Layer 3 Switch 3560 , Ping question.

satishtech

I have a layer 3 switch simple configuration in Packet Tracer 3560.
Connected two PC's , different IP subnets.
How to ping between them ?
I enabled IP routing and a routing protocol.
I think I must assign a gateway IP somewhere ?
Unable to Ping so far.

_Gonzalo_

You need to create one gateway for every network that you have. This is done creating vlan interfaces and giving them IPs (that is why you needed to enable IP routing, so you can assign IPs to its interfaces). No need of routing protocols.

I believe you should be getting a better base before going to newer technologies. My advice:

1.- Understand a router.
2.- Understand a switch.
3.- Now you should be ready to understand a device that can work both as a router and a switch.

satishtech

Thank You Gonzalo.
Haven't used a Layer 3 Switch much at all.

Much to learn I still have being an old padawan .
( Master Yoda )

_Gonzalo_

satishtech wrote: »

Thank You Gonzalo.
Haven't used a Layer 3 Switch much at all.

Much to learn I still have being an old padawan .
( Master Yoda )

Hahaha

Everyone has been a padawan at some point. To be honest, I consider CCNP level (where I´m at) as "padawanian", hehehe

It´s really good that you want to know things, but some paths will get you there faster and more consistently. To me, multilayer switches are the last thing you need to learn during CCNA.

Hondabuff

Practice with this.


Configuring InterVLAN Routing with Catalyst3750/3560/3550 Series Switches

Document ID: 41260

Contents

IntroductionPrerequisites

RequirementsComponents UsedRelated ProductsConventionsBackground Theory

Configure

Network DiagramConfigurations

VerifyTroubleshoot

Troubleshooting Procedure

Related Information

Introduction

This document explains how to configure interVLAN routing with Cisco Catalyst 3750/3560/3550 seriesswitches. The document provides a sample configuration for interVLAN routing with a Catalyst 3550 seriesswitch that runs enhanced multilayer image (EMI) software in a typical network scenario. The document usesa Catalyst 2950 series switch and a Catalyst 2948G switch as Layer 2 (L2) closet switches that connect to theCatalyst 3550. The Catalyst 3550 configuration also has a default route for all traffic that goes to the Internetwhen the next hop points to a Cisco 7200VXR router. You can substitute a firewall or other routers for theCisco 7200VXR router.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:Knowledge of how to create VLANsFor more information, refer to Creating Ethernet VLANs on Catalyst Switches.

·

Knowledge of how to create VLAN trunksFor more information, refer to the Configuring VLAN Trunks section of Configuring VLANs.

·

Components Used

The information in this document is based on these software and hardware versions:

· Catalyst 3550−48 that runs Cisco IOS® Software Release 12.1(12c)EA1 EMI

· Catalyst 2950G−48 that runs Cisco IOS Software Release 12.1(12c)EA1 EI

· Catalyst 2948G that runs Catalyst OS (CatOS) version 6.3(10)

Note: The configuration from the Cisco 7200VXR is not relevant, so this document does not show theconfiguration.The information in this document was created from the devices in a specific lab environment. All of thedevices used in this document started with a cleared (default) configuration. If your network is live, make surethat you understand the potential impact of any command.

Related Products

This configuration can also be used with these hardware and software versions:Any Catalyst 3750/3560/3550 switch that runs EMI software or standard multilayer image (SMI)Cisco IOS Software Release 12.1(11)EA1 and later

· · Any Catalyst 2900XL/3500XL/2950/3550 or CatOS switch model, used as the access layer switch

Conventions

Refer to Cisco Technical Tips Conventions for more information on document conventions.

Background Theory

In a switched network, VLANs separate devices into different collision domains and Layer 3 (L3) subnets.Devices within a VLAN can communicate with each other without the need for routing. Devices in separateVLANs require a routing device to communicate with one another.L2−only switches require an L3 routing device. The device is either external to the switch or in anothermodule on the same chassis. A new breed of switches incorporate routing capability within the switch. Anexample is the 3550. The switch receives a packet, determines that the packet belongs to another VLAN, andsends the packet to the appropriate port on the other VLAN.A typical network design segments the network based on the group or function to which the device belongs.For example, the engineering VLAN only has devices that relate to the engineering department, and thefinance VLAN only has devices that relate to finance. If you enable routing, the devices in each VLAN cantalk to one another without the need for all the devices to be in the same broadcast domain. Such a VLANdesign also has an additional benefit. The design allows the administrator to restrict communication betweenVLANs with use of access lists. In the example in this document, you can use access lists to restrict theengineering VLAN from access to devices on the finance VLAN.The switch does not route non−IP packets between VLANs and routed ports. You can forward these non−IPpackets with fallback bridging. In order to use this feature, you must have the IP services image, formerlyknown as the enhanced multilayer image (EMI), installed on your switch.Here is a link to a video (available on Cisco Support Community ) that demonstrates how to configure theInterVLAN routing on a Catalyst 3550 series switch:How To Configure InterVLAN Routing On Layer 3 Switches

Configure

In this section, you are presented with the information to configure the features described in this document.

Note: Use the Command Lookup Tool (registered customers only) to find more information on thecommands used in this document.

Network Diagram

This document uses this network setup:In this diagram, a small sample network with the Catalyst 3550 provides interVLAN routing between thevarious segments. By default, the Catalyst 3550 switch acts as an L2 device with disablement of IP routing. Inorder to make the switch function as an L3 device and provide interVLAN routing, you must enable IProuting globally.These VLANs are the three VLANs that the user defines:

· VLAN 2user VLAN

· VLAN 3server VLAN

· VLAN 10management VLANThe default gateway configuration on each server and host device must be the VLAN interface IP address thatcorresponds on the 3550. For example, for servers, the default gateway is 10.1.3.1. The access layer switches,which are the Catalyst 2950 and 2948G, are trunked to the Catalyst 3550 switch.The default route for the Catalyst 3550 points to the Cisco 7200VXR router. The Catalyst 3550 uses thisdefault route to route traffic destined for the Internet. Therefore, traffic for which the 3550 does not have arouting table entry forwards to the 7200VXR for process.

Practical Tips

Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link. If thenative VLAN on one end of the trunk is different than the native VLAN on the other end, the trafficof the native VLANs on both sides cannot be transmitted correctly on the trunk. This failure totransmit correctly can imply some connectivity issues in your network.

·

Separate the management VLAN from the user or server VLAN, as in this diagram. The managementVLAN is different from the user or server VLAN. With this separation, any broadcast/packet stormthat occurs in the user or server VLAN does not affect the management of switches.

·

Do not use VLAN 1 for management. All ports in Catalyst switches default to VLAN 1, and anydevices that connect to nonconfigured ports are in VLAN 1. The use of VLAN 1 for management cancause potential issues for the management of switches, as the second tip explains.

·

Use a Layer 3 (routed) port to connect to the default gateway port. In this example, you can easilyreplace a Cisco 7200VXR router with a firewall that connects to the Internet gateway router.

·

Do not run a routing protocol between the Catalyst 3550 and the Internet gateway router. Thisexample configures a static default route on the 3550 instead. This setup is best if there is only oneroute to the Internet. Make sure to configure static routes, preferably summarized, on the gatewayrouter (7200VXR) for subnets that can be reached by the Catalyst 3550. This step is very importantbecause this configuration does not use routing protocols.

·

If you have two Catalyst 3550 switches in your network, you can dual connect the access layerswitches to both 3550 switches. Run Hot Standby Router Protocol (HSRP) between the switches toprovide redundancy in the network. For more information on the configuration of HSRP, refer to the

Configuring HSRP section of Configuring IP Services.

·

If you need additional bandwidth for the uplink ports, you can configure EtherChannel. EtherChannelalso provides link redundancy in the case of a link failure.

·

Configurations

This document uses these configurations:

· Catalyst 3550

· Catalyst 2950

· Catalyst 2948G

Catalyst 3550 (Catalyst 3550−48 Switch)

Cat3550#show running−config

Building configuration...Current configuration : 3092 bytes!version 12.1no service single−slot−reload−enableno service padservice timestamps debug uptimeservice timestamps log uptimeno service password−encryption!hostname Cat3550!!ip subnet−zero

!−−− Enable IP routing for interVLAN routing.

ip routing!!!spanning−tree extend system−id!!!interface FastEthernet0/1no ip address!

!−−− Output suppressed.

!interface FastEthernet0/5description to SERVER_1

!−−− Configure the server port to be in the server VLAN, VLAN 3.

switchport access vlan 3

!−−− Configure the port to be an access port to prevent trunk negotiation delays.

switchport mode access

no ip address

!−−− Configure PortFast for initial Spanning Tree Protocol (STP) delay. Refer to!−−− Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays!−−− for more information.

spanning−tree portfast

!

!−−− Output suppressed.

!interface FastEthernet0/48description To Internet_Router

!−−− The port that connects to the router converts into a routed (L3) port.

no switchport

!−−− Configure the IP address on this port.

ip address 200.1.1.1 255.255.255.252

!interface GigabitEthernet0/1description To 2950

!−−− Configure IEEE 802.1 (dot1q) trunking, with negotiation, on the L2 switch.!−−− If there is not support for Dynamic Trunking Protocol (DTP) on the far switch,!−−− issue the switchport mode trunk command to force the switch port to trunk mode.!−−− Note: The default trunking mode is dynamic auto. If you establish a trunk link!−−− with the default trunking mode, the trunk does not appear!−−− in the configuration, even though a trunk has been established on!−−− the interface. Use the show interfaces trunk command to verify the!−−− establishment of the trunk.

switchport trunk encapsulation dot1q

no ip address!interface GigabitEthernet0/2description To 2948G

switchport trunk encapsulation dot1q

no ip address!interface Vlan1no ip addressshutdown!interface Vlan2description USER_VLAN

!−−− This IP address is the default gateway for users.

ip address 10.1.2.1 255.255.255.0

!interface Vlan3description SERVER_VLAN

!−−− This IP address is the default gateway for servers.

ip address 10.1.3.1 255.255.255.0

!interface Vlan10description MANAGEMENT_VLAN

!−−− This IP address is the default gateway for other L2 switches.

ip address 10.1.10.1 255.255.255.0

!ip classless

!−−− This route statement allows the 3550 to send Internet traffic to!−−− the default router which, in this case, is the 7200VXR (Fe 0/0 interface).

ip route 0.0.0.0 0.0.0.0 200.1.1.2

ip http server!!!line con 0line vty 5 15!end

Note: Since the 3550 has configuration as a VLAN Trunk Protocol (VTP) server, the switch does not displaythe VTP configuration. This behavior is standard. This switch uses these commands to create a VTP serverwith the three VLANs that the user defined from global configuration mode:

Cat3550(config)#vtp domain cisco

Cat3550(config)#vtp mode server

Cat3550(config)#vlan 2

Cat3550(config−vlan)#name USER_VLAN

Cat3550(config−vlan)#exit

Cat3550(config)#vlan 3

Cat3550(config−vlan)#name SERVER_VLAN

Cat3550(config−vlan)#exit

Cat3550(config)#vlan 10

Cat3550(config−vlan)#name MANAGEMENT

Catalyst 2950 (Catalyst 2950G−48 Switch)

Cat2950#show running−config

Building configuration...Current configuration : 2883 bytes!version 12.1no service single−slot−reload−enableno service padservice timestamps debug uptimeservice timestamps log uptimeno service password−encryption!hostname Cat2950!!ip subnet−zero!spanning−tree extend system−id!!interface FastEthernet0/1no ip address!

!−−− Output suppressed.

interface FastEthernet0/16no ip address!interface FastEthernet0/17description SERVER_2

switchport access vlan 3switchport mode access

no ip address

spanning−tree portfast

!

!−−− Output suppressed.

!interface FastEthernet0/33description HOST_1

!−−− Configure HOST_1 to be the user VLAN, VLAN 2.

switchport access vlan 2switchport mode access

no ip address

spanning−tree portfast

!

!−−− Output suppressed.

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

no ip address!interface GigabitEthernet0/2no ip address!interface Vlan1no ip addressno ip route−cacheshutdown!interface Vlan10description MANAGEMENT

!−−− This IP address manages this switch.

ip address 10.1.10.2 255.255.255.0

no ip route−cache!

!−−− Configure the default gateway so that the switch is reachable from other!−−− VLANs/subnets. The gateway points to the VLAN 10 interface on the 3550.

ip default−gateway 10.1.10.1

ip http server!!line con 0line vty 5 15!end

Note: Since the Catalyst 2950 has configuration as a VTP client, the switch does not display the VTPconfiguration. This behavior is standard. The 2950 acquires the VLAN information from the VTP server,which is the 3550. This 2950 switch uses these commands to make the switch a VTP client in the VTPdomain cisco from global configuration mode:

Cat2950(config)#vtp domain cisco

Cat2950(config)#vtp mode client

Catalyst 2948G Switch

Cat2948G> (enable) show config

This command shows non−default configurations only.Use 'show config all' to show both default and non−default configurations................................begin!# ***** NON−DEFAULT CONFIGURATION *****!!#time: Fri Jun 30 1995, 05:04:47!#version 6.3(10)!!#system web interface version(s)!#test!#systemset system name Cat2948G!#frame distribution methodset port channel all distribution mac both!#vtp

!−−− Configure the VTP domain to be the same as the 3550, the VTP server.

set vtp domain cisco

!−−− Choose the VTP mode as client for this switch.

set vtp mode client

!#ip

!−−− Configure the management IP address in VLAN 10.

set interface sc0 10 10.1.10.3/255.255.255.0 10.1.10.255

set interface sl0 downset interface me1 down

!−−− Define the default route so that the switch is reachable.

set ip route 0.0.0.0/0.0.0.0 10.1.10.1

!#set boot commandset boot config−register 0x2set boot system flash bootflash:cat4000.6−3−10.bin!#module 1 : 0−port Switching Supervisor!#module 2 : 50−port 10/100/1000 Ethernet

!−−− Configure HOST_2 and SERVER_3 ports in respective VLANs.

set vlan 2 2/2set vlan 3 2/23set port name 2/2 To HOST_2set port name 2/23 to SERVER_3

!−−− Configure trunk to 3550 with dot1q encapsulation.

set trunk 2/49 desirable dot1q 1−1005

end

Verify

This section provides information you can use to confirm your configuration works properly.The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands. Use theOIT to view an analysis of show command output.

Catalyst 3550

show vtp status

Cat3550#show vtp status

VTP Version : 2Configuration Revision : 3Maximum VLANs supported locally : 1005Number of existing VLANs : 8

VTP Operating Mode : Server

VTP Domain Name : cisco

VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x54 0xC0 0x4A 0xCE 0x47 0x25 0x0B 0x49

Configuration last modified by 200.1.1.1 at 3−1−93 01:06:24

Local updater ID is 10.1.2.1 on interface Vl2 (lowest numbered VLAN interface found)

·

show interfaces trunk

Cat3550#show interfaces trunk

Port Mode Encapsulation Status Native vlanGi0/1 desirable 802.1q trunking 1Gi0/2 desirable 802.1q trunking 1Port Vlans allowed on trunk

·

Gi0/1 1−4094Gi0/2 1−4094Port Vlans allowed and active in management domainGi0/1 1−3,10Gi0/2 1−3,10Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1−3,10Gi0/2 1−3,10

show ip route

Cat3550#show ip route

Codes: C − connected, S − static, I − IGRP, R − RIP, M − mobile, B − BGPD − EIGRP, EX − EIGRP external, O − OSPF, IA − OSPF inter areaN1 − OSPF NSSA external type 1, N2 − OSPF NSSA external type 2E1 − OSPF external type 1, E2 − OSPF external type 2, E − EGPi − IS−IS, L1 − IS−IS level−1, L2 − IS−IS level−2, ia − IS−IS inter area* − candidate default, U − per−user static route, o − ODRP − periodic downloaded static route

Gateway of last resort is 200.1.1.2 to network 0.0.0.0

200.1.1.0/30 is subnetted, 1 subnetsC 200.1.1.0 is directly connected, FastEthernet0/4810.0.0.0/24 is subnetted, 3 subnetsC 10.1.10.0 is directly connected, Vlan10C 10.1.3.0 is directly connected, Vlan3C 10.1.2.0 is directly connected, Vlan2

S* 0.0.0.0/0 [1/0] via 200.1.1.2

·

Catalyst 2950

show vtp status

Cat2950#show vtp status

VTP Version : 2Configuration Revision : 3Maximum VLANs supported locally : 250Number of existing VLANs : 8

VTP Operating Mode : Client

VTP Domain Name : cisco

VTP Pruning Mode : DisabledVTP V2 Mode : DisabledVTP Traps Generation : DisabledMD5 digest : 0x54 0xC0 0x4A 0xCE 0x47 0x25 0x0B 0x49

Configuration last modified by 200.1.1.1 at 3−1−93 01:06:24

·

show interfaces trunk

Cat2950#show interfaces trunk

Port Mode Encapsulation Status Native vlanGi0/1 desirable 802.1q trunking 1Port Vlans allowed on trunkGi0/1 1−4094Port Vlans allowed and active in management domainGi0/1 1−3,10Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1−3,10

·

Catalyst 2948G

show vtp domain

Cat2948G> (enable) show vtp domain

Domain Name Domain Index VTP Version Local Mode Password−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−

cisco 1 2 client −Vlan−count Max−vlan−storage Config Revision Notifications−−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−−

8 1023 3 disabledLast Updater V2 Mode Pruning PruneEligible on Vlans−−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−

200.1.1.1 disabled disabled 2−1000

·

show trunk

Cat2948G> (enable) show trunk

* − indicates vtp domain mismatchPort Mode Encapsulation Status Native vlan−−−−−−−− −−−−−−−−−−− −−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−−2/49 desirable dot1q trunking 1Port Vlans allowed on trunk−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−2/49 1−1005Port Vlans allowed and active in management domain−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−2/49 1−3,10Port Vlans in spanning tree forwarding state and not pruned−−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−

2/49 1−3,10

·

Troubleshoot

Use this section to troubleshoot your configuration.

Troubleshooting Procedure

Follow these instructions:If you are not able to ping devices within the same VLAN, check the VLAN assignment of the sourceand destination ports to make sure that the source and destination are in the same VLAN.In order to check the VLAN assignment, issue the show port mod/port command for CatOS or the

show interface status command for Cisco IOS Software.If the source and destination are not in the same switch, make sure that you have configured trunkingproperly. In order to check the configuration, issue the show trunk command for CatOS or the showinterfaces trunk command for Cisco IOS Software. Also, check that the native VLAN matches oneither side. Make sure that the subnet mask matches between the source and destination devices.1.If you are not able to ping devices in different VLANs, make sure that you can ping the respectivedefault gateway.

Note: See Step 1.2.Also, make sure that the default gateway of the device points to the correct VLAN interface IPaddress. Make sure that the subnet mask matches.If you are not able to reach the Internet, make sure that the default route on the 3550 points to thecorrect IP address, and that the subnet address matches the Internet gateway router.In order to check, issue the show ip interface interface−id command and the show ip route

command. Make sure that the Internet gateway router has routes to the Internet and the internalnetworks.3.

Related Information

· Creating Ethernet VLANs on Catalyst Switches

· LAN Product Support

· LAN Switching Technology Support

· Technical Support & Documentation − Cisco Systems

Contacts & Feedback | Help | Site Map© 2013 − 2014 Cisco Systems, Inc. All rights reserved. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks ofCisco Systems, Inc.

Updated: Feb 23, 2012 Document ID: 41260

satishtech

Thank You HondaBuff.