nav[aria-label="Primary Navigation"] { padding: 0; & ul { list-style: none; width: 100%; display: flex; flex-direction: row; justify-content: start; align-items: start; gap: 30px; padding: 0; & li { margin: 0; } & ul li { list-style: none; } } }

layer 3 switching/routing

calaverasgrandes

Okay so we got this spare 3750 at my work. I decide to start playing with it as it has more advanced features than any of my home lab switches. I also decided to get around to finishing my CCNA studies that I backburnered several years ago.
I gather that these are supposed to be able to do layer 3 routing/switching right? Like if I want to connect an internal wifi network with a static IP at our cable router? Well I tried everything and its not working.

I got the DHCP set up on the switch. I made a VLAN (vlan 9) for the inside network. I made port #24 the outside static route and pointed the default route to that ports subnet. I can ping from the switch to the outside subnet. I can ping from a connected laptop to the interface on that outside subnet, but not the gateway of that subnet, or any other members of the subnet.
Here is the config, edited out most of the ports so it wont be so long.

! Last configuration change at 17:25:09 pacific Fri Sep 23 2011
! NVRAM config last updated at 14:36:52 pacific Mon Sep 26 2011
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname noothgrush
!
enable secret 5 $1$h7Cq$gXd5l1.ZkI4M66.Rd3U281
enable password ********
!
no aaa new-model
clock timezone pacific -8
switch 1 provision ws-c3750g-24ps
ip subnet-zero
ip routing
no ip domain-lookup
no ip dhcp conflict logging
!
ip dhcp pool public
network 192.168.200.0 255.255.255.0
default-router 192.168.200.195
dns-server 68.87.76.178 68.87.78.130
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport access vlan 9
!
interface GigabitEthernet1/0/2
switchport access vlan 9
!
interface GigabitEthernet1/0/3
switchport access vlan 9
~~~~~~
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
no switchport
ip address 173.164.**.12 255.255.255.240
!

interface Vlan1
no ip address
shutdown
!
interface Vlan9
description inside
ip address 192.168.200.195 255.255.255.0
interface Vlan19
description outside
no ip address
!
ip default-gateway 173.164.**.1
ip classless
ip route profile
ip route 0.0.0.0 0.0.0.0 173.164.**.1
ip route 173.164.0.0 255.255.0.0 173.164.**.0
no ip http server
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0
exec-timeout 0 0
password *********
no login
line vty 1 4
password *************
no login
line vty 5 15
password **************
no login
!
end

noothgrush(config)#

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

pham0329

Is NAT configured?

calaverasgrandes

actually, Ihad read elsewhere that you specifically DONT want NAT turned on if you want layer 3 switching/routing to happen. I'll give it a shot though. I am kind of confused because everythign I have read about getting this going specifcially omits any mention of what layer 3 protocol actually does the routing or switching from the VLAN to the default route. Though I suppose it being default is all that matters.

pham0329

Well, before you configure NAT....I'm assuming that 173.164.134.1 is your ISP? If that's the case, then you'll have to configure NAT because if you don't, your request will come from a private IP, which will get dropped by the ISP.

I am kind of confused because everythign I have read about getting this going specifcially omits any mention of what layer 3 protocol actually does the routing or switching from the VLAN to the default route.

What happens is that anytime a switch receives a frame with its own MAC address as the destination MAC, it knows that the packet is either for itself, or needs to go "through" it/routed. It then looks at the destination IP, if it's not the IP assigned to the L3 interface of the switch, it looks it up in the cef/routing table and forward it accordingly.

calaverasgrandes

speaking of NAT. It seems like the Nat commands I am familiar with, that work on my older cisco gear running oldr IOS versions, do not seem to work the same?
I have to confess I kind of took way too long off from Cisco doing a bunch of windows migration work and such.
By the time I get this stuff done I'll have to scrap it anyway because it sounds like corporate is goign to kill our outside ISP connections and make us use a WAN back to them for web access. That pretty much kills the sling box idea I had.

pham0329

Turns out, the 3750 doesn't support NAT

Network Address Translation Catalyst Switch Support Matrix - Cisco Systems

calaverasgrandes

okay that would explain why NAT commands dont work (but not why show nat commands do?).
So back to layer 3 switching/routing. There must be some other proto I got to turn on to allow the packets to traverse.
I am starting to wonder if it isnt a non routable class C address thing with the 192.168.200.0 subnet.
I may try and change it to an IP address range that we have some holes in. Though the idea was to make this a one way street for a couple wifi boxes until the wifi gets here for real.

pham0329

There's no other protocol that you need to turn on. You don't need routing protocols because you're just setting a default router to a connected link. You didn't answer my earlier question, is the default gateway, and the "outside" subnet under your control or the ISP?

I am starting to wonder if it isnt a non routable class C address thing with the 192.168.200.0 subnet.

Yes, 192.168 is a private range, and is not routable over the internet. This is what NAT is for.

From the router, do an extended ping, one from the Gi 0/24 interface, and one from int vlan 9. If the ping from gi 0/24 goes through and the one from int vlan 9 fails, it's probably a NAT issue.

calaverasgrandes

yeah the outside subnet is the isp's router.
we have a range of static ips on there that are not nat-ed. Some are hard wired.
I cant supernet it without getting in trouble. I can make a smaller subnet like a /29 or /30, but its a tight fit.

the outside router has no CLI. Though it has a gui with a ping.
At this point I may just as well set it up with static routes for the couple of wifi boxes and the bosses slingbox.
DHCP would have been nice though.