Solved: Re: intervlan routing in layer 3 switch

vishalpatil86 · ‎04-12-2011

hi,

can anyone tell me, how can I configure inter vlan routing in layer 3 switch(cisco 4506 E).

Also, I want to enable access list. I need help on this one also

andrew.prince · ‎04-12-2011

To enable inter VLAN routing - create and SVI for the VLANs you want to pass IP traffic between.

HTH>

View solution in original post

Wassim Aouadi · ‎04-12-2011

also, make sure that "ip routing" is enabled.

View solution in original post

IAN WHITMORE · ‎04-12-2011

Looks like you got some reading to do.

Here's a good start:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Regards,

Ian

View solution in original post

Latchum Naidu · ‎04-12-2011

Hi,

The inter VLAN routing, this will be done by your Catalyst 4506.

The main steps configuring VLANs and the inter VLAN routing are:

1.Define the VLANs
To create a VLAN named Desktop, run the following commands in privileged mode,

#conf t
#vlan 40
#name Desktop
#exit

2. Add the switch ports to previusly created VLANs
Exp: Fa0/2 to Desktop VLAN

#conf t
#int fa0/2
#switchport mode access
#switchport access vlan 40
#exit

3.Create a Layer 3 (SVI) interface for eatch VLAN

#conf t
#interface vlan 40
#ip address 192.168.0.1 255.255.255.0
#no shutdown
#exit

4. For Internet access, add a default route to the routing table

#conf t
#ip route 0.0.0.0 0.0.0.0 192.168.12.1

where 192.168.12.1 is the IP of your Inernet gateway.

Regarding access-list on 4506:

Say you want setup up below two external and one internal networks on a Catalyst 4506.

Internal Network: VLAN1 - 172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
VLAN3 - 10.138.58.161/28

Now you want prevent the two external networks from talking to the internal networks.

#access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
#access-list 101 permit 10.138.56.79 0.0.0.255 any
#access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
#access-list 102 permit 10.138.58.161 0.0.0.15 any

#interface VLAN2
#ip access-group 101 in

#interface VLAN3
#ip access-group 102 in

Please rate the all helpfull posts.
Regards,
Naidu.

View solution in original post

IAN WHITMORE · ‎04-20-2011

Did you read the link I posted above?

Did you do a #no shut on the SVI?

View solution in original post

ebenav11 · ‎04-20-2011

The physical interface have any platform or end device connected? because if the physical interface is not operating "protocol" the logical interface is not active.

View solution in original post

andrew.prince · ‎04-12-2011

To enable inter VLAN routing - create and SVI for the VLANs you want to pass IP traffic between.

HTH>

Wassim Aouadi · ‎04-12-2011

also, make sure that "ip routing" is enabled.

IAN WHITMORE · ‎04-12-2011

Looks like you got some reading to do.

Here's a good start:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Regards,

Ian

Latchum Naidu · ‎04-12-2011

Hi,

The inter VLAN routing, this will be done by your Catalyst 4506.

The main steps configuring VLANs and the inter VLAN routing are:

1.Define the VLANs
To create a VLAN named Desktop, run the following commands in privileged mode,

#conf t
#vlan 40
#name Desktop
#exit

2. Add the switch ports to previusly created VLANs
Exp: Fa0/2 to Desktop VLAN

#conf t
#int fa0/2
#switchport mode access
#switchport access vlan 40
#exit

3.Create a Layer 3 (SVI) interface for eatch VLAN

#conf t
#interface vlan 40
#ip address 192.168.0.1 255.255.255.0
#no shutdown
#exit

4. For Internet access, add a default route to the routing table

#conf t
#ip route 0.0.0.0 0.0.0.0 192.168.12.1

where 192.168.12.1 is the IP of your Inernet gateway.

Regarding access-list on 4506:

Say you want setup up below two external and one internal networks on a Catalyst 4506.

Internal Network: VLAN1 - 172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
VLAN3 - 10.138.58.161/28

Now you want prevent the two external networks from talking to the internal networks.

#access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
#access-list 101 permit 10.138.56.79 0.0.0.255 any
#access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
#access-list 102 permit 10.138.58.161 0.0.0.15 any

#interface VLAN2
#ip access-group 101 in

#interface VLAN3
#ip access-group 102 in

Please rate the all helpfull posts.
Regards,
Naidu.

vishalpatil86 · ‎04-20-2011

how to create new vlan in 4506 switch?

vishalpatil86 · ‎04-20-2011

i have created vlan, but status abd protocol are showing down

IAN WHITMORE · ‎04-20-2011

Did you read the link I posted above?

Did you do a #no shut on the SVI?

vishalpatil86 · ‎07-16-2011

hi,

i have configured dhcp also which assigns IP 10.5.5.50/24 range to clients connected thru any vlan praeviously.

Now, wat wud be the configuration if enable intervlan routing?

ebenav11 · ‎04-20-2011

The physical interface have any platform or end device connected? because if the physical interface is not operating "protocol" the logical interface is not active.

vishalpatil86 · ‎04-20-2011

its working

Latchum Naidu · ‎04-20-2011

Hi Vishal,

Glad that your issue is resolved.

Please click on the correct answer of all the helped posts which will encourage others.

Regards,

Naidu.