cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2591
Views
0
Helpful
19
Replies

configure intervlan on catalyst 3750

nicanor00
Level 1
Level 1

Hi All

I emplamented the configuration example of this link :

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

My architecture is the same as show on the link with some difference

I use the router 1841 for inetrnet connexion instead of 7200VXR, this router 1841 is connected on the catalyst 3750 port G1/0/1

I use catalyst 2960 instead of catalyst 2950 or 2948

I use ASA 5510 for conexion on remote branche(I have 5 remote site), This ASA is connected on the catalyst 3750 port G1/0/37

Result of the test

I can ping devices in the same Vlans

I can ping devices in different VLANs

I can ping all device from the catalyst 3750

I cannot ping the router 1841 or ASA 5510 from the any devices (computer)

The gateway of each computer is the correpondant VLAN IP address configured on the catalyst 3750

Why I cannot ping the router 1841 or ASA 5510 from the any devices (computer)

Please advise

Thanks

1 Accepted Solution

Accepted Solutions

Nop, you NO need to make any changes on either Router or ASA except given routing change.

all you need to do, remove existing IP addresses from Gi1/01 and Gi1/0/37 on 3750 and assign it on L-3 Vlan and take both these interfaces under that Vlan, the Router and ASA will have same IP (existing) so that you will able to ping 192.168.1.100 (Vlan-100) IP from both Router and ASA.

Below is change on 3750 for interfaces and Vlan -

Existing config -

interface GigabitEthernet1/0/1

description to INTERNET_ROUTER_1841

ip address 192.168.1.3 255.255.255.0

no switchport

interface GigabitEthernet1/0/37

description to ASA_5510

ip address 192.168.1.5 255.255.255.0

no switchport

New config-

interface GigabitEthernet1/0/1

description to INTERNET_ROUTER_1841

no ip add

switchport

interface GigabitEthernet1/0/37

description to ASA_5510

no ip add

switchport

--------------------------

B - Create a new L-3 Vlan

# Vlan 100 (hope this vlan not exist)

# name Backbone_Vlan

# int vlan 100

# ip add 192.168.1.100 255.255.255.0 (free IP)

# int Gi 1/0/1

# switchport access vlan 100

# int Gi 1/0/37

# switchport access vlan 100

2. Put the below Routes on Router -

# ip route 192.168.13.0 255.255.255.0 192.168.1.100

# ip route 192.168.14.0 255.255.255.0 192.168.1.100

3. Put the below Routes on ASA

# route name_connecting_to_3750> 192.168.13.0 255.255.255.0 192.168.1.100

# route name_connecting_to_3750> 192.168.14.0 255.255.255.0 192.168.1.100

View solution in original post

19 Replies 19

cadet alain
VIP Alumni
VIP Alumni

Hi,

You need a route on the 1841 and ASA to be able to  send the icmp echo-replies back to source  which is in a subnet not directly connected.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Kindly share ip scheme so we can tell you the exact static routes

Hi

Kindly found below the IP address information

Cisco 1841 : 192.168.1.1/24

ASA5510 : 192.168.1.2/24

IP address of 3750 G1/0/1 port 192.168.1.3/24

IP address of 3750 G1/0/37 port 192.168.1.5/24

Vlan IP address

vlan 2 : 192.168.13.0/26

vlan 3 : 192.168.13.64/26

vlan 4 : 192.168.13.128/26

vlan 5 : 192.168.13.193/26

vlan 6 : 192.168.14.0/27

vlan 7 : 192.168.14.32/27

vlan 8 : 192.168.14.64/27

vlan 9 : 192.168.14.96/27

vlan 10 : 192.168.14.128/27

vlan 11 : 192.168.14.160/27

vlan 12 : 192.168.14.192/27

vlan 13 : 192.168.14.224/27

Thanks in advance for your help

Hi,

Can you show output from these commands?

on 3750:

sh run int g1/0/1

sh run int g1/0/37

sh ip int br

Abzal

Best regards,
Abzal

Are you sure you have provided IP per below on 3750? coz it should get overlap on network, can you provided output "show ip route" from Router and "show route" from ASA?

IP address of 3750 G1/0/1 port 192.168.1.3/24

IP address of 3750 G1/0/37 port 192.168.1.5/24

Yes I give the goo IP

I am too far away from the site and I dont have remote access to copy and post the ip route

I use the router 1841 for inetrnet connexion, this router 1841 is connected on the catalyst 3750 port G1/0/1

I use ASA 5510 for conexion on remote branche(I have 5 remote site), This ASA is connected on the catalyst 3750 port G1/0/37

There is no vlan on port G1/0/1 and port G1/0/37 of catalyst 3750

Result of the test

I can ping devices in the same Vlans

I can ping devices in different VLANs

I can ping all device from the catalyst 3750

I cannot ping the router 1841 or ASA 5510 from the any devices (computer)

The gateway of each computer is the correpondant VLAN IP address configured on the catalyst 3750

Kindly found below the IP address information

Cisco 1841 : 192.168.1.1/24

ASA5510 : 192.168.1.2/24

IP address of 3750 G1/0/1 port 192.168.1.3/24

IP address of 3750 G1/0/37 port 192.168.1.5/24

Vlan IP address

vlan 2 : 192.168.13.0/26

vlan 3 : 192.168.13.64/26

vlan 4 : 192.168.13.128/26

vlan 5 : 192.168.13.193/26

vlan 6 : 192.168.14.0/27

vlan 7 : 192.168.14.32/27

vlan 8 : 192.168.14.64/27

vlan 9 : 192.168.14.96/27

vlan 10 : 192.168.14.128/27

vlan 11 : 192.168.14.160/27

vlan 12 : 192.168.14.192/27

vlan 13 : 192.168.14.224/27

Wich route should I add on the 1841 and ASA

Why I cannot ping the router 1841 or ASA 5510 from the any devices (computer)

Thanks in advance for your help

I guess, you need to reverify for config on 3750 again, putting the ip on two different interface on same device out of same subnet is not possible, it might be one of the interface is Down thats why you may able to provide ip from subne or subnet range would be different.

can you provide config for 3750? so that routing can be suggested..Thx

Other thing you can do, create a New L3-Vlan on 3750 and take both the ports for Router and ASA under that Vlan and then provide ip routes on Router and ASA per below -

1. On 3750 Switch -

NOTE - You have to physically access the 3750 coz it will disconnect the connectivity to both Router and ASA, and if you are accessing  3750 remotely then you may lose your access as well so access it from physical location - Also take latest backup for configs before make any chabges.

A. First remove the IP from both the interfaces on 3750  -

IP address of 3750 G1/0/1 port 192.168.1.3/24

IP address of 3750 G1/0/37 port 192.168.1.5/24

B - Create a new L-3 Vlan

# Vlan 100 (hope this vlan not exist)

# name Backbone_Vlan

# int vlan 100

# ip add 192.168.1.100 255.255.255.0 (free IP)

# int Gi 1/0/1

# switchport access vlan 100

# int Gi 1/0/37

# switchport access vlan 100

2. Put the below Routes on Router -

# ip route 192.168.13.0 255.255.255.0 192.168.1.100

# ip route 192.168.14.0 255.255.255.0 192.168.1.100

3. Put the below Routes on ASA

# route name_connecting_to_3750> 192.168.13.0 255.255.255.0 192.168.1.100

# route name_connecting_to_3750> 192.168.14.0 255.255.255.0 192.168.1.100

Above may also serve you solution -

Hi

Found below the actual sh run of 3750

Why do I need to create another vlan for port 1 and port 37, by default these 2 port is in vlan 1:

Is it absolutly neccesery to put port G1/0/1 and G1/0/37 in new vlan X ?

If I put these 2 ports in vlan 10 I should configure the ASA ans router 1841 port with vlan 100 ?

Can I sumarize the route in ASA and router 1841 ?

Please advise

SWITCH_3750#

SWITCH_3750#

SWITCH_3750#sh run

Building configuration...

Current configuration : 5585 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

service password-encryption

!

hostname SWITCH_3750

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

clock timezone UTC 10

clock summer-time UTC recurring last Sun Mar 2:00 last Sun Oct 3:00

switch 1 provision ws-c3750x

system mtu routing 1500

ip routing

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

shutdown

!

interface GigabitEthernet1/0/1

description to INTERNET_ROUTER_1841

ip address 192.168.1.3 255.255.255.0

no switchport

!

interface GigabitEthernet1/0/2

description to SWITCH_9_2960

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/3

description to SWITCH_3550_DHCP

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/4

description to SWITCH_2_2960

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/5

description to SWITCH_3_2960

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/6

description to SWITCH_4_2960

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/7

description to SWITCH_5_2960

switchport trunk encapsulation dot1q

!

interface GigabitEthernet1/0/8

!

interface GigabitEthernet1/0/9

!

interface GigabitEthernet1/0/10

!

interface GigabitEthernet1/0/11

interface GigabitEthernet1/0/36

!

interface GigabitEthernet1/0/37

description to ASA_5510

ip address 192.168.1.5 255.255.255.0

no switchport

!

interface GigabitEthernet1/0/38

!

interface GigabitEthernet1/0/39

!

interface GigabitEthernet1/0/40

description to PC_VLAN5

switchport access vlan 5

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/41

description to PC_VLAN6

switchport access vlan 6

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/42

description to PC_VLAN7

switchport access vlan 7

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/43

description to PC_VLAN8

switchport access vlan 8

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/44

description to PC_VLAN9

switchport access vlan 9

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/45

!

interface GigabitEthernet1/0/46

!

interface GigabitEthernet1/0/47

!

interface GigabitEthernet1/0/48

!

interface GigabitEthernet1/1/1

!

interface GigabitEthernet1/1/2

!

interface GigabitEthernet1/1/3

!

interface GigabitEthernet1/1/4

!

interface TenGigabitEthernet1/1/1

!

interface TenGigabitEthernet1/1/2

!

interface Vlan1

no ip address

!

interface Vlan2

ip address 192.168.13.1 255.255.255.128

!

interface Vlan3

ip address 192.168.13.65 255.255.255.128

!

interface Vlan4

ip address 192.168.13.129 255.255.255.128

!

interface Vlan5

ip address 192.168.13.193 255.255.255.128

interface Vlan6

ip address 192.168.14.1 255.255.255.192

!

interface Vlan7

ip address 192.168.14.33 255.255.255.192

!

interface Vlan8

ip address 192.168.14.65 255.255.255.192

!

interface Vlan9

ip address 192.168.14.97 255.255.255.192

!

interface Vlan10

description VLAN MANAGEMENT

ip address 192.168.14.129 255.255.255.192

!

ip classless

ip http server

ip http secure-server

!

ip sla enable reaction-alerts

!

!

end

SWITCH_3750#

Hi,

G1/0/1 and g1/0/37 Interfaces are Layer 3 interface. Because of no switchport command. You can either put them on separate VLAN or change ip addresses not to be on the same subnets.
Example:
3750

int g1/0/1
ip add 192.168.100.1 255.255.255.252

int g1/0/37
ip add 192.168.101.1 255.255.255.252

1841

int
ip add 192.168.100.2 255.255.255.252

ASA
int
ip add 192.168.101.2 255.255.255.252




Sent from Cisco Technical Support iPhone App

Best regards,
Abzal

Yes, by default interfaces comes in Vlan 1 which has NO IP address assigned, but thats not an issue, both the ports

Gi 1/0/1 and Gi 1/0/37 are routed ports so 3750 also has to understand if request come for subnet 192.168.1.0/24 then what interface it should use, in this case device may get confuse or do routing loop

so if you create one more Vlan 100 (which is not exist) so you will have single L-3 Vlan for subnet 192.168.1.0/24 and once you take above both ports under that Vlan then your Router and ASA will have in same broadcast domain with same subnet, and once you put routing entry on Router & ASA suggested you will have all subnet rechability from them

secondly, there isnt found any default gateway on 3750, so in order to access internet there should be one default route for device connected to internet.

config suggested below -

1. On 3750 Switch -

NOTE - You have to physically access the 3750 coz it will disconnect the  connectivity to both Router and ASA, and if you are accessing  3750  remotely then you may lose your access as well so access it from  physical location - Also take latest backup for configs before make any  chabges.

A. First remove the IP from both the interfaces on 3750  -

IP address of 3750 G1/0/1 port 192.168.1.3/24

IP address of 3750 G1/0/37 port 192.168.1.5/24

B - Create a new L-3 Vlan

# Vlan 100 (hope this vlan not exist)

# name Backbone_Vlan

# int vlan 100

# ip add 192.168.1.100 255.255.255.0 (free IP)

# int Gi 1/0/1

# switchport access vlan 100

# int Gi 1/0/37

# switchport access vlan 100

2. Put the below Routes on Router -

# ip route 192.168.13.0 255.255.255.0 192.168.1.100

# ip route 192.168.14.0 255.255.255.0 192.168.1.100

3. Put the below Routes on ASA

# route name_connecting_to_3750> 192.168.13.0 255.255.255.0 192.168.1.100

# route name_connecting_to_3750> 192.168.14.0 255.255.255.0 192.168.1.100

Thanks for your answer

Do I need to create subinterface for vlan 100 in router 1841 and ASA 5510 ?

There is also VPN configured on ASA to connect remote site, the configuration of vlan can impact this VPN

Nop, you NO need to make any changes on either Router or ASA except given routing change.

all you need to do, remove existing IP addresses from Gi1/01 and Gi1/0/37 on 3750 and assign it on L-3 Vlan and take both these interfaces under that Vlan, the Router and ASA will have same IP (existing) so that you will able to ping 192.168.1.100 (Vlan-100) IP from both Router and ASA.

Below is change on 3750 for interfaces and Vlan -

Existing config -

interface GigabitEthernet1/0/1

description to INTERNET_ROUTER_1841

ip address 192.168.1.3 255.255.255.0

no switchport

interface GigabitEthernet1/0/37

description to ASA_5510

ip address 192.168.1.5 255.255.255.0

no switchport

New config-

interface GigabitEthernet1/0/1

description to INTERNET_ROUTER_1841

no ip add

switchport

interface GigabitEthernet1/0/37

description to ASA_5510

no ip add

switchport

--------------------------

B - Create a new L-3 Vlan

# Vlan 100 (hope this vlan not exist)

# name Backbone_Vlan

# int vlan 100

# ip add 192.168.1.100 255.255.255.0 (free IP)

# int Gi 1/0/1

# switchport access vlan 100

# int Gi 1/0/37

# switchport access vlan 100

2. Put the below Routes on Router -

# ip route 192.168.13.0 255.255.255.0 192.168.1.100

# ip route 192.168.14.0 255.255.255.0 192.168.1.100

3. Put the below Routes on ASA

# route name_connecting_to_3750> 192.168.13.0 255.255.255.0 192.168.1.100

# route name_connecting_to_3750> 192.168.14.0 255.255.255.0 192.168.1.100

can you help with below output from router and ASA?

Router -

sh ip int brief

ASA -

sh ip add

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco