cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
440
Views
0
Helpful
3
Replies

VLAN routing issues

tostrander
Level 1
Level 1

I have new VLAN's set up on a 4006 (address of 10.1.1.XXX in VLAN YY) configured as such

interface Vlan XX

ip address 172.10.10.1 255.255.255.0

ip helper-address 10.x.x.x

interface VlanYY

ip address 10.1.1.XXX 255.255.0.0

and routing statements of

ip default-gateway 10.1.1.1

ip route 0.0.0.0 0.0.0.0 10.1.1.1

ip route 172.10.0.0 255.255.0.0 10.1.1.74

With EIGRP

router eigrp 1

network 10.0.0.0

network 172.10.0.0

auto-summary

no eigrp log-neighbor-changes

When I do a traceroute from the 4006 (Vlan YY) to a workstation on vlanXX I get these results

Type escape sequence to abort.

Tracing the route to 172.10.10.200

1 * * *

2 172.10.10.200 4 msec 8 msec 4 msec

When I do a trace route from one vlan YY workstation to another workstation in vlan XX I get these results

1 9 ms 7 ms 9 ms 10.1.1.XXX

2 * * * Request timed out.

3 <1 ms <1 ms <1 ms 172.10.10.200

The vlan XX workstation default gateway is in the 172 network.

Why is this timming out during the route? What am I missing? All of my servers are in vlan YY and the workstations are having issues with connecting.

Thanks

3 Replies 3

amikat
Level 7
Level 7

Hi,

I am sorry to say I feel bit confused about your addressing and routing scheme. Am I right to understand that default-gateway address of your vlan XX workstations is 172.10.10.1, ie. int vlan XX address? Is it your intention to have subnet 172.10.10.0/24 directly connected via vlan XX and the rest of 172.10.0.0/16 net routed via vlan YY? If yes, can you please confirm you have "ip classles" configured. Can I possibly get more information about your network topology?

Thanks & Regards,

Antonin

To be more clear…. I inherited a flat topology where the entire network was configured into VLAN 10. I have a 4006 core box running eigrp (now) and all servers and workstations are in VLAN 10. I have 13 3500 series switches (10 network) and I am working on segmenting them into separate VLANs. All switches are trunked (dot1q) and I use switchport access on the ports. I have configured the 4006 with VLAN interfaces using the 172.10.0.0/24 addresses. Each 172.10 class C network will be another VLAN. I do have ip classless configured on the 4006. There is NO management VLAN configured yet. VTP is configured and working where all switches are pulling VTP updates from the 4K6. I also have a 2600 frame-relay router (inside the PIX) that was being used as the default gateway for everything but I am moving that function to the 4K6. The 4K6 has an address of 10.1.1.XXX and is in VLAN 10.

Since all my servers are in VLAN 10, I need to be able to route the 172.10 VLAN’s (my new workstations) to VLAN 10. I use a default gateway for the VLAN’s of the VLAN interface ie. VLAN 80 interface is 172.10.80.1 so that becomes the default gateway for the workstations in VLAN 80.

I have everything configured and my issue is as I stated above. When I run a traceroute from the 4K6 VLAN 10 to a workstation in VLAN 80 I have a time out (see above) and when I run a traceroute from a server in vlan 10 to a workstation in vlan 80 I have the three hops (again see above) where the 2nd hop times out. On the other side…… When I traceroute from a workstation in vlan 80 to a workstation in vlan 10 there is no issues and only two hops (the vlan gateway and the workstation) with no timeouts. This is the issue that I need to resolve.

Any help would be a great benefit…… THANK YOU and let me know if you need any other information.

Terry

Hi Terry,

Thanks for your response.

I got somewhat clearer image but I am still few facts just guessing.

My guess is that within your vlan10 your workstations and servers still keep their default gateway address set to 10.1.1.1 address which I guess is either the router ip address (router being possible placed behind the PIX) or PIX interface address (10.1.1.74 being the other box ip address). If my guess is correct you are doing your inter-vlan routing not in C4k but by a router. So going from vlan10 to any 172.10.x.x network you are actually going 1 hop more (to a router and back). The reason you are not seeing the trace responses is most likely the fact PIX is filtering those (still my guessing).

If this is somewhat close to reality will you please try to change default gateway parameter for servers and workstations in vlan 10 to 10.1.1.XXX (interface vlan 10 of your C4k). This should help.

Of course I am not aware if there is any other reason to prevent this and as I have already said I am guessing few facts. If my assumptions are not correct will you please let me know which is the ip default gateway address set in vlan 10 and if possible can you post the "sh ip rou" output of C4k (you can filter the unwanted output). My understanding is also that you wish to do inter-vlan routing (L3 switching) within C4k - if this is not correct assumption will you please let me know.

Best regards,

Antonin

Review Cisco Networking for a $25 gift card