Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Routing Between VLAN's 1

Status
Not open for further replies.

tex52

IS-IT--Management
Apr 14, 2005
45
US
I have two vlans on my 3560 switch that i need to be able to route traffic. I need to access a web interface on VLAN 200 from VLAN 10. What is the best way to route traffic between VLAN's? Thanks.
 
Is this the case even if I am using PIX only. I do not have a router on this portion of the network. I have clients-->Switch-->PIX-->Internet/VPN Tunnel.

 
Yes the PIX can't route packets for you. It can however support virtual interfaces that can reside in each VLAN.

That said however, if you need packets to route between VLANs you need a router or a layer 3 switch (like the 3560 you have there).
 
Ok...I would rather not use virtual interfaces on the PIX.

So, I have my clients on vlan10 default gateway set as the ip address of vlan 10 on the switch, 172.20.2.1.

I have my clients on vlan200 default gateway set s the ip address of vlan 200 on the switch, 172.102.1.254.

I have ip routing enabled.

I can ping 172.102.1.1, a client on vlan200, from the switch.

I can ping 172.102.1.254, vlan200's ip on the switch, from a client on vlan10.

But I still can't ping 172.102.1.1 from a client on vlan 10.

Any thoughts?
 
What are you using as the subnet mask for the host pcs? Also, show a "show ip route" output from your switch.
 
I think you must write static routes:

if your vlan 10 is 172.20.2.254/30 and vlan 200 is 172.102.1.254/30 then

ip route 172.20.2.0 255.255.255.0 172.20.2.1
ip route 172.102.1.0 255.255.255.0 172.102.1.254

 
I disagree with last post. You don't need static routes on the switch as it will already have connected routes for each of the L3 vlans you have created.

As stated previously, I would check the subnet mask/default gateway settings of the hosts you cannot ping via the switch. Also check there isn't a software firewall running on it.
 
Also ensure you have enabled IP routing using the following:-

Switch>en

Enter password

Switch#conf t

Switch(conf)#ip routing

ctrl + Z

Switch#wr

This will enable IP Routing.
 
Thanks KiscoKid...I had the Nortel Tech verify the default gateway twice on the device I could not reach, then had our onsite engineer check it out yesterday and the gateway was set incorrectly.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top