2948G-L3 Routing between two networks

[efector]

I have 2 networks internally(10.10.100.0 & 10.10.200.0). I was wondering, can I assign an IP address from each network to a port and then route traffic between the two networks??? If so, how do it do it? Its a PITA to have these two networks not be able to connect as they are currently configured. I have pasted my Switch config as it is now, below. Any comments are appreciated.

version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname FP-2948G-01
!

!
no ip subnet-zero
ip name-server 63.87.146.130
ip name-server 63.87.146.131
bridge irb
!
!
!
interface FastEthernet1
description CHECKPOINT-FW
no ip address
no ip directed-broadcast
duplex full
speed 100
bridge-group 1
!
interface FastEthernet2
description OWA
no ip address
ip broadcast-address 0.0.0.0
no ip directed-broadcast
duplex full
speed 100
bridge-group 1
!
interface FastEthernet3
description FPAY-FPS
no ip address
ip broadcast-address 0.0.0.0
no ip directed-broadcast
duplex full
speed 100
bridge-group 1
!
interface FastEthernet4
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet5
no ip address
no ip directed-broadcast
bridge-group 1
!
interface FastEthernet6
no ip address
no ip directed-broadcast
bridge-group 1
!
interface GigabitEthernet50
no ip address
no ip directed-broadcast
shutdown
!
interface Dialer1
no ip address
no ip directed-broadcast
no cdp enable
!
interface BVI1
ip address 10.10.100.2 255.255.255.0
ip helper-address 63.87.146.131
ip helper-address 63.87.146.130
no ip directed-broadcast
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.100.1
!
bridge 1 protocol ieee
bridge 1 route ip
!
line con 0
transport input none
line aux 0
line vty 0 4
password 7 login

 

[KeironHodgson]

Hi,

From my understanding you cannot route between 2 switches. That is the job of a router/layer 3 switch.

The 2948 is a basic switch and does not have any routing capabilities.

Even if you were to use vlans you would still need a router/layer 3 switch to route between the 2.

Hope this is of some help to you.

Keiron.

 

[efector]

This is a Layer3 switch. That's what the L3 after the 2948G means........

 

[pmesjar]

I specifically did not work with 2948, but on newer switches, like 3550 or 3750, or switches running IOS at least 12.1 (your is 12.0), you will configure virtual interfaces, eg. VLAN10 and VLAN20 (I guess this will be your interface BVI10 and BVI20), assign them network layer properties (like IP address) and then assign physical switchports into appropriate VLANS (for my virtual interfaces, ports will reside in VLAN 10 and VLAN 20) - for you bridge groups.

For example let's say I have one 3550 with ports fa0/1 - fa0/6 in VLAN 10 and ports fa0/7 - fa0/12 in VLAN 20.
VLAN 10 - IP subnet 10.10.100.0, gateway 10.10.100.1
VLAN 20 - IP subnet 10.10.200.0, gateway 10.10.200.1
The config will look like:

interface vlan 10
ip address 10.10.100.1 255.255.255.0
no shutdown

interface vlan 20
ip address 10.10.200.1 255.255.255.0
no shutdown

interface range fa0/1 - 6
switchport mode access
switchport access vlan 10

interface range fa0/7 - 12
switchport mode access
switchport access vlan 20

About your config - I don't know why you have broadcast address configured on physical ports and why it is set to all zeros (broadcasts are supposed to be all ones in host part of IP address) - but maybe there is a reason, just don't know about it

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[30362]

Pmesjar - I have a question about vlan routing.

I have a 3750-EMI that I am connecting with several 3550-SMI switches, I would like each stack (per floor) to be on a different VLAN (ie/ floor 1 VLAN 101, floor 2 VLAN 102) and route these vlans back through my L3 switch.

I have all the switchports configured on the 3550s for the proper vlan (103 for floor 3 in this case) and VLAN1 set as my management vlan with an IP assigned of 10.0.3.1/15. I have a gigabit interface setup for trunking, and the gigabit port on the 3750 on the other end set for trunking as well.

The management vlan ip assigned on my 3750 is 10.0.0.3/15 and when I try to setup VLAN 103 on my 3750 with an ip address of 10.0.0.103/15 I get an error about overlap.

Do I need to use a totally different subnet for my vlan IP, and do I need to have the vlan ip setup on the 3550 where those ports originate or can I just set the vlan 103 ip address on the 3750?

 

[pmesjar]

If I understand your question right, then what you are asking is relation of VLANs to IP subnets, which is:

1 VLAN = 1 IP subnet

So you need different subnets for your different VLANs, that is one subnet for VLAN 1, one subnet for VLAN 101, etc. However I would suggest you use differnet VLAN for management purposes (say VLAN 2), because on VLAN 1 frames are sent untagged and VLAN 1 is primarily for CDP and VTP stuff. Check out:

http://www.cisco.com/warp/public/cc/pd/si/casi/ca6000/prodlit/vlnwp_wp.htm

this is mainly for 4000, 5000 and 6000, but 90% of topics covered can be applied to any switch. I have also seen a newr version of this documnet, just can't remember where on Cisco site...

Peter Mesjar
CCNP, A+ certified
pmesjar@centrum.sk

"The only true wisdom is in knowing you know nothing.

 

[rcraig12]

The 2948G-L3 switch vlan setup is a bit confusing. For instance all the vtp type commands on a original IOS don't work.

The answer to this is simple however as BVI interfaces are in actual fact L3 Vlans on the 2948G-L3.

Setup two BVI's and give them IP addresses for routing across. Create sub interfaces on the switch ports requiring config and bingo.

Create bridge-group entries to tell each BVI to route IP etc.

Issue route irb in conf term.

And..... Routing between 1,2 or as many as you like subnets. Voila!

 

[ADB100]

2948G-L3 is configured like a router with regards to VLANs etc. You need Bridge-Groups & BVI Interfaces if you want multiple ports to be in the same VLAN. This is how you have it configured, except you currently have only one VLAN - this is Bridge-Group1 (layer-2) and interface BVI 1 (Layer-3).

If you want to break your network into smaller IP networks or simply add more IP Networks you need to create a Bridge-Group and BVI interface per IP network/subnet:

interface FastEthernet10
description Equivilent of 3550 switchport access vlan2
bridge-group2
!
interface FastEthernet11
description Equivilent of 3550 switchport access vlan2
bridge-group2
!
interface BVI2
Description Equivilent of 3550 Interface VLAN2
ip address 20.20.20.20 255.255.255.0
!
bridge 2 protocol ieee
bridge 2 route ip

If you only want a single port in a 'VLAN' then you can configure the IP address on the physical interface:

interface FastEthernet25
description Physical Layer-3 interface
ip address 12.12.12.12 255.255.255.0

If you wish to 'Trunk' to another switch and pass multiple VLANs you need to create sub-interfaces per BVI and then Tag them with 802.1q Tags:

interface GigabitEthernet50.1
description Sub-Interface 1 off 'Parent' Gig50
encapsulation dot1q 1
bridge-group1
!
interface GigabitEthernet50.2
description Sub-Interface 2 off 'Parent' Gig50
encapsulation dot1q 2
bridge-group2

etc.


The 2948G-L3 and the 4908G-L3 are Layer-3 switches but don't support all the SVI stuff the 3550's and above do. There is no support for commands like 'switchport access vlan x' etc

Have a search on CCO as there are a few good examples -
This is quite a dated switch now, have you not considered replacing it for something like a 3550?

Andy

 

[rcraig12]

You need :

interface BVI1
ip address 10.10.100.2 255.255.255.0
ip helper-address 63.87.146.131
ip helper-address 63.87.146.130
no ip directed-broadcast

to look like:

interface BVI1
ip address 10.10.100.2 255.255.255.0
ip address 10.10.200.2 255.255.255.0 secondary
ip helper-address 63.87.146.131

Hope that helps m8!
ip helper-address 63.87.146.130
no ip directed-broadcast