cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
7181
Views
10
Helpful
11
Replies

intervlan routing in layer 3 switch

vishalpatil86
Level 1
Level 1

hi,

can anyone tell me, how can I configure inter vlan routing in layer 3 switch(cisco 4506 E).

Also, I want to enable access list. I need help on this one also

6 Accepted Solutions

Accepted Solutions

andrew.prince
Level 10
Level 10

To enable inter VLAN routing - create and SVI for the VLANs you want to pass IP traffic between.

HTH>

View solution in original post

also, make sure that "ip routing" is enabled.

View solution in original post

Hi,

The inter VLAN routing, this will be done by your Catalyst 4506.

The main steps configuring VLANs and the inter VLAN routing are:

1.Define the VLANs
To create a VLAN named Desktop, run the following commands in privileged mode,

#conf t
#vlan 40
#name Desktop
#exit

2. Add the switch ports to previusly created VLANs
Exp: Fa0/2 to Desktop VLAN

#conf t
#int fa0/2
#switchport mode access
#switchport access vlan 40
#exit

3.Create a Layer 3 (SVI) interface for eatch VLAN

#conf t
#interface vlan 40
#ip address 192.168.0.1 255.255.255.0
#no shutdown
#exit

4. For Internet access, add a default route to the routing table

#conf t
#ip route 0.0.0.0 0.0.0.0 192.168.12.1

where 192.168.12.1 is the IP of your Inernet gateway.


Regarding access-list on 4506:

Say you want setup up below two external and one internal networks on a Catalyst 4506. 
 
Internal Network:  VLAN1 -  172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
                 VLAN3 - 10.138.58.161/28


Now you want prevent the two external networks from talking to the internal networks.

#access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
#access-list 101 permit 10.138.56.79 0.0.0.255 any
#access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
#access-list 102 permit 10.138.58.161 0.0.0.15 any

#interface VLAN2
#ip access-group 101 in

#interface VLAN3
#ip access-group 102 in


Please rate the all helpfull posts.
Regards,
Naidu.

View solution in original post

Did you read the link I posted above?

Did you do a #no shut    on the SVI?

View solution in original post

ebenav11
Level 1
Level 1

The physical interface have any platform or end device connectedbecause if the physical interface is not operating "protocol" the logical interface is not active.

View solution in original post

11 Replies 11

andrew.prince
Level 10
Level 10

To enable inter VLAN routing - create and SVI for the VLANs you want to pass IP traffic between.

HTH>

also, make sure that "ip routing" is enabled.

Looks like you got some reading to do.

Here's a good start:

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008019e74e.shtml

Regards,

Ian

Hi,

The inter VLAN routing, this will be done by your Catalyst 4506.

The main steps configuring VLANs and the inter VLAN routing are:

1.Define the VLANs
To create a VLAN named Desktop, run the following commands in privileged mode,

#conf t
#vlan 40
#name Desktop
#exit

2. Add the switch ports to previusly created VLANs
Exp: Fa0/2 to Desktop VLAN

#conf t
#int fa0/2
#switchport mode access
#switchport access vlan 40
#exit

3.Create a Layer 3 (SVI) interface for eatch VLAN

#conf t
#interface vlan 40
#ip address 192.168.0.1 255.255.255.0
#no shutdown
#exit

4. For Internet access, add a default route to the routing table

#conf t
#ip route 0.0.0.0 0.0.0.0 192.168.12.1

where 192.168.12.1 is the IP of your Inernet gateway.


Regarding access-list on 4506:

Say you want setup up below two external and one internal networks on a Catalyst 4506. 
 
Internal Network:  VLAN1 -  172.16.0.0/16
External Network: VLAN2 - 10.138.56.79/24
                 VLAN3 - 10.138.58.161/28


Now you want prevent the two external networks from talking to the internal networks.

#access-list 101 deny 10.138.56.79 0.0.0.255 172.16.0.0 0.0.255.255
#access-list 101 permit 10.138.56.79 0.0.0.255 any
#access-list 102 deny 10.138.58.161 0.0.0.15 172.16.0.0 0.0.255.255
#access-list 102 permit 10.138.58.161 0.0.0.15 any

#interface VLAN2
#ip access-group 101 in

#interface VLAN3
#ip access-group 102 in


Please rate the all helpfull posts.
Regards,
Naidu.

how to create new vlan in 4506 switch?

i have created vlan, but status abd protocol are showing down

Did you read the link I posted above?

Did you do a #no shut    on the SVI?

hi,

i have configured dhcp also which assigns IP 10.5.5.50/24 range to clients connected thru any vlan praeviously.

Now, wat wud be the configuration if enable intervlan routing?

ebenav11
Level 1
Level 1

The physical interface have any platform or end device connectedbecause if the physical interface is not operating "protocol" the logical interface is not active.

its working

Hi Vishal,

Glad that your issue is resolved.

Please click on the correct answer of all the helped posts which will encourage others.

Regards,

Naidu.

Review Cisco Networking for a $25 gift card