Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1740
Views
0
Helpful
3
Replies

Catalyst 3650 interVlan routing across subnets?

TylerPereira9835
Level 1
Level 1

‎07-18-2019 01:09 PM - edited ‎07-18-2019 01:16 PM

Hello, I am attempting to to configure a setup with the attached configuration. In this config there is a server on vlan 1, two workstations on separate vlans that interface with the server on vlan 1 as well as another system on a separate vlan that cannot interface with the server on vlan 1.

 

* Note there is a typo for the IP on the vlan 3 system. This IP should be unique such as 192.168.10.4

Cisco Network Diagram.pngI've attempted this with my current configuration settings below, the issue I am having is the workstations are able to ping each other's system (i.e both vlan 2 system and vlan 3 system can access vlan 4). I believe this is due to the routing being enabled on the Level 3 switch but is there a way to disable routing between specific IPs or vlans? 

Or is there a  better approach to configuring the switch to support this setup besides setting the switchports to trunk multiple vlans? Thanks in advance for any feedback as I am a bit lost.

 

Running Configs on Ports

Switch#show running-config interface Gi1/0/1
Building configuration...

Current configuration : 38 bytes
!
interface GigabitEthernet1/0/1
end

Switch#show running-config interface Gi1/0/10
Building configuration...

Current configuration : 129 bytes
!
interface GigabitEthernet1/0/10
 switchport access vlan 2
 switchport trunk allowed vlan 1,2,4
 switchport mode trunk
end

Switch#show running-config interface Gi1/0/11
Building configuration...

Current configuration : 102 bytes
!
interface GigabitEthernet1/0/11
 switchport access vlan 3
 switchport trunk allowed vlan 1,3,5
 switchport mode trunk
end

Switch#show running-config interface Gi1/0/20
Building configuration...

Current configuration : 91 bytes
!
interface GigabitEthernet1/0/20
 switchport trunk native vlan 4
 switchport trunk allowed vlan 2,4
 switchport mode trunk
end

 

VLAN SUMMARY

Switch#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/12, Gi1/0/13, Gi1/0/14
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/24
                                                Gi1/1/1, Gi1/1/2, Te1/1/3
                                                Te1/1/4
2  vlan-2                             active
3  vlan-3                             active
4  vlan-4                             active    
5  vlan-5                             active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
Switch#

 

ROUTING SUMMARY
Switch#show ip route

         192.168.0.0/16 is variably subnetted, 4 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan4
L        192.168.1.2/32 is directly connected, Vlan4
C        192.168.10.0/24 is directly connected, Vlan1
L        192.168.10.2/32 is directly connected, Vlan1
Switch#

 

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎07-18-2019 01:45 PM - edited ‎07-18-2019 01:46 PM

Hi,

According to the output you posted, there are no ports any other vlan beside vlan 1. Also, in this setup there is no need for any trunk port as you are directly connecting all devices to only one switch. So, all ports should be configured as access ports only. Also, according to sh ip route you posted, there are 2 ip segments, one for vlan 1 and 1 for vlan 4. Other vlans don't have any SVI configured.

example of access port config:

interface GigabitEthernet1/0/11
 switchport access vlan 4
 switchport mode access

interface GigabitEthernet1/0/12 
switchport access vlan 4 
switchport mode access
and so on.....

 HTH

0 Helpful

pieterh
VIP
VIP

‎07-19-2019 06:15 AM

switchport access vlan 2
switchport trunk allowed vlan 1,2,4
switchport mode trunk

 

a trunk port is used in combination with native vlan  not access vlan

when the port is in mode trunk the command access vlan is ignored

 

for your current setup you need a network driver on the client that understands vlans/trunks

 

0 Helpful

Martin L
VIP
VIP

‎07-19-2019 11:49 PM


you need SVI (aka interface vlan x ip address x.x.x.x) for every directly connected vlan u want to route on L3 switch. for remote vlans. u will need route in RIB.

there are several examples of this on CLN where i would recommend search there
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card