Solved

Cisco 3550 switch vlan routing

Posted on 2013-12-30
15
918 Views
Last Modified: 2014-01-15
I have a Cisco 3550 switch I am setting up but having some issues with.
 
We have two different WAN connections from different providers.
We are using many internal vLANs.

Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.

I have vlans 3-31 setup and addressed.

I cant seem to ping the addresses assigned to the vlans, I either get TTL expired or timed out errors.  I am assuming this is a routing issue.

Subnets given to us:
ISP 1
162.74.36.32/30 – For router access and management
162.74.36.48/29
162.74.36.56/29
162.74.36.64/29
162.74.36.72/29

ISP 2
38.122.90.32/29 – Router access
183.76.132.0/24
183.76.133.0/24
183.76.134.0/24
183.76.135.0/24

IPs have been changed.
ip subnet-zero
ip routing
!
spanning-tree mode pvst
spanning-tree extend system-id
!
interface FastEthernet0/1
 switchport mode dynamic desirable
 no ip address
!
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface FastEthernet0/3
 switchport mode access
 no ip address
!!
interface FastEthernet0/5
 switchport access vlan 6
 switchport mode access
 no ip address
!!!!
interface FastEthernet0/17
 switchport access vlan 6
 switchport mode access
 no ip address
!
interface FastEthernet0/18
 switchport access vlan 7
 switchport mode dynamic desirable
 no ip address
!!!!!!!!!
interface FastEthernet0/42
 switchport access vlan 31
 switchport mode access
 no ip address
!
interface FastEthernet0/43
 switchport access vlan 3
 switchport mode access
 no ip address
!!!!
interface FastEthernet0/48
 switchport access vlan 3
 switchport mode access
 no ip address
!
interface Vlan1
 ip address 162.74.36.34 255.255.255.252
!
interface Vlan2
 ip address 133.152.90.35 255.255.255.248
!
interface Vlan3
 ip address 162.74.36.57 255.255.255.248 secondary
 ip address 162.74.36.65 255.255.255.248 secondary
 ip address 162.74.36.73 255.255.255.248 secondary
 ip address 162.74.36.49 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan6
 ip address 133.76.132.1 255.255.255.0
!
interface Vlan7
 ip address 133.76.133.1 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan8
 ip address 133.76.133.9 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan9
 ip address 133.76.133.17 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan10
 ip address 133.76.133.25 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan11
 ip address 133.76.133.33 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan12
 ip address 133.76.133.41 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan13
 ip address 133.76.133.49 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan14
 ip address 133.76.133.57 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan15
 ip address 133.76.133.65 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan16
 ip address 133.76.133.73 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan17
 ip address 133.76.133.81 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan18
 ip address 133.76.133.89 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan19
 ip address 133.76.133.97 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan20
 ip address 133.76.133.105 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan21
 ip address 133.76.133.113 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan22
 ip address 133.76.133.121 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan23
 ip address 133.76.133.129 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan24
 ip address 133.76.133.137 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan25
 ip address 133.76.133.145 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan26
 ip address 133.76.133.153 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan27
 ip address 133.76.133.161 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan28
 ip address 133.76.133.169 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan29
 ip address 133.76.133.177 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan30
 ip address 133.76.133.185 255.255.255.248
 ip helper-address 133.76.132.12
!
interface Vlan31
 ip address 133.76.133.193 255.255.255.248
 ip helper-address 133.76.132.12
!
ip classless
ip route 0.0.0.0 0.0.0.0 162.74.36.33
ip route 0.0.0.0 0.0.0.0 133.152.90.33
ip route 133.76.132.0 255.255.255.0 133.152.90.33
ip route 162.74.36.0 255.255.255.0 162.74.36.33
ip http server
!
!
End


   

Open in new window

0
Comment
Question by:Daeta42
  • 6
  • 4
  • 3
  • +1
15 Comments
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Personally, I would have made the two ports to the ISP's layer-3 ports and assigned the IP addresses to the ports.  But it works the way you did too.

Are the IP addresses assigned to VLANs 3-31 private addresses? If not, that's your problem.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
Both fa 0/2 and 0/3 are drops from isp’s, I addressed vlan 1 to fa 0/2 with the assigned subnet from isp 1 and vlan 2 with subnet addressing from isp2 for fa 0/3.
That's not what your config says...
interface FastEthernet0/2
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface FastEthernet0/3
 switchport mode access
 no ip address
!!

Open in new window

Have you tried swapping the interfaces to see if that helps?

Also, can you do a show vlan brief to see if the VLANs actually exist on the switch (they should because you've assigned them as access VLANs, but you never know) and show ip interface brief to see if the SVIs are UP/UP?
0
 

Author Comment

by:Daeta42
Comment Utility
The vlans are all public addresses, as that is what we are trying to setup.

To clarify I can ping the switch on both ports 2 and 3 ( both uplinks)  but not the vlans past that.
0
 
LVL 45

Expert Comment

by:Craig Beck
Comment Utility
So you can ping each ISP router from the switch?
0
 

Author Comment

by:Daeta42
Comment Utility
Yes I can ping out to both ISPs. All the interfaces and vlans are UP UP that have a device connected to them.
0
 
LVL 50

Expert Comment

by:Don Johnston
Comment Utility
Can a host on one VLAN ping a host on a different VLAN?
0
 

Author Comment

by:Daeta42
Comment Utility
That I will need to check, it is in a datacenter and devices setup yet.
0
What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 57

Expert Comment

by:giltjr
Comment Utility
From what IP subnet are you trying to ping from?

What port is the device connect to that you are ping'ing from?
0
 

Author Comment

by:Daeta42
Comment Utility
So I cant ping to the interfaces Vlan 3-31.
 I have a device in vlan 6, It can ping Vlan 6's address of  133.76.132.1  but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
Are you sure you have the right IP addresses?

In your post  you have the 1st octet as 183, in your config you have 133.

The whole range of 183.76.0.0 - 183.77.255.255 is assigned to Asahi Net.

Where as the 133.76.0.0/16 is assigned to National Institute for Fusion Science.

Are you either one of these?


The 38.122.90.32 and all of the 162.74.36.xx addresses is assigned in the USA.
0
 

Author Comment

by:Daeta42
Comment Utility
I did change the first 2 octets for anonymity, caught me. Maybe I need routes so that that switch knows the router access (Vlan2) is the way out for the Vlan6 and other 3 subnets? Or do I need some sort of vlan access to classify.

VLan 2 183.122.90.32/29 – Router access assigned to fa 0/2
Vlan 6 183.76.132.0/24 - Using above link but different subnet
Vlan * 183.76.133.0/24
Vlan * 183.76.134.0/24
Vlan * 183.76.135.0/24
0
 
LVL 57

Expert Comment

by:giltjr
Comment Utility
You have "ip routing" specified.  So the 3550 should route to/from all VLAN's it knows about.

If you do do a "show int vlan 3" or any other VLAN number, does it show as active?

From the switch can you ping all of the IP addresses that are configured on the switch?

Dumb question, why do you have "ip helper-address 133.76.132.12" on all of your VLANs?

The main, not the only, but the main reason for ip helper-address is for DHCP.
0
 

Author Comment

by:Daeta42
Comment Utility
There will be a DHCP server with the address specified.

Show int Vlan 6 does show Up/Up  and Active
That is the vlan im mostly checking as that has a server attached that is ip'd

The switch can ping to the vlan addresses assigned

For IP routing what how should that look for the subnets
something like ip route 183.76.132.0 255.255.255.0 183.122.90.33
                                                 ^                    ^                      ^
                                       Vlan 6 address       /24               ISP gateway for that uplink
0
 
LVL 57

Accepted Solution

by:
giltjr earned 250 total points
Comment Utility
Are you talking about routing outbound from your 3550 to the Internet?

Since a 3550 is not that powerful of a L3 device the best you can do with load blancing outbound traffic is to to have two default routes and let the 3550 do round robin, at least I think the 3550 will do that.

So if you are talking about outbound from your 3550, then you need two default routes like:

ip route 0.0.0.0 0.0.0.0 1.1.1.1
ip route 0.0.0.0 0.0.0.0 2.2.2.2

Where 1.1.1.1 is the IP address of ISP#1' router and 2.2.2.2 is the IP address of ISP#2's router.

Unless you have internal subnets that the 3550 does not have an IP address for, you should not need any other routes.

Based on these routes:

ip route 133.76.132.0 255.255.255.0 133.152.90.33
ip route 162.74.36.0 255.255.255.0 162.74.36.33

I am assuming the 133.152.90.33 and 162.74.36.33 are the IP addresses of ISP#1 and #2's routers.  I don't see those addresses on your 3550.  You should not need those routes, as those subnets are on your 3550.

You should need the route for 133.76.132.0 255.255.255.0, because according to your configuration the 3550 has a interface on that subnet (VLAN 6), so it is directly connected and you don't need a route for anything you are directly connected to.
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 250 total points
Comment Utility
So I cant ping to the interfaces Vlan 3-31.
 I have a device in vlan 6, It can ping Vlan 6's address of  133.76.132.1  but nothing past that such as the management address or the ISP gateway, and from the outside cant ping the device.

If I'm reading this correctly, you're saying that from a host on VLAN6 you can ping the VLAN6 SVI (133.76.132.1), but you cannot ping the IP addresses assigned to any other VLAN. Is that correct?

If so then the problem has nothing to do with the ISPs. It is most likely an incorrect IP address/mask/default gateway assigned to the VLAN6 host.

Or it could be that your IP addresses/masks assigned to the switch are wrong. But there's no way we can determine that since we're dealing with altered addresses.
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

There are two basic ways to configure a static route for Cisco IOS devices. I've written this article to highlight a case study comparing the configuration of a static route using the next-hop IP and the configuration of a static route using an outg…
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now