Solved: Catalyst 3560 as internal Router - Page 2

imanco671 · ‎10-04-2011

Hello Community,

I am trying to configure my catalyst swtich as an internal router.

I want to route traffic between 4 different subnets.

192.168.200.0 /24

192.168.201.0 /24

192.168.202.0 /24

10.10.10.0 /24

Anyone have an idea how I can start?

Thanks in advance.

Jon Marshall · ‎10-06-2011

edited

Jon Marshall · ‎10-06-2011

John

I'm not sure i follow this -

vlan2 - 10.10.10.222

vlan3 - 192.168.200.254

vlan4 - 192.168.202.222

what are the above gateways ?

If a server from my 10.10.10.0 network wants to talk to a server on my 192.168.200.0 network, it will get directed to 10.10.10.1 (the L3 switch) then the switch needs to route that traffic to the 192.168.200.0 vlan then the default gateway of the 192.168.200.0 subnet which is 192.168.200.254

I thought you wanted to use the L3 switch to route between vlans ? So the above should be -

server 10.10.10.x network sends packets to 10.10.10.1. The L3 switch then simply routes it onto the 192.168.200.x network and sends it to the 192.168.200.x server. There is no need for another gateway ie. there is no need for 192.168.200.254.

What you do is set the default-gateway for each device to the corresponding IP address of the vlan interface on the L3 switch so server in 10.10.10.x network would have a DG of 10.10.10.1 and the 192.168.200.x server would have a DG of 192.168.200.1 and then the L3 switch will simply route between these networks.

Note if you have DHCP or static IPs setup with the gateways you have listed above ie. 222/254 etc. then you can simply assign these IPs to the vlan interfaces on the L3 switches instead of the .1 addresses if this makes things simpler.

To test simply connect a device in one vlan to the switch and a device in another vlan and try pinging etc. Make sure if the devices have windows firewall or similiar you disable it temporarily for testing.

As for allocating ports to the correct subnet you have already done this on the L3 switch for a couple of ports eg -

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 4

switchport mode access

the "switchport access vlan " command is what is used to assign a port to a vlan. So to fa0/1 you would connect a device in the 10.10.10.x network. Fa0/2 a device in the 192.168.200.x network and fa0/3 to a device in the 192.168.202.x network.

You should also add this command to each port - "spanning-tree portfast" ie.

int fa0/1

switchport mode access

switchport access vlan 2

spanning-tree portfast

if you connect another switch or a server using a trunk link to your L3 switch do not use the "spanning-tree portfast" command on that interfaces configuration.

Jon

imanco671 · ‎10-06-2011

Jon, perfect, I will have to test tomorrow.

imanco671 · ‎10-07-2011

Hello,

I have setup a testing environment. I have the switch with 2 laptops connected each using a separate vlan. I can ping all vlans from each laptop but I cannot ping the other laptop.

here is my testing setup.

Vlan2 - eth0/1 - 10.10.10.1

vlan3 - eth0/2 - 192.168.202.1

Laptop 1 - 10.10.10.33 - eth0/1

Laptop 2 - 192.168.202.33 - eth0/2

I have added a manual route in windows:

Laptop 1 - route add 192.168.202.0 mask 255.255.255.0 10.10.10.1

Laptop 2 - route add 10.10.10.0 mas 255.255.255.0 192.168.202.1

I am still not able to ping each other

shehinpm1 · ‎10-07-2011

Hi jhone,

In addition to marshal explanation,the SW will take care of the routing part b'n 10.10.10.0 and 192.168.202.0.u dont have to

add this in windows machine.

just a simple example as per u r above config

conf)#vlan 2

#name test1

conf)#vlan 3

#name test2

conf)#ip routing

conf)#interface vlan 2

#ip address 10.10.10.1 255.255.255.0

no shut

conf)#interface vlan 3

#ip address 192.168.202.1 255.255.255.0

#no shut

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

connect lap in each ports put the respective vlan ip add set the G/W as vlan interface ip add,it should work.

BR,

shehin.pm

imanco671 · ‎10-07-2011

Hi Shehin.pm

I have found that I was missing the # switchport mode access

I removed the Windows routes.

Pinging will still not work.

Below are my config:

interface FastEthernet0/1

switchport access vlan 2

switchport mode access

spanning-tree portfast

!

interface FastEthernet0/2

switchport access vlan 3

switchport mode access

spanning-tree portfast

interface Vlan2

Ip address 10.10.10.1 255.255.255.0

Interface vlan3

ip address 192.168.202.1 255.255.255.0

Laptop configs:

Ip address- 10.10.10.22

255.255.255.0

gateway - 10.10.10.1

Ipaddress 192.168.202.33

255.255.255.0

gateway - 192.168.202.1

I am able to ping all VLANs from my laptops

IcebergTitanic · ‎10-07-2011

Just to quickly check, you don't have windows firewalls on, do you?

- You can ping VLAN gateways, so interfaces are up and your devices are on appropriate vlans.

- You can ping other VLAN gateways besides the one you're on, so basic routing appears to be working.

shehinpm1 · ‎10-07-2011

Hi,

if u can reach different vlan interface,then the prob b'n that vlan interface to the host,chk the windwn firewall is off in remote host

IcebergTitanic · ‎10-07-2011

Get rid of manual routes on the laptops. Don't need them.

Your VLAN IP addresses should be your default gateways for the computers on those vlans.

So for Laptop 1, config is:

IP = 10.10.10.33 netmask 255.255.255.0

Default GW = 10.10.10.1

Laptop 2:

IP = 192.168.202.33 netmask 255.255.255.0

Default GW = 192.168.202.1

They should automatically throw traffic that doesn't match their own network (first three numbers) at the default gateway. The switch should then route them appropriately.

imanco671 · ‎10-07-2011

Yes It was the firewalls, stupid me!

These test laptops are not in the domain (which a GPO handles disabling them) so I assumed they were off.

Thanks for the check. I am now able to ping.

It looks like routing is going good. I am able to ping to different subnets.

Thanks Community for the best help!!!!!