Solved: Hi emora6001, Do you think

Sukhjinder Singh · ‎07-17-2015

Dear Friends,

I have an very simple configuration to create some vlan basis on my office floor wise lan network. And for internet connectivity port fa0/2(ip = 20.30.40.101/8) of L3 switch is connected to Firewall port in actual but in diagram it is shown as router with port gi0/0 (ip = 20.30.40.100/8).

I enabled ip routing on L3 switch and default routing of all networks to 20.30.40.100. All vlans are pinging fine but unable to reach router with port gi0/0 (ip = 20.30.40.100/8) while able to ping 20.30.40.101.

Network Diagram attached herewith for reference and pasting layer 3 switch Configuration below:

Switch#sh run

Building configuration...

Current configuration : 1803 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname Switch

!

ip routing

!

spanning-tree mode pvst

!

interface FastEthernet0/1

no switchport

no ip address

duplex auto

speed auto

!

interface FastEthernet0/2

no switchport

ip address 20.30.40.101 255.0.0.0

duplex auto

speed auto

!

interface FastEthernet0/3

switchport access vlan 3

!

interface FastEthernet0/4

switchport access vlan 5

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

switchport access vlan 2

!

interface GigabitEthernet0/2

switchport access vlan 4

!

interface Vlan1

no ip address

shutdown

!

interface Vlan2

description GroundFlr-VLAN

ip address 192.168.2.1 255.255.255.0

!

interface Vlan3

description 1stFlr-VLAN

ip address 192.168.3.1 255.255.255.0

!

interface Vlan4

description AdminFlr-VLAN

ip address 192.168.4.1 255.255.255.0

!

interface Vlan5

description WiFi-VLAN

ip address 192.168.5.1 255.255.255.0

!

interface Vlan10

description route to FW

no ip address

!

ip classless

ip route 192.168.2.0 255.255.255.0 20.30.40.100

!

ip flow-export version 9

!

line con 0

!

line aux 0

!

line vty 0 4

login

!

end

Switch#sh vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

2 GroundFloor-VLAN active Gig0/1

3 1stFlr-VLAN active Fa0/3

4 AdminBlk-VLAN active Gig0/2

5 WiFi-VLAN active Fa0/4

10 VLAN0010 active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

Pls help on this. Thanks in advance.

Andre Neethling · ‎07-19-2015

If you use "ip route 0.0.0.0 0.0.0.0 20.30.40.100" this would be correct for a default route on your switch

The route statement "ip route 192.168.2.0 255.255.255.0 20.30.40.100" is not correct even for single VLAN because you are telling your switch that network 192.168.2.0 is reachable at the next hop of 20.30.40.100, which is not where that network is.

You do not need a default route on the router pointing to the switch. You need to tell the router how to get to the networks behind your switch, eg. ip route 192.168.2.0 255.255.255.0 20.30.40.101, or ip route 192.168.0.0 255.255.0.0 20.30.40.101 if you are going to have all 192.168.x.x networks behind your switch, and not anywhere else connected to your router.

This would be a requirement for any router, not just a cisco router. A router will only about networks it is directly connected to, unless you configure static or dynamic routing to tell it where the other networks are.

View solution in original post

emora6001 · ‎07-17-2015

Hi,

Can you please add the configuration of the router.

Sukhjinder Singh · ‎07-19-2015

Hi emora6001,

Do you think any configuration need to be done on router side too because i just want to ping router connected port with all VLAN, Actually in my real scenerio i'm using firewall instead of Router which simply NAT wan to lan traffic..

Anyways in this virtual lab i'm using Router so sending router configuration:

Building configuration...

Current configuration : 751 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX152456H1
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 20.30.40.100 255.0.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.30.40.1 255.255.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end

Moreover I have followed same instructions as per below mentioned Cisco fourm but I don't know why i'm unable to ping switch VLANS to Router port. Pls help.
Reference:--
http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html

Andre Neethling · ‎07-19-2015

Good day. What is the purpose of this command?

ip route 192.168.2.0 255.255.255.0 20.30.40.100

You have a vlan interface directly connected for that subnet, however, you have a static route pointing to the router for that subnet.

You also have no route on the router for all your vlans. How does the router know where to send the traffic for the vlans you are trying to ping from?

You need a route on your router for each of your 192 subnets with the next hop of your switch.

EG. ip route 192.168.2.0 255.255.255.0 20.30.40.101

Sukhjinder Singh · ‎07-19-2015

Hi Andre Neethling

Actually i put ip route 0.0.0.0 0.0.0.0 20.30.40.100 on layer 3 switch to enable default routing for all vlans towards Router port. Later i put ip route 192.168.2.0 255.255.255.0 20.30.40.100 to check my configuration for single VLAN only.

So as per your comments you mean that I have to put all vlans route or default routing for all vlans in Router too. Is it really must.

If this is true then i'll face an another issue later because i'll replace this router with non-cisco Firewall and i don't know is there any option for default routing or somthing else.

Anyways Thanks for your time.

Andre Neethling · ‎07-19-2015

If you use "ip route 0.0.0.0 0.0.0.0 20.30.40.100" this would be correct for a default route on your switch

The route statement "ip route 192.168.2.0 255.255.255.0 20.30.40.100" is not correct even for single VLAN because you are telling your switch that network 192.168.2.0 is reachable at the next hop of 20.30.40.100, which is not where that network is.

You do not need a default route on the router pointing to the switch. You need to tell the router how to get to the networks behind your switch, eg. ip route 192.168.2.0 255.255.255.0 20.30.40.101, or ip route 192.168.0.0 255.255.0.0 20.30.40.101 if you are going to have all 192.168.x.x networks behind your switch, and not anywhere else connected to your router.

This would be a requirement for any router, not just a cisco router. A router will only about networks it is directly connected to, unless you configure static or dynamic routing to tell it where the other networks are.

Inter VLAn Connectivity with firewall