Inter-VLAN routing PT Lab

Hi all,

I've started doing some practice labs from scratch and decided to have a go at an Inter-VLAN routing lab to get some practice. Would it be possible for someone to look over the configs to ensure everything looks as it's supposed to be. It seems to work, but I'm not very confident that it's correct? It's not too complex-a-lab, but before I start being adventurous I'd like to see if I'm along the right lines.

Link to Lab: https://www.dropbox.com/s/851daxa48v3uojv/Inter-VLAN%20Lab.pkt

Updated: 18:04

Would be greatly appreciated.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

EdTheLad

Just by looking at your topology it doesn't look right, i haven't bothered to download your configs, so maybe its just the topology.
Anyway, you have assigned a /16 mask to all hosts, that means they all on the same subnet. When a student pc wants to talk to an accounting pc it will send an arp request for the destination mac of the accounting pc, the switch will flood the arp request and the accounting pc will respond. The router is not needed! Now if you put all the pc's on different subnets, they will need the router to communicate. Don't forget to configure the default gw on the PCs to the appropriate router ip.

ednard

They were originally /24's, that would make more sense, right? As /24's, they couldn't communicate and I'm not entirely sure where they're going wrong. They did as /16's, and now you've said it, I totally bypassed that, so thank you. I've also set the default gate-ways on the hosts as 192.168.[vlanid].1, however wasn't sure where else to be configuring this apart from the subinterfaces on the router?

I guess this could be a good troubleshoot opportunity for anyone who wants/needs practice. I've re-uploaded with them all as /24s.

Appreciate the feedback.

xnx

Yes, he's right ( Why wouldn't a CCIE candidate not be? :P) no router is needed as they're all on the same subnet.

With inter VLAN routing what you want to do is create a sub interface for each VLAN, set the IP address, encapsulation type and tag number it'll look out for.

You then also want to set the link to the router as a trunk link since it'll carry all the VLAN traffic to and from the router.

This might help:
Inter VLAN Routing (Router on a Stick) ~ Easy Learning

ednard

xnx wrote: »

Yes, he's right ( Why wouldn't a CCIE candidate not be? :P) no router is needed as they're all on the same subnet.

With inter VLAN routing what you want to do is create a sub interface for each VLAN, set the IP address, encapsulation type and tag number it'll look out for.

You then also want to set the link to the router as a trunk link since it'll carry all the VLAN traffic to and from the router.

This might help:
Inter VLAN Routing (Router on a Stick) ~ Easy Learning

I've done all of them, but I can't quite work out why it isn't working. Going to have another troubleshooting session and try and find the cause of the problem.

ednard

I've just set the default gateways on the hosts to the Router IP of 10.1.5.0 and they're all working fine! However I'm not fully confident I've done it correctly. Below are the running-configs of the Router and the Switch.

ROUTER
hostname Router
!
interface FastEthernet0/0
ip address 10.1.5.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/0.24
encapsulation dot1Q 24
ip address 192.168.24.1 255.255.255.0
!
interface FastEthernet0/0.36
encapsulation dot1Q 36
ip address 192.168.36.1 255.255.255.0
!
interface FastEthernet0/0.55
encapsulation dot1Q 55
ip address 192.168.55.1 255.255.255.0
!
interface FastEthernet0/0.72
encapsulation dot1Q 72
ip address 192.168.72.1 255.255.255.0
!
interface FastEthernet0/1
no ip address
duplex auto
speed auto
shutdown
!
end

=====================================================

SWITCH

hostname Switch
!
interface FastEthernet0/1
switchport trunk native vlan 99
switchport mode trunk
!
interface FastEthernet0/5
switchport access vlan 72
switchport mode access
!
interface FastEthernet0/6
switchport access vlan 72
switchport mode access
!
interface FastEthernet0/10
switchport access vlan 55
switchport mode access
!
interface FastEthernet0/11
switchport access vlan 55
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 36
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 36
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 24
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 24
switchport mode access
interface Vlan1
no ip address
shutdown
!
interface Vlan24
ip address 192.168.24.1 255.255.255.0
!
interface Vlan36
ip address 192.168.36.1 255.255.255.0
!
interface Vlan55
ip address 192.168.55.1 255.255.255.0
!
interface Vlan72
ip address 192.168.72.1 255.255.255.0
!
interface Vlan99
ip address 192.168.99.1 255.255.255.0
!
ip default-gateway 10.1.5.1
!
end
=====================================================

It fully works, but does the config look about right? (I've removed needless port information).

I believe the problem was the default-gateways, I had originally set them to 19.168.[vlanid].1, but this didn't exist in the topology. Is it correct that they should be the router IP?

late_collision

I have not downloaded the original config, I am only looking at your most recent post.

Why are you using router on a stick and SVI's? The whole point of SVI's is to get away from the router on a stick and you certainly cant have the same ip address assigned to the SVI and the router sub-interface within the same vlan.

The hosts, should use the default gateway of 192.168.[vlan_id].1

You need to either disable the router and enable routing on the switch, or disable the SVI's and have the router do the routing between vlan's.

ednard

late_collision wrote: »

Why are you using router on a stick and SVI's? The whole point of SVI's is to get away from the router on a stick and you certainly cant have the same ip address assigned to the SVI and the router sub-interface within the same vlan.

The hosts, should use the default gateway of 192.168.[vlan_id].1

You need to either disable the router and enable routing on the switch, or disable the SVI's and have the router do the routing between vlan's.

So if I'm going to keep the Router on a Stick configuration, I need to remove the SVI's?

Also, if I change the host default gateways to 192.168[vlan_id].1, do I need to configure these addresses anywhere else?

late_collision

Correct, remove the SVI's with the "no interface vlan xx" command. Interface Vlan 1 is a special case, it can stay as it's the management interface for the switch

You will need to keep the 192.168.[vlan_id].1 addresses on the router sub-interfaces.

Once the .1 addresses are assigned on the router, then make sure your hosts can ping the .1 address on it's respective vlan. After that, set the default gateway of each host to the .1 address on it's respective vlan, then make sure each host can ping every other .1 address. Finally make sure each host can ping every other host.

ednard

late_collision wrote: »

Correct, remove the SVI's with the "no interface vlan xx" command. Interface Vlan 1 is a special case, it can stay as it's the management interface for the switch

You will need to keep the 192.168.[vlan_id].1 addresses on the router sub-interfaces.

Once the .1 addresses are assigned on the router, then make sure your hosts can ping the .1 address on it's respective vlan. After that, set the default gateway of each host to the .1 address on it's respective vlan, then make sure each host can ping every other .1 address. Finally make sure each host can ping every other host.

Ahh brilliant, fully working, you've been a great help. I also realised that I set the host N/W IP addresses in one VLAN to 172. instead of 192., which made me think the config was wrong, so I kept fiddling with it thinking I was going loopy.

I think I'll create another one from scratch and see if I can avoid the errors I made in this one.

Thanks for your help, much appreciated.

ednard

Just a quick question, if I got rid of the RoaS, and instead set up the SVI's on a multilayer switch, would this work?

late_collision

Glad you got it sorted!

Sure, SVI's will work, they are covered in the CCNP material.

Referencing the config you posted above, shut down the interface that the router connects to. Then from global config, issue the "ip routing" command. Now you can route between vlans without leaving the switch. This will only work on Multi-layer switches.

ednard

late_collision wrote: »

Glad you got it sorted!

Sure, SVI's will work, they are covered in the CCNP material.

Referencing the config you posted above, shut down the interface that the router connects to. Then from global config, issue the "ip routing" command. Now you can route between vlans without leaving the switch. This will only work on Multi-layer switches.

Oh awesome, I'll have a play around with that. Thanks again!