01-26-2019 03:12 AM - edited 03-08-2019 05:09 PM
i have total 8 vlans in my cisco 4510 model switch. i want vlan 2 should communicate with vlan 8
interface Vlan2
description ### VLAN_CCTV1###
ip address 192.168.34.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.34.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown
and also interface Vlan8
description ### VLAN_CCTV2###
ip address 192.168.55.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.55.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown
....i want these two vlans to communicate with each other. Kindly give me the best solution.
Solved! Go to Solution.
01-26-2019 03:31 AM
@hakeem123 greetings,
To allow different vlans to communicate to each other, you will need to enable routing in your multilayer switch using the following command:
#ip routing
But now all vlans are allowed to communicate together,
the next step is to use access-list so that you can allow only a specific vlan to communicate with another one, so in your case you will need to issue the following commands:
# access-list 101 permit ip 192.168.34.0 0.0.1.255 192.168.55.0 0.0.1.255
#access-list 101 deny ip 192.168.34.0 0.0.1.255 any
#int vlan 2
#ip access-group 101 in
#exit
And so on, to all the vlans that you have so that you can control the communication between the several vlans!
Please don't forget to rate all helpful responses and mark solutions!
Bst Rgds,
Andrew Khalil
01-26-2019 06:06 AM
Hi Hakeem,
The configuration very straight forward and make sure SVIs are up/up ,find configuration and verification outputs.
451-iAGG(config)#
451-iAGG(config)#interface Vlan2
451-iAGG(config-if)#description ### VLAN_CCTV1###
451-iAGG(config-if)#ip address 192.168.34.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.34.1
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)# interface Vlan8
451-iAGG(config-if)#description ### VLAN_CCTV2###
451-iAGG(config-if)#ip address 192.168.55.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.55.1
451-iAGG(config-if)#standby 1 pr
*Jan 26 13:56:56.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to downi
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#shutdown
*Jan 26 13:56:57.543: unix_ip_unreachable_changed: called through registry but this function does nothing!
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)#
*Jan 26 13:57:04.653: %LINK-3-UPDOWN: Interface Vlan8, changed state to down
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan 8
Vlan8 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#config t
Enter configuration commands, one per line. End with CNTL/Z.
451-iAGG(config)#inter vlan 2 ---> SVI will not come up until you create Vlan
451-iAGG(config-if)#no shut
451-iAGG(config-if)#inter vlan 8
451-iAGG(config-if)#no shut
451-iAGG(config-if)#exit
451-iAGG(config)#show ip inter
451-iAGG(config)#vlan 2
451-iAGG(config-vlan)#exit
451-iAGG(config)#vlan 8
451-iAGG(config-vlan)#end
451-iAGG#show ip
*Jan 26 13:58:36.616: %SYS-5-CONFIG_I: Configured from console by console
451-iAGG#show inter
451-iAGG#show interfaces vl
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan
*Jan 26 13:59:03.836: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
*Jan 26 13:59:04.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
451-iAGG#show interfaces vlan 8
Vlan8 is up, line protocol is up
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 60 bytes, 0 underruns
0 output errors, 0 interface resets
--More--
*Jan 26 13:59:08.627: %LINK-3-UPDOWN: Interface Vlan8, changed state to up
*Jan 26 13:59:09.628: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to up
0 unknown protocol drops
451-iAGG#ping 192.168.34.254 so
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:25.836: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:28.244: %HSRP-5-STATECHANGE: Vlan2 Grp 1 state Standby -> Active
451-iAGG#ping 192.168.34.254 source 192.168.55.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
451-iAGG#ping 192.168.34.254 source vlan 8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
451-iAGG#
*Jan 26 13:59:43.720: %HSRP-5-STATECHANGE: Vlan8 Grp 1 state Standby -> Active
451-iAGG#
451-iAGG#
01-26-2019 03:31 AM
@hakeem123 greetings,
To allow different vlans to communicate to each other, you will need to enable routing in your multilayer switch using the following command:
#ip routing
But now all vlans are allowed to communicate together,
the next step is to use access-list so that you can allow only a specific vlan to communicate with another one, so in your case you will need to issue the following commands:
# access-list 101 permit ip 192.168.34.0 0.0.1.255 192.168.55.0 0.0.1.255
#access-list 101 deny ip 192.168.34.0 0.0.1.255 any
#int vlan 2
#ip access-group 101 in
#exit
And so on, to all the vlans that you have so that you can control the communication between the several vlans!
Please don't forget to rate all helpful responses and mark solutions!
Bst Rgds,
Andrew Khalil
01-26-2019 03:32 AM - edited 01-26-2019 03:33 AM
They will by default so you shouldn't have to do anything other than bring the interfaces up.
Jon
01-26-2019 05:11 AM
Hi,
It is enabled by default but If not then run command "IP Routing"
Regards,
Deepak Kumar
01-26-2019 05:35 AM
Make sure you unshut the interface vlan2 and vlan8, they are in shutdown mode in your config you posted.
interface Vlan2
description ### VLAN_CCTV1###
ip address 192.168.34.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.34.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown <-- no shut
and also interface Vlan8
description ### VLAN_CCTV2###
ip address 192.168.55.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.55.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown <-- no shut
01-26-2019 06:06 AM
Hi Hakeem,
The configuration very straight forward and make sure SVIs are up/up ,find configuration and verification outputs.
451-iAGG(config)#
451-iAGG(config)#interface Vlan2
451-iAGG(config-if)#description ### VLAN_CCTV1###
451-iAGG(config-if)#ip address 192.168.34.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.34.1
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)# interface Vlan8
451-iAGG(config-if)#description ### VLAN_CCTV2###
451-iAGG(config-if)#ip address 192.168.55.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.55.1
451-iAGG(config-if)#standby 1 pr
*Jan 26 13:56:56.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to downi
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#shutdown
*Jan 26 13:56:57.543: unix_ip_unreachable_changed: called through registry but this function does nothing!
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)#
*Jan 26 13:57:04.653: %LINK-3-UPDOWN: Interface Vlan8, changed state to down
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan 8
Vlan8 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#config t
Enter configuration commands, one per line. End with CNTL/Z.
451-iAGG(config)#inter vlan 2 ---> SVI will not come up until you create Vlan
451-iAGG(config-if)#no shut
451-iAGG(config-if)#inter vlan 8
451-iAGG(config-if)#no shut
451-iAGG(config-if)#exit
451-iAGG(config)#show ip inter
451-iAGG(config)#vlan 2
451-iAGG(config-vlan)#exit
451-iAGG(config)#vlan 8
451-iAGG(config-vlan)#end
451-iAGG#show ip
*Jan 26 13:58:36.616: %SYS-5-CONFIG_I: Configured from console by console
451-iAGG#show inter
451-iAGG#show interfaces vl
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan
*Jan 26 13:59:03.836: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
*Jan 26 13:59:04.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
451-iAGG#show interfaces vlan 8
Vlan8 is up, line protocol is up
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 60 bytes, 0 underruns
0 output errors, 0 interface resets
--More--
*Jan 26 13:59:08.627: %LINK-3-UPDOWN: Interface Vlan8, changed state to up
*Jan 26 13:59:09.628: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to up
0 unknown protocol drops
451-iAGG#ping 192.168.34.254 so
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:25.836: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:28.244: %HSRP-5-STATECHANGE: Vlan2 Grp 1 state Standby -> Active
451-iAGG#ping 192.168.34.254 source 192.168.55.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
451-iAGG#ping 192.168.34.254 source vlan 8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
451-iAGG#
*Jan 26 13:59:43.720: %HSRP-5-STATECHANGE: Vlan8 Grp 1 state Standby -> Active
451-iAGG#
451-iAGG#
01-27-2019 01:43 AM
01-27-2019 01:46 AM
Did you solve the issue?
Please don't forget to rate the helpful responses and to mark solutions!
Bst Rgds,
Andrew Khalil
01-28-2019 12:50 AM
01-28-2019 02:53 AM
I don’t understand did you solve your problem or still having that problem?
According to your last reply, I understood that there are 2 vlans not pinging each other, would you like that they ping each other ?
If so, can you till me how do you ping ? From where are you pinging ?
Please provide us us data so that we can support you!
I will I’ll be so happy to help you for fixing your issues!
Please don’t forget to rate all helpful responses and mark solutions!
Bst Rgds,
Andrew Khalil
01-27-2019 01:50 AM
Happy to heard that your issue has been resolved :)
BR
Tayyab
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide