cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
3866
Views
25
Helpful
10
Replies

Inter Vlan Routing - Default Route

johnnyparada
Level 1
Level 1

Hello All,

 

I am trying to setup an office building with 13 Vlans with ACLs to help keep traffic segregated. For now I have created all the VLANs and assigned them IP addresses. My issue is that I cannot get out to the internet as a member of one of created VLANS (the default VLAN, VLAN 1, does not have this trouble). Additionally, I cannot ping a client of VLAN 1 from another VLAN. I'm pretty sure this has something to do with my default route back to the router. Can some one help me with that? Attached is a copy of the running config.

 

I have an EdgeRouter Lite router and a Cisco SG500-52P switch.

 

The IP of the router, eth1 (connected to the switch) has an IP of 192.168.1.2

The IP of the switch VLAN 1 is 192.168.1.254.

 

Thank you in advance for any help with this,

 

John

10 Replies 10

educruz
Cisco Employee
Cisco Employee

Good day,

Just to confirm - can you enable IP routing in the device?

Router (config)# ip routing

Hope this helps.

Eduardo.

Hi Eduardo,

 

Yes, I have entered the ip routing command. And while this switch does not show the IP Routing line in the run config, at the top it does says "system mode router queues-mode 4". Additionally, I have the put the switch in layer 3 mode and I can ping the other vlans from any of the vlans I am in.

 

 

Harold Ritter
Cisco Employee
Cisco Employee

Hi Johnny,

 

A couple of things.

 

1. as Eduardo stated, make sure "ip routing" is configured.

2. configure "ip route 0.0.0.0 0.0.0.0 192.168.1.2"

3. make sure the router (192.168.1.2) knows how to forward the traffic back to the different VLANs. You could configure static routes on the router back to the VLANs (192.168.101.0/24, 192,168.102.0/24, etc) or configure a routing protocol between CoreSwitch and the router.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Hi Harold,

 

I have ran the ip routing command, but that didn't help. I think it has something to do with the default route back to the router. I'm just not sure the correct IP to put in the command. Please take a look at the run config and let me know if you think that I have the ip default gateway and the ip route incorrectly, please.

 

I will try to do ip route 0.0.0.0 0.0.0.0 192.168.1.2

 

On your number 3 suggestion, do i have to enter the IPs of each interface on the router? If i do that is that just a "router on a stick" or no?

 

Thanks,

 

John

Hi Johnny,

 

The "ip routing" command is just to enable routing on the device. You still need to configure proper routing for things to work. "ip route 0.0.0.0 0.0.0.0 192.168.1.2" will make sure outbounf traffc from the VLANs make it to the router. For inbound traffic to make it back to the VLANs, you will need static routes on the router that will look like something like this:

 

ip route 192.168.101.0 255.255.255.0 192.168.1.254

ip route 192.168.102.0 255.255.255.0 192.168.1.254

ip route 192.168.103.0 255.255.255.0 192.168.1.254

and so on

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold,

 

Do I have to assign an IP to the switch port that is connected to the router (in my case port 48)?

Hi Johnny,

 

VLAN1 is already connecting the L3 switch and the router from a L3 perspective, so no need to assign an IP address to port 48, which is trunking that VLAN.

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

Harold,

 

I tried running the "ip route 0.0.0.0 0.0.0.0 192.168.1.2" command, but my other vlans (other than the default) cannot reach the router. By that I mean, I can ping any other vlan from any other of the vlans (i can ping the interfaces and clients that are members of that particular vlan), however I am unable to ping the router @ 192.168.1.2 from any other vlan that is not vlan 1. I tried a tracert from vlan 7 to the router but i only get passed the first hop (192.168.207.254 - vlan 7 gateway) then I lose the packets.

 

I noticed that in the run-config that I have both a default-gateway and an ip route. I tried removing the default-gateway but I lost the internet from vlan 1.

 

 

Any thoughts?  

 

 

John

Hi Johnny,

 

The issue seems to be that the router does not know how to reach the other vlans. Have you configured the static routes previously mentioned, so that the router knows how to reach the various VLANs?

 

Regards,

Harold Ritter
Sr Technical Leader
CCIE 4168 (R&S, SP)
harold@cisco.com
México móvil: +52 1 55 8312 4915
Cisco México
Paseo de la Reforma 222
Piso 19
Cuauhtémoc, Juárez
Ciudad de México, 06600
México

I applied the IP addresses of the vlans to the port on the router (for simplification here I was working only with vlan 7 - .207.1 to eth 1) and created a route to the ip of the vlan .207.0 next hop eth 1. I added a copy of the router config on my previous post. 

 

Here is the thing, and correct me if i am wrong, when I did a tracert from a pc that is a member of vlan 7, the only reply i get is the first line (1st hop) which was the vlan interface ip .207.254. I didn't get a reply  from the gateway of the switch - which to me says that I am not even leaving the switch to get to the router.?

 

I thought it was more of a route on the switch to the router, or the default-gateway (which is supposed to be disabled when you enter the 'ip routing' command). 

 

The router is a edgeRouter Lite btw. 

 

Thanks for all your time,

 

John

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: