cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2559
Views
0
Helpful
4
Replies

Inter-VLAN Routing Issue - Cisco and L3 3Com Switches

dhyland
Level 1
Level 1

Perhaps I need to sleep on this but I'm hoping someone can provide some insight so I can rest easier on this issue...

Have a pretty basic setup with VLAN 1 set up with 192.168.1.0/24 and VLAN 10 set up with 10.1.1.0/24.  On a host on the 192 network I can hit the gateway of the 10 network (10.1.1.253) and vice versa without any issue.  The problem I have is that if I am on a host on the 192 network, I cannot hit a host on the 10 network and vice versa.  On the router itself I can ping any host on the 10 network and source it with VLAN 1 and it hits it just fine.

I can't tell much from the 3Com as its ping functionality is basic.  The 3Com switches can hit any 10 or 192 host but I can't source traffic to tell what's going on there...

1 Accepted Solution

Accepted Solutions

Hi Derek,

I wonder if the set ip next-hop in your route-maps for PBR is the adequate solution if you want to achive routing between the VLANs.

With that option, every packet with an source IP belonging to the particular VLAN is routed to an ISP, regardless of the local routing table. So a packet from the Data-VLAN is routed to ISP1 and ISP1 has to route it back to reach the Voice-VLAN.

I think a set ip default next-hop clause would be more appropriate, or you may want to change the ACLs to not policy-route to local destinations.

Hope that helps

Rolf

View solution in original post

4 Replies 4

InayathUlla Sharieff
Cisco Employee
Cisco Employee

Hi Derek,

Sorry I dont have any idea how your connectivity is.

BTW I will just give the update , I hope you might have already checked this.

For Example:

1- With only one switch with 2 difference networks of Vlan.

   SWITCH

|                                         |

vlan 10                              Vlan 20

(192.168.0.1)                   (10.0.0.1)

    |                                         |

   PC                                     PC

IP:192.168.0.10               IP:10.0.0.2

DF: 192.168.0.1              DF: 10.0.0.1

Switch:

=======

ip routing

interface FastEthernet0/1

switchport access vlan 10

!

interface FastEthernet0/2

switchport access vlan 20

interface Vlan10

ip address 192.168.0.1 255.255.255.0

!

interface Vlan20

ip address 10.0.0.1 255.255.255.0

Testing pinging PC between eachother:

============================

PC>ping 10.0.0.1   >>>>>>>>>>>>>>>>>>> OK

Pinging 10.0.0.1 with 32 bytes of data:

Reply from 10.0.0.1: bytes=32 time=14ms TTL=255

PC>ping 192.168.0.1

>>>>>>>>>>>>>>>>>>> OK

Pinging 192.168.0.1 with 32 bytes of data:

Reply from 192.168.0.1: bytes=32 time=5ms TTL=255

2-Scenario:

==========

Switch-------------------3COM

Make sure the trunk is configured.

Make sure the PC are been configured with the DF of there respective vlan.

Make sur ethe trunk and acess ports are not blocked by STP.

HTH

Regards

Inayath

*Plz rate if this info is helpfull.


The basic configuration on our router is as follows:

int gig 0/0/0 (trunk to switch1)

   switchport mode trunk

   switchport voice vlan 10

   no ip address

int Vlan1

   desc DATA VLAN

   ip addr 192.168.1.253 255.255.255.0

   ip access-group VLAN1ACCESS in

   ip nat inside

  ip virtual-reassembly in

  ip policy route-map DATA

int Vlan10

   desc VOICE VLAN

   ip addr 10.1.1.253 255.255.255.0

   ip access-group VLAN10ACCESS in

   ip nat inside

   ip virtual-reassembly in

   ip policy route-map VOICE

ip access-list extended VLAN10ACCESS

   permit ip 10.1.1.0 0.0.0.255 any

   permit ip 192.168.1.0 0.0.0.255 any

ip access-list extended VLAN1ACCESS

   permit ip 192.168.1.0 0.0.0.255 any

   permit ip 10.1.1.0 0.0.0.255 any

route-map DATA permit 10

   match ip address 101

   set ip next-hop ISP1.IP.ADDRESS

route-map VOICE permit 10

   match ip address 110

   set ip next-hop ISP2.IP.ADDRESS

access-list 101 remark DATA

access-list 101 permit ip 192.168.1.0 0.0.0.255 any

access-list 110 remark VOICE

access-list 110 permit ip 10.1.1.0 0.0.0.255 any

On the 3Com switches the basic configuration is that there is a VLAN interface configured on each switch with each VLAN and a trunk from the router to switch1 and a trunk from switch1 to switch2.  All other ports are configured as access ports for whatever VLAN the various hosts needs to be on.

The hosts are configured with the applicable default gateway of their VLAN (192.168.1.253 and 10.1.1.253 respectively).  Any host can ping the other VLANs default gateway (i.e. 192.168.1.100 can ping 10.1.1.253) but cannot ping a host in the other VLAN (i.e. 192.168.1.100 cannot ping 10.1.1.40).

Hi Derek,

I wonder if the set ip next-hop in your route-maps for PBR is the adequate solution if you want to achive routing between the VLANs.

With that option, every packet with an source IP belonging to the particular VLAN is routed to an ISP, regardless of the local routing table. So a packet from the Data-VLAN is routed to ISP1 and ISP1 has to route it back to reach the Voice-VLAN.

I think a set ip default next-hop clause would be more appropriate, or you may want to change the ACLs to not policy-route to local destinations.

Hope that helps

Rolf

Thank you, Rolf! That did the trick! 

I appreciate your input and assistance on this Saturday.  Best regards to you, kind sir.

Review Cisco Networking for a $25 gift card