The message is self-explanatory, the next-hop can't be this router but its neighbor.

If you want to route between Vlans all you need to use is the command 'ip routing'

hi

ok I got it working now. but now what do i do if I want to connect this switch to the internet.

I am not sure if I can connect the switch to the prod network and cause problems.

right now its an isolated switch with 2 vlans created on it and not default route set.

if I uplink this switch to a production switch, what happens?

If everything is configured properly according to network,there is no problem connecting it in network anywhere.

i dont want the switch to broadcast any vlans out to the network. so I do need a default route to get to the net right?

Hmm..yes...or even you can set the default gateway

but then this switch will start broadcasting its local vlans to the core if I connect it to the network. wouldnt that cause problems? what about spanning tree?

Tony

If you want the vlans to be only local to the switch then make the switch VTP transparent. That way it will not learn the vlans from the prod network and the prod network will not learn the vlans from the switch.

Can you confirm that you want to route the vlans off the 2960 and not your prod switches ?

You should make it VTP transparent anyway when connecting up to prod as you do not want to accidentally overwrite the vlan database on the production switches.

Spanning-tree could be an issue as well so you have 2 options -

1) make the connection a routed link between the 2960 and the prod switch. Note i know 2960 switches can do inter-vlan routing but i am not sure whether they support routed ports or not so you would need to test ie.

2960

====

int gi0/1  <-- this connects to prod switch

no switchport  <-- this is the bit that may or may not work

ip address 192.168.5.1 255.255.255.252

add default-route -

ip route 0.0.0.0 0.0.0.0  192.168.5.2

prod switch

=========

int gi0/1 <-- this connects to 2960

no switchport

ip address 192.168.5.2 255.255.255.252

add routes for subnets/vlans on 2960 eg.

ip route 192.168.10.0 255.255.255.0 192.168.5.1

etc.. for each subnet

this would mean no STP and therefore you can just connect it up. Make sure you configure the port as "no switchport" on the the 2960 before you do connect up.

If the 2960 does not support "no switchport" then yes you need to worry about STP. There are 2 things to take into account -

1) STP connvergence due to adding a new switch

2) STP root bridge. You do not  your 2960 becoming STP root so you need to check the STP settings on your prod switches ie. are they explicitly set to STP root/secondary. If not then bear in mind the switch with the lowest mac-address will become root and if that happens to be the 2960 then your whole network will reconverge.

I would try the routed connection first and if that doesn't work then come back. If you can't use routed then you need to use a dedicated vlan between the switches for connectivity. The routes you add wouldn't be different but the actual config of the link would be different.

Jon

i do not want any vlans from prod network to the 2960g or vice versa.

2960

====

int gi0/1  <-- this connects to prod switch

no switchport  <-- this is the bit that may or may not work

ip address 192.168.5.1 255.255.255.252

add default-route -

ip route 0.0.0.0 0.0.0.0  192.168.5.2

prod switch

=========

int gi0/1 <-- this connects to 2960

no switchport

ip address 192.168.5.2 255.255.255.252

add routes for subnets/vlans on 2960 eg.

ip route 192.168.10.0 255.255.255.0 192.168.5.1

etc.. for each subnet

what vlan should I set the gi0/1 ports at?

for no switchport

what options do i use?

For the switch to reach to internet we can configure default-gateway on it as the IP on the core switch. Also, by default the trunk link woudl be allowing all teh valns on it. Hence, once we connect it to core the 2 vlans present on this switch would forwarded on the trunk link.

If we do not want to pass these vlan traffic on the trunk link, we can configure allowed vlans on the trunk but, need to check if the users in these vlan would require to reach to internet which would not be possible if the vlans are not allowed.

Otherwise, we would receive BPDUs for all the vlans on the trunk link, but otherwise should not cause any issues.

also looks like the prod swich is cat os and the 2960g is ios