Jo, The configure is done, but tried to connect a client on VLAN2, and it cannot get an IP from DHCP. And also, cannot ping 192.168.32.1 when client is physically attached to VLAN1. Attached DHCP snapshot. Does trunk need here for a single switch? Here is the run list

Current configuration : 1700 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

!

no aaa new-model

switch 2 provision ws-c3750-24ts

system mtu routing 1500

vtp domain zad

vtp mode transparent

ip subnet-zero

ip routing

!

!

!

! no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 2

name vlan2

!

vlan 3

name vlan3

!

vlan 10

name servers

!

vlan 20

name workstations

!

interface FastEthernet2/0/1

!

interface FastEthernet2/0/2

!

interface FastEthernet2/0/3

!

interface FastEthernet2/0/12

!

interface FastEthernet2/0/13

switchport access vlan 2

switchport mode access

!

!

interface FastEthernet2/0/24

!

interface GigabitEthernet2/0/1

!

interface GigabitEthernet2/0/2

!

interface Vlan1

ip address 192.168.16.1 255.255.240.0

!

interface Vlan2

ip address 192.168.32.1 255.255.240.0

ip helper-address 192.168.16.2

!

interface Vlan3

ip address 192.168.48.1 255.255.240.0

ip helper-address 192.168.16.2

!

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

interface Vlan2

ip address 192.168.32.1 255.255.240.0

ip helper-address 192.168.16.2

!

interface Vlan3

ip address 192.168.48.1 255.255.240.0

ip helper-address 192.168.16.2

!

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

End

Try to ping

Switch#ping 192.168.32.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.32.1, timeout is 2 seconds:

.....

Success rate is 0 percent (0/5

Mark

Can you

1) Leave the DHCP/DNS server in vlan 1

2) Attach your client to a port allocated into vlan 2

3) Hardcode an IP address from the vlan 2 range on your client and then try

i) ping 192.168.32.1

ii) ping 192.168.16.2

Let me know results.

Edit - after doing the above could you also post the output of

"sh vlan"

"sh ip int brief"

Note that your L3 vlan interfaces will only show up/up if you have an active port in that vlan so you will not be able to ping 192.168.32.1 if you don't have a client up and running allocated into that vlan.

Jon

Hi Jon,

Actually I found where the problem is. It is all coming back to basics. The DHCP box's default gateway was pointing to somewhere else instead of the default gateway of the vlan. After I changed to the gateway of the vlan, DHCP is working. Devices from different VLAN can get IP address, and access things across VLANs.

thank you very much.

Thanks Jon.

There is another question from this dummy guy. If I want to route traffic out of VLANs to access Internet through a firewall, do I need a routed-port on the switch as a representitive of VLANs? How to extablish this relationship between the routed-port and VLANs? What should I do to achieve this?

Thanks

Mark

Glad you got it working and no problem with further questions, that's what NetPro is for :-)

Is the firewall connected to the 3750 switch ?

You don't necessarily need a routed port, you could just use another vlan. It really depends on where the firewall is in relation to your addressing.

What you would need is a default-route on your 3750 pointing to the internal interface of your firewall ie.

ip route 0.0.0.0 0.0.0.0

then on the firewall you would need to add routes for the vlans on the 3750 switch. The next-hop would either be a vlan interface on the 3750 or as you say it could be a routed port.

If you could let me know whether the firewall is in one of your existing vlans and where it is connected to i can be more specific.

Jon

Hi Jon,

Here is the command list

Switch(config)# int vlan 1

Switch(config-if)# ip address 192.168.16.1 255.255.240.0

Switch(config-if)# no shut

Switch(config)# int vlan 2

Switch(config-if)# ip address 192.168.32.1 255.255.240.0

Switch(config-if)# ip helper-address 192.168.16.2

Switch(config-if)# no shut

Switch(config)# int vlan 3

Switch(config-if)# ip address 192.168.48.1 255.255.240.0

Switch(config-if)# ip helper-address 192.168.16.2

Switch(config-if)# no shut

Switch(config)#int range fa1/0/7 - 12

Switch(config-if-range)#switchport access vlan 2

Switch(config-if-range)#switchport mode access

Switch(config)#int range fa1/0/13 - 18

Switch(config-if-range)#switchport access vlan 3

Switch(config-if-range)#switchport mode access

Test results as follow:

When I plug the Windows 2003 DC and DHCP server into one of the VLAN1 port, and plug one WinXP into another VLAN1 port, the WinXP can get ip address from the DHCP server, which is an address within the VLAN1 range.

When I plug the Windows 2003 DC and DHCP server into one of the VLAN1 port, and plug one WinXP into one of VLAN2 port, the WinXP CANNOT get IP address from the DHCP server.

When I plug the Windows 2003 DC and DHCP server into one of the VLAN2 port, and plug one WinXP into one of VLAN2 port, the WinXP CAN get an ip address, but it is an address from VLAN1 range. Either than that, everything is fine. But VLAN here realy does not have any meaning, does it?

Can anyone tell me how to fix this problem please?

try to add this command under inetrface vlan 2, 3,..

Ip directed-broadcast

Thanks guys,

There is another question from this dummy guy. If I want to route traffic out of VLANs to access Internet through a firewall, do I need a routed-port on the switch as a representitive of VLANs? How to extablish this relationship between the routed-port and VLANs? What should I do to achieve this?

Thanks