Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
901
Views
0
Helpful
5
Replies

Help with Routing a VLAN - 3750, 3850 & 2911 Router

metuckness
Level 1
Level 1

‎05-07-2018 01:23 PM - edited ‎03-08-2019 02:56 PM

Hi Everyone,

 

I could use some help with routing traffic over a new VLAN I added to my network. A quick rundown of the network.

 

I have a VLAN 113 that is my primary VLAN. I also have a 116 for admin. I don't want the 116 to have access to the 168 VLAN, so it is not mentioned much. I added another VLAN to the switches as  VLAN168.

 

I have a 3850 Switch running 10GBT Fiber. That switch has a teamed LACP pair (Port-Channel) running to a 3750 that has the additional 10GB Fiber addons.

 

That port-channel group has this configuration:

 

3750 Group:

interface Port-channel3
 description LACP to 3850 Fiber
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 113,116,168
 switchport mode trunk
 switchport nonegotiate

 

3850 Group:

interface Port-channel3
 description 20GB LACP to 3750 Stack
 switchport trunk allowed vlan 113,116,168
 switchport mode trunk
 switchport nonegotiate

 

The VLAN's have been enabled and assigned to ports.

 

The VLAN Configurations are:

3750:

interface Vlan168
 ip address 168.192.1.253 255.255.255.0
 

3850:

interface Vlan168
 ip address 168.192.1.252 255.255.255.0
 

I have no additional route statements on the 3750. From the switches, currently, I can ping the 168.192.1.1 address on the router,and I can ping a PC connected to a port assigned to the 168 VLAN with an IP of 168.192.1.2. 

 

I can ping 168.192.1.1 from PC's on the 113 VLAN, but I cannot ping anything beyond that, so I cannot ping 168.192.1.2 from the 113 or 116 VLAN's.

 

The 2911 Router has a couple of routes I tried, but so far not much luck:

 

ip route 168.192.1.0 255.255.255.0 168.192.1.253

ip route 192.168.113.0 255.255.255.0 168.192.1.252

ip route 192.168.113.0 255.255.255.0 168.192.1.253

 

This is the 2911's Interface where the VLAN comes into it:

 

interface GigabitEthernet0/1.168
 encapsulation dot1Q 168
 ip address 168.192.1.1 255.255.255.0

 

Any suggestions on what I am missing to get PC's on the 113 VLAN to ping and access beyond the IP assigned to the 2911 Routers interface?

 

Thanks!

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎05-07-2018 02:42 PM

Hello,

 

is your 2911 doing the routing for the other VLANs as well ? Post the full config of your 2911...

0 Helpful

metuckness
Level 1
Level 1
In response to Georg Pauwen

‎05-07-2018 02:50 PM

@Georg Pauwen wrote:

Hello,

 

is your 2911 doing the routing for the other VLANs as well ? Post the full config of your 2911...

Yes it is.

 



Current configuration : 5409 bytes
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
!
no aaa new-model
!
no ipv6 cef
ip source-route
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!

  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 32363837 33343531 3930301E 170D3132 30333038 32313033
  2A864886 F70D0101 05050003 81810039 F87D9F4E AACA1C33 C5B648D7 187C6557
  31A927BF 5F1913BA 2B72F90F 76C84BFD A1B65543 51E25F19 02F9BC88 FBA09107
  8D05BDCA 4E90A235 0E4DF373 F03233A4 83F62D6E DE787BA7 50576620 D3A91B0C
  A996B043 EC4CD37D 43B36500 3CCEA1A3 FA85B7CA 903D9E40 8EE2FEBB 462F1132
  69C59F35 B567B6CF DDEE86B7 635EDD
        quit
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
 no ip address
 shutdown
!
interface GigabitEthernet0/0
 ip address 10.0.0.102 255.255.255.252
 ip helper-address 192.168.116.240
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 no ip address
 duplex auto
 speed auto
!
interface GigabitEthernet0/1.113
 encapsulation dot1Q 113
 ip address 192.168.113.6 255.255.255.0
 ip helper-address 192.168.100.1
!
interface GigabitEthernet0/1.116
 encapsulation dot1Q 116
 ip address 192.168.116.1 255.255.255.0
 ip helper-address 192.168.100.1
!
interface GigabitEthernet0/1.168
 encapsulation dot1Q 168
 ip address 168.192.1.1 255.255.255.0
 ip helper-address 168.192.1.2
!
interface GigabitEthernet0/2
 ip address 10.0.0.42 255.255.255.252
 ip helper-address 192.168.100.1
 duplex auto
 speed auto
!
interface GigabitEthernet0/0/0
 no ip address
 shutdown
 duplex auto
 speed auto
!
!
!
ip forward-protocol nd
!
!
ip route 0.0.0.0 0.0.0.0 192.168.116.251
ip route 10.4.0.0 255.255.240.0 192.168.113.227
ip route 10.231.2.0 255.255.255.0 192.168.116.3
ip route 10.231.5.0 255.255.255.0 192.168.116.3
ip route 168.192.1.0 255.255.255.0 168.192.1.253
ip route 172.22.0.0 255.255.0.0 192.168.113.245
ip route 172.23.140.0 255.255.255.0 192.168.113.245
ip route 192.168.2.0 255.255.255.0 192.168.113.1
ip route 192.168.3.0 255.255.255.0 192.168.113.1
ip route 192.168.6.0 255.255.255.0 192.168.113.1
ip route 192.168.100.0 255.255.255.0 10.0.0.41
ip route 192.168.101.0 255.255.255.0 10.0.0.41
ip route 192.168.105.0 255.255.255.0 10.0.0.41
ip route 192.168.107.0 255.255.255.0 10.0.0.41
ip route 192.168.108.0 255.255.255.0 10.0.0.41
ip route 192.168.109.0 255.255.255.0 10.0.0.41
ip route 192.168.113.0 255.255.255.0 192.168.100.251
ip route 192.168.113.0 255.255.255.0 168.192.1.252
ip route 192.168.113.0 255.255.255.0 168.192.1.253
ip route 192.168.114.0 255.255.255.0 10.0.0.41
ip route 192.168.118.0 255.255.255.0 10.0.0.41
ip route 192.168.151.0 255.255.255.0 10.0.0.101
ip route 192.168.159.0 255.255.255.0 10.0.0.41
ip route 192.168.200.0 255.255.255.0 10.0.0.41
!
!
!
!
control-plane
!
!
!

!
scheduler allocate 20000 1000
end

0 Helpful

Georg Pauwen
VIP
VIP
In response to metuckness

‎05-08-2018 12:15 AM

Hello,

 

what is the default gateway of your clients in VLAN 168 ?

 

The addressing looks odd, unless it is on purpose:

 

interface GigabitEthernet0/1.168
encapsulation dot1Q 168
ip address 168.192.1.1 255.255.255.0
ip helper-address 168.192.1.2

 

Are you sure it doesn't have to be 192.168.1.1 and 192.168.1.2 ?

0 Helpful

metuckness
Level 1
Level 1
In response to Georg Pauwen

‎05-08-2018 05:17 AM - edited ‎05-08-2018 05:18 AM

@Georg Pauwen wrote:

Hello,

 

what is the default gateway of your clients in VLAN 168 ?

 

The addressing looks odd, unless it is on purpose:

 

interface GigabitEthernet0/1.168
encapsulation dot1Q 168
ip address 168.192.1.1 255.255.255.0
ip helper-address 168.192.1.2

 

Are you sure it doesn't have to be 192.168.1.1 and 192.168.1.2 ?

The schema is on purpose.

 

Devices on the 168.192.1.0/24 would use 168.192.1.1 as their gateway. The router would send everything not explicitly routed somewhere else to that, which is a Firewall connected to fiber and the internet.

 

ip route 0.0.0.0 0.0.0.0 192.168.116.251

0 Helpful

metuckness
Level 1
Level 1
In response to Georg Pauwen

‎05-08-2018 01:52 PM

I changed the Subnet from 128.192 to 10.10.10.0/24 to avoid any publically addressable IP Subnets.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card