.  You should not need those routes, as those subnets are on your 3550.

You should need the route for 133.76.132.0 255.255.255.0, because according to your configuration the 3550 has a interface on that subnet (VLAN 6), so it is directly connected and you don't need a route for anything you are directly connected to.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 1000 total points
ID: 39747954
So I cant ping to the interfaces Vlan 3-31.
 I have a device in vlan 6, It can ping Vlan 6's address of  133.76.132.1  but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.

If I'm reading this correctly, you're saying that from a host on VLAN6 you can ping the VLAN6 SVI (133.76.132.1), but you cannot ping the IP addresses assigned to any other VLAN. Is that correct?

If so then the problem has nothing to do with the ISPs. It is most likely an incorrect IP address/mask/default gateway assigned to the VLAN6 host.

Or it could be that your IP addresses/masks assigned to the switch are wrong. But there's no way we can determine that since we're dealing with altered addresses.
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Suggested Courses

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question