07-17-2015 05:40 AM - edited 03-08-2019 01:00 AM
Dear Friends,
I have an very simple configuration to create some vlan basis on my office floor wise lan network. And for internet connectivity port fa0/2(ip = 20.30.40.101/8) of L3 switch is connected to Firewall port in actual but in diagram it is shown as router with port gi0/0 (ip = 20.30.40.100/8).
I enabled ip routing on L3 switch and default routing of all networks to 20.30.40.100. All vlans are pinging fine but unable to reach router with port gi0/0 (ip = 20.30.40.100/8) while able to ping 20.30.40.101.
Network Diagram attached herewith for reference and pasting layer 3 switch Configuration below:
Switch#sh run
Building configuration...
Current configuration : 1803 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Switch
!
!
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/1
no switchport
no ip address
duplex auto
speed auto
!
interface FastEthernet0/2
no switchport
ip address 20.30.40.101 255.0.0.0
duplex auto
speed auto
!
interface FastEthernet0/3
switchport access vlan 3
!
interface FastEthernet0/4
switchport access vlan 5
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
switchport access vlan 2
!
interface GigabitEthernet0/2
switchport access vlan 4
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
description GroundFlr-VLAN
ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
description 1stFlr-VLAN
ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
description AdminFlr-VLAN
ip address 192.168.4.1 255.255.255.0
!
interface Vlan5
description WiFi-VLAN
ip address 192.168.5.1 255.255.255.0
!
interface Vlan10
description route to FW
no ip address
!
ip classless
ip route 192.168.2.0 255.255.255.0 20.30.40.100
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Switch#sh vlan br
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
2 GroundFloor-VLAN active Gig0/1
3 1stFlr-VLAN active Fa0/3
4 AdminBlk-VLAN active Gig0/2
5 WiFi-VLAN active Fa0/4
10 VLAN0010 active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Pls help on this. Thanks in advance.
Solved! Go to Solution.
07-19-2015 11:35 PM
If you use "ip route 0.0.0.0 0.0.0.0 20.30.40.100" this would be correct for a default route on your switch
The route statement "ip route 192.168.2.0 255.255.255.0 20.30.40.100" is not correct even for single VLAN because you are telling your switch that network 192.168.2.0 is reachable at the next hop of 20.30.40.100, which is not where that network is.
You do not need a default route on the router pointing to the switch. You need to tell the router how to get to the networks behind your switch, eg. ip route 192.168.2.0 255.255.255.0 20.30.40.101, or ip route 192.168.0.0 255.255.0.0 20.30.40.101 if you are going to have all 192.168.x.x networks behind your switch, and not anywhere else connected to your router.
This would be a requirement for any router, not just a cisco router. A router will only about networks it is directly connected to, unless you configure static or dynamic routing to tell it where the other networks are.
07-17-2015 08:40 AM
Hi,
Can you please add the configuration of the router.
07-19-2015 09:22 PM
Hi emora6001,
Do you think any configuration need to be done on router side too because i just want to ping router connected port with all VLAN, Actually in my real scenerio i'm using firewall instead of Router which simply NAT wan to lan traffic..
Anyways in this virtual lab i'm using Router so sending router configuration:
Building configuration...
Current configuration : 751 bytes
!
version 15.1
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname Router
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
!
license udi pid CISCO2911/K9 sn FTX152456H1
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface GigabitEthernet0/0
ip address 20.30.40.100 255.0.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.30.40.1 255.255.0.0
duplex auto
speed auto
!
interface GigabitEthernet0/2
no ip address
duplex auto
speed auto
shutdown
!
interface Vlan1
no ip address
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
login
!
!
!
end
Moreover I have followed same instructions as per below mentioned Cisco fourm but I don't know why i'm unable to ping switch VLANS to Router port. Pls help.
Reference:--
http://www.cisco.com/c/en/us/support/docs/lan-switching/inter-vlan-routing/41860-howto-L3-intervlanrouting.html
07-19-2015 10:52 PM
Good day. What is the purpose of this command?
ip route 192.168.2.0 255.255.255.0 20.30.40.100
You have a vlan interface directly connected for that subnet, however, you have a static route pointing to the router for that subnet.
You also have no route on the router for all your vlans. How does the router know where to send the traffic for the vlans you are trying to ping from?
You need a route on your router for each of your 192 subnets with the next hop of your switch.
EG. ip route 192.168.2.0 255.255.255.0 20.30.40.101
07-19-2015 11:25 PM
Actually i put ip route 0.0.0.0 0.0.0.0 20.30.40.100 on layer 3 switch to enable default routing for all vlans towards Router port. Later i put ip route 192.168.2.0 255.255.255.0 20.30.40.100 to check my configuration for single VLAN only.
So as per your comments you mean that I have to put all vlans route or default routing for all vlans in Router too. Is it really must.
If this is true then i'll face an another issue later because i'll replace this router with non-cisco Firewall and i don't know is there any option for default routing or somthing else.
Anyways Thanks for your time.
07-19-2015 11:35 PM
If you use "ip route 0.0.0.0 0.0.0.0 20.30.40.100" this would be correct for a default route on your switch
The route statement "ip route 192.168.2.0 255.255.255.0 20.30.40.100" is not correct even for single VLAN because you are telling your switch that network 192.168.2.0 is reachable at the next hop of 20.30.40.100, which is not where that network is.
You do not need a default route on the router pointing to the switch. You need to tell the router how to get to the networks behind your switch, eg. ip route 192.168.2.0 255.255.255.0 20.30.40.101, or ip route 192.168.0.0 255.255.0.0 20.30.40.101 if you are going to have all 192.168.x.x networks behind your switch, and not anywhere else connected to your router.
This would be a requirement for any router, not just a cisco router. A router will only about networks it is directly connected to, unless you configure static or dynamic routing to tell it where the other networks are.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide