Re: intervlan vlan 1 gateway

humberjet · ‎07-08-2012

Hi,

question, i have setup 3 vlans on my network..

servers are configured on vlan 1...

routers are also configured on vlan 1..

problem is i cant ping vlan 1 using vlan 2 or 3 source.. but I can ping directly on vlan 1..

any idea..

Reza Sharifi · ‎07-08-2012

Hi,

Can you post your config?

Also, what type of routers and switches are you using?

Vlan 1 may need a default route.

humberjet · ‎07-08-2012

no aaa new-model

switch 1 provision ws-c3750g-24ts

system mtu routing 1500

ip subnet-zero

ip routing

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

switchport access vlan 5

spanning-tree portfast

!

interface GigabitEthernet1/0/14

switchport access vlan 3

spanning-tree portfast

!

interface GigabitEthernet1/0/15

spanning-tree portfast

!

interface Vlan1

ip address 10.0.0.2 255.255.0.0

!

interface Vlan3

ip address 10.3.0.1 255.255.0.0

!

interface Vlan4

ip address 10.4.0.1 255.255.0.0

!

interface Vlan5

ip address 10.5.0.1 255.255.0.0

ip helper-address 10.0.0.4

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.0.254.137

ip http server

ip http secure-server

!

control-plane

!

line con 0

line vty 5 15

!

end

where can i put the default route on VLAN 1

Sandeep Choudhary · ‎07-09-2012

can you show your layout please here ??

cadet alain · ‎07-09-2012

Hi,

you need to plug a device into your vlan access ports otherwise your vlan interface may not be UP/UP and so your pings with the source vlans won't work.

Can you post sh ip int br | i Vlan

Regards.

Alain.

Don't forget to rate helpful posts.

Ganesh Hariharan · ‎07-09-2012

Mark June Almosara wrote:

no aaa new-model

switch 1 provision ws-c3750g-24ts

system mtu routing 1500

ip subnet-zero

ip routing

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet1/0/1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport nonegotiate

!

interface GigabitEthernet1/0/2

!

interface GigabitEthernet1/0/3

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/4

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

!

interface GigabitEthernet1/0/13

switchport access vlan 5

spanning-tree portfast

!

interface GigabitEthernet1/0/14

switchport access vlan 3

spanning-tree portfast

!

interface GigabitEthernet1/0/15

spanning-tree portfast

!

interface Vlan1

ip address 10.0.0.2 255.255.0.0

!

interface Vlan3

ip address 10.3.0.1 255.255.0.0

!

interface Vlan4

ip address 10.4.0.1 255.255.0.0

!

interface Vlan5

ip address 10.5.0.1 255.255.0.0

ip helper-address 10.0.0.4

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.0.254.137

ip http server

ip http secure-server

!

control-plane

!

line con 0

line vty 5 15

!

end

where can i put the default route on VLAN 1

Hello ,

The default route will be pointing towards the external world , if your segment wants to talk to other subnet extrnl to segment...

Ganeshh Iyer

Hari Haran S M · ‎07-09-2012

Hi Mark,

As said by Cadet, you have to make sure that all the SVI interfaces are UP. If you are not able ping even though they are up, you have to check the default gateway configured on the machine that you are trying to reach. A default route is not required here as all the three vlan's are in the same device and hence, they should be in directly connected state.

Regards,

Hari

humberjet · ‎07-09-2012

yup all my SVI's are up

l

Vlan1 10.0.0.2 YES manual up up

Vlan3 10.3.0.1 YES manual up up

Vlan4 10.4.0.1 YES manual up up

Vlan5 10.5.0.1 YES manual up up

if im on vlan 1 i can ping all SVIs.. but if Im on Vlan 3-5.. i cant ping all members on vlan1..

manish arora · ‎07-09-2012

Hi Mark.

You said "i cant ping all members on vlan1" , I would check couple things :-

1> Local Firewall like Windows Firewall or linux IPtables on those devices filtering ICMP.

2> Check port assignment for those for correct VLAN & switchport Mode.

Thanks

Manish

humberjet · ‎07-09-2012

anyway i can ping all host on VLAN 1 I set their default gateway to 10.0.0.2...

my problem now is my router connected to VLAN 1.. cant ping the router thru vlan 3-5..

U think i need to add routing table to my router or on my Firewall.. any suggestion?

here is my diagram..

Cisco Router

|

SSG 20 (firewall)

|

Catalyst 3750 (L3)

manish arora · ‎07-09-2012

Depends upon the way you have configured your firewall. If the firewall is configured in routed mode than yes you will need default from your L3 switch to firewall , than from firewall to router. similarly you will need routes at the router & firewall to have routes for your internal network.

for example :-

router ----------------------------------------------------------- Firewall ------------------------------------------------------------------MLS ----|

192.168.10.1/30 192.168.10.2/30 192.168.20.1/30 192.168.20.2/30 |

|

10.10.10.0/24

10.10.20.0/24

MLS : default route 0.0.0.0 0.0.0.0 192.168.20.1

Firewall : Default route 0.0.0.0 0.0.0.0 192.168.10.1

static routes 10.10.10.0/24 points to 192.168.20.2

static routes 10.10.20.0/24 points to 192.168.20.2

Router : default 0.0.0.0 0.0.0.0 ISP-Next-Hop

static routes 10.10.10.0/24 points to 192.168.10.2

static routes 10.10.20.0/24 points to 192.168.10.2

If your firewall is not routed than you you can skip the routes parts on the firewall and adjust next hops as needed.

Manish