Register

Forgot Password

Site FAQ

Home > IT Answers > Networking > Intervlan routing and internet access

Ekansh

400 pts.

Intervlan routing and internet access

Cisco, Cisco switch configuration, Cisco switches, NAT

I configure 2 vlan on my l3 switch 3560, 1) vlan 1 192.168.1.0/24

2) vlan 2 192.168.2.0/24, Intervlan routing is working fine. Now i connected one router 1841 to l3 switch on port fa0/4 (which i issue command no switch port and give ip address 192.168.3.5/24) router interface is f0/1 ip address 192.168.3.6/24. and f0/0

I can ping from Switch to Router ip 192.168.3.6. But My host in lan are not able to connect or ping to the same ip.

My aim is to connect my lan to internet please suggest configuration

Software/Hardware used:
cisco 3560 and cisco 1841

ASKED: December 23, 2009 5:01 AM

UPDATED: February 8, 2011 7:28 PM

RELATED QUESTIONS

Answer Wiki:

On your 3560, make the following route: ip route 0.0.0.0 0.0.0.0 192.168.3.6 This will add a default route that will direct traffic to the router if the destination address is not in the switch's routing table. You can also use the interface: ip route 0.0.0.0 0.0.0.0 fa0/4 ********** if his suggestion doesn't work, try to configure fa0/4 as a trunk since you have more than 1 vlan.. ----------------------------------------------------- You can ping the 192.168.3.6 from your switch because the interface its cabled into is on the same subnet. Hosts connected to your switch on either of the other 2 VLANS will never connect to the internet, because, as mentioned before, there is no VLAN trunking taking place from your switch to your router... Try the following config instead: Cisco 3560: Set up VLAN interfaces to be "trunk-ready" 3560(config)#interface VLAN 1 3560(config-if)#ip address 192.168.1.2 255.255.255.0 3560(config-if)#no shut 3560(config-if)#exit 3560(config)#Int VLAN 2 3560(config-if)#ip address 192.168.2.2 255.255.255.0 3560(config-if)#no shut 3560(config-if)#exit Now set up your trunk: 3560(config)#int fa0/4 3560(config-if)#switchport trunk encapsulation dot1q 3560(config-if)#switchport mode trunk 3560(config-if)#switchport trunk native vlan 1 3560(config-if)#switchport trunk allowed vlan add 2 (or "sw trunk allowed vlans all") 3560(config-if)#end (save config if you wish) Cisco 1841: Now set up the trunk port on the router: 1841(config)#int fa0/0 1841(config-if)#no ip address 1841(config-if)#no shutdown 1841(config-subif)#int fa0/0.1 1841(config-subif)#encapsulation dot1Q 1 1841(config-subif)#ip address 192.168.1.1 255.255.255.0 1841(config-subif)#int fa0/0.2 1841(config-subif)#encapsulation dot1Q 2 1841(config-subif)#ip address 192.168.2.1 255.255.255.0 1841(config-subif)#exit if its done right, you should see something similar to this: %LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up Configure the 1841 to get to you ISP as needed, and all users should be able to get online easily from here. Test pings from the devices used to assist in this config show the following results: 3560#ping 192.168.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/31 ms 3560#ping 192.168.2.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds: .!!!! Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/32 ms Let us know how it goes...

On your 3560, make the following route:

ip route 0.0.0.0 0.0.0.0 192.168.3.6

This will add a default route that will direct traffic to the router if the destination address is not in the switch's routing table.

You can also use the interface:  ip route 0.0.0.0 0.0.0.0 fa0/4

**********
 if his suggestion doesn't work, try to configure fa0/4 as a trunk since you have more than 1 vlan..

-----------------------------------------------------

You can ping the 192.168.3.6 from your switch because the interface its cabled into is on the same subnet. Hosts connected to your switch on either of the other 2 VLANS will never connect to the internet, because, as mentioned before, there is no VLAN trunking taking place from your switch to your router...

Try the following config instead:

Cisco 3560:
Set up VLAN interfaces to be "trunk-ready"

3560(config)#interface VLAN 1
3560(config-if)#ip address 192.168.1.2 255.255.255.0
3560(config-if)#no shut
3560(config-if)#exit
3560(config)#Int VLAN 2
3560(config-if)#ip address 192.168.2.2 255.255.255.0
3560(config-if)#no shut
3560(config-if)#exit

Now set up your trunk:
3560(config)#int fa0/4
3560(config-if)#switchport trunk encapsulation dot1q 
3560(config-if)#switchport mode trunk
3560(config-if)#switchport trunk native vlan 1
3560(config-if)#switchport trunk allowed vlan add 2 (or "sw trunk allowed vlans all")
3560(config-if)#end
(save config if you wish)

Cisco 1841:
Now set up the trunk port on the router:

1841(config)#int fa0/0
1841(config-if)#no ip address
1841(config-if)#no shutdown
1841(config-subif)#int fa0/0.1
1841(config-subif)#encapsulation dot1Q 1
1841(config-subif)#ip address 192.168.1.1 255.255.255.0
1841(config-subif)#int fa0/0.2
1841(config-subif)#encapsulation dot1Q 2
1841(config-subif)#ip address 192.168.2.1 255.255.255.0
1841(config-subif)#exit

if its done right, you should see something similar to this:

%LINK-5-CHANGED: Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/4, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan2, changed state to up

Configure the 1841 to get to you ISP as needed, and all users should be able to get online easily from here. Test pings from the devices used to assist in this config show the following results:

3560#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/31 ms

3560#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 31/31/32 ms

Let us know how it goes...

Last Wiki Answer Submitted: February 8, 2011 7:28 pm by Yeahboy

900 pts.

All Answer Wiki Contributors: Yeahboy

900 pts. , mshen

27,310 pts.

To see all answers submitted to the Answer Wiki: View Answer History.

RSS - Discussions Help

Discuss This Question:

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

POSTED: Dec 23, 2009 11:19 AM (GMT)

this attemp i have already done. please suggest natting if any

Ekansh

400 pts.

POSTED: Dec 24, 2009 12:30 AM (GMT)

You need to setup a similar route on your router.

ip route 192.168.2.0 255.255.255.0 fa 0/1
ip route 192.168.3.0 255.255.255.0 fa 0/1

Run traceroute from a client in the LAN and post the results.

mshen

27,310 pts.

POSTED: Dec 30, 2009 6:34 PM (GMT)

you should make the port that’s connected to the router a trunk link.Configure the port on the router to route traffic between vlan and also pass traffic to the internet by doing NAT.

Darkstar911

790 pts.

Ask a Question

Browse IT Answers by Topic

>>VIEW ALL TAGS

Community Blog | About Us | Contact Us | FAQ | Terms of Use | DMCA Policy

TechTarget provides enterprise IT professionals with the information they need to perform their jobs - from developing strategy, to making cost-effective IT purchase decisions and managing their organization's IT projects - with its network of technology-specific Web sites, events and magazines.
All Rights Reserved, Copyright 1999-2013, TechTarget | Read our Privacy Policy
Questions and Answers Index 1 | Questions and Answers Index 2 | IT Topics Index 1 | IT Topics Index 2 | Blogs Index | Blogs Tags