08-30-2012 10:35 AM - edited 03-07-2019 08:37 AM
We are trying to figure out how to configure this properly and so far we are stuck. We have a VMWare server with two different vmnics each on a different VLAN. We have each of these vmnics connected into their own switch port on a 3560G along with the appropriate VLAN membership for said ports. We have an additional port on this same switch in trunking mode connected to our firewall to a NIC that has an IP address in the respective VLAN networks. This port is also set for dot1q encapsulation. Each VLAN also has an IP set on the switch that is in the appropriate VLAN. We are having issues in this configuration getting the one VLAN to talk to another.
I know if we were in all Cisco mode then we would use ROAS to do this inter-vlan communication. Does anyone have any ideas on how to make this happen short of changing hardware?
Solved! Go to Solution.
08-30-2012 10:59 AM
yes the default gateway for the VMs.
there is a command on a layer 3 switch called ip routing that ones enabled it will allow your layer 3 switched Vlan Interfaces to talk to each other in routed mode.
here is an example below of a basic l3 switch setup.
ip routing
!
vlan 2
name vmnic-1
exit
vlan 3
name vmnic-2
exit
int vlan 2
ip address 192.168.25.1 255.255.255.0
exit
int vlan 3
ip address 192.168.26.1 255.255.255.0
exit
int g0/1
switchport access vlan 2
description vmnic-1
exit
int g0/2
switchport access vlan 3
description vmnic-2
exit
On the VMWARE side if you are dedicating one phy nic to each vlan then you do not need to do any vlan tagging it should assume the network since it is configured as untagged for that port
08-30-2012 10:40 AM
hi Chris,
is the default gateway the switch or the firewall?
Why not enable ip routing on the switch and do the inter-vlan routing on the switch?
What kind of firewall are you working with?
08-30-2012 10:52 AM
The default gateway for the VMs?
So setup an ip route for each external IP on the firewall and have it route out the same interface?
08-30-2012 10:59 AM
yes the default gateway for the VMs.
there is a command on a layer 3 switch called ip routing that ones enabled it will allow your layer 3 switched Vlan Interfaces to talk to each other in routed mode.
here is an example below of a basic l3 switch setup.
ip routing
!
vlan 2
name vmnic-1
exit
vlan 3
name vmnic-2
exit
int vlan 2
ip address 192.168.25.1 255.255.255.0
exit
int vlan 3
ip address 192.168.26.1 255.255.255.0
exit
int g0/1
switchport access vlan 2
description vmnic-1
exit
int g0/2
switchport access vlan 3
description vmnic-2
exit
On the VMWARE side if you are dedicating one phy nic to each vlan then you do not need to do any vlan tagging it should assume the network since it is configured as untagged for that port
08-30-2012 11:19 AM
The 3560 though is only a layer 2 switch though isn't it?
08-30-2012 11:41 AM
Hello Chris,
The 3560 is a layer 3 device, so you need to perform the routing between vlans on the switch, then point a default route to the firewall.
In order to enable the layer 3 funcionatlity add the following command:
-Ip routing
The devices on each vlan should point to the 3560 as their default gateway.
Remember to rate all the helpful posts, that is as important as a thanks.
Julio
08-30-2012 12:33 PM
And if I only wanted those VLANs to be able to talk to each other and not to the other VLANs on the switch?
08-30-2012 12:35 PM
Hello Chris,
You can configure Private vlans or the easy way configure an acl and apply it to each SVI.
Remember to rate all the helpful posts, that is as important as a thanks.
Regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide