Showing results for 
Search instead for 
Did you mean: 

Setting up VLAN and InterVLAN routing


I am pretty new to Cisco so please bare with me.

I am setting up a 4506 switch w/ a sup IV as a core switch with 5 Dell 3348 Switches as my access points.

I intend on trunking each Dell switch to the one of the Cisco ports obviously with dot1q.

As a pre-test I tried trunking one Dell switch and test the current network which is I created VLAN's on the Cisco and assigned VLAN 2 with

I created additional VLAN's:




etc... I have a total of 9 VLAN's.

We have a PIX that is that is our GW to the Inet. From the Cisco switch console I can ping any ip on the existing 1.0 network.

From the pix I can ping the Cisco switch 1.254 but I can not ping any vlan IP on the cisco. If I add route from the PIX such as ip route I can then ping the 10.0 subnet.

Now if I connect a node on the Cisco switch and assign it any of the vlans (not vlan 2) and give it an IP of lets say and GW of 10.1 I can ping anything on the cisco switch switch is obviously handling the InterVLAN fine. But if I ping outside of the switch such as the pix I can't get out.

Also if I add a static route on the node connected to a Dell switch:

route add MASK

The routing works fine.

On the cisco switch I added

ip route

I enabled

ip routing

From what I have read this config should be ok for the InterVLAN and having the route out of the switch to 1.1 for Inet.

Do I need to enable RIP/EIGRP/OSPF?

I was hoping to avoid enabling one of these as I haven't messed with much of the routing protocols.

I attached excerpts of the cisco config.


hi there,

your understanding about intervlan routing in multilayer switch are good :)

but since you are trying to ping the pix, did you configured the pix to be ping able from that network?

and the second, if you are trying to ping to the internet, such as ping, is it failed?

did you allready configured NAT on pix? since per my understanding, internet is public ip address, and your inside network is private ip address.

private address will not be permited, or routed through the isp router.




Hey, thanks!

From the Cisco I can ping the pix (yes ICMP is on internal but not external) and I can ping out to Inet etc...

From a node connected to the Cisco I can not ping anything outside of the Cisco switch but everything connected with in the Switch, such as all the VLAN IP's or another node connected to the Cisco.

The PIX is the GW out to the Inet and NAT is turned on for some internal IP's (OWA, WWW, SMTP etc).

Also, if I do need to enable a routing protocol can anyone provide an example?


Are you sure IP Routing is enabled ?

Show me a readout of

"Show VLan Brief"

"Show ip route"


Yes, but currently I only have 1 Dell switch trunked no IP's have changed on the current network.

sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is to network

C is directly connected, Vlan30

C is directly connected, Vlan15

C is directly connected, Vlan60

C is directly connected, Vlan10

C is directly connected, Vlan20

C is directly connected, Vlan2

C is directly connected, Vlan100

S* [1/0] via

C is directly connected, Vlan40

C is directly connected, Vlan50

VLAN Brief

2 VLAN0002 active Gi2/2

10 VLAN0010 active Gi2/3, Gi2/4, Gi2/5, Gi2/6, Gi2/7, Gi2/8, Gi2/9, Gi2/10, Gi2/11, Gi2/12, Gi2/13, Gi2/14

Gi2/15, Gi2/16, Gi2/17, Gi2/18, Gi2/19, Gi2/20, Gi2/21, Gi2/22, Gi2/23, Gi2/24, Gi2/25

Gi2/26, Gi2/27, Gi2/28, Gi2/29, Gi2/30, Gi2/31, Gi2/32, Gi2/33, Gi2/34, Gi2/35, Gi2/36

Gi2/37, Gi2/38, Gi2/39, Gi2/40, Gi2/41, Gi2/42, Gi2/43, Gi2/44, Gi2/45, Gi2/46, Gi2/47


15 VLAN0015 active

20 VLAN0020 active

30 VLAN0030 active

40 VLAN0040 active Gi4/1

50 VLAN0050 active Gi4/2

60 VLAN0060 active

100 VLAN0100 active


hi there,

supervisor engine 4 can do routing protocol, but it's depends on the ios feature set that you are using. is it basic, or advanced? with basic, you cant use the routing protocol.

try to draw the network diagram. and then, we can understand whether it needs routing protocol or not.




Do this as a trial and let me know;

conf t

interface vlan 10

ip address

On Pix

ip route

If your PC has a 192.168.10.x Ip and GW, then you should ping from the machine and from the pic with no problem.


Yes, I did that test previously and it worked.

I am about to actually connect all the switches up tonight. I haven't actually trunked all the switches as stated above, once this is done and if I still can't route out then I will probably need help with one of the routing protocols.

So I am still wondering if this will work with out using RIP/OSPF/EIRGP or some other routing protocol?

Attached is a quick logical look at what I am attempting to do. It's not detailed, I have other more detailed but for this question I thought it might suffice.



For such a small network, routing protocols are over kill. layer 2 will work perfectly.

Give me your running config and I will see what your doing wrong.


Ok, thats what I figured, I really think it is an issue with not having all the switches trunked. Once I have that setup and if I still can't get it to work I will post back here.

Also I attached most of the config up above, I just omitted all the line cards and other crap that is not needed :). Right now the only trunk that is going is to one of the dell switches and port 2/1 on the cisco.

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

service compress-config








no aaa new-model

vtp domain

vtp mode transparent

ip subnet-zero

ip name-server

ip dhcp relay information trust-all



no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

power redundancy-mode redundant




vlan internal allocation policy ascending


vlan 2,10,15,20,30,40,50,60,100


interface GigabitEthernet1/1


interface GigabitEthernet1/2


interface GigabitEthernet2/1

description trunk

switchport trunk encapsulation dot1q

switchport trunk native vlan 2

switchport mode trunk

switchport block multicast


interface Vlan1

no ip address


interface Vlan2

ip address


interface Vlan10

description PRUSRVLAN10

ip address


interface Vlan15

description INTSRVLAN15

ip address


interface Vlan20

description PGCSVLAN20

ip address


interface Vlan30

description PELSVLAN30

ip address


interface Vlan40

description PRUVLAN40

ip address

ip helper-address


interface Vlan50

description PGCSVLAN

ip address

ip helper-address


interface Vlan60

description PELSVLAN

ip address

ip helper-address


interface Vlan100

description ADMIN

ip address

ip helper-address


no ip route static inter-vrf

ip route

no ip http server


Ok so let me get this straight.

You have a PC connected to the dell switch.

Did you assign the port on the dell switch the proper vlan its suppose to be in ?

From the PC, can you ping one of the vlan gateways ?

If your pc is on Vlan 20, is the gateway set to ?

From the switch you should be able to ping

Go to the PIX and setup ip routes like this.


Why are vlan 40 and 50 23 bit subnet masks ?

Do show int trunk and see if your trunk is trunking.


Hi there,

If I am understanding this right, you do not have the static routes on the PIX back to the cisco switch for all of you other networks. All you will need is the default route that you currently have on your switch to the PIX but the PIX will need to know where the other networks are (10.0, 20.0, etc.). You could summerize the routes like,


ip route

ip route null0

or just list them each individually.

To utilize the routing protocols you will need an enhanced image on the switch. If this is the extent of the network I think static is the easiest, unless you see the need for scaling the network larger.



Sorry took so long; I did the install Friday night and I was able to successfully trunk (for the most part) the Dell switches to the Ciso.

Port Mode Encapsulation Status Native vlan

Gi4/3 on 802.1q trunking 10

Gi4/4 on 802.1q trunking 10

Gi4/5 on 802.1q trunking 10

Gi4/6 on 802.1q trunking

Now I am able to route between networks successfully. I set one port on the cisco for one route out to the pix. Most everything works great except for a couple major issues.

On the dell switches I can not seem to get different vlan's working. On the cisco I have VLAN's setup. Originally I wanted VLAN 2, 10, 20, 30, 40, 50, 60, and 100). VTP is in transparent mode.

I can't seem to get the VLAN's to work correctly on the Dell switches. The only way I can get the Dell switches communicating is by giving each Dell switch an IP address in the VLAN I want it to communicate.

So lets say I want to allow VLAN 10 on dell switch 1. I assign VLAN 1 and IP of on the dell switch 1. I set the 1/g1 port to trunk, I set default gateway (the VLAN IP). I then set on the cisco port trunking, but I set native vlan 10.

Now all nodes on the Dell switch will communicate across all VLAN's. But I can't assign a vlan by port.

Here are excerpts of the configs:

Dell switch 1:

interface ethernet 1/g1

switchport mode trunk


interface vlan 1

ip address


ip default-gateway

Cisco Port:


interface GigabitEthernet4/4

description trunk to prusw254

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport block multicast


If I set another Dell switch to VLAN 20 and give it an IP address and set the port on the Cisco to the native vlan 20 it works as well. I can still communicate but I can't figure out how or why I can't assign VLAN's by port. If I change the port to VLAN 20 it does not seem to allow connectivity on that port. I have read Dells manual's and so far I do not see anything beyond intial vlan setup.

My other issue (which is very close to my first problem) is I originally had multiple VLAN's, including 50, 60 and 100. For some reason when I would do the same setup as above none of the nodes on the Dell switches would get out of the cisco to the pix and beyond. I Could still communicate Intervlan but just not beyond the Cisco.

Sorry so long winded.

Content for Community-Ad