Cisco 3560 - Vlan

[u761877]

Please could I have some advice. I am connecting a Broadband router to port 1 of the folwoing config, for all ports wanting to access 145.42.88.1 the 3560 works Ok. I need to add Vlans to seperate groups. If I connect a device into port 3, and configure it correctly, I can not access the 145.42.88.1 address. Please help

What I require is to be able to set up vlans on the 3560 that all route through to 145.42.88.1

Current configuration : 1712 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Protrolley1
!
enable secret 5 $1$VfOP$Xc1CralQTBdEBzalIlQEZ.
enable password protrolley1
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/4
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
!
interface GigabitEthernet0/12
!
interface GigabitEthernet0/13
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
ip address 145.42.88.250 255.255.255.0
!
interface Vlan2
ip address 10.1.1.1 255.255.255.0
!
interface Vlan3
ip address 10.1.2.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 145.42.88.1
ip http server
!
!
control-plane
!

Protrolley1#sho ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 145.42.88.1 to network 0.0.0.0

145.42.0.0/24 is subnetted, 1 subnets
C 145.42.88.0 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Vlan2
S* 0.0.0.0/0 [1/0] via 145.42.88.1





VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2, Gi0/4, Gi0/5
Gi0/6, Gi0/7, Gi0/8, Gi0/9
Gi0/10, Gi0/11, Gi0/12, Gi0/13
Gi0/14, Gi0/15, Gi0/16, Gi0/17
Gi0/18, Gi0/19, Gi0/20, Gi0/21
Gi0/22, Gi0/23, Gi0/24, Gi0/25
Gi0/26, Gi0/27, Gi0/28
2 USER_VLAN_IT active Gi0/3
3 USER_VLAN_SWC active
4 USER_VLAN_1 active
5 USER_VLAN_2 active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

Protrolley1#



Protrolley1#ping 145.42.88.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 145.42.88.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
Protrolley1#ping 10.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

 

[hammnet]

try the following... Also you posted your passwords so you should change them.

int vlan 1
no ip address

interface GigabitEthernet0/1
no switchport
ip address 145.42.88.250 255.255.255.0

router rip
network 10.0.0.0

 

[SweetRevelation]

You need to NAT.

145.42.88.1 will not know how to reach the 10.1.1.x subnet or any of the other subnets you create off that switch.

You do not need to remove the IP address from VLAN 1 or turn that into a routed port, but it is a good idea. Using VLAN 1 is generally something that's avoided.

However your issue is due to NAT.

 

[hammnet]

Oops! SweetRevelation is right. Embarrassed that I missed that.

 

[u761877]

Hello All, Thank you for your help. Please could you further advise regards to the use of NAT, I will also search on the net.

Again thank you

Mike

 

[u761877]

Hello hammnet , sweetrevalation

I have been searching on the net and it appears that the 3560 does not support NAT, is there another solution?

Regards

Mike

 

[hammnet]

Well you need something that will NAT for you so assuming you have a small network a SOHO router will probably fit the bill. You need to make sure that the router supports L2 bridging/802.1q to route between the VLANs. You mentioned above that your ISP gave you a broadband router. Is it actually a router or just a modem? If it is actually a router then poke around in the configuration and see if you have VLAN support. Or something like the sonicwall tz 100 might be a cheap option.

Alternatively if you dont actually need VLAN's it would be a lot simpler to put everything on the switch in vlan 1 and use a cheap Linksys to NAT for you.

 

[u761877]

Thank you, I believed the 3560 could act as a layer 3 switch and therefore I could do what I needed, I will look around the ISP router.

What I wanted to do was to has seperate networks for groups of ports on the switch to segregate different companies that reside in my building, but to use the one broadband line. I believed vlans would be a simple answer.

Thank you mike

 

[ADB100]

The 3560 can act as a layer-3 switch in this environment, you don't need to perform inter-VLAN routing on the ISP router - plus if you are sending large amounts of data between hosts on VLAN 2 & 3 this will be a bottleneck as the traffic will 'trombone' in and out. The problem is you need the ISP router to perform NAT for these RFC 1918 addressed VLANs, plus know how to get to them via a routing protocol or static routes.

If it was a Cisco router and you used static routes then you would have something like this:

interface FastEthernet0/0
 description inside
 ip address 145.42.88.1 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1
 description outside
 ip address x.x.x.x x.x.x.x
 ip nat outside
!
ip nat inside source list 10 interface FastEthernet0/1 overload
!
access-list 10 permit 10.1.1.0 0.0.0.255
access-list 10 permit 10.1.2.0 0.0.0.255
!
ip route 10.1.1.0 255.255.255.0 145.42.88.250
ip route 10.1.2.0 255.255.255.0 145.42.88.250

If you have no control over the ISP router (i.e. its managed then you are a bit stuck and might need to introduce another router directly between the ISP router and the 3560 and perform NAT here.

Andy