Inter VLAN routing

I have a 2801 router with a 4 port ethernet switch. I have vlan10 20 and 30 assigned to fa0/3/0 /1 /2 on the switch. all vlans can connect to the internet, its just I cannot route between them. I need vlans 20 and 30 to be able to access resources on vlan 10. Any Ideas? any thing you guys need to see? Much thanks in advance!

Reply to
Jeitzen
Loading thread data ...

IP routing enabled? You shouldn't need a protocol if it is, but you may want to consider turning up something basic like RIP for those networks. Should work fine.

Reply to
Trendkill

So on the interface (the VLAN) enable rip?

Reply to
Jeitzen

Do you have layer-3 interfaces done up in each of the VLANs? You'll have to run packets through the router to do inter-vlan routing. I'm assuming that is what you want, as if you wanted layer-2, then there's no point in doing seperate VLANs.

How about some sanitized configs of the apporiate config sections?

Reply to
Doug McIntyre

If your running router on a stick, all the vlans should be directly connected and assuming the trunk to your router is configured correctly (Sub interfaces, encapsulation, total) then you shouldn't need any routing protocols or any static routes to reach each of the different networks. They should seen as directly connected. I not, check your routing table and see what the router sees. From there you can get a better of idea what is going on. If networks (Vlans) are not showing up in your routing table, they are not connected correctly. If they are not directly connected you will need static routes or a routing protocol.

A look at the config of your router and switch that is trunking the vlans would go a long ways for help!

Reply to
Cliff

If you want to run rip. Go to privlaged, and global exec prompted. Turn on Rip.

I beleive it's simply "Router)router rip"

Then add the network address of each attached network you want to broadcast. FOr example if you have networks

192.168.10.0 192.168.20.0 192.168.30.0

simply type

network 192.168.10.0 network 192.168.20.0 network 192.168.30.0

Do this after you have turned on rip, you would have entered a new prompt. If you do it correctly those attached interfaces will be broadcast. However if your networks are directly connected it is not needed and you might be having another problem.

Look at your routing table and see what it says

"show ip route"

do that at the privlaged prompt.

Reply to
Cliff

I got it working, I had to set each VLAN to process the other VLAN packets, at the VLANS that I want to talk to each other!! her is my config, I am sure it can use a little tunning up!! tell me what you think.

Current configuration : 5268 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname edge.bluehaven ! boot-start-marker boot system flash startup-config boot config flash:startup-config boot-end-marker !

! no aaa new-model ! resource policy ! no network-clock-participate wic 1 no ip cef ! ! ip dhcp relay information option no ip dhcp relay information check ! ! ip name-server 192.168.1.19 ip name-server 192.168.100.11 ! ! !

! !

! ! controller T1 0/1/0 framing esf clock source internal linecode b8zs channel-group 0 timeslots 1-24 ! controller T1 0/1/1 framing esf clock source internal linecode b8zs channel-group 0 timeslots 1-24 ! ! ! ! ! interface Multilink1 ip address 10.0.0.1 255.255.255.252 ip route-cache flow ppp multilink ppp multilink group 1 ! interface FastEthernet0/0 no ip address ip route-cache flow shutdown duplex auto speed auto no keepalive ! interface FastEthernet0/1 no ip address ip access-group bluehaven in ip access-group bluehaven out ip virtual-reassembly ip route-cache flow shutdown duplex auto speed auto snmp trap link-status permit duplicates ! interface FastEthernet0/3/0 description Blue Haven Servers VLAN 10 switchport access vlan 10 speed 100 ! interface FastEthernet0/3/1 description Blue Haven Operations VLAN 20 switchport access vlan 20 speed 100 ! interface FastEthernet0/3/2 description Blue Haven Supplies Direct Operations VLAN 30 switchport access vlan 30 speed 100 ! interface FastEthernet0/3/3 speed 100 ! interface Serial0/1/0:0 no ip address encapsulation ppp ip route-cache flow ppp multilink ppp multilink group 1 ! interface Serial0/1/1:0 description bluehaven corp no ip address ip access-group bluehaven in ip access-group bluehaven out encapsulation ppp ip route-cache flow no cdp enable ppp multilink ppp multilink group 1 ! interface Vlan1 no ip address ip helper-address 192.168.1.19 ! interface Vlan10 ip address 192.168.1.2 255.255.255.0 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 20 exit-vlan-config ! vlan-id dot1q 30 exit-vlan-config ! ! interface Vlan20 ip address 192.168.2.1 255.255.255.0 no ip next-hop-self eigrp 1 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 20 exit-vlan-config ! vlan-id dot1q 200 exit-vlan-config ! ! interface Vlan30 ip address 192.168.3.1 255.255.255.0 no ip next-hop-self eigrp 1 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 30 exit-vlan-config ! vlan-id dot1q 200 exit-vlan-config ! ! router isis ! ip route profile ip route 0.0.0.0 0.0.0.0 192.168.1.254 ip route 192.168.1.0 255.255.255.0 192.168.1.254 ip route 192.168.100.0 255.255.255.0 10.0.0.2 ip route 192.168.200.0 255.255.255.0 10.0.0.2 ip route 192.168.254.0 255.255.255.0 192.168.100.1 ip route 192.168.255.0 255.255.255.0 192.168.100.1 ! ip flow-cache timeout active 1 ip flow-export source Vlan10 ip flow-export version 5 ip flow-export destination 192.168.1.118 9996 ! no ip http server no ip http secure-server ! ip access-list extended bluehaven permit ip any any ! snmp-server community public RW snmp-server ifindex persist ! ! ! ! control-plane ! disable-eadi ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end

Reply to
Jeitzen

Okay, I thought I had it. I was wrong. From VLAN20 and 30 I can hit my DNS server on VLAN10 @192.168.1.19 but I cannot access any other resources. from VLAN1 I can ping machines on the other 2 VLANS.

Reply to
Jeitzen

Okay,

Here is my routing table

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

S 192.168.200.0/24 [1/0] via 10.0.0.2 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.2/32 is directly connected, Multilink1 C 10.0.0.0/30 is directly connected, Multilink1 S 192.168.255.0/24 [1/0] via 192.168.100.1 S 192.168.254.0/24 [1/0] via 192.168.100.1 C 192.168.1.0/24 is directly connected, Vlan10 C 192.168.2.0/24 is directly connected, Vlan20 S 192.168.100.0/24 [1/0] via 10.0.0.2 C 192.168.3.0/24 is directly connected, Vlan30 S* 0.0.0.0/0 [1/0] via 192.168.1.254

Reply to
Jeitzen

Ill need someone to back me up here because I havnt used router on a stick ina while. That and I dont have the time to look it up, dealing with my own issues atm....

Are you trunking all 3 vlans to one single interface? Or are they coming in on 3 different interfaces?

Also, on the router you shouldnt have to program any of the vlans unless it acting as a switch also. You simply need to tag the interfaces to the appropriate switches. I remember assigning hepler address's and other information directly to the interface, not the vlan interface. In fact i dont ever remember programing a vlan interface on a router. But its been a while so I would have to say I dont know. All I remember having to do was assign a vlan to each sub interface, define the type of encapsulation, and boom done. Ive never programed on a vlan interface on a router. Even if the router is switching, it shouldnt be necessary.

You could try keeping this

interface FastEthernet0/3/0 description Blue Haven Servers VLAN 10 switchport access vlan 10 speed 100

Removing this

interface Vlan10 ip address 192.168.1.2 255.255.255.0 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config

moving the encapsulation statement back to the interface and move the IP address onto the interface.

The way I understand it you wouldnt normally assign an IP address to a vlan interface unless you were truely on a switch. If this is really a router, it makes more sense to program the IP address on the interface itself.

What confuses me is your using Dot1q as your trunking encapsulation, but your FA0/3/0 is set to switchport access. That tells the switch that it is not a trunked link, there would be no need for an encapsulation protocol.

If your trunking, and those are sub interfaces, then you need to have it look more like this....

interface FastEthernet0/3/0 description Blue Haven Servers VLAN 10 encapsulation dot1q 10 ip address 192.168.1.2 255.255.255.0 speed 100

If its a switchport, and memory serves me right, you also need "switchport mode trunk" "Switchport access" tells the switch that that port is going to an end node like a computer.

Any how you might want to wait for confirmation on what I said but if your in a rush theres this option. (and can afford to have that portion of the network down) you can always try what I said and if it doesnt work reboot the router remembering not to save the config.

Reply to
Cliff

I got it now. We are in a transistion right now and have servral diffrent gateways on the network. Some of the servers use the old gateway for now till we move everything over and test it. I just needed to add a route on that gateway device to point back to my cisco for my other subnets! thanks again.

Reply to
Jeitzen

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.