interVLAN Routing

w0lv3rin3 · June 2011

Router 2620XM Config:

Router#show run
Building configuration...

Current configuration : 1012 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
ip auth-proxy max-nodata-conns 3
ip admission max-nodata-conns 3
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
!
interface FastEthernet0/0.3
encapsulation dot1Q 3
ip address 192.168.3.1 255.255.255.0
!
interface Serial1/0
no ip address
shutdown
no fair-queue
!
interface Serial1/1
no ip address
shutdown
!
interface Serial1/2
no ip address
shutdown
!
interface Serial1/3
no ip address
shutdown
!
ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Router#

Switch A 2950 Interface config:

interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
switchport mode trunk
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access

VLAN's:

SwitchA#show vlan brief

VLAN Name Status Ports
----
1 default active Fa0/4, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/9, Fa0/10, Fa0/11
Fa0/12, Fa0/13, Fa0/14, Fa0/15
Fa0/16, Fa0/17, Fa0/18, Fa0/19
Fa0/20, Fa0/21, Fa0/22, Fa0/23
Fa0/24
2 SwitchA active Fa0/3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SwitchA#

Trunking Ports:

SwitchA#show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1
Fa0/2 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094
Fa0/2 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1-2
Fa0/2 1-2

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1-2
Fa0/2 1-2
SwitchA#

Switch B 2950 config:

interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access

VLAN's:

VLAN Name Status Ports
----
1 default active Fa0/2, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/17, Fa0/18
Fa0/19, Fa0/20, Fa0/21, Fa0/22
Fa0/23, Fa0/24
3 SwitchB active Fa0/3
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
SwitchB#

Trunking Ports:

SwitchB#show interface trunk

Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-4094

Port Vlans allowed and active in management domain
Fa0/1 1,3

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,3
SwitchB#

Router interface status:

Quote:
Router#show ip int brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 unassigned YES NVRAM up up
FastEthernet0/0.2 192.168.2.1 YES manual up up
FastEthernet0/0.3 192.168.3.1 YES manual up up
Serial1/0 unassigned YES NVRAM down down
Serial1/0.1 192.168.0.31 YES NVRAM down down
Serial1/1 unassigned YES NVRAM administratively down down
Serial1/2 unassigned YES NVRAM administratively down down
Serial1/3 unassigned YES NVRAM administratively down down
Router#

Hello guys, I'm trying to set up a interVLAN Routing Lab here but for some reason I can't ping between my host from switch A and B, this host have their default gateway manually set up, Am I missing something in this config?

Thanks

Topology

[Router]
¦
¦
¦
¦
[SwitchA]

[SwitchB]

One Host per Switch - both switches are in the same domain

jamesleecoleman · June 2011

Does the vlans have ip addresses assigned to them?

w0lv3rin3 · June 2011

None of them are using ip addresses, only the sub interfaces on the Router

jason_lunde · June 2011

switch a should have vlan 3 on it...in its vlan database that is.

w0lv3rin3 · June 2011

I'm not using vtp here, two separate networks winch are been connected through the router, each switch should have whatever VLAN you assign to them and only those, someone correct me if I'm wrong

jamesleecoleman · June 2011

From the labs that I've done, the vlans should have ip addresses for intervlan routing. The switches should have the default gateway address of one of the addresses of the logical interfaces.

w0lv3rin3 · June 2011

Ok from my understanding VLAN1 is the only one you can assign an ip address for remote management, I'm not using Vlan1 here I'm using VLAN 2-3, default-gateway should be use in the event that the management vlan is been use with an address, right or wrong ?

Only the subinterfaces are the ones that I have assigned ip addresses but not the vlan's

jason_lunde · June 2011

how do you expect swa to accept vlan 3 tagged traffic from that router? Without that vlan in the database the traffic will never transit swa to swb, so that swb can send it to the host in vlan 3.

w0lv3rin3 · June 2011

makes sense will add those vlans to each switch dababase to see what happens

w0lv3rin3 · June 2011

Ok makes sense but how would you add vlan3 to switch A when the fa0/3 interface is already been use for vlan 2? how would you add those vlans to each switch using a single interface?

jason_lunde · June 2011

just go:
vlan 3
exit
...in global config mode.

w0lv3rin3 · June 2011

you're good mate, thank you I spent the entire day trying to figure this out and look how simple was, there is nothing like practicing with the real equipment let me tell you that xD, I was able to ping forth and back no problem, thank you again

jason_lunde · June 2011

no problem man, glad to help!

w0lv3rin3 · June 2011

jamesleecoleman wrote: »

From the labs that I've done, the vlans should have ip addresses for intervlan routing. The switches should have the default gateway address of one of the addresses of the logical interfaces.

Quick question I'm able to ping forth and back without having to assign an ip address to none of the vlans, neither a default-gateway address on the switches, how's that possible ??? I think when doing inverVLAN you only assign ip addresses to the subinterfaces of the Router that's going to be Routing packets between this networks

instant000 · June 2011

w0lv3rin3 wrote: »

[Router]
¦
¦
¦
¦
[SwitchA]
[SwitchB]

One Host per Switch - both switches are in the same domain

jason_lunde wrote: »

switch a should have vlan 3 on it...in its vlan database that is.

jason_lunde wrote: »

how do you expect swa to accept vlan 3 tagged traffic from that router? Without that vlan in the database the traffic will never transit swa to swb, so that swb can send it to the host in vlan 3.

jason_lunde ... great explanation

w0lv3rin3 wrote: »

Ok from my understanding VLAN1 is the only one you can assign an ip address for remote management, I'm not using Vlan1 here I'm using VLAN 2-3, default-gateway should be use in the event that the management vlan is been use with an address, right or wrong ?

Only the subinterfaces are the ones that I have assigned ip addresses but not the vlan's

^^ You are correct. The point of the router-on-a-stick is to provide the IP connectivity, so the VLANs can communicate with each other. Everything else is just layer 2 connectivity.

w0lv3rin3 wrote: »

Quick question I'm able to ping forth and back without having to assign an ip address to none of the vlans, neither a default-gateway address on the switches, how's that possible ??? I think when doing inverVLAN you only assign ip addresses to the subinterfaces of the Router that's going to be Routing packets between this networks

If you want to "prove" that it is the router allowing you to do this, you can simply do a "shutdown" or pull the plug on that router interface, and you'll see that you can no longer ping between those hosts off vlan 2 and vlan 3.

See this article below, it will show and explain a configuration of "router-on-a-stick" for InterVLAN routing.

Configuring InterVLAN Routing and ISL/802.1Q Trunking on a Catalyst 2900XL/3500XL/2950 Switch Using an External Router - Cisco Systems

Hope this helps!

lamkenwei · June 2011

Need some guidance from all.

I have configured a router-in-a-stick in my router and created 3-sub-interfaces for VLAN10 and VLAN20 and another to act as a default gateway. With this configuration VLAN10 and VLA[IMG]file:///C:/Users/kenwei.lam/AppData/Local/Temp/moz-screenshot-1.png[/IMG]N20 can communicate.

Is there a way I can configure the router to prevent interVLAN routing between VLAN10 and VLAN20 while keeping connectivity to other port such as the FTP server which is connected to the router.

I am pretty new at this.

Thank you in advance

Monkerz · June 2011

Looks like you are pretty new at using forums as well. Why don't you search the forums for related threads and if you can't find an answer, start your own thread. Rather than hijacking the OP's.

CodeBlox · June 2011

w0lv3rin3 wrote: »

Ok from my understanding VLAN1 is the only one you can assign an ip address for remote management,

This is not true. ANY VLAN can be the management VLAN. VLAN 1 is just the default management VLAN...

interVLAN Routing

Comments