cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1411
Views
10
Helpful
10
Replies

ip routing

Paloma!
Level 1
Level 1

Hello, I would like to know if there is a method (without adding a router) so that the machines of the default vlan communicate with the rest of the vlan???. In our network we have a core switch with a single vlan (default vlan) with ip 192.168.0.X to which I added other vlans (addresses in 10.1.X.X) and activated ip routing. Only the new Vlans can communicate with each other but they do not communicate with the default vlan machines.

Thank you in advance for your help.

1 Accepted Solution

Accepted Solutions

I am glad that the vlans are now communicating. To access the Internet something must do Network Address Translation. That generally would require a router or a firewall.

HTH

Rick

View solution in original post

10 Replies 10

balaji.bandi
Hall of Fame
Hall of Fame

2 Options :

 

remove

default-route and add ip route 

command should resolve the issue, based on the information.

enable IGP protocol so IGP can take care of routing.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Thanks for answering, in fact I just realized that if inter vlan routing works, what happens is that it is a network that was implemented many years ago, so everything is installed in VLAN 1 (default vlan), lol. The gateway IP used by all the machines is 192.168.0.250, but the vlan 1 interface is 192.168.0.85 (management IP). All the machines are configured with the gateway ip 192.168.0.250 (since it is the router ip) so when I did the ping test between Vlan 1 and vlan 20 it did not work and I understood that I had to change the gateway ip for 192.168.0.85 so they can communicate and it worked.

The problem will be the following, to be able to connect machines (that are in a VlaN X) and that must connect to the domain, in order to obtain an ip in dhcp, the AD domain controllers and DHCP servers must change the gateway ip to 192.168. 0.85 to be contacted.

Thank very much

The original post specified that you were looking for a solution without adding a router. And in that case the solution is, as you describe it correctly, that the devices in vlan 1 must have their default gateway set to be the address of the SVI of the switch. This will enable forwarding traffic between all of the vlans.

In the recent response you indicate that there is a router in the network, which was the gateway for vlan 1. If there is a router then there are a couple of things that need to be considered:

- will devices in the new vlans need access to "remote" networks?

- if the devices will need access to remote networks will that access be through the router that currently works for vlan 1?

- if the devices will use the router for outside access then the router will need to be configured with routing information about the new networks (which might be static routes or might be running a dynamic routing protocol with the switch, or might be accomplished by configuring the switch to router connection as a trunk and extending the new vlans to the router).

- whatever solution is chosen for the new vlans to get outside access, if the new vlans will be getting Internet access through the router then the router will need to be configured with Network Address Translation for the new networks/subnets.

HTH

Rick

Hello Burton
We are going to contact the company that manages the internet access and
the firewall to ask them to add the ip addresses of each vlan that has been
added to the switch, so that these vlans can not only communicate with each
other but also have access to the internet.
Later we will use a firewall router that will be managed directly by us and
that will greatly facilitate the administration of the network.
Thank you very much for your assistance.

Contacting the company that manages the internet access is a good short term solution. They would need to add routes to their routing table for the subnets of the new vlans. They would also need to add Network Address Translation logic for the new subnets. Getting your own firewall router that you manage is a good longer term solution. I hope it goes well. Thank you for marking this question as solved. This will help other participants in the community to identify discussions which have helpful information. This community is an excellent place to ask questions and to learn about networking. I hope to see you continue to be active in the community.

HTH

Rick

since the same L3SW and there are SVI for VLAN and this SVI is UP,  the only reason they can not connect to each other is the default VLAN in different VRF than other VLAN. 
so do show ip route and you must see all SVI subnet if not then check you config again for VRF.

Hello,

 

post the full running configuration of your core switch...

I agree with @Georg Pauwen that we need additional information. The original post says that there are multiple vlans in addition to the default vlan 192.168.0.0, that ip routing was enabled, and that the new vlans can communicate with each other but can not communicate with the default vlan. The fact that the new vlans can communicate with each other is an indication that ip routing is working. So it is not likely that not communicating with the default vlan is a routing issue. I have a couple of guesses about what the problem might be:

- perhaps the hosts in the default vlan do not have their gateway set to the core switch which would prevent them from communicating with other vlans.

- perhaps there is some security policy implemented that prevents the default vlan from communicating with other vlans.

- perhaps the new vlans are connected to a switch different from the core switch.

Seeing the complete config of the core switch would be a good starting point. It might also be helpful to have a better understanding of the topology of this network and whether there are other networking devices other than the core switch. It might also be helpful to have the output of these commands on the core switch

show ip route
show arp
show vlan 
show interface status
HTH

Rick

Merci beaucoup Richard, en fait le routage IP Vlan fonctionnait correctement, après je me suis rendu compte qu'il fallait changer l'adresse de passerelle des machines appartenant au Vlan 1 , ils avaient l'i.p 192.168.0.250 (IP du routeur) et l'adresse d'interface Vlan 1c'est i.p 192.168.0.85. 

Avec la passerelle en 192. 168.0.85 tous les Vlans communiquent. 

Le nouveau soucis c'est de connecter tous les Vlans a internet sans toucher du côté routeur FAI (box internet) car seule la compagnie  peut l'administrer . Je ne sais pas si cela est possible où il faut obligatoirement passer par un router.

Merci d'avance encore de votre aide.

I am glad that the vlans are now communicating. To access the Internet something must do Network Address Translation. That generally would require a router or a firewall.

HTH

Rick
Review Cisco Networking for a $25 gift card