10-02-2005 09:37 PM - edited 03-03-2019 10:38 AM
Dear All;
I have Cisco Catalyst Switch 4006 with Supervisor II OS with 4232-L3 routing module, witch is configured for 5 VLANS, each VLAN cann't communicate with others.
I want to make VLAN 5 as a common VLAN so it can communicate with all others VLANS.
Attached is a copy of my show running-config on the routing blade
Please Help
Thanks
10-03-2005 06:50 AM
I assume your gigabit interface are trunks to other switches??
Create 5 VLAN interfaces. i.e. Interface VLAN1 thru VLAN5. Move your 'ip address' and 'ip helper' commands under their respective VLAN interface. Don't forget to enable the vlan interfaces by issuing the 'no shutdown' command under each interface.
Your InterVlan routing should function provided you are using the proper IOS feature set.
HTH
10-03-2005 09:09 PM
hi,
Thanks sir for you comment, I don't have other switches I have only one Cisco Catalyst Switch 4006 with Supervisor II OS with 4232-L3 routing module.
Sorry I don't understand what do u mean by "Create 5 VLAN interfaces. i.e. Interface VLAN1 thru VLAN5. Move your 'ip address' and 'ip helper' commands under their respective VLAN interface"
the exact setuation is I have 5 Vlan with 1 DHCP server in VLAN3, all Vlans Picking IP address from this DHCP, all VLANS is not comunicated together, what I would like to do is make VLAN5 is able to access and communicate with all other VLANs but keep other VLANs (2,3,4) not communicated as it is..
Thank you in advance and please try to help me ASAP cuz it's very urgent for me
Thanks
10-04-2005 06:27 AM
you can create virtual interface for VLAN 5 and put the access list to block the routing for other`s VLAN.thankx
door
10-04-2005 09:21 AM
hi door,
please give me more details
10-06-2005 01:17 PM
UP
Please, anybody try to help URGENT
10-06-2005 03:02 PM
Can you post your current configuration so we can help.
Daniel
10-11-2005 11:53 PM
In your current configuration, the vlan doesn't exist.
You have to create 5 vlan first.
Best regards.
10-12-2005 10:00 PM
Hi,
it's a little bit different to configure inter vlan routing in 4000 series. First, check this link
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat4000/inst_nts/78_10164.htm#24106
http://www.cisco.com/en/US/tech/tk389/tk689/technologies_tech_note09186a008009478e.shtml
1.Console your SUP, create vlan 1-5.
2.There are 2 virtual gigabit link, between SUP and the routing module (4233), you can configure them as ether channel. Then,
configure this link as trunk. In 4006, they don't support isl, so you must use dot1q.
3.COnsole your routing module, after configure the gigabit link as ether channel, then don't forget to configure this link as
trunk.
4.configure sub interface on gigabit link,
ex:
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 1
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 2
.
.
interface g1/1.1 switch port trunk encapsulation dot1q --> vor vlan 5
at this point, vlan 1-5 can communicate each other well. That's all to make intervlan routing in 4000 series. But our goal
is...
to make only vlan 5 is accessible for the others, that's why we must congigure accesst-list. for example, the ip address are
for vlan 1 192.168.1.x
for vlan 2 192.168.2.x
for vlan 3 192.168.3.x
for vlan 4 192.168.4.x
for vlan 5 192.168.5.x
and then we can create accesst-list, in this case i refer to use extended accesst-list,
ip access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.5.0 0.0.0.255
then apply to sub-interface for vlan 1
interface g1/1.1
ip access-group 101
well, i think that's all, now you can make access-list for the rest.
i hope this can help,
regards,
10-13-2005 12:21 AM
Dear friend
Thanks for your help, right now I have some confusion after submiting my case in the forum I got so many replies and right now I don't know if the inter-vlan routing is working on my switch or not !!!my current setiuation is:
1- I have 5 Vlans 1 5 with IPs
- (VLAN 2) 172.16.2.10 172.16.2.254
- (VLAN 3) 172.16.3.10 172.16.3.254
- (VLAN 4) 172.16.4.10 172.16.4.254
All PCs connected to these Vlans has a Deferent Gateway witch is ISA server witch is PC inside the same VLAN For Ex. VLAN3 PCs has gateway (172.16.3.8) and its picking up this gateway config automatically from DHCP server
I have One DHCP Server witch is a part of VLAN3 with IP (172.16.3.6) and its gateway VLAN3 IP (172.16.1.5) IP for routing blade in Vlan3
Right now any PC is connected to VLAN 2 or 3 or 4 with gateways witch picking it from DHCP server (172.16.3.8 for VLAN3 and 172.16.2.10 for VLAN 2 and 172.16.4.10 for VLAN4) those PCs are NOT ABLE TO COMMUNICATE WITH OTHER PCs IN OTHER Vlans
Meaning VLAN2 PC not able to communicate with VLAN3 PC
And Also VLAN 2 and 4 PCs not able to communicate with DHCP Server (only picking up an IP but there is no ability to communicate and ping command showing host is not reachable
But all PCs in any Vlan with gateway as IP of subinterface for routing blade for the same VLAN are able to communicate together
I dont have any ACL running on my router
Hope that can give u some details about my network
Right now I would like to make VLAN 5 witch is like a common VLAN I want to connect around 3 or 4 PCs only to this VLAN and these 4-5 PCs are able to communicate with all other PCs on my network in any VLAN
I have create this vlan
set vlan 5 3/35
Router# config term
Interface gigaethernet 3.5
IP address 172.16.5.1
Encapsulation dot1Q 5
IP-helper address 172.16.3.6
Now PC on port 3/35 able to picking IP from DHCP server but not able to communicate with others Vlans
The WS-X4232-L3 module is connected to slot 2 so I have set a trunk for this slot like this
set trunk 2/1 noneg dot1q 1-1005
but still there is no communication between Vlans
Please try to give me a clear steps so I can follow it to oslve this Problem
Thank you very much and waiting for reply ASAP
Ahmed
10-13-2005 01:37 AM
Hi Ahmed,
do you have a diagram of your network? if you don't mind, pleas attach the diagram.
and please attach also:
1.sh version from SUP and Routing module
2.sh run from SUP and Routing module
thankz...
10-13-2005 04:24 AM
10-18-2005 07:48 PM
Hi Handoko,
di u got my files ? please try to reply I need this help urgent
Thanks
11-16-2005 01:44 AM
sorrie, just came back from long holliday...
according to your file, vlan 5 is still down,
GigabitEthernet3.5 is up, line protocol is down
Hardware is xpif_port, address is 000a.425b.1409 (bia 000a.425b.1409)
Internet address is 172.16.5.1/24
MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec, rely 255/255, load 1/255
Encapsulation 802.1Q Virtual LAN, Vlan ID 5.
ARP type: ARPA, ARP Timeout 04:00:00
this is happen because no host/port on vlan 5 is up.
try to make vlan 5 on switching module, and then make one or two port as vlan 5.
then, please update the file that you uploaded here.
thankz.
11-16-2005 03:02 AM
hi hondoko
The port is already configured for Vlan 5 and I have a laptop connected to this port for checking
Regards
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide