I have a 2801 router with a 4 port ethernet switch. I have vlan10 20 and 30 assigned to fa0/3/0 /1 /2 on the switch. all vlans can connect to the internet, its just I cannot route between them. I need vlans 20 and 30 to be able to access resources on vlan 10. Any Ideas? any thing you guys need to see? Much thanks in advance!
IP routing enabled? You shouldn't need a protocol if it is, but you may want to consider turning up something basic like RIP for those networks. Should work fine.
Do you have layer-3 interfaces done up in each of the VLANs? You'll have to run packets through the router to do inter-vlan routing. I'm assuming that is what you want, as if you wanted layer-2, then there's no point in doing seperate VLANs.
How about some sanitized configs of the apporiate config sections?
If your running router on a stick, all the vlans should be directly connected and assuming the trunk to your router is configured correctly (Sub interfaces, encapsulation, total) then you shouldn't need any routing protocols or any static routes to reach each of the different networks. They should seen as directly connected. I not, check your routing table and see what the router sees. From there you can get a better of idea what is going on. If networks (Vlans) are not showing up in your routing table, they are not connected correctly. If they are not directly connected you will need static routes or a routing protocol.
A look at the config of your router and switch that is trunking the vlans would go a long ways for help!
Do this after you have turned on rip, you would have entered a new prompt. If you do it correctly those attached interfaces will be broadcast. However if your networks are directly connected it is not needed and you might be having another problem.
I got it working, I had to set each VLAN to process the other VLAN packets, at the VLANS that I want to talk to each other!! her is my config, I am sure it can use a little tunning up!! tell me what you think.
Current configuration : 5268 bytes ! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec service password-encryption ! hostname edge.bluehaven ! boot-start-marker boot system flash startup-config boot config flash:startup-config boot-end-marker !
! no aaa new-model ! resource policy ! no network-clock-participate wic 1 no ip cef ! ! ip dhcp relay information option no ip dhcp relay information check ! ! ip name-server 192.168.1.19 ip name-server 192.168.100.11 ! ! !
! !
! ! controller T1 0/1/0 framing esf clock source internal linecode b8zs channel-group 0 timeslots 1-24 ! controller T1 0/1/1 framing esf clock source internal linecode b8zs channel-group 0 timeslots 1-24 ! ! ! ! ! interface Multilink1 ip address 10.0.0.1 255.255.255.252 ip route-cache flow ppp multilink ppp multilink group 1 ! interface FastEthernet0/0 no ip address ip route-cache flow shutdown duplex auto speed auto no keepalive ! interface FastEthernet0/1 no ip address ip access-group bluehaven in ip access-group bluehaven out ip virtual-reassembly ip route-cache flow shutdown duplex auto speed auto snmp trap link-status permit duplicates ! interface FastEthernet0/3/0 description Blue Haven Servers VLAN 10 switchport access vlan 10 speed 100 ! interface FastEthernet0/3/1 description Blue Haven Operations VLAN 20 switchport access vlan 20 speed 100 ! interface FastEthernet0/3/2 description Blue Haven Supplies Direct Operations VLAN 30 switchport access vlan 30 speed 100 ! interface FastEthernet0/3/3 speed 100 ! interface Serial0/1/0:0 no ip address encapsulation ppp ip route-cache flow ppp multilink ppp multilink group 1 ! interface Serial0/1/1:0 description bluehaven corp no ip address ip access-group bluehaven in ip access-group bluehaven out encapsulation ppp ip route-cache flow no cdp enable ppp multilink ppp multilink group 1 ! interface Vlan1 no ip address ip helper-address 192.168.1.19 ! interface Vlan10 ip address 192.168.1.2 255.255.255.0 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 20 exit-vlan-config ! vlan-id dot1q 30 exit-vlan-config ! ! interface Vlan20 ip address 192.168.2.1 255.255.255.0 no ip next-hop-self eigrp 1 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 20 exit-vlan-config ! vlan-id dot1q 200 exit-vlan-config ! ! interface Vlan30 ip address 192.168.3.1 255.255.255.0 no ip next-hop-self eigrp 1 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config ! vlan-id dot1q 30 exit-vlan-config ! vlan-id dot1q 200 exit-vlan-config ! ! router isis ! ip route profile ip route 0.0.0.0 0.0.0.0 192.168.1.254 ip route 192.168.1.0 255.255.255.0 192.168.1.254 ip route 192.168.100.0 255.255.255.0 10.0.0.2 ip route 192.168.200.0 255.255.255.0 10.0.0.2 ip route 192.168.254.0 255.255.255.0 192.168.100.1 ip route 192.168.255.0 255.255.255.0 192.168.100.1 ! ip flow-cache timeout active 1 ip flow-export source Vlan10 ip flow-export version 5 ip flow-export destination 192.168.1.118 9996 ! no ip http server no ip http secure-server ! ip access-list extended bluehaven permit ip any any ! snmp-server community public RW snmp-server ifindex persist ! ! ! ! control-plane ! disable-eadi ! line con 0 line aux 0 line vty 0 4 login ! scheduler allocate 20000 1000 end
Okay, I thought I had it. I was wrong. From VLAN20 and 30 I can hit my DNS server on VLAN10 @192.168.1.19 but I cannot access any other resources. from VLAN1 I can ping machines on the other 2 VLANS.
Gateway of last resort is 192.168.1.254 to network 0.0.0.0
S 192.168.200.0/24 [1/0] via 10.0.0.2 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.0.0.2/32 is directly connected, Multilink1 C 10.0.0.0/30 is directly connected, Multilink1 S 192.168.255.0/24 [1/0] via 192.168.100.1 S 192.168.254.0/24 [1/0] via 192.168.100.1 C 192.168.1.0/24 is directly connected, Vlan10 C 192.168.2.0/24 is directly connected, Vlan20 S 192.168.100.0/24 [1/0] via 10.0.0.2 C 192.168.3.0/24 is directly connected, Vlan30 S* 0.0.0.0/0 [1/0] via 192.168.1.254
Ill need someone to back me up here because I havnt used router on a stick ina while. That and I dont have the time to look it up, dealing with my own issues atm....
Are you trunking all 3 vlans to one single interface? Or are they coming in on 3 different interfaces?
Also, on the router you shouldnt have to program any of the vlans unless it acting as a switch also. You simply need to tag the interfaces to the appropriate switches. I remember assigning hepler address's and other information directly to the interface, not the vlan interface. In fact i dont ever remember programing a vlan interface on a router. But its been a while so I would have to say I dont know. All I remember having to do was assign a vlan to each sub interface, define the type of encapsulation, and boom done. Ive never programed on a vlan interface on a router. Even if the router is switching, it shouldnt be necessary.
interface Vlan10 ip address 192.168.1.2 255.255.255.0 ip virtual-reassembly ip route-cache flow vlan-id dot1q 10 exit-vlan-config
moving the encapsulation statement back to the interface and move the IP address onto the interface.
The way I understand it you wouldnt normally assign an IP address to a vlan interface unless you were truely on a switch. If this is really a router, it makes more sense to program the IP address on the interface itself.
What confuses me is your using Dot1q as your trunking encapsulation, but your FA0/3/0 is set to switchport access. That tells the switch that it is not a trunked link, there would be no need for an encapsulation protocol.
If your trunking, and those are sub interfaces, then you need to have it look more like this....
interface FastEthernet0/3/0 description Blue Haven Servers VLAN 10 encapsulation dot1q 10 ip address 192.168.1.2 255.255.255.0 speed 100
If its a switchport, and memory serves me right, you also need "switchport mode trunk" "Switchport access" tells the switch that that port is going to an end node like a computer.
Any how you might want to wait for confirmation on what I said but if your in a rush theres this option. (and can afford to have that portion of the network down) you can always try what I said and if it doesnt work reboot the router remembering not to save the config.
I got it now. We are in a transistion right now and have servral diffrent gateways on the network. Some of the servers use the old gateway for now till we move everything over and test it. I just needed to add a route on that gateway device to point back to my cisco for my other subnets! thanks again.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.