Hi singh

I will try what u have suggest by tomorrow and let you know

But PLS I some question I need to understand it before start trying this steps

- if the inter-vlan routing is not working right now then how I can communicate between two PCs one in VLAN3 and the Other in VLAN 2 for Ex. If I have one computer in VLAN3 with IP 172.16.3.50 and gateway 172.16.3.1 (routing blade IP for Vlan3) and other computer in VLAN2 with IP 172.16.2.50 with gateway 172.16.2.1 (Routing blade IP for Vlan2) then these 2 computers are able to communicate perfectly!!!!

- The Problem only if I have GW for any PC as something else not as a routing blade IP Ex. One PC in VLAN2 with IP 172.16.2.50 and GW 172.16.2.10 (VLAN2 ISA server IP) and one PC in Vlan3 with IP 172.16.3.50 with GW 172.16.3.8 (VLAN3 ISA server IP) these 2 computers are not able to communicate !!

I need to understand how this is happening before we start to make any modification because the system is already running and I don’t want to face any trouble during the main time and the main problem is I’m new in the college and this system is designed by somebody else before and there is no any documentation it can help me to understand the Idea of the design.

So please if you want to see any configuration for review from switch or routing or from PIX I can post it for you, so u will be aware about everything in the system and be sure how we can solve this problem

Thanks singh and I’m so sorry for disturbing you so much by questions but I’m sure you can understand my point

THANKS

Well, if you are able to work fine with the inter-vlan routing as you discribed above then its not the issue with inter-vlan routing.

Now, just to be on the same page, rt now the problem is that you are able to communicate with hosts in diff-vlan except those which are in vlan 3 and 4 with ISA server as a gateway.

I did see the routes setup on your PC. Make sure that you are able to communicate fine among the hosts in other vlans like Vlan 2 to vlan 5, vlan 1 to vlan 5 etc.

What happens when you ping the Vlan IP ( IP on route blade for vlan 3)form the host in Vlan 3 ??? What happens when you ping the interface vlan IP of another vlan say Vlan 5 ????

Do a traceroute form the host in vlan 3 with the gateway as ISA server and should have a route to another vlan via its vlan interface IP. see where the hop is breaking.

It should work fine with the routes set up on hosts PC if your inter-vlan routing is working fine.

regards,

-amit singh

Hi singh,

I will get back to you tomorrow morning by the all required details but right now plas get the attached basic design for my network I have just design it in word format to give you more details about the current design how it's work and if u have any question pls let me know

Thanks

Hi Ahmed,

I am little confused here after looking at your diagram. I am also in doubt that how come your inter-vlan routing is working without creating the port-channel between sup engine and the routing module, though I believe what you said about the inter-vlan communication among the hosts in different vlans.

But as pointed by Ankur and Me already that the way inter-vlan routing works on 4232-L3 blade is a little different.I still have a strong doubt that inter-vlan routing is not working correctly as desired.I think you are seeing a little different bahavior and I am surprised too.

In you diagram I dont see, any ISA server that we talked about which is used for internet. I see only PIX going to internet in Vlan 1 and that Vlan is used for internet.

I think we have to re-configure your inter-vlan routing on your switch.

Please see the link below :

http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/78_10164.htm

Please see the attached config as desired. Once we are through with that then we will take it from there. Please plan a downtime in order to carry out this activity.Have your config backed up so that you can put it back in case if the new one doesnot work for you.

regards,

-amit singh

singh,

Thanks for that, because we have this confusion thats why I want to be sure first about the current setuation then we can start to apply the new modification,

about the ISA server I didn't put it in the digaram cuz it's normal PC connected to vlan (1 for Vlan3 with IP 172.16.3.8 amd GW 172.16.3.1 and 1 for vlan4 with IP 172.16.4.2 and GW 172.16.4.1)

about the configuration u have sent I think this command should be

set vlan 5 2/1-2

set trunk 2/1 nonegotiate dot1q 1-1005

set trunk 2/2 nonegotiate dot1q 1-1005

set port channel 2/1-2 mode on

becuse my routing blade in slot 2 nor 3 .. I'm right ??

I sent for u also some routing tests, please check and let me know if we can start by this way or we have to do somthing else first

Thanks

Hi singh,

this is the all information u asked about but I did all this tests from PC in Vlan 3 before adding route and after adding the route so u can compare how its changing

Please if u need any clearification let me know

Thanks and waiting for ur advice

IPConfig

Connection-specific DNS Suffix . : mecit.com

Description . . . . . . . . . . . : Realtek RTL8139/810x Family Fast Eth

ernet NIC

Physical Address. . . . . . . . . : 00-01-2E-02-78-27

Dhcp Enabled. . . . . . . . . . . : Yes

Autoconfiguration Enabled . . . . : Yes

IP Address. . . . . . . . . . . . : 172.16.3.101

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.16.3.8

DHCP Server . . . . . . . . . . . : 172.16.3.6

DNS Servers . . . . . . . . . . . : 172.16.3.6

212.72.1.186

1- Without Route

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 172.16.3.8 172.16.3.101 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

172.16.3.0 255.255.255.0 172.16.3.101 172.16.3.101 20

172.16.3.101 255.255.255.255 127.0.0.1 127.0.0.1 20

172.16.255.255 255.255.255.255 172.16.3.101 172.16.3.101 20

224.0.0.0 240.0.0.0 172.16.3.101 172.16.3.101 20

255.255.255.255 255.255.255.255 172.16.3.101 172.16.3.101 1

Default Gateway: 172.16.3.8

===========================================================================

Persistent Routes:

None

Ping 172.16.3.1 (Router IP for Vlan3)

OK

Ping 172.16.4.1 (Router IP for Vlan4)

Time Out

Ping 172.16.2.1 (Router IP for Vlan2)

Time Out

Ping 172.16.1.1 (Router IP for Vlan1)

Time Out

Ping 172.16.1.5 (Pix inside interface)

Time out

ping 172.16.3.8 (VLAN3 ISA Server)

OK

Ping 172.16.4.2 (Vlan4 ISA server)

Time Out

Ping any pc in Vlan 2 or Vlan 4 with GW as a VLAN routing blade

Time Out

Ping any pc in Vlan 3 or Vlan 4 with GW as a VLAN ISA server

Time out

C:\>tracert 172.16.4.3 (PC in VLAN 4 with GW as VLAN4 Routing blade)

Tracing route to 172.16.4.3 over a maximum of 30 hops

1 * * * Request timed out.

Trace complete.

C:\>tracert 172.16.4.20 (PC in VLAN 4 with GW as VLAN4 ISA Server)

Tracing route to 172.16.4.20 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.16.3.1

2 * * *

2- With route (after adding route for the pc)

route print

Persistent Routes:

Network Address Netmask Gateway Address Metric

172.16.4.0 255.255.255.0 172.16.3.1 1

172.16.2.0 255.255.255.0 172.16.3.1 1

Ping 172.16.3.1 (Router IP for Vlan3)

OK

Ping 172.16.4.1 (Router IP for Vlan4)

OK

Ping 172.16.2.1 (Router IP for Vlan2)

OK

Ping 172.16.1.1 (Router IP for Vlan1)

Time out

Ping 172.16.1.5 (Pix inside interface)

Time out

ping 172.16.3.8 (VLAN3 ISA Server)

OK

Ping 172.16.4.2 (Vlan4 ISA server)

OK

Ping any pc in Vlan 2 or Vlan 4 with GW as a VLAN routing blade

OK

Ping any pc in Vlan 3 or Vlan 4 with GW as a VLAN ISA server

Time out

C:\>tracert 172.16.4.3 (PC with GW as VLAN4 Routing blade)

Tracing route to 172.16.4.3 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.16.3.1

2 <1 ms <1 ms <1 ms 172.16.4.3

Trace complete.

C:\>tracert 172.16.4.20 (PC with GW as VLAN4 ISA Server)

Tracing route to 172.16.4.20 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.16.3.1

2 * * *

Ahmed,

C:\>tracert 172.16.4.20 (PC with GW as VLAN4 ISA Server)

Tracing route to 172.16.4.20 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 172.16.3.1

2 * * *

This is not working because I believe that you have not added the reverse route on the PC in vlan 4 to reach other Vlans.

Please set it up and it wil work fine and then check all the inter-vlan routing part.

Do revert in case of any doubts

regards,

-amit singh

This is not working because I believe that you have not added the reverse route on the PC in vlan 4 to reach other Vlans.

<--- sorry I don't understand what do u mean by that .. can u explain

sorry singh

Ahmed,

On your host PC in vlan 4 add the reverse route to reach another vlans as your gateway is ISA server i.e

c:\> route add 172.16.3.0 mask 255.255.255.0 172.16.4.1 -p ( i.e vlan 4 routing blade IP )

c:\> route add 172.16.2.0 mask 255.255.255.0 172.16.4.1 -p

c:\> route add 172.16.1.0 mask 255.255.255.0 172.16.4.1 -p

c:\> route add 172.16.5.0 mask 255.255.255.0 172.16.4.1 -p

This will work..

regards,

-amit singh

OK singh

I will try that and let u know

but this is not a solution for my case cuz I have to do the same for all PC's in each vlan :(

I just want to know if the inter-vlan routing is working or no right know ???

and if it's working how is it without port-channel config, if not then how there is a route between all sub interfaces for vlans !!!!

Ahmed,

Yes, you need to add reverse routes on all the PC's. That is mandatory or change the defulat gateway..

As per your posts and looking at the ping and trace output I would say inter-vlan routing is working but still pretty stange to me.. Need to check this on the Lab switch though..again very strange... This way I would say we have found out another way to configure inter-vlan routing on 4232-L3 blade... 3 cheers to you :-))

If you add the revrse routes on your PC and it waorks the way you want, then inter-vlan routing is working for sure.. Just try that.But as a best practice cisco will recommend to use the port-channel config as they might have tried diff things before releasing the DOC though...

HTH,

-amit singh

Thanks singh

yes I know cuz it's already in slot 2

Thanks for correction