1. Home
  2. Cisco Systems
  3. Cisco 3550 VLAN-Internet routing problem

Cisco 3550 VLAN-Internet routing problem

dear friends,i'm facing a network problem and i just can't find the right solution.hope you can help me solving it.

i have 9 VLANS(2-10)defined in the cisco 3550 multilayer switch with VLAN 10 as the management VLAN. i have also 8 2950 switches, each has a differnet VLAN ID from the other and are connected to the 3550 switch through trunk ports.the IP's for the VLANs defined in the 3550 switch are as follows:

172.16.2.1/24 172.16.3.1/24 and so on until 172.16.10.1/24 the 2950 switches can simply negotiate with each other through the 3550 switch interVLAN communication after i enabled the ip routing command.the problem is when i connected the 3550 fastethernet 0/10 port having a layer three IP(62.68.75.22/28) to a gigaethernet0/0 port having the ip (62.68.75.17/28)on a 2800 cisco router. the 3550 switch can ping the routers interface (62.68.75.17),the hosts in the 2950 swiches can ping the fastethernet 0/10 port on the 3550 (62.68.75.22),BUT the hosts in the 2950 switches CAN NOT ping the gigaethernet0/0 (62.68.75.17) on the routers interface thus can not get access to Internet. sorry for the long message but i tried to give as much information as possible to help clarify the situation.thank you very much and hope to hear from you. best wishes, Zaid.
Reply to
Zaid
Loading thread data ...

Does the 2800 router know about all of routes on 2950?

Are you running a dynamic routing protocol between the 3350 and the

2800 ?

Post the output of show ip route from both the 3550 and the 2800

Reply to
Merv

! define routes on 2800 for 3350 directly connected routes for testing

ip route 172.16.2.0 255.255.255.0 62.68.75.22 ip route 172.16.3.0 255.255.255.0 62.68.75.22 ip route 172.16.4.0 255.255.255.0 62.68.75.22 ip route 172.16.5.0 255.255.255.0 62.68.75.22 ip route 172.16.6.0 255.255.255.0 62.68.75.22 ip route 172.16.7.0 255.255.255.0 62.68.75.22 ip route 172.16.8.0 255.255.255.0 62.68.75.22 ip route 172.16.9.0 255.255.255.0 62.68.75.22 ip route 172.16.10.0 255.255.255.0 62.68.75.22

Reply to
Merv

Hello,

what happens when you configure a default static route on the 3550 like this:

ip route 0.0.0.0 0.0.0.0 FastEthernet0/10

Regards,

H
Reply to
helpdesk

default needs to point to Internet

Reply to
Merv

default needs to point to Internet

Reply to
Merv

default needs to point to Internet

Reply to
Merv

default needs to point to Internet

Reply to
Merv

thank you very much Merv, after i added the above routes everything worked great.here are the configurations for the 3550 and 2800.there's no dynamic routing protocol between the 3550 and the 2800. now,does this mean that 3550 made a Natting process between the private networks(172.16.0.0) and the real address of the router??

3550 sh ip route: Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is 62.68.75.17 to network 0.0.0.0

172.16.0.0/24 is subnetted, 5 subnets C 172.16.10.0 is directly connected, Vlan10 C 172.16.4.0 is directly connected, Vlan4 C 172.16.5.0 is directly connected, Vlan5 C 172.16.2.0 is directly connected, Vlan2 C 172.16.3.0 is directly connected, Vlan3 62.0.0.0/28 is subnetted, 1 subnets C 62.68.75.16 is directly connected, FastEthernet0/10 S* 0.0.0.0/0 [1/0] via 62.68.75.17

the sh run for 3550:

Current configuration : 3213 bytes ! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Distribution ! ! no aaa new-model ip subnet-zero ip routing ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! interface FastEthernet0/1 switchport mode dynamic desirable ! interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/4 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/5 switchport trunk encapsulation dot1q switchport mode trunk ! interface FastEthernet0/6 switchport mode dynamic desirable ! interface FastEthernet0/7 switchport mode dynamic desirable ! interface FastEthernet0/8 switchport mode dynamic desirable ! interface FastEthernet0/9 switchport mode dynamic desirable ! interface FastEthernet0/10 no switchport ip address 62.68.75.22 255.255.255.240 mls qos trust dscp macro description cisco-router auto qos voip trust ! interface FastEthernet0/11 switchport mode dynamic desirable ! interface FastEthernet0/12 switchport mode dynamic desirable ! interface FastEthernet0/13 switchport mode dynamic desirable ! interface FastEthernet0/14 switchport mode dynamic desirable ! interface FastEthernet0/15 switchport mode dynamic desirable ! interface FastEthernet0/16 switchport mode dynamic desirable ! interface FastEthernet0/17 switchport mode dynamic desirable ! interface FastEthernet0/18 switchport mode dynamic desirable ! interface FastEthernet0/19 switchport mode dynamic desirable ! interface FastEthernet0/20 switchport mode dynamic desirable ! interface FastEthernet0/21 switchport mode dynamic desirable ! interface FastEthernet0/22 switchport mode dynamic desirable ! interface FastEthernet0/23 switchport mode dynamic desirable ! interface FastEthernet0/24 switchport access vlan 10 switchport mode access switchport port-security switchport port-security aging time 2 switchport port-security violation restrict switchport port-security aging type inactivity macro description cisco-desktop spanning-tree portfast spanning-tree bpduguard enable ! interface GigabitEthernet0/1 switchport mode dynamic desirable ! interface GigabitEthernet0/2 switchport mode dynamic desirable ! interface Vlan1 no ip address shutdown ! interface Vlan2 description Floor2_VLAN ip address 172.16.2.1 255.255.255.0

! interface Vlan3 description Floor3_VLAN ip address 172.16.3.1 255.255.255.0 ! interface Vlan4 description Floor4_VLAN ip address 172.16.4.1 255.255.255.0 ! interface Vlan5 description Floor5_VLAN ip address 172.16.5.1 255.255.255.0 ! interface Vlan10 description Management_VLAN ip address 172.16.10.1 255.255.255.0 ! router rip network 172.16.0.0 ! ip default-gateway 62.68.75.17 ip classless no ip route static inter-vrf ip route profile ip route 0.0.0.0 0.0.0.0 62.68.75.17 ip http server ! ! control-plane ! ! ! end

the 2800 sh ip route: Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

172.16.0.0/24 is subnetted, 5 subnets S 172.16.10.0 [1/0] via 62.68.75.22 S 172.16.4.0 [1/0] via 62.68.75.22 S 172.16.5.0 [1/0] via 62.68.75.22 S 172.16.2.0 [1/0] via 62.68.75.22 S 172.16.3.0 [1/0] via 62.68.75.22 62.0.0.0/28 is subnetted, 1 subnets C 62.68.75.16 is directly connected, GigabitEthernet0/0

and the 2800 sh run: Router#sho run Building configuration...

Current configuration : 969 bytes ! version 12.4 service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname Router ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! ip subnet-zero ! ! ip cef ! ! ! interface GigabitEthernet0/0 ip address 62.68.75.17 255.255.255.240 duplex auto speed auto ! interface GigabitEthernet0/1 no ip address shutdown duplex auto speed auto ! ip classless ip route 0.0.0.0 0.0.0.0 172.16.101.1 ip route 172.16.2.0 255.255.255.0 62.68.75.22 ip route 172.16.3.0 255.255.255.0 62.68.75.22 ip route 172.16.4.0 255.255.255.0 62.68.75.22 ip route 172.16.5.0 255.255.255.0 62.68.75.22 ip route 172.16.10.0 255.255.255.0 62.68.75.22 ! ! no ip http server no ip http secure-server ! !

! ! control-plane ! ! ! line con 0 line aux 0 line vty 0 4 login ! no scheduler allocate ! end

Reply to
Zaid
1st thing to do now is to enable a dynamic routing protocol

so that you do not loss connectivity whil converting and testing fload the static routes as follows:

no ip route 172.16.2.0 255.255.255.0 62.68.75.22 no ip route 172.16.3.0 255.255.255.0 62.68.75.22 no ip route 172.16.4.0 255.255.255.0 62.68.75.22 no ip route 172.16.5.0 255.255.255.0 62.68.75.22 no ip route 172.16.10.0 255.255.255.0 62.68.75.22

ip route 172.16.2.0 255.255.255.0 62.68.75.22 250 ip route 172.16.3.0 255.255.255.0 62.68.75.22 250 ip route 172.16.4.0 255.255.255.0 62.68.75.22 250 ip route 172.16.5.0 255.255.255.0 62.68.75.22 250 ip route 172.16.10.0 255.255.255.0 62.68.75.22 250

The floating static routes will be installed in the routing table if a route from a dynamci routing protocl is not available. These static rotues should be removed once a dynamic routing protocl is up and working as desired.

To find out what dyanmic routing protocol are availabel on each platform

conf t router ?

Post output of support routing protocls for both platforms

Reply to
Merv

Please detail all of the network equipment and their connection from the 3550 to your Internet connection

2990s 3550 ??

Why are you not using a 172.16.x.x address on the link between the 3550 and the 2800 ?

Reply to
Merv

post the complete output of "show version" from the 2800

Reply to
Merv

the configuration above was just a small test model we used. the original model consists of (from bottom to top) 27 units 2950 switches,

5 units 3550 switches, 1 unit 4500 core switch, 1 unit pix firewall, and 1 router 2800 unit.each 8 2950 switches is connected to one 3550 distribution switch. the 3550 switches will all be connected to the 4500 core switch, then the core switch will connect to the PIX and finally from the PIX to the router. it'll take us several days to start connecting all the above together. meanwhile we'll start configuring them step by step.while we begin doing so, i'll update you with all that you required above if you are interested.
Reply to
Zaid

the configuration above was just a small test model we used. the original model consists of (from bottom to top) 27 units 2950 switches,

5 units 3550 switches, 1 unit 4500 core switch, 1 unit pix firewall, and 1 router 2800 unit.each 8 2950 switches is connected to one 3550 distribution switch. the 3550 switches will all be connected to the 4500 core switch, then the core switch will connect to the PIX and finally from the PIX to the router. it'll take us several days to start connecting all the above together. meanwhile we'll start configuring them step by step.while we begin doing so, i'll update you with all that you required above if you are interested.
Reply to
Zaid
  1. You DEFINITELY will want to use a dynamic routing protocol between the 4500 core switch and the 3550 distribution switches. Configure default route on 4500 and distribute to other switches via route redistribution.

  1. It looks like you plan to have one VLAN and one IP subnet per 2950 access switch which is a good idea. You will not have to use spanning-tree in this type of setup.

What software iamges are you planning to use for each switch tyep 4500,

3350 and 2950 ?
Reply to
Merv

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.