Cisco LAN :: C3750 InterVLAN Routing - No Internet Access For Client Switches
Oct 11, 2012
I have a test setup of a C3750 stack as a core and some 2960's as access switches.[URL] - The switches at the bottom is the new network (VLANNED). The switches on the left is the current production network (10.1.1.0/24) From the C3750 to the router is a /30 network.
There will be 6 VLANs but at the moment I have one configured. VLAN50 - 10.5.1.0/24 From the C3750 I can ping my current production network, internet, other VLANs in the testsetup, ... Everything.From the C2960 I can ping other VLAN's, reach the gateway, reach the router, reacht the currenct production network. But I can't reach internet. I've configured "ip default-gateway 10.5.1.254" on the C2960. C3750 relevant config is down below.How is it that I can reach other networks connected to the router and not internet from the access switches? I'm just trying to ping 8.8.8.8.
!
ip routing
!
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.1.2 255.255.255.252
[code]....
View 5 Replies
ADVERTISEMENT
Aug 5, 2012
I'm trying to configure intervlan routing between a cisco 2801 router and HP/Amer switches. Using int fa0/1 and subinterfaces I was sure I had it configured correctly, but I cannot ping the default gateways when I place a host in a particular vlan. Below is what I have configured.
HP switch - port 9 connects to fa0/1 on 2801
ip default-gateway 10.1.100.1
trunk 9 Trk1 trunk
trunk 10 Trk2 trunk - to another switch
[code].....
View 4 Replies
View Related
Nov 21, 2012
I am using a 3750 as a default gateway for multiple Vlans on a few 2960 switches. The trunk lines are configured and working and I have assigned ip addresses to each of the Vlan interfaces on the 3750. My issue is that I can only ping the ip address on the Vlan interface of the 3750 if I have a working computer plugged directly into the Vlan on the 3750. I only have 3 vlans on the 3750 that have hosts directly connected (vlans 2, 10 and 40) the other vlans ( 20 and 70) don't have any clients plugged into them on the 3750 but the hosts reside on 2 different 2960s that connect via trunk ports. How do I keep the vlan interface on the 3750 switch pingable when I don't have hosts directly connected in that vlan on the 3750? (yes, I have enabled ip routing on the 3750)
View 5 Replies
View Related
Aug 28, 2011
I setup switch in layer 3 mode. I have a access port in vlan 10 and a access port in vlan 20. I am able to ping form vlan 10 client to vlan20 default gateway (192.168.20.1) I am able to ping form vlan 20 client to vlan10 default gateway (192.168.10.1) However, I am unable to ping from vlan 10 to vlan 20 client. If both the ports are in same vlan, then clients are able to ping each other. Proxy Arp in enabled.
vlan 10 client ip info
192.168.10.10
255.255.254.
[Code].....
View 12 Replies
View Related
Oct 17, 2012
I have an issue with correctly configuring sg300 layer 3 switch behind ASA 5505 (incl Security Plus License) The setup is as follows:
CISCO SG300 is configured as a Layer 3 Switch
Native VLAN 1: ip address 192.168.1.254, default route (inside interface ASA 192.168.1.1)
Extra VLANs on Switch defined
VLAN 100 with 192.168.100.0/24, default gateway 192.168.100.254
VLAN 110 with 192.168.110.0/24, default gateway 192.168.110.254
VLAN 120 with 172.16.0.0/16, default gateway 172.16.10.254
From the different VLANS(100,110,120) I am able to connect to all devices in the other VLANS (except for Native VLAN 1; it's not pingable)From switch cli I can ping my firewall (192.168.1.1) and all other vlan gateways and vlan devices (VLAN1,100,110,120) From asa cli I can only ping my switch port (192.168.1.254), but no other devices in the other VLANs.
What do I need to change or setup in the switch or asa configuration in order for the other vlans to access the Internet through the ASA. I will not use the ASA as intervlan routing device, because the switch is doing htis for meI tried changing the asa int e0/1 into trunkport (uplink port on switch also), to allow all vlans, but as soon as I do that I cannot ping to 192.168.1.254 from ASA cli anymore.
View 2 Replies
View Related
Apr 25, 2011
I'm trying to get the following running.
I have 4 Subnets
VLAN 1 172.20.0.0/16 with the default GW 172.20.200.254
VLAN 10 192.168.10.0/24 with the default GW 192.168.10.2
VLAN 59 192.168.59.0/24 with the default GW 192.168.59.254
VLAN 130 192.168.130.0/24 with the default GW 192.168.130.254
[Code]....
With absolutly the same settings I did this with an HP E4200-12G L3 Switch (which is now doing the job) so there is no routing mistake in the other components.For me it looks like, the SG300 doesn't like to be NOT the default gateway.
View 7 Replies
View Related
Apr 18, 2011
Some tips and trick on how to configure and sg300 for intervlan routing.
I already have the switch set up for layer 3 I already set up multiple vlans and each vlan has a ip interface setup with the desired subnet I see the local routes set up in the static routing page.
I cannot seem to get from one subnet/vlan (I am using one subnet for each VLAN) to the next.
View 6 Replies
View Related
May 29, 2012
I have upgraded a C3750G-12S-E to c3750-ipserviceslmk9-tar.122-55.SE5This switch is a distribution layer switch for one of my remote sites. it contains an ip helper-address on the site vlan's SVI.DHCP relay is no longer functioning for client PCs. Static address assignment allows full network functionality. I enabled debug ip dhcp server packet. [code] Actually I am betting you upgraded your IOS from something before 12.2(50)SE to 12.2(50)SE or later. We added enhancement CSCso19800 which will validate DHCP options when we are a relay agent.
View 1 Replies
View Related
Jun 2, 2012
I am trying get inter vlan routing to work on a DF 300 - 24 port switch. I have an existing company network on 192.168.111.0 and want to create a vlan on 192.168.1.1 that can talk to 192.168.111.0. I have enabled layer 3 routing on the switch via console and also provided the ip routing command. I have the following VLAN's:
VLAN1 - Default 192.168.111.0
VLAN2 - 192.168.1.0
I have enabled DNS and provided my two DNS servers 192.168.111.82 & 192.168.111.212. I have set the VLAN1 interface to 192.168.111.217 and VLAN2 interface to 192.168.1.1.
Ports FE1 - FE15 are set to access ports and assigned to VLAN1 (untagged)
Ports FE16 - FE24 are set to access ports and assigned to VLAN2 (untagged)
I have set a default route for the switch to 0.0.0.0 0.0.0.0 192.168.111.254 (Draytek 2600 router). I have connected a computer (A) to VLAN1 port FE3 and a computer (B) to VLAN2 port FE16. I have set Computer A default gateway to 192.168.111.217 and its IP address to 192.168.111.94. I have set Computer B default gateway to 192.168.1.1 and IP to 192.168.1.2.
Computer A has access to Mdaemon, file server via network drives but no internet (cannot ping google) and can ping computer B and RDP onto computer B.
Computer B can ping computer A and RDP onto computer A but does not have access to the company network i.e MDaemon, file server etc. It also cannot access the internet.
From the console I can ping [URL]and all ip addresses in the company network i.e. 192.168.111.82 (DNS server). If I scan computer A wirh wireshark the internet starts working weird!
Configuration show below:
switch7c0a71#show run
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
[code]....
View 40 Replies
View Related
May 9, 2013
We are deploying the ISE MAC address authentication by-pass (mab) feature in our network as an alternative to port security on the switch port. Works well except for certain devices e.g. printers, snmp modules, and Unix/Linux Operating systems which can range from 5-10 minutes to never in authentication/opening the port.
View 2 Replies
View Related
Feb 16, 2011
I have two layer 3 switches C3560 and C3750 Cisco switches with ios version "ipservices-mz.122-35.SE5".Now with the current ios version, these layer 3 switches are not supporting object group.so my question is , do i need to upgrade the ios, for this feature, if yes, which version ?
View 7 Replies
View Related
Jul 4, 2012
upgrading our small office network. We currently have about 75 employees with probably 125 devices on the network. I'd like to create about 10 vlans for the different departments and then configure intervlan routing as needed. Currently we have all unmanaged switches and it's just a huge broadcast storm on the network. We are upgrading our Cisco 800 router to an ASA5505 sec. Plus license. I need some recommendations on switches. Of course, this needs to be done as cheap as possible.... Is there a way to use the ASA to configure all the vlans and intervlan routing and access lists and use a cheaper switch to provide the access layer to hosts?
View 4 Replies
View Related
Dec 11, 2012
I implemented access list on cisco 3560 switch but it never works. I want to block access from network B to Network A and allow from Ato B
Network A. 10.0.12.0/24
Network B 10.0.24.0/24
The configuration is
interface Vlan1
description Data VLAN
[Code].....
View 14 Replies
View Related
Jul 8, 2012
I have 2 switches c3750 which I want to install in stack to replace two Nortel switch that I have in production.
When connecting my new stack of cisco switches to a cisco router c3750 to 2600, they begin to restart by itself. I mean, There is a cisco router 2600. which I want to connect to the stack of switches. The problem is that when the switches connect to the router it begins to restart.
If you need to see the running config of the cisco Switches or the 2600 router.
View 3 Replies
View Related
Jun 29, 2012
I am running into a issue that I cannot seem to figure out. I have a asa 5505 with the Security Plus license. I setup a native vlan where all of my network devices sit on. ie my Wireless Access point has an ip of 192.168.3.2, my switch .3. I have no issues managing these devices from any vlan I am on (permitting firewall access rules). When I try to access my ASA via ASDM/SSH. I have to use the gateway of the vlan I am on. For instance. If I am on vlan 10 I have to use 192.168.10.1 for access, if I am on vlan 20 I type 20.1...etc...etc If I type in 192.168.3.1 I get an error in the ASDM logs that states TCP reset by appliance. This is for any gateway I type except for the gateway of the vlan that I am connected to. I am posting a sanitized config. How can I configure the ASA to permit access via any gateway.
View 3 Replies
View Related
Apr 16, 2012
I have been looking into this for a while and I can't seem to figure out why my 2nd vlan is not able to connect properly to the net. My switch has 12 ports where my devices connects directly, they are all on Vlan 1 and they all work perfectly. on Port 12 I have a dlink router that is connected to a cable modem. the dlink router has an Ip address of 192.168.0.20,I created a second vlan (vlan2) and enabled dhcp relay on it. then I assigned port 9 on the switch to (vlan2),my laptop which is connected to port 9 seems to get an ip address fine and able to ping only some devices on my network (vlan1) and is not able to,go out to the internet.
View 3 Replies
View Related
Sep 5, 2012
On cisco and am having some issues with intervlan routing. I have followed the vids and manuals but just can seem to get this working. I have the following network lab set up.
Vlan 10 = 10.70.1.9/24
Vlan 20 = 192.168.0.1/24
ME2400 firmware
ROM: Bootstrap program is ME340x boot loader
BOOTLDR: ME340x Boot Loader (ME340x-HBOOT-M) Version 12.2(35r)SE3, RELEASE SOFTWARE (fc1)
[Code]...
View 4 Replies
View Related
May 22, 2013
my company pay a switch 3750 X. WS-C3750X-24T-E. It uses IP services basically but I failed to configure InterVLAN routing. why interVLAN routing doesn't work on my switch?
View 10 Replies
View Related
Dec 2, 2011
I've been working with these two Cisco devices in my home off and on for several months now but I just can't take it anymore, I'm about to throw them away and go back to Linksys router.
I have a Cisco 2600 Router with only one Ethernet card in it so I have to trunk from my 3550 Switch to that device. I'd like to have my ISP and all users plug into switch and all trunk back to the router's sub interfaces. Currently, I have started over...again, and am unable to simply get the router and switch to ping each other if I put sub-interfaces on the router. See my configs:
2600 ROUTER:
Router#sho run
Building configuration...
Current configuration : 555 bytes
[code]......
3550 SWITCH:
Switch#sho run
Building configuration...
Current configuration : 2302 bytes
!
version 12.2
[code]..........
Port F0/24 is in VLAN 1, as are all ports but Port F0/1 which is my desktop PC. I mocked it up in Packet Tracer and it works just fine. This is just a simple setup and I'm making sure I can ping between switch and router before I move to each next step.
View 40 Replies
View Related
Jan 14, 2011
I have 3560 with attached 3 networks, 172.16.1.0/24 172.16.2.0/24 and 172.16.4.0/24, all of them have a vlan interface, 172.16.1.254, 172.16.2.254, and 172.16.4.254, I have enabled intervlan routing with command ip routing and they have route beetwen each other. Now I want to create PBR and let them go to the internet from different gateways.
so i did 3 access list:
access-list 20 permit 172.16.1.0 0.0.0.255
access-list 10 permit 172.16.2.0 0.0.0.255
access-list 30 permit 172.16.4.0 0.0.0.255
and 3 pbr
route-map supnet permit 20 match ip address 10 set ip next-hop 172.16.2.3
route-map blade permit 20 match ip address 30 set ip next-hop 172.16.4.250
route-map main permit 20 match ip address 20 set ip next-hop 172.16.1.4
attached them to corresponding vlan interfaces and everything ok they have different gateways to internet but now I dont have routing beetwen them?
View 2 Replies
View Related
Feb 28, 2012
We had core(4503), distribution(3750), and access switches(2960) in our environment. Currently we configured the clock manually in each switch, but a reboot of the switch resets the clock also. We are planning to make a single switch as a NTP servers and others are clients to synchronise the correct time even after a reboot of the access switches.
View 6 Replies
View Related
Feb 18, 2013
i have problem with a router 2900 with a card switch 16 ports (sm-es2-16p) that does not doing the intervlan routing. i have attached 2 show tech one of the router and one of the card switch 16 ports (sm-es2-16p). I connected physically the switch card to a router interface and it seem to be working because i can do a ping from my pc ( in user vlan 26) to my gateway on the router (172.20.26.1) but i can not do ping to the others vlan like (172.10.26.1) or others. .. i want to know what is happening and if it there is a way to do the trunk conectivity between the switch card and the router internally without a phyisical connection.
View 4 Replies
View Related
Apr 20, 2011
I have Cisco ASA 5505 Firewall with security plus license. I want to Configure 3 different subnet for inside network 10.1.x.x, 10.2.x.x and 10.3.x.x So any PC from 10.1.x.x should be able to ping 10.2.x.x So my question is that possible with ASA?? If yes than how can i configure on ASA 5505, as i know on 5510 we can configure sub interface and do intervlan routing.
View 4 Replies
View Related
Jul 9, 2012
I have cisco 3845 router and 4507 & 2960 switch. I have 4 Vlans on 4507 and connected to router on four ports. Its working fine. Now i want to create another vlan ( vlan 15 ) that trunk with vlan 20 and router port f0/0/1. i.e router F 0/0/1 ports belongs only two vlan(15,20) and need to intervlan routing. My conf. given below.
Switch conf:
interface GigabitEthernet3/1
description ## to router##
switchport trunk encapsulation dot1q
[Code]......
View 4 Replies
View Related
Aug 10, 2012
I have found multiple solutions to this question for < 8.2 but no solutions for the new way the ASA does nat statments,Basically i have multiple VLAN's and i need 2 of them to communicate
inside - 192.168.1.0/24 ( security-level 100 )
voice - 192.168.100.0/24 ( security-level 100 )
Error i am getting is:
192.168.1.100 192.168.100.100
Deny inbound icmp src inside:192.168.1.100 dst Voice:192.168.100.100 (type 8, code 0)
[Code]....
They are not working, I have found multiple examples for the old style nat statements to resolve this issue but none on the new style.
View 2 Replies
View Related
Jan 22, 2013
We have two publicly routable gateways attached to our A5500 switch that are expecting untagged traffic.
We currently have VLAN 10 as the untagged VLAN for Gateway 1, and VLAN30 as a tagged vlan for Gateway 2. Since both gateways are requiring untagged traffic, I need to make sure all ingress traffic from Gateway 2 gets tagged as VLAN30, while all egress traffic gets untagged.
The tricky part is they must come over the same port so I can't just tag it that way. I get the feeling this will require some static routes or VLAN Interfaces on the switch, but I'm not sure where to start.
View 15 Replies
View Related
Jan 11, 2013
Configuration of inter-vlan routing on ASA 5512 ver 8.6? I have everything configured (un-nat, access-list, etc.) but still not working. When i do a packet capture, it says the traffic is denied by the implicit acl. Here is my config:
interface GigabitEthernet0/0.100
vlan 100
nameif data
security-level 100
[Code]...
View 7 Replies
View Related
Apr 13, 2013
I am tryingto add a new VLAN on my C3560E Layer 3 switch for administration purpose.My goal is to make this VLAN for administration only and to let the administrators from 172.17.1.1 connect to any host of the internal network 172.16.0.0 plus exit to the internet via the default gateway 172.16.1.245.
Here an extract of what done so far:
ip routing
spanning-tree mode pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
[Code]...
What happened is that:
1. The host connected to Vlan30 can correctly ping the interface it is connected to.
2, The internal network can access the internet
3. The host connected to VLAN30 cannot access the internet and cannot connect to any internal server.
Do I have to add a static route? This is a production envuironment and it is my first experiment with a layer3 switching in production, so I cannot mistake
View 19 Replies
View Related
Dec 9, 2012
I have a task to compare different approaches to implement InterVLAN routing in campus network. Google suggests only Cisco technologies for such query. But what I need is also other companies solutions (like Dell, HP etc), cost of the implementations, pros and cons.
View 1 Replies
View Related
Feb 21, 2013
I have a problem to solve in our data center, see attached drawing. HW: Our core switches consists of two stacked C3750 with ip routing. What I want to do is probably simple but I haven't been able to figure out the best method.
VLAN10 and VLAN20 should not be able to communicate with each other. (ACLs?)VLAN10 will have it's own default route/firewall. Both VLAN10 and VLAN20 should be able to send server backups to server in VLAN30. All 3 V LANs come in on a trunk from a pair of stacked C2960-S. I need it to be able to scale if we have 50 VLANs for instance, hopefully without long complicated ACLs. I've been considering VRF's, PBR but can't decide what's the simplest solution to this problem. I have never done this before so I would prefer to start off on the right foot.
View 1 Replies
View Related
Apr 8, 2013
I am trying to setup intervlan routing with a Cisco ASA 5510 and two 2960-S switches. The 5510 currently is using ASA Version 7.0(2) and has a base license. I tried to create a sub interface today based on some info I found regarding the routing piece and it didn't recognize the command. I'm thinking I may need to update the IOS code or the license on the firewall. I know the syntax was correct because I looked it up and found it in a Cisco document.
View 15 Replies
View Related
Oct 18, 2011
i have 2960 l2 switch connected to the ASA 5505. for some or the other reason i am not able to do intervlan communication. have done trunk mode on both ends on the switch as well as on the ASA and native vlan 1 allowed. the trunk is up up i am able to ping only the vlan 1 ip from the switch to the ASA for the vlan 2 i am not and similar for vlan 3.
config on the ASA
ASA Version 8.2(1)
!
hostname ciscoasa
[Code].....
View 2 Replies
View Related
Feb 11, 2013
How do i enable InterVLAN MultiCasting. I have a WS-C3560G-24TS as my core switch and it does InterVLAN Routing. I have a Server VLAN (70) and Workstation VLAN (71). I have a server that i have set up to deploy images to computers. Up to this point i have only done one computer at a time, so unicasting was ok. I would like to be able to Multicast to multiple computers, but am unsure what i need to do on the switch (if anything) to enable this.
View 2 Replies
View Related
