Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
631
Views
10
Helpful
4
Replies

Test Subnet/Vlan

rcoote5902_2
Level 2
Level 2

‎01-22-2009 02:23 PM - edited ‎03-06-2019 03:35 AM

Hi. I have a fairly basic understanding of Cisco routing and switching and have decided I wanted to set up a test subnet at our office in order to segregate a test domain that will be used to test RADIUS authentication.

That being said, I'm having some issues and I'm hoping this might be a good source for help.

I've attached a picture of what the infrastructure looks like which I hope helps. Sorry for the low-brow graphics...paint was the easiest tool available. :)

I fall asleep every time I get to the chapter on subnetting and vlans, so this is probably why I am struggling. Serves me right I guess. :)

I'll also attach the config of the test switch. I created a new vlan (200) that uses the test subnet, and both gig ports are trunking. Does this look right?

Should the test switch be configured with an IP from the test subnet or the existing?

Also, I know I need to set up a subinterface on the router, but do I need to do anything to the switches in between the test switch and the router?

Any help is much appreciated!

Rob

Labels:
Preview file
1 KB
Preview file
2472 KB
0 Helpful
4 Replies 4

SJessulat_2
Level 1
Level 1

‎01-23-2009 05:28 AM

Hi Rob,

you should remove the "Interface VLAN 200" from your 2960, because it is a layer2-device and only needs an IP-Address in the existing VLAN. Instead you should create a Subinterface on your 3725 for each VLAN, so it can route between them.

Also check that every switch in your network has the two layer2-VLANs it needs. Under "show vlan" there should be VLAN001 and VLAN200.

The trunk-ports look alright. On the Router-Subinterfaces you have to enter "encapsulation dot1q xx" (where xx is either 1 or 200) and "ip address x.x.x.x 255.255.252.0".

That should do it. Otherwise, you should explain what issues you see.

Greets,

Sebastian

rcoote5902_2
Level 2
Level 2
In response to SJessulat_2

‎01-23-2009 08:58 AM

Thank you so much Sebastian. Things are definitely moving in the right direction.

From a workstation on the 2960 I can now ping the gateway (the subinterface on the 3725 - 172.16.160.1), but I cannot ping the firewall, which suggests I don't have an outside route, although the 3725 has:

ip route 0.0.0.0 0.0.0.0

I can ping the firewall from the 2960.

The workstation has the following settings:

IP: 172.16.163.1

Subnet: 255.255.252.0

Gateway: 172.16.160.1

Do I need an outside subinterface on the 3725??

Thanks again!

Rob

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to rcoote5902_2

‎01-23-2009 09:21 AM

Rob

It sounds like yout firewall doesn't have a route back to the 172.16.160.0/22 network. So you need to add a route on your firewall eg.

ip route 172.16.160.0 255.255.252.0 <3725 ip address that connects to firewall>

syntax for adding firewall route may well be different from above.

Jon

rcoote5902_2
Level 2
Level 2
In response to Jon Marshall

‎01-23-2009 09:53 AM

Nice! Thank you that was it. I just needed an inside route back to the 3725.

Cheers!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card