Solved: Allowing Two vlans to communicate with each other?

hakeem123 · ‎01-26-2019

i have total 8 vlans in my cisco 4510 model switch. i want vlan 2 should communicate with vlan 8

interface Vlan2
description ### VLAN_CCTV1###
ip address 192.168.34.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.34.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown

and also interface Vlan8
description ### VLAN_CCTV2###
ip address 192.168.55.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.55.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown

....i want these two vlans to communicate with each other. Kindly give me the best solution.

Andrew Khalil · ‎01-26-2019

@hakeem123 greetings,

To allow different vlans to communicate to each other, you will need to enable routing in your multilayer switch using the following command:

#ip routing

But now all vlans are allowed to communicate together,

the next step is to use access-list so that you can allow only a specific vlan to communicate with another one, so in your case you will need to issue the following commands:

# access-list 101 permit ip 192.168.34.0 0.0.1.255 192.168.55.0 0.0.1.255

#access-list 101 deny ip 192.168.34.0 0.0.1.255 any

#int vlan 2

#ip access-group 101 in

#exit

And so on, to all the vlans that you have so that you can control the communication between the several vlans!

Please don't forget to rate all helpful responses and mark solutions!

Bst Rgds,

Andrew Khalil

View solution in original post

MUHAMMAD TAYYAB MUNIR · ‎01-26-2019

Hi Hakeem,

The configuration very straight forward and make sure SVIs are up/up ,find configuration and verification outputs.

451-iAGG(config)#
451-iAGG(config)#interface Vlan2
451-iAGG(config-if)#description ### VLAN_CCTV1###
451-iAGG(config-if)#ip address 192.168.34.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.34.1
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)# interface Vlan8
451-iAGG(config-if)#description ### VLAN_CCTV2###
451-iAGG(config-if)#ip address 192.168.55.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.55.1
451-iAGG(config-if)#standby 1 pr
*Jan 26 13:56:56.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to downi
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#shutdown
*Jan 26 13:56:57.543: unix_ip_unreachable_changed: called through registry but this function does nothing!
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)#
*Jan 26 13:57:04.653: %LINK-3-UPDOWN: Interface Vlan8, changed state to down
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan 8
Vlan8 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#config t
Enter configuration commands, one per line. End with CNTL/Z.
451-iAGG(config)#inter vlan 2 ---> SVI will not come up until you create Vlan
451-iAGG(config-if)#no shut
451-iAGG(config-if)#inter vlan 8
451-iAGG(config-if)#no shut
451-iAGG(config-if)#exit
451-iAGG(config)#show ip inter
451-iAGG(config)#vlan 2
451-iAGG(config-vlan)#exit
451-iAGG(config)#vlan 8
451-iAGG(config-vlan)#end
451-iAGG#show ip
*Jan 26 13:58:36.616: %SYS-5-CONFIG_I: Configured from console by console
451-iAGG#show inter
451-iAGG#show interfaces vl
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan
*Jan 26 13:59:03.836: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
*Jan 26 13:59:04.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
451-iAGG#show interfaces vlan 8
Vlan8 is up, line protocol is up
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 60 bytes, 0 underruns
0 output errors, 0 interface resets
--More--
*Jan 26 13:59:08.627: %LINK-3-UPDOWN: Interface Vlan8, changed state to up
*Jan 26 13:59:09.628: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to up
0 unknown protocol drops

451-iAGG#ping 192.168.34.254 so
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:25.836: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:28.244: %HSRP-5-STATECHANGE: Vlan2 Grp 1 state Standby -> Active
451-iAGG#ping 192.168.34.254 source 192.168.55.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
451-iAGG#ping 192.168.34.254 source vlan 8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
451-iAGG#
*Jan 26 13:59:43.720: %HSRP-5-STATECHANGE: Vlan8 Grp 1 state Standby -> Active
451-iAGG#
451-iAGG#

*** Please rate all helpful responses and mark solutions***

View solution in original post

Andrew Khalil · ‎01-26-2019

@hakeem123 greetings,

To allow different vlans to communicate to each other, you will need to enable routing in your multilayer switch using the following command:

#ip routing

But now all vlans are allowed to communicate together,

the next step is to use access-list so that you can allow only a specific vlan to communicate with another one, so in your case you will need to issue the following commands:

# access-list 101 permit ip 192.168.34.0 0.0.1.255 192.168.55.0 0.0.1.255

#access-list 101 deny ip 192.168.34.0 0.0.1.255 any

#int vlan 2

#ip access-group 101 in

#exit

And so on, to all the vlans that you have so that you can control the communication between the several vlans!

Please don't forget to rate all helpful responses and mark solutions!

Bst Rgds,

Andrew Khalil

Jon Marshall · ‎01-26-2019

They will by default so you shouldn't have to do anything other than bring the interfaces up.

Jon

Deepak Kumar · ‎01-26-2019

Hi,

It is enabled by default but If not then run command "IP Routing"

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!

balaji.bandi · ‎01-26-2019

Make sure you unshut the interface vlan2 and vlan8, they are in shutdown mode in your config you posted.

interface Vlan2
description ### VLAN_CCTV1###
ip address 192.168.34.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.34.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown <-- no shut

and also interface Vlan8
description ### VLAN_CCTV2###
ip address 192.168.55.254 255.255.254.0
no ip redirects
no ip unreachables
no ip proxy-arp
standby 1 ip 192.168.55.1
standby 1 priority 150
standby 1 preempt
no ip route-cache
shutdown <-- no shut

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MUHAMMAD TAYYAB MUNIR · ‎01-26-2019

Hi Hakeem,

The configuration very straight forward and make sure SVIs are up/up ,find configuration and verification outputs.

451-iAGG(config)#
451-iAGG(config)#interface Vlan2
451-iAGG(config-if)#description ### VLAN_CCTV1###
451-iAGG(config-if)#ip address 192.168.34.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.34.1
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)# interface Vlan8
451-iAGG(config-if)#description ### VLAN_CCTV2###
451-iAGG(config-if)#ip address 192.168.55.254 255.255.254.0
451-iAGG(config-if)#no ip redirects
451-iAGG(config-if)#no ip unreachables
451-iAGG(config-if)#no ip proxy-arp
451-iAGG(config-if)#standby 1 ip 192.168.55.1
451-iAGG(config-if)#standby 1 pr
*Jan 26 13:56:56.975: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to downi
451-iAGG(config-if)#standby 1 priority 150
451-iAGG(config-if)#standby 1 preempt
451-iAGG(config-if)#no ip route-cache
451-iAGG(config-if)#shutdown
*Jan 26 13:56:57.543: unix_ip_unreachable_changed: called through registry but this function does nothing!
451-iAGG(config-if)#no shutdown
451-iAGG(config-if)#
*Jan 26 13:57:04.653: %LINK-3-UPDOWN: Interface Vlan8, changed state to down
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan 8
Vlan8 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#config t
Enter configuration commands, one per line. End with CNTL/Z.
451-iAGG(config)#inter vlan 2 ---> SVI will not come up until you create Vlan
451-iAGG(config-if)#no shut
451-iAGG(config-if)#inter vlan 8
451-iAGG(config-if)#no shut
451-iAGG(config-if)#exit
451-iAGG(config)#show ip inter
451-iAGG(config)#vlan 2
451-iAGG(config-vlan)#exit
451-iAGG(config)#vlan 8
451-iAGG(config-vlan)#end
451-iAGG#show ip
*Jan 26 13:58:36.616: %SYS-5-CONFIG_I: Configured from console by console
451-iAGG#show inter
451-iAGG#show interfaces vl
451-iAGG#show interfaces vlan 2
Vlan2 is down, line protocol is down
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV1###
Internet address is 192.168.34.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 packets output, 0 bytes, 0 underruns
0 output errors, 0 interface resets
0 unknown protocol drops
0 output buffer failures, 0 output buffers swapped out
451-iAGG#show interfaces vlan
*Jan 26 13:59:03.836: %LINK-3-UPDOWN: Interface Vlan2, changed state to up
*Jan 26 13:59:04.836: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up
451-iAGG#show interfaces vlan 8
Vlan8 is up, line protocol is up
Hardware is Ethernet SVI, address is aabb.cc82.2000 (bia aabb.cc82.2000)
Description: ### VLAN_CCTV2###
Internet address is 192.168.55.254/23
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output never, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes, 0 no buffer
Received 0 broadcasts (0 IP multicasts)
0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
1 packets output, 60 bytes, 0 underruns
0 output errors, 0 interface resets
--More--
*Jan 26 13:59:08.627: %LINK-3-UPDOWN: Interface Vlan8, changed state to up
*Jan 26 13:59:09.628: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan8, changed state to up
0 unknown protocol drops

451-iAGG#ping 192.168.34.254 so
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:25.836: %PNP-6-PNP_DISCOVERY_STOPPED: PnP Discovery stopped (Config Wizard)
451-iAGG#ping 192.168.34.254 source
*Jan 26 13:59:28.244: %HSRP-5-STATECHANGE: Vlan2 Grp 1 state Standby -> Active
451-iAGG#ping 192.168.34.254 source 192.168.55.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/4/5 ms
451-iAGG#ping 192.168.34.254 source vlan 8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.34.254, timeout is 2 seconds:
Packet sent with a source address of 192.168.55.254
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/5 ms
451-iAGG#
*Jan 26 13:59:43.720: %HSRP-5-STATECHANGE: Vlan8 Grp 1 state Standby -> Active
451-iAGG#
451-iAGG#

*** Please rate all helpful responses and mark solutions***

hakeem123 · ‎01-27-2019

THANKS ALL

Andrew Khalil · ‎01-27-2019

@hakeem123

Did you solve the issue?

Please don't forget to rate the helpful responses and to mark solutions!

Bst Rgds,

Andrew Khalil

hakeem123 · ‎01-28-2019

No. these two vlan are not pinging with each other.

Andrew Khalil · ‎01-28-2019

@hakeem123

I don’t understand did you solve your problem or still having that problem?

According to your last reply, I understood that there are 2 vlans not pinging each other, would you like that they ping each other ?

If so, can you till me how do you ping ? From where are you pinging ?

Please provide us us data so that we can support you!

I will I’ll be so happy to help you for fixing your issues!

Please don’t forget to rate all helpful responses and mark solutions!

Bst Rgds,

Andrew Khalil

MUHAMMAD TAYYAB MUNIR · ‎01-27-2019

@hakeem123

Happy to heard that your issue has been resolved :)

BR

Tayyab

*** Please rate all helpful responses and mark solutions***