Setting up vlan forwarding on Cisco 4510r Catalyst switch

adamant40
adamant40 used Ask the Experts™
on
Total novice but working with someone who has a clue.
Cisco 4510r running os 12.2

We had everything running in vlan 1 which was 10.0.0.x , gateway 10.0.0.1, subnet 255.255.252.0
We created vlan 20 which is set to 10.0.20.0, gateway 10.0.20.1, subnet 255.255.255.0.

We added 1 port to vlan 20 and verified that we could ping the new gateway.
We are attempting to get vlan 20 to route to vlan 1
So from a machine in vlan 20 with ip 10.0.20.100 be able to at least ping a machine in vlan 1 with IP 10.0.0.20.

no luck. Looking for any information that I can forward to the engineer working on this issue.
Thanks,
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®

Commented:
Can the switch ping both the PC's?

Author

Commented:
Yes

Commented:
Verify the following:

ip routing is enabled on the switch with the 'ip routing' command in global mode

You can verify this on the switch console with a 'show ip route' command, routes for both networks should be present.

Verify the use of VLAN interfaces on the 4500 switch

Example:
interface vlan 1
ip address 10.0.0.1 255.255.255.0

The switch ports should look something like this:

int g0/x
switchport mode access
switchport access vlan 1

int g0/x
switchport mode access
switchport access vlan 20

Verify the default gateways on the PC's

10.0.0.x PC default gateway 10.0.0.1
10.0.20.x PC default gateway 20.0.20.1
OWASP: Avoiding Hacker Tricks

Learn to build secure applications from the mindset of the hacker and avoid being exploited.

Author

Commented:
Thanks I have passed that on to Engineer working on it and will update when I hear back.

Author

Commented:
So things get more complicated, do my best to record what the engineer told me. If I can't provide enough information to make this clear I'll close out the question and award you the points.

They setup vlan 10 and vlan 20 and were able to route between those vlans no problem.

Most of our systems are in vlan 1 (guess that is the default). Vlan 1 has a gateway address of 10.0.0.5, the IP address of the switch itself.

Our Pix firewall is the 10.0.0.1 gateway IP.
Commented:
One approach is to make the link between the firewall and the switch a routed link.  See the attached jpeg drawing L3 switch to Firewall Drawing
The key here is the 'no switchport' command on the switch port facing the firewall.

With this approach the appropriate vlan interface is the default gateway for the hosts.  The Layer three switch then routes traffic to the other Vlan or to the firewall as needed.  The firewall needs routes back to the vlans and NAT configuration for any new vlans.

Author

Commented:
Thanks I'll pass this along and see what happens.

Author

Commented:
Unable to implement myself but will pass on to the engineer.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial