Announcement

Collapse
No announcement yet.

VLAN Routing Issue- Please Help!!

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • VLAN Routing Issue- Please Help!!

    Hello All!

    Please look at the attached diagram. Some history, we are very close to running out of address's in the 192.168.0.0/24 range, and currently NO vlans in production. we do have the internet , att mpls and switch A.

    We are looking to create the VLANS showed in the picture, and use some ACL in the cisco routers to allow only certain types of traffic over the WAN to our hosted data centers.

    On the cisco 2811 we have the vlans set up, as shown and currently some vlans on switch B and A for testing. sitting on a device on the 192.168.0.0/24 network vlan 1 , with a static route on the machine JUST for testing, we can ping 192.168.20.1 ( the IP vlan interface on the 2811) but not 192.168.20.2 ( the IP vlan interface on the switch b) or a computer on the 192.168.20.x/24 or any other vlan... WHAT am I / we doing wrong?

    Here is the routing table of the cisco 2811, let me know if u need the config,, but i think someone will know the answer quickly that has experience with this..

    C 192.168.60.0/24 is directly connected, FastEthernet0/1.6
    B 192.168.150.0/24 [20/0] via 12.117.76.193, 2w1d
    B 192.168.175.0/24 [20/0] via 12.117.76.193, 2w1d
    C 192.168.20.0/24 is directly connected, FastEthernet0/1.20
    C 192.168.0.0/24 is directly connected, FastEthernet0/0
    12.0.0.0/8 is variably subnetted, 5 subnets, 3 masks
    B 12.115.3.88/30 [20/0] via 12.117.76.193, 2w1d
    B 12.38.168.0/24 [20/0] via 12.117.76.193, 2w1d
    B 12.117.76.208/30 [20/0] via 12.117.76.193, 2w1d
    C 12.117.76.193/32 is directly connected, Multilink1
    C 12.117.76.192/30 is directly connected, Multilink1
    C 192.168.1.0/24 is directly connected, FastEthernet0/1.1
    C 192.168.70.0/24 is directly connected, FastEthernet0/1.7
    135.89.0.0/29 is subnetted, 2 subnets
    B 135.89.152.56 [20/0] via 12.117.76.193, 2w1d
    B 135.89.154.152 [20/0] via 12.117.76.193, 2w1d
    S* 0.0.0.0/0 is directly connected, Multilink1
    cis2811-rtr>

    Doing a tracert from the machine on the 192.168.0.0/24 network it goes to the 2811, because of my static route i put in my machine, then it tries to goto the internet router and out of it.. i think it is because the 192.168.0.0 /24, should it be 192.168.0.0/16 on the 2811 router?

    Thanks in advance..!
    Attached Files

  • #2
    Re: VLAN Routing Issue- Please Help!!

    Sorry I should have posted the necessary portion of the running-config on the switch and the router. See Below:

    OK..

    !no service password-encryption
    !
    hostname cis2811-rtr
    !
    !
    logging buffered 4096 informational

    !
    no aaa new-model
    clock timezone NewYork -5
    !
    !
    ip cef
    !
    !
    ip domain name
    ip auth-proxy max-nodata-conns 3
    ip admission max-nodata-conns 3
    !
    !
    voice-card 0
    no dspfarm
    !

    !
    !
    !
    !
    !
    ip ftp username cisco
    ip ftp password cisco
    ip ssh version 2
    !
    !
    !
    !
    !
    interface Multilink1
    description $ETH-WAN$
    ip address 12.117.xx.xxx 255.255.255.252
    ip nbar protocol-discovery
    ip flow ingress
    ip flow egress
    ppp multilink
    ppp multilink group 1
    !
    interface FastEthernet0/0
    description $ETH-LAN$
    ip address 192.168.0.31 255.255.255.0
    ip mask-reply
    no ip redirects
    ip policy route-map internet-map
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    description VLAN Interface
    no ip address
    no ip split-horizon
    duplex auto
    speed auto
    !
    interface FastEthernet0/1.1
    description Management VLAN
    encapsulation dot1Q 1 native
    ip address 192.168.1.1 255.255.255.0
    !
    interface FastEthernet0/1.4
    !
    interface FastEthernet0/1.6
    description Operations VLAN
    encapsulation dot1Q 60
    ip address 192.168.60.1 255.255.255.0
    !
    interface FastEthernet0/1.7
    description Guest VLAN
    encapsulation dot1Q 70
    ip address 192.168.70.1 255.255.255.0
    !
    interface FastEthernet0/1.20
    encapsulation dot1Q 20
    ip address 192.168.20.1 255.255.255.0
    ip helper-address 192.168.0.25
    !
    interface FastEthernet0/1.30
    encapsulation dot1Q 30
    ip address 192.168.30.1 255.255.255.0
    ip helper-address 192.168.0.25

    interface Serial0/0/0
    no ip address
    encapsulation ppp
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    service-module t1 fdl ansi
    ppp multilink
    ppp multilink group 1
    !
    interface Serial0/1/0
    no ip address
    encapsulation ppp
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    service-module t1 fdl ansi
    ppp multilink
    ppp multilink group 1
    !
    interface Serial0/2/0
    no ip address
    encapsulation ppp
    service-module t1 timeslots 1-24
    service-module t1 remote-alarm-enable
    service-module t1 fdl ansi
    ppp multilink
    ppp multilink group 1
    !
    router bgp 65001
    no synchronization
    bgp log-neighbor-changes
    network 192.168.0.0
    neighbor remote-as
    no auto-summary
    !
    ip forward-protocol nd
    ip route 0.0.0.0 0.0.0.0 Multilink1
    ip route 192.168.20.0 255.255.255.0 FastEthernet0/1
    !
    !
    ip http server
    ip http secure-server
    !
    logging trap debugging
    logging facility syslog
    logging 192.168.0.30
    logging 192.168.0.177
    snmp-server community
    snmp-server community
    snmp-server location
    snmp-server contact IT Administrator
    snmp-server enable traps bgp
    snmp-server enable traps config
    !
    !
    !
    !
    control-plane
    !

    !
    line con 0
    line aux 0
    line vty 0 4
    login local
    transport input ssh
    transport output ssh
    !
    scheduler allocate 20000 1000
    ntp clock-period 17180373
    ntp update-calendar
    ntp server 128.227.205.3 prefer
    !
    end

    HP Switch Config

    hostname "VLAN_CORE"
    max-vlans 9
    interface 19
    no lacp
    exit
    interface 20
    no lacp
    exit
    interface 21
    no lacp
    exit
    interface 22
    no lacp
    exit
    interface 23
    no lacp
    exit
    interface 24
    no lacp
    exit
    trunk 21-22 Trk1 LACP
    trunk 23-24 Trk2 LACP
    trunk 19-20 Trk3 LACP
    ip default-gateway 192.168.1.1
    timesync sntp
    sntp broadcast
    snmp-server community "public" Unrestricted
    vlan 1
    name "MGMT VLAN"
    forbid 2-18
    untagged 1,Trk1-Trk3
    ip address 192.168.1.2 255.255.255.0
    no untagged 2-18
    exit
    vlan 40
    name "Acct VLAN"
    forbid 1-7,11-18
    untagged 8-10
    ip address 192.168.40.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    vlan 50
    name "Admin VLAN"
    forbid 1-10,14-18
    untagged 11-13
    ip address 192.168.50.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    vlan 60
    name "Ops VLAN"
    forbid 1-13,17-18
    untagged 14-16
    ip address 192.168.60.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    vlan 70
    name "Guest VLAN"
    forbid 1-16
    untagged 17-18
    ip address 192.168.70.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    vlan 20
    name "IT VLAN"
    forbid 1,5-18
    untagged 2-4
    ip address 192.168.20.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    vlan 30
    name "Sales VLAN"
    untagged 5-7
    ip address 192.168.30.2 255.255.255.0
    tagged Trk1-Trk3
    exit
    ip route 0.0.0.0 0.0.0.0 192.168.1.1
    ip route 192.168.20.0 255.255.255.0 192.168.20.1
    ip route 192.168.30.0 255.255.255.0 192.168.30.1
    ip route 192.168.40.0 255.255.255.0 192.168.40.1
    ip route 192.168.50.0 255.255.255.0 192.168.50.1
    ip route 192.168.60.0 255.255.255.0 192.168.60.1
    ip route 192.168.70.0 255.255.255.0 192.168.70.1
    ip route 192.168.1.0 255.255.255.0 192.168.1.1
    management-vlan 1
    spanning-tree Trk1 priority 4
    spanning-tree Trk2 priority 4
    spanning-tree Trk3 priority 4


    At this point I am only trying to get 'VLAN 20' up and running, as I believe that all other VLANS will follow suit.

    Thanks,
    Jimmy

    Comment


    • #3
      Re: VLAN Routing Issue- Please Help!!

      Let me make this a little simpler of an explanation...I have VLANS configured on eth 0/1 interface and the current LAN plugged into 0/0 eth interface. I am trying to keep the LAN that is already in place, for anything that is configured statically (ie; Servers). Anyway, So I have the one VLAN that I am attempting to get up and running, when I try to ping from the current lan (192.168.0.0) that is already in place to VLAN 20 (192.168.20.0) the traffic attemps to go out to the internet instead. Where is my routing issue with getting from 192.168.0.0 to 192.168.20.0 and Vice Versa.

      Thanks Shimmy

      Comment


      • #4
        Re: VLAN Routing Issue- Please Help!!

        Thanks everyone, we figured it out, it was i had it configured to be a part of a HSRP team, and the internet-map policy was doing it...

        Comment

        Working...
        X