Can I use switch 3750 as router layer 3 without NAT?

iboreaniz · ‎01-14-2013

Hi all,

I've created a scenario using a 3750 cisco as core switch ad other 6 switch model 2900 in access level.

my problem is this, the router is not a cisco router, and this router is not able to make NAT on more than one subnet.

Into the core switch I've created 4 VLAN and I must to give internet access to 3 of them, 192.168.0.0/24 (vlan1), 172.16.0.0/24 (vlan2), 172.17.0.0/24 (vlan3).

I've connected the switch to router via gigabit ethernet 0/1 and I've assigned to this interface ip address 192.168.10.2, the router ip address is 192.168.10.1, Switch ip default-gateway is router ip address 192.168.10.1, ip default route is 0.0.0.0 0.0.0.0 192.168.10.1

I've enabled ip routing feature and I've set no switchport feature to interface gigabit ethernet 0/1.

From core switch I can ping router ip address but I can't make it from all other user, and the users not able to have internet access.

Someone can help me..?

Below the switch configuration (only necessary strings)

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CoreSwitch

!

ip routing

!!

!

interface FastEthernet0/1

no ip address

!

interface FastEthernet0/5

description to VLAN3 switch

switchport access vlan 3

switchport mode access

no ip address

spanning-tree portfast

!

interface FastEthernet0/6

description to VLAN1 switch

switchport access vlan 1

switchport mode access

no ip address

spanning-tree portfast

!

interface FastEthernet0/7

description to VLAN2 switch

switchport access vlan 2

switchport mode access

no ip address

spanning-tree portfast

!

interface GigabitEthernet0/1

description To Internet_Router

no switchport

ip address 192.168.10.2 255.255.255.0

!

interface Vlan1

description WIFI_VLAN

ip address 192.168.0.1 255.255.255.0

!

interface Vlan2

description USER_VLAN

ip address 172.16.0.1 255.255.255.0

!

interface Vlan3

description SERVER_VLAN

ip address 172.17.0.1 255.255.255.0

!

interface Vlan10

description MANAGEMENT_VLAN

ip address 10.1.10.1 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 192.168.10.1

no ip http server

!

line con 0

password cisco

login

line vty 0 4

!

end

Reza Sharifi · ‎01-14-2013

Hi,

From core switch I can ping router ip address but I can't make it from all other user, and the users not able to have internet

Do the users have the correct default gateways on there hosts?

Can the uses ping the svi interfaces (vlan 1, 2, 3 and 10) on the 3750?

HTH

iboreaniz · ‎01-14-2013

Hi,thank you for response.

yes, all users can ping the svi interfaces, but they can't ping router and if from one of user I make a tracert 192.168.10.1, the first step is core switch svi interface and then no other step is available.

Reza Sharifi · ‎01-14-2013

Ok, the router needs to have a static route to the users's subnets. Or if you are running a routing protocol, you need to enable it on both the router and the 3750.

So, on the route you need something like this:

ip route 192.168.0.0 255.255.255.0 192.168.10.1

ip route 192.168.10.0 255.255.255.0 192.168.10.1

ip route 172.17.0.1 255.255.255.0 192.168.10.1

etc...

HTH

Richard Burts · ‎01-14-2013

I believe that Reza has correctly identified the problem that the router does not have routes to the subnets configured on the switch. Since we do not know what kind of router it is (we only know it is not a Cisco) we do not know what routing options are available. But static routes is usually a safe choice.

One issue in his response is the next hop address he uses, which is the router own address. The next hop should be the switch address.

HTH

Rick

Sent from Cisco Technical Support iPad App

HTH

Rick

iboreaniz · ‎01-14-2013

Hi,

the router is not a cisco router but i'll try to make it,

As soon as possible I'll post any update.

thank you very much.

Praveen AR · ‎01-15-2013

Hi,

yes Reza is correct, there is no return path to the source in the routing table of router.

Regards

Praveen