cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7743
Views
15
Helpful
12
Replies

InterVLAN routing, 1 layer 3 switch + 2 vlans, how?

Joris Syen
Level 1
Level 1

Dear,

I am trying to learn about VLANs but I am struggling to get the VLANs interact with each other.

Simplified Situation:

1x Layer 3 Switch Cisco Catalyst 3560

2x PC ("Management" and "Operating")

All I want is the PCs to be connected to the Switch via Ethernet, with these VLAN definitions

Gi0/1 VLAN ID 11: Management

Gi0/2 VLAN ID 12: Operating

And then I want the switch to do the routing from VLAN 11 to 12 and vice versa, so all equipment can communicate with each other.

So what did I do:

1. #ip routing (enabling)

2. create VLANs

3. give an IP address and SNM to those VLANs (192.168.100.1 255.255.255.224 and 192.168.100.65 255.255.255.224)

4. Dedicate VLAN 11 with port 1 and VLAN 12 with port 2

5. assign IP addresses to the computers (192.168.100.5 255.255.255.224 and 192.168.100.70 255.255.255.224)

6. set the default gateway on the computers to the IP address of the coresponding VLAN.

I thought this would have been enough for it to work but I think I forgot something because when I do a ping I get

"reply from 192.168.100.1 destination host unreachable".

Do I still need to configure a routing? I most have missed something.

Can you please help me.

Kind Regards,

Joris

2 Accepted Solutions

Accepted Solutions

Hi,

1)sh ip int br | i vl   you must put the v of vl in capital like this  sh ip int br  | i Vl

2)

Switch#sh int G0/14 switchport

Name: Gi0/14

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: down

change this:

interface GigabitEthernet0/14

switchport access vlan 11

  To:

interface GigabitEthernet0/14

switchport mode access

switchport access vlan 11

plug another device in vlan 12 subnet on a port configured like this:

interface GigabitEthernetx/x

switchport mode access

switchport access vlan 12

ping from one device to the other and it should work.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

Hi,

did you try what I suggested in my previous post ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

12 Replies 12

John Blakley
VIP Alumni
VIP Alumni

Joris,

Here are a couple of things to try:

First and foremost, make sure firewalls are disabled on PCs.

2. Can you ping the gateway for the pc.

3. Can you ping the other gateway for the other pc.

If you can do 3, then you're routing correctly and it's possibly something else. So, here are the steps:

Enable routing (You already did this)

You create your L2 vlan: "vlan 11 "

Create your L3 svi: "int vlan 11"

Give it an address: 192.168.100.1 255.255.255.224

And you're done. If it doesn't work from here, post your routing table.

HTH,

John

HTH, John *** Please rate all useful posts ***

Thank you it seems I did not missed a step so..., here is the more specific information.

I have very limited experience so I hope this is what you asked for:

Switch#show vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4

                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8

                                                Gi0/9, Gi0/10, Gi0/11, Gi0/12

                                                Gi0/13, Gi0/15, Gi0/16, Gi0/17

                                                Gi0/18, Gi0/19, Gi0/20, Gi0/21

                                                Gi0/22, Gi0/23, Gi0/24

11   MES_HMI                          active    Gi0/14

12   CONTROL_TA                       active

13   CONTROL_TC                       active

Switch#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     192.168.100.0/27 is subnetted, 1 subnets

C       192.168.100.192 is directly connected, Vlan1

Switch#

I did do the "int vlan 11" ip address .... steps, but maybe they are not saved for some reason? Do I need to save them with a command? I do not know yet how I can view those IP addresses that I entered, should they be in this screen?

I am sorry if all this is disturbing it is not as simplified now anymore then above.

But since I seem not to have missed a step I will retry things.

Kind Regards,

Joris

Hi,

Post following outputs:

-sh run int Vl11

-sh run int Vl12

-sh ip int br | i Vl

-sh span vlan 11

-sh span vlan 12

-sh int trunk

-sh run int G0/14

-sh int G0/14 switchport

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hello and thank you,

These are the outputs.

Switch#sh run int Vl11

Building configuration...

Current configuration : 66 bytes

!

interface Vlan11

ip address 192.168.100.1 255.255.255.224

end

Switch#sh run int Vl12

Building configuration...

Current configuration : 67 bytes

!

interface Vlan12

ip address 192.168.100.65 255.255.255.224

end

Switch#sh ip int br | i vl

Switch#sh span vlan 11

Spanning tree instance(s) for vlan 11 does not exist.

Switch#sh span vlan 12

Spanning tree instance(s) for vlan 12 does not exist.

Switch#sh int trunk

Switch#sh run int G0/14

Building configuration...

Current configuration : 64 bytes

!

interface GigabitEthernet0/14

switchport access vlan 11

end

Switch#sh int G0/14 switchport

Name: Gi0/14

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: down

Administrative Trunking Encapsulation: negotiate

Negotiation of Trunking: On

Access Mode VLAN: 11 (MES_HMI)

Trunking Native Mode VLAN: 1 (default)

Administrative Native VLAN tagging: enabled

Voice VLAN: none

Administrative private-vlan host-association: none

Administrative private-vlan mapping: none

Administrative private-vlan trunk native VLAN: none

Administrative private-vlan trunk Native VLAN tagging: enabled

Administrative private-vlan trunk encapsulation: dot1q

Administrative private-vlan trunk normal VLANs: none

Administrative private-vlan trunk associations: none

Administrative private-vlan trunk mappings: none

Operational private-vlan: none

Trunking VLANs Enabled: ALL

Pruning VLANs Enabled: 2-1001

Capture Mode Disabled

Capture VLANs Allowed: ALL

Protected: false

Unknown unicast blocked: disabled

Unknown multicast blocked: disabled

Appliance trust: none

Switch#

This is my test:

Attach my test computer to port 14 with this configuration:

IP 192.168.100.5

SNM 255.255.255.224

DG: 192.168.100.1

Ping 192.168.100.1 = succes

Ping 192.168.100.65 = FAIL

C:\Documents and Settings\syen.j>ping 192.168.100.1

Pinging 192.168.100.1 with 32 bytes of data:

Reply from 192.168.100.1: bytes=32 time=3ms TTL=255

Reply from 192.168.100.1: bytes=32 time<1ms TTL=255

Reply from 192.168.100.1: bytes=32 time<1ms TTL=255

Reply from 192.168.100.1: bytes=32 time=7ms TTL=255

Ping statistics for 192.168.100.1:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 7ms, Average = 2ms

C:\Documents and Settings\syen.j>ping 192.168.100.65

Pinging 192.168.100.65 with 32 bytes of data:

Reply from 192.168.100.1: Destination host unreachable.

Reply from 192.168.100.1: Destination host unreachable.

Reply from 192.168.100.1: Destination host unreachable.

Reply from 192.168.100.1: Destination host unreachable.

Thank you again for helping me but I have not fixed it yet hopefully someone can help.

Kind Regards,

Joris

Hi,

1)sh ip int br | i vl   you must put the v of vl in capital like this  sh ip int br  | i Vl

2)

Switch#sh int G0/14 switchport

Name: Gi0/14

Switchport: Enabled

Administrative Mode: dynamic auto

Operational Mode: down

change this:

interface GigabitEthernet0/14

switchport access vlan 11

  To:

interface GigabitEthernet0/14

switchport mode access

switchport access vlan 11

plug another device in vlan 12 subnet on a port configured like this:

interface GigabitEthernetx/x

switchport mode access

switchport access vlan 12

ping from one device to the other and it should work.

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Hi,

did you try what I suggested in my previous post ?

Regards.

Alain.

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

Yes,

And succesfully. Thank you (both) very much!

It seems the problem was that no device was connected to the other VLAN?

Thank you very much.

I still have another question but that is out of this toppic, namely I cannot configure the ip address of VLAN 14 Management because the IP of the switch is now in default VLAN 1. So I get a conflict when trying to define the ip of VLAN 14. The switch ip address needs to be in VLAN 14. I have no idea how this is handled normally.

Kind Regards,

Joris

Hi,

I don't understand exactly what is your problem ? of course yoou can't configure an SVI IP address in the same subnet as another one.Please explain further.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

The problem is that I am accessing the switch now via this ip address:

Management Interface (VLAN ID): VLAN 1

IP Address: 192.168.0.217

SN: 255.255.255.224

DG: 192.168.0.193

I configured this via http

But it is required that the ip address of the switch is inside the VLAN 14 range (which I cant even create).

VLAN IDNameVLAN IPVLAN SNDevices Range
11MES192.168.0.0255.255.255.224192.168.0.1-192.168.0.31
12TA192.168.0.64255.255.255.224192.168.0.65-192.168.0.95
13TC192.168.0.128255.255.255.224192.168.0.129-192.168.100.159
14MGMNT192.168.0.192255.255.255.224192.168.0.193-192.168.100.189

I assume therefor I need to change the setting to

Management Interface (VLAN ID): VLAN 14

IP Address: 192.168.0.192

SN: 255.255.255.224

DG: ?? This was not required for the other VLAN SVI?

But I have no idea how to do this and if this the correct way.

Sorry for my complete ignorance.

Best Regards,

Joris

pjmonline
Level 1
Level 1

Console into the switch.

Config t

Int vlan1

No ipaddesss

Shut

Exit

Int vlan14

Ipaddesss a.b.c.d 255.255.255.224

This should shut down vlan 1 and remove ip address from it.

Then create vlan 14 and assign the ip address to svi for vlan 14

HTH

Sent from Cisco Technical Support iPhone App

Thank you for that answer,

EDIT console connection via hyperterminal = done.

I have no experience accessing it via the console port.

I assume doing this configuration is impossible using an ethernet port and telnet?

Do I need additional software and cables to access it via the console port?

Best Regards,

Joris

Good afternoon,

Everything above works fine now.

The only problem I still have is this:

There is a second switch, same type, that also needs to have the same VLANs and be accessible in VLAN 14.

How to do that? But I will search the internet for that also.

VLAN IDNameVLAN IPVLAN SNDevices Range
11MES192.168.0.1255.255.255.224192.168.0.1-192.168.0.31
12TA192.168.0.65255.255.255.224192.168.0.65-192.168.0.95
13TC192.168.0.129255.255.255.224192.168.0.129-192.168.100.159
14MGMNT192.168.0.193255.255.255.224192.168.0.193-192.168.100.189

Thanks for everything,

Joris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco