Basic Vlan routing question

I am connecting a 4503 to a 2950. I have native Vlan 1 between them on the trunk. On that vlan 1 the subnet is 172.16.138.0. The default gateway on the 2950 is 172.16.138.1. There are devices attached to the 2950 that are all subnet 172.16.98.0. I need to be able to get those devices to talk to the 4503. The only vlan I had on the 2950 is vlan 1. I made another vlan on the 2950 but when I try to no sh it I get kicked out of the switch. Any ideas?

The 2950 is a L2 switch and can only have a single vlan interface for management. When you're creating a new vlan, it's kicking you out because the 4500 doesn't have the vlan configured to support the new vlan that you're creating. That being said, you should be able to do the following to route your other subnet:
If the 4500 vlan 1 subnet is 172.16.138.0/24, and you're wanting to create 172.16.98.0/24, you'll need to do it on the 4500.
4500: (Assuming you want to create vlan 10)
vlan 10
int vlan 10
ip address 172.16.98.1 255.255.255.0
Then you'll need to trunk the port that leads to the 2950 - assume that's fa0/1
int fa0/1
switchport trunk encaps dot1q
switchport mode trunk
Then on the 2950, you'll need to keep your vlan 1 interface:
int vlan 1
ip address 172.16.138.2 255.255.255.0
ip default-gateway 172.16.138.1 <-- this is to get to the management vlan interface above from another subnet
Then create your vlan that matches on the 4500 (vlan 10)
vlan 10
Trunk the port that leads to the 4500 (assuming f0/1)
int fa0/1
switchport trunk encaps dot1q
switchport mode trunk
Then the ports that you want on vlan 10, you'll put in the vlan:
int range fa1/2-48
switchport mode access
switchport access vlan 10
Your hosts will use 172.16.98.1 as a default gateway, but that traffic will be routed at the 4500 series switch. The 2950 cannot do the routing for you, but it can carry the vlan information that you need.
HTH,
John
*** Please rate all useful posts ***

Similar Messages

Basic Default Route Question

Hi,
I have a very basic question I wanted to run by everyone to make sure my understanding is correct.
Setup:
Basic config, router with two interfaces and a single default route.
hostname RTR1
interface Ethernet0/0
ip address 1.1.1.1 255.255.255.0
interface Ethernet0/1
ip address 1.1.2.1 255.255.255.0
ip route 0.0.0.0 0.0.0.0 1.1.2.2
add -> ip route 0.0.0.0 0.0.0.0 10.10.10.1
If I add a default route (currently in a telnet session coming through 1.1.2.2 to get to RTR1) to a gateway that is NOT locally connected nothing will happen, correct? The router won't try to load balance my traffic since the second gateway is not directly connected and reachable, correct?
Next, if I change the IP address on e0/1 to 10.10.10.2/24 then my default route of 1.1.2.2 will no longer be used and my 10.10.10.1 defaut route will become active, correct?
I can then connect using my new IP of 10.10.10.2 assuming all routing is working on my new default gateway, correct?
Basically, I'm making sure my understanding of the default gateway route not being used unless it is accessible is valid. If it is, it will load balance traffic across up to 6 of them.
Please comment or correct if my understanding is incorrect.
Thanks.

Jamie
I believe that most of your understanding is ok especially about not load sharing over the routes as defined. I checked it on a router and only the default route with a reachable next hop is inserted into the routing table. Both static default routes are in the config but only one is in the routing table.
HTH
Rick

Vlan routing questions on the 6509

We have a 6509 VSS at our main site and one vlan (an IP class C size) is comprised of a large number of servers with single Gb interfaces. These are connected to the 6509 via various methods - blade centers with GB portchannels, some directly attached to the core, and some via 4948s with 10Gb trunk uplinks. My question is this...I know we have way too many servers in one subnet (this is not all of our servers) and I know that all broadcasts will hit every individual server but how does the 6509 ASICs handle the packets in and out of the vlan with multiple connections to that vlan on the 6509s? Can packets get routed through that 6509 vlan router interface simultaneously from the multiple layer 2 connections on the 6509s? What I am asking is if the 6509 vlan routing interface throttles all the Gb interfaces into a single GB interface through the vlan routing interface? What about the few servers on the 10Gb interfaces - are they throttled to a single routing 10Gb interface or does each connection have it's own connection to the routing interface? What I want to know is if the 6509 acts as though it was like a single separate (1G and 10Gb) router attached to the vlan - like a bunch of switches connected together with a single separate router attached to one of the interfaces for routing out of the vlan. Thanks

Packet switching within the vlan is not what I am asking about. I want to understand the process the 6509s use when they route from a vlan (one subnet) to another vlan (subnet) - L3 routing out of the vlan.
It's pretty much the same thing which is what Reza was explaining.
It can be helpful sometimes in terms of design etc. to think of a L3 switch as you would if it was a physical router and L2 switches but in terms of forwarding thinking of it like that is misleading.
In terms of forwarding L3 traffic the SVI does not correspond to the physical interface of the router. The actual interfaces used would, in the case of the 6500, be the physical port connections for the source and destination devices on their corresponding linecards.
If the linecards did not have DFCs then a part of the packet is sent by the linecard to the PFC for a forwarding decision. If they do have DFCs then they can make the forwarding decision locally.
Either way the forwarding decision is made by looking at the FIB (Forwarding Information Base) which is stored on the PFC and on each DFC if the linecards have them. The FIB should have entries for connected and remote networks (learnt via the IP routing table), the next hop IP and it's L2 mac address so all the information needed to forward the packet at L3 is there.
So, as Reza says, the packet is then switched either locally on the linecard from one port to another or is sent from the ingress linecard to the linecard with the egress port via the switch fabric.
Any bottlenecks within the chassis apply to both L2 and L3 forwarding eg oversubscription etc.
The above is a very high level view of how it works. If you want to understand it in greater detail it would be worth having a read of the link Reza provided.
Jon

WRVS4400N 801.Q intra-vlan routing question

Hi all,
I have a question in regards to the 802.1Q intervlan feature on the WRVS4400N. My goal is to setup a test network with atleast 10 departmental VLAN(s). By reading the WRVS4400N's data sheet I know that it supports up to 4 VLAN(s). I decided to purchase a Linksys SRW224G4 since it can create more than 4 VLAN(s).
With my previous Cisco experience I used to configure VLAN(s) on a Catalyst 2940 and trunk them to a Cisco 2501 series router by configuring trunk ports on the Catalyst and sub interfaces with 802.1q tagging on the routers.
I was wondering if I could trunk 10 VLAN(s) from my SRW224G4 to my WRVS4400N?
This is what I have tried to do so far
On the SRW224G4 I configured 10 VLAN(s) and set port G1 as a trunk port to port 1 on my WRVS4400N.
On my WRVS4400N I configured port 1 as a trunk port that accepts all frames.
When I look at the LAN settings on my WRVS4400N it doesn't give me the option to configure gateways for my VLAN(s). Does this router only support 4 VLAN(s)? if it does is there another router I can look into that has the ability to support more than 4?
I purchased the Linksys/Cisco small business series thinking that it can provide me with the basics to create a small network. I never thought the WRVS4400N would have a 4 VLAN limitation even when I trunk VLAN(s) from a switch.
Thanks for the input guys
Cheers

Hello,
i'm new here and planning to do something similar to what you suggest.
I also have a slm2024 on which i plan to create more than 4 vlans. I'm looking for a gigabit router to route all my network and act as dhcp server. I will connect the switch to the router by a trunk.
In my setup only 4 of my vlans will need a dhcp server. So if my understanding is correct, the integrated dhcp will be able to serve those 4 vlans if they are created on the router. Is it correct ? In this guide http://www.cisco.com/en/US/docs/routers/csbr/wrvs4400n/administration/guide/WVRS4400N_Admin_Guide_v2.pdf page 60, there is an illustration of dhcp configuration but i don't see anything allowing to select the vlan. How does it work in fact ?
In my ideal setup, i would like to distribute a different subnet by vlan. Ex : 192.168.2.0 for vlan 2; 192.168.3.0 for vlan 3; etc...
For the other vlans i would affect static IPs.
Is this setup possible with this router ? If it's not, which other cisco router would you suggest me ?
Thanks in advance for your answer.

Two quick VLAN routing questions

lets say I have a L3 switch routing 4 VLANs
VLAN 1 is 192.168.10.0/24, the switch's virtual interface is 192.168.10.254 inside this vlan
VLAN 2 is 192.168.20.0/24, the switch's virtual interface is 192.168.20.254 inside this vlan
VLAN 3 is 192.168.30.0/24, the switch's virtual interface is 192.168.30.254 inside this vlan
VLAN 4 is 192.168.40.0/24, the switch's virtual interface is 192.168.40.254 inside this vlan
there is only one router going out from this switch to the net, and lets say it is in VLAN 1 and it's address is 192.168.10.1
first question-- inside of the L3 switch I will need to add a default route of 0.0.0.0 0.0.0.0 192.168.10.1
so that all traffic not corresponding to a 192.168.x.x address knows where to get out to the net, correct?
secondly- when configuring that router, is there a difference if I use the following static route:
192.168.20.0 255.255.255.0 192.168.10.254
instead of
192.168.20.0 255.255.255.0 192.168.20.254
either way, the packet gets to the L3 switch, but in one case it gets there via the VLAN interface inside of VLAN 1, and in the other case, it gets there via the VLAN interface inside of the VLAN for which the traffic is destined anyway. what im trying to figure out is, will this make any difference at all? especially in terms of broadcast packets?
if it makes no difference, then is it safe to say that the following static route would be optimal?
192.168.0.0 255.255.0.0 192.168.10.254
Solved!
Go to Solution.

Re "firstly". Correct. The L3 switch will route traffic according to its routing table. By default it knows all IP subnets to which it is directly connected to, i.e. all the VLAN subnets. If you have to add a default route manually or not depends on the exact implementation. It may well be that the L3 switch will use the any default gateway for routing which you use for the IP settings of the switch itself (if there is an option in the web interface to set a default gateway). If you cannot define a default gateway on the L3 switch you probably have to add a static route manually. The easiest way should be to check the current routing table and see if there is a default gateway or not.
Re "secondly". A router can only forward packets to the next hop router. The next hop router must be connected to that router. The route "192.168.20.0 255.255.255.0 192.168.10.254" is correct for a router with IP address 192.168.10.1 and subnet mask 255.255.255.0 as 192.168.10.254 is connected to the router. "192.168.20.0 255.255.255.0 192.168.20.254" is not correct. The router cannot learn the path to a specific subnet 192.168.20.0/255.255.255.0 by using a gateway in that subnet. It is not correct to use that kind of a route and you should not use it even if it might even work (because the router does a plain ARP request to find the MAC address of 192.168.20.254 and your L3 switch will respond to the ARP request even if it is on the internet of 192.168.10.254). The very moment when there would be another router between the 10 and 20 subnets it would not work anymore...
Re your conclusion: I would recommend to keep four static routes for the existing subnets on the L3 switch instead of putting everything into a larger single subnet which includes a lot of addresses which are not connected there. Technically it works if you only use working IP addresses. But you will see some loops if you send something to 192.168.55.50 or similar. The gateway router will send it to the L3 switch which will send it back to the gateway. They should figure it's a loop but still I would not recommend this kind of setup... Add routes for each of the L3 switch subnet...

ACE design with inter-Vlan routing

Hello all.
I'm working on a design for a customer where the ACE will perform inter vlan routing.
A few questions about that :
- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
example :
VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24 192.168.3.0/24
If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
Thanks in advance.

Hello Surya!
Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
Cheers,
Marko

Inter VLAN Routing for IEC 61850

Hello,
Hoping someone can help me with this query. I'm in the process of configuring two CGS2520 switches located in two electrical substations. Each of these switches have Protection Relays and Remote Terminal Units (RTUs) connected to them. These devices communicate with each other as follows:
IEC 61850 GOOSE: http://en.wikipedia.org/wiki/Generic_Substation_Events
IEC 61850 MMS: http://en.wikipedia.org/wiki/IEC_61850
- Protection Relay to Protection Relay communication within either substation (Using IEC 61850 GOOSE - VLAN 11 and VLAN 21)
- Protection Relay to Protection Relay communication between substations (Using IEC 61850 GOOSE - VLAN 50)
- RTU to Protection Relay (Using IEC 61850 MMS - VLAN 10 and VLAN 20)
I've attached an image (hope that clears things out). Basically GOOSE traffic is VLAN tagged and and the MMS traffic is untagged.
I need to be able to route between VLAN 10 and VLAN 20 between the substations and I want to allow VLAN 50 between the substations. How do I go about configuring this?
So far I've configured the interfaces as follows:
Switch A2:
Fa0/5 and Fa0/7 (Protection Relay Ports)
port type nni
switchport trunk native vlan 10
switchport trunk allowed vlan 11, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 10
Switch B1
Fa0/4 and Fa0/5 (Protection Relay Ports)
port type nni
switchport trunk native vlan 20
switchport mode allowed vlan 21, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 20
Locally at each substation this seems to work (I can ping the Protection Relays from the RTU port and the Protection Relays send each other GOOSE messages). However I don't know how to configure the inter vlan routing (I want to be able to ping a Protection Relay Substation B from the RTU Port at Substation A) at and how to configure the switch interfaces that connect to each other?
Any help is much appreciated.
Thanks
Darsh

Hello DarshanaD,
Could you fix this? Im asking because I have the same problem right now.
I'll appreciated if you can tell me how did you configure the inter VLAN routing.
Thanks
Ali

RV180 Router: Cannot get Inter-VLAN Routing to work.

I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Here is the est-up:.
Upgraded to latest Cisco firmware (1.0.1.9).
Starting with factory default settings, I added 2 VLANS as follows:
    vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
    vlan vlan2 (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
    vlan vlan3 (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
                                   (unconnected)
                                     WAN port
                                        |
                                    Routing/NAT
                                        |
vlan ip                   192.168.1.1   192.168.2.1   192.168.3.1
vlan name                   default        vlan2        vlan3
vlan id                       ID=1          ID=2         ID=3
Inter-VLAN Routing             No           Yes          Yes
Port 1                     Untagged       Excluded     Excluded
Port 2                     Excluded       Untagged     Excluded
Port 3                     Excluded       Excluded     Untagged
Port 4(not of interest)    Untagged       Excluded     Excluded
                            Port 1         Port 2       Port 3
                              |              |            |
                           AdminPC          PC2          PC3
                                       192.168.2.191   192.168.3.181
PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
BUT....
PC2 cannot ping PC3 - NOT WORKING
PC3 cannot ping PC2 - NOT WORKING
(does not work in both Gateway Mode and Router Mode)
ANYONE CAN HELP ME FIGURE OUT WHY ??????
Your help is much appreciated.
I bought this device specifically because it supported inter-VLAN routing!.
Venu
Supporting Information:
Screen captures:
VLAN Membership:
VLAN ID Description Inter VLAN Device   Port 1    Port 2    Port 3    Port 4
                        Routing     Mgment
       1   Default      Disabled    Enabled Untagged Excluded Excluded Untagged
       2   VLAN2        Enabled     Enabled Excluded Untagged Excluded Excluded
       3   VLAN3        Enabled     Enabled Excluded Excluded Untagged Excluded
Multiple VLAN Subnets:
   VLAN ID IP Address   Subnet Mask    DHCP Mode    DNS Proxy Status
        1 192.168.1.1 255.255.255.0 DHCP Server Enabled
        2 192.168.2.1 255.255.255.0 DHCP Server Enabled
        3 192.168.3.1 255.255.255.0 DHCP Server Enabled
Routing Table (Gateway Mode)
Destination     Gateway   Genmask         Metric Ref   Use   Interface   Type     Flags
127.0.0.1     127.0.0.1   255.255.255.255 1       0     0     lo          Static   UP,Gateway,Host
192.168.3.0     0.0.0.0   255.255.255.0   0       0     0     bdg3        Dynamic   UP
192.168.2.0     0.0.0.0   255.255.255.0   0       0     0     bdg2        Dynamic   UP
192.168.1.0     0.0.0.0   255.255.255.0   0       0     0     bdg1        Static   UP
192.168.1.0 192.168.1.1   255.255.255.0   1       0     0     bdg1        Static   UP,Gateway
127.0.0.0       0.0.0.0   255.0.0.0       0       0     0     lo          Dynamic
Routing Table (Router Mode)
(Same)

cadet alain, you hit the nail on the head.    The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet. Thank you for your help in resolving this.
I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that. Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it. My current routing table looks like this:
Destination   Gateway     Genmask           Metric Ref   Use Interface Type    Flags
127.0.0.1     127.0.0.1   255.255.255.255   1       0     0    lo         Static UP,Gateway,Host
192.168.2.0   0.0.0.0     255.255.255.0     0       0     0    bdg2       Dynamic UP
192.168.1.0   0.0.0.0     255.255.255.0     0       0     0    bdg1       Static UP
127.0.0.0     0.0.0.0     255.0.0.0         0       0     0    lo         Dynamic UP
It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254). Can't seem to find a way to add a default route.

Basic wifi service question

basic wifi service question
A Windows-using friend of mine subscribes to a service from Verizon that is sort of like a cell phone for a computer - wifi service that you can access from theoretically anywhere, for something like $60 a month -
as far as I can determine, one CAN get this for Mac but ONLY if you have a 15 or 17 inch laptop with PC slots - unless I am missing something. It requires a special kyocera card.
Another company, T-Mobile, offers a similar service, but with no MAC access at all.
So my question is: is there a similar service, wi-fi access theoretically anywhere (or even just anywhere in New York City) ? Hopefully with just the regular mac airport card and not any additional special hardware?
Thanks!
Will

Hello WillFriedwald2
The kind of service your describing is probably a 3G and GPRS service.
Phone companies now offer mobile high speed connections using EDGE technology or GPRS2 and supply a 3G or GPRS PCMCIA card.
However some companies are now offering a package whereby you get high speed 3g and gprs and also wifi.
So to use this service on a laptop that has no PC card slot you need to get a 3G or GPRS2 phone that supports blue tooth then you can connect your laptop to the phone over bluetooth and therefore access high speed internet.
But if you had a desktop mac such as a G5 you would be better just getting a regular cable or dsl connection in your home and invest in a wireless router.

SGE2000 vlan routing

Hello,
Searched through conference and still have no resolution.
Switch: Cisco SGE 2000
Layer3 mode enabled through console
swich has following configuration (from lcli):
console# sh version
SW version    3.0.0.18 ( date 08-Nov-2009 time 16:21:37 )
Boot version    2.0.0.03 ( date 18-May-2009 time 11:44:56 )
HW version    00.00.01
console# sh running-config
interface port-channel 1
switchport mode trunk
exit
vlan database
vlan 10
exit
interface range ethernet g(12,24)
channel-group 1 mode auto
exit
interface vlan 1
ip address 192.168.16.5 255.255.255.0
exit
interface vlan 10
ip address 192.168.14.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.16.3
username admin password aaaaaaaaaaaaaaaaaaa7e61ed2b3086 level 15 encrypt
ed
console# sh ip interface
Proxy ARP is disabled
      IP Address                I/F            Type     Directed   Precedence
                                                        Broadcast
192.168.14.2/24         vlan 10              Static    disable     No
192.168.16.5/24         vlan 1               Static    disable     No
console# sh vlan
Vlan       Name                   Ports                Type     Authorization
1           1            g(1-11,13-23),ch(1-8)       other       Required
10         10                                      permanent     Required
console# sh ip route
Maximum Parallel Paths: 1 (1 after reset)
Codes: C - connected, S - static
S 0.0.0.0/0          [1/1] via 192.168.16.3 2:42:31             vlan 1
C 192.168.16.0/24    is directly connected                        vlan 1
Question 1:
Why route table does not show VLAN 10 as directly connected?
Question 2:
Why I can't ping VLAN 10 interface (see below)
console# ping 192.168.14.2
Pinging (192.168.14.2) with 56 bytes of data:
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
----192.168.14.2 PING Statistics----
4 packets transmitted, 0 packets received, 100% packet loss
Question 3:
How to setup inter-vlan routing properly?
Question 4:
May be I need to just reload switch?
P.S.
This note - http://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a36455.shtml
has a sample with 2 interfaces where 2 routes showed as "Local" (directly connected).
The only difference that I jave 2 VLAN instafaces instead of physical interfaces.
Thank you!

Finally I did it. Looks like you need add at least one port to VLAN membership. Even TRUNK port.
console# configure
console(config)# int port-channel 1
console(config-if)# switchport trunk allowed vlan add 10
console(config-if)# exit
console(config)# exit
console# sh interfaces switchport port-channel 1
Port : ch1
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan               Name               Egress rule Port Membership Type
1                  1                  Untagged          System
10                 10                  Tagged           Static
Forbidden VLANS:
Vlan               Name
Classification rules:
console# sh ip route
Maximum Parallel Paths: 1 (1 after reset)
Codes: C - connected, S - static
S 0.0.0.0/0          [1/1] via 192.168.16.3 3:9:8               vlan 1
C 192.168.14.0/24    is directly connected                        vlan 10
C 192.168.16.0/24    is directly connected                        vlan 1
console# ping 192.168.14.2
Pinging (192.168.14.2) with 56 bytes of data:
56 bytes from 192.168.14.2: icmp_seq=1. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=2. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=3. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=4. time=0 ms
----192.168.14.2 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

Inter VLAN Routing with ASA 5520 and Cat 2960

Hi there,
I am a complete novice at networking, but I was tasked to have an ASA 5520 do inter VLAN routing (since my shop doesn't have a layer 3 router).
As a basic setup, I am trying to have three workstations on three different VLANs communicate with each other. The attached screenshot shows the topology.
I am unable to ping from a PC to the ASA...therefore I can't ping to other VLANs. Any assistance would be greatly appreciated.
ROUTER CONFIG:
ciscoasa#
ciscoasa# show run
: Saved
ASA Version 8.3(1)
hostname ciscoasa
domain-name null
enable password ###### encrypted
passwd ###### encrypted
names
dns-guard
interface GigabitEthernet0/0
no nameif
no security-level
no ip address
interface GigabitEthernet0/1
no nameif
security-level 100
ip address 10.10.1.1 255.255.255.0
interface GigabitEthernet0/1.10
vlan 10
nameif vlan10
security-level 100
ip address 10.10.10.1 255.255.255.0
interface GigabitEthernet0/1.20
vlan 20
nameif vlan20
security-level 100
ip address 10.10.20.1 255.255.255.0
interface GigabitEthernet0/1.30
vlan 30
nameif vlan30
security-level 100
ip address 10.10.30.1 255.255.255.0
interface GigabitEthernet0/2
shutdown
no nameif
no security-level
no ip address
interface GigabitEthernet0/3
shutdown
no nameif
no security-level
no ip address
interface Management0/0
nameif inside
security-level 100
ip address 192.168.1.1 255.255.255.0
management-only
boot system disk0:/asa831-k8.bin
ftp mode passive
dns server-group DefaultDNS
domain-name null
same-security-traffic permit inter-interface
same-security-traffic permit intra-interface
access-list global_access extended permit icmp any any
pager lines 24
logging enable
logging asdm informational
mtu inside 1500
mtu vlan10 1500
mtu vlan20 1500
mtu vlan30 1500
no failover
icmp unreachable rate-limit 1 burst-size 1
icmp permit any inside
asdm image disk0:/asdm-631.bin
no asdm history enable
arp timeout 14400
access-group global_access global
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
http server enable
http 192.168.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
telnet timeout 5
ssh timeout 5
console timeout 0
management-access inside
dhcpd address 192.168.1.2-192.168.1.5 inside
dhcpd enable inside
dhcpd address 10.10.10.101-10.10.10.253 vlan10
dhcpd enable vlan10
dhcpd address 10.10.20.101-10.10.20.253 vlan20
dhcpd enable vlan20
dhcpd address 10.10.30.101-10.10.30.253 vlan30
dhcpd enable vlan30
threat-detection basic-threat
threat-detection statistics host
threat-detection statistics port
threat-detection statistics protocol
threat-detection statistics access-list
no threat-detection statistics tcp-intercept
webvpn
class-map inspection_default
match default-inspection-traffic
policy-map type inspect dns migrated_dns_map_1
parameters
message-length maximum client auto
message-length maximum 512
policy-map global_policy
class inspection_default
inspect dns migrated_dns_map_1
inspect ftp
inspect h323 h225
inspect h323 ras
inspect netbios
inspect rsh
inspect rtsp
inspect skinny
inspect esmtp
inspect sqlnet
inspect sunrpc
inspect tftp
inspect sip
inspect xdmcp
inspect ip-options
service-policy global_policy global
prompt hostname context
call-home
profile CiscoTAC-1
no active
destination address http https://tools.cisco.com/its/service/oddce/services/DD
CEService
destination address email [email protected]
destination transport-method http
subscribe-to-alert-group diagnostic
subscribe-to-alert-group environment
subscribe-to-alert-group inventory periodic monthly
subscribe-to-alert-group configuration periodic monthly
subscribe-to-alert-group telemetry periodic daily
Cryptochecksum:4ad1bba72f1f51b2a47e8cacb9d3606a
: end
SWITCH CONFIG
Switch#show run
Building configuration...
Current configuration : 2543 bytes
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Switch
boot-start-marker
boot-end-marker
no aaa new-model
system mtu routing 1500
ip subnet-zero
spanning-tree mode pvst
spanning-tree extend system-id
no spanning-tree vlan 1
vlan internal allocation policy ascending
interface GigabitEthernet0/1
description Port Configured As Trunk
switchport trunk allowed vlan 1,10,20,30,1002-1005
switchport mode trunk
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
interface GigabitEthernet0/3
switchport access vlan 20
switchport mode access
interface GigabitEthernet0/4
switchport access vlan 30
switchport mode access
interface GigabitEthernet0/5
interface GigabitEthernet0/6
interface GigabitEthernet0/7
interface GigabitEthernet0/8
interface GigabitEthernet0/9
interface GigabitEthernet0/10
interface GigabitEthernet0/11
interface GigabitEthernet0/12
interface GigabitEthernet0/13
interface GigabitEthernet0/14
interface GigabitEthernet0/15
interface GigabitEthernet0/16
interface GigabitEthernet0/17
interface GigabitEthernet0/18
interface GigabitEthernet0/19
interface GigabitEthernet0/20
interface GigabitEthernet0/21
interface GigabitEthernet0/22
interface GigabitEthernet0/23
interface GigabitEthernet0/24
interface GigabitEthernet0/25
interface GigabitEthernet0/26
interface GigabitEthernet0/27
interface GigabitEthernet0/28
interface GigabitEthernet0/29
interface GigabitEthernet0/30
interface GigabitEthernet0/31
interface GigabitEthernet0/32
interface GigabitEthernet0/33
interface GigabitEthernet0/34
interface GigabitEthernet0/35
interface GigabitEthernet0/36
interface GigabitEthernet0/37
interface GigabitEthernet0/38
interface GigabitEthernet0/39
interface GigabitEthernet0/40
interface GigabitEthernet0/41
interface GigabitEthernet0/42
interface GigabitEthernet0/43
interface GigabitEthernet0/44
interface GigabitEthernet0/45
interface GigabitEthernet0/46
interface GigabitEthernet0/47
interface GigabitEthernet0/48
interface Vlan1
ip address 10.10.1.2 255.255.255.0
no ip route-cache
interface Vlan10
no ip address
no ip route-cache
interface Vlan20
no ip address
no ip route-cache
interface Vlan30
no ip address
no ip route-cache
ip default-gateway 10.10.1.1
ip http server
ip http secure-server
control-plane
line con 0
line vty 5 15
end

ciscoasa# capture cap10 interface vlan10
ciscoasa# capture cap20 interface vlan20
ciscoasa# show cap cap10
97 packets captured
   1: 17:32:32.541262 802.1Q vlan#10 P0 10.10.10.101.2461 > 10.10.10.1.8905: ud
p 96
   2: 17:32:36.741294 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
   3: 17:32:36.741523 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
   4: 17:32:37.539217 802.1Q vlan#10 P0 10.10.10.101.2462 > 10.10.10.1.8905: ud
p 98
   5: 17:32:39.104914 802.1Q vlan#10 P0 10.10.10.101.2463 > 10.12.5.64.8906: ud
p 95
   6: 17:32:41.738914 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
   7: 17:32:41.739143 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
   8: 17:32:42.544023 802.1Q vlan#10 P0 10.10.10.101.2464 > 10.10.10.1.8905: ud
p 93
   9: 17:32:46.747352 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
10: 17:32:46.747580 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
11: 17:32:47.546633 802.1Q vlan#10 P0 10.10.10.101.2465 > 10.10.10.1.8905: ud
p 98
12: 17:32:51.739921 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
13: 17:32:51.740150 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
14: 17:32:52.544100 802.1Q vlan#10 P0 10.10.10.101.2466 > 10.10.10.1.8905: ud
p 98
15: 17:32:56.741859 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
16: 17:32:56.742088 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
17: 17:32:57.547396 802.1Q vlan#10 P0 10.10.10.101.2467 > 10.10.10.1.8905: ud
p 98
18: 17:33:01.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
19: 17:33:01.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
20: 17:33:02.547609 802.1Q vlan#10 P0 10.10.10.101.2468 > 10.10.10.1.8905: ud
p 97
21: 17:33:06.742774 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
22: 17:33:06.743018 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
23: 17:33:07.543337 802.1Q vlan#10 P0 10.10.10.101.2469 > 10.10.10.1.8905: ud
p 93
24: 17:33:10.375514 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
25: 17:33:11.114679 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
26: 17:33:11.742728 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
27: 17:33:11.742957 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
28: 17:33:11.864731 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
29: 17:33:12.546266 802.1Q vlan#10 P0 10.10.10.101.2470 > 10.10.10.1.8905: ud
p 98
30: 17:33:16.746497 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
31: 17:33:16.746726 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
32: 17:33:17.548403 802.1Q vlan#10 P0 10.10.10.101.2471 > 10.10.10.1.8905: ud
p 97
33: 17:33:21.744880 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
34: 17:33:21.745109 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
35: 17:33:22.545351 802.1Q vlan#10 P0 10.10.10.101.2472 > 10.10.10.1.8905: ud
p 95
36: 17:33:23.785558 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
37: 17:33:24.522464 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
38: 17:33:25.272568 802.1Q vlan#10 P0 10.10.10.101.137 > 10.10.10.255.137: ud
p 50
39: 17:33:26.744926 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
40: 17:33:26.745154 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
41: 17:33:27.548708 802.1Q vlan#10 P0 10.10.10.101.2473 > 10.10.10.1.8905: ud
p 96
42: 17:33:31.749625 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
43: 17:33:31.749854 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
44: 17:33:32.550096 802.1Q vlan#10 P0 10.10.10.101.2474 > 10.10.10.1.8905: ud
p 97
45: 17:33:36.748343 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
46: 17:33:36.748572 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
47: 17:33:37.546251 802.1Q vlan#10 P0 10.10.10.101.2475 > 10.10.10.1.8905: ud
p 95
48: 17:33:41.745566 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
49: 17:33:41.745795 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
50: 17:33:42.547975 802.1Q vlan#10 P0 10.10.10.101.2476 > 10.10.10.1.8905: ud
p 97
51: 17:33:46.747855 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
52: 17:33:46.748084 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
53: 17:33:47.548403 802.1Q vlan#10 P0 10.10.10.101.2477 > 10.10.10.1.8905: ud
p 94
54: 17:33:51.747718 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
55: 17:33:51.747931 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
56: 17:33:52.547670 802.1Q vlan#10 P0 10.10.10.101.2478 > 10.10.10.1.8905: ud
p 97
57: 17:33:54.134239 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
58: 17:33:56.750678 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
59: 17:33:56.750891 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
60: 17:33:57.563035 802.1Q vlan#10 P0 10.10.10.101.2479 > 10.10.10.1.8905: ud
p 97
61: 17:33:59.245272 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
62: 17:34:01.752188 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
63: 17:34:01.752402 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
64: 17:34:01.995737 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
65: 17:34:01.995813 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
66: 17:34:01.995950 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
67: 17:34:01.996011 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
68: 17:34:01.996118 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
69: 17:34:01.996179 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
70: 17:34:02.551836 802.1Q vlan#10 P0 10.10.10.101.2480 > 10.10.10.1.8905: ud
p 98
71: 17:34:03.011306 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
72: 17:34:03.011367 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
73: 17:34:03.011443 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
74: 17:34:03.011489 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
75: 17:34:03.011550 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
76: 17:34:03.011596 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
77: 17:34:04.027037 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
78: 17:34:04.027082 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
79: 17:34:04.027174 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
80: 17:34:04.027250 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
81: 17:34:04.027311 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
82: 17:34:04.027357 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
83: 17:34:04.745811 802.1Q vlan#10 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
84: 17:34:06.058514 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 49
85: 17:34:06.058605 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.23.427: u
dp 34
86: 17:34:06.058651 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 49
87: 17:34:06.058712 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.16.22.427: u
dp 34
88: 17:34:06.058758 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 49
89: 17:34:06.058819 802.1Q vlan#10 P0 10.10.10.101.2263 > 156.80.200.40.427:
udp 34
90: 17:34:06.750907 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
91: 17:34:06.751151 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
92: 17:34:07.552751 802.1Q vlan#10 P0 10.10.10.101.2481 > 10.10.10.1.8905: ud
p 96
93: 17:34:11.752082 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
94: 17:34:11.752326 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
95: 17:34:12.553392 802.1Q vlan#10 P0 10.10.10.101.2482 > 10.10.10.1.8905: ud
p 96
96: 17:34:16.755438 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
97: 17:34:16.755682 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
98: 17:34:17.554811 802.1Q vlan#10 P0 10.10.10.101.2483 > 10.10.10.1.8905: ud
p 97
99: 17:34:21.751303 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
100: 17:34:21.751563 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
101: 17:34:22.552034 802.1Q vlan#10 P0 10.10.10.101.2484 > 10.10.10.1.8905: ud
p 95
102: 17:34:26.753989 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
103: 17:34:26.754218 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
104: 17:34:27.560334 802.1Q vlan#10 P0 10.10.10.101.2485 > 10.10.10.1.8905: ud
p 98
105: 17:34:31.755499 802.1Q vlan#10 P0 10.10.10.101 > 10.10.10.1: icmp: echo re
quest
106: 17:34:31.755728 802.1Q vlan#10 P0 10.10.10.1 > 10.10.10.101: icmp: echo re
ply
107: 17:34:32.563950 802.1Q vlan#10 P0 10.10.10.101.2486 > 10.10.10.1.8905: ud
p 95
107 packets shown
ciscoasa# show cap cap20
92 packets captured
   1: 17:26:53.653378 802.1Q vlan#20 P0 10.10.20.101.1187 > 216.49.94.13.80: S 8
20343450:820343450(0) win 65535
   2: 17:27:12.019133 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
   3: 17:27:17.214481 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
   4: 17:27:55.593688 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
   5: 17:27:58.555284 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
   6: 17:28:04.564790 802.1Q vlan#20 P0 10.10.20.101.1188 > 216.49.94.13.80: S 1
499891746:1499891746(0) win 65535
   7: 17:29:06.504856 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
   8: 17:29:06.504917 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
6:bb
   9: 17:29:06.505222 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
10: 17:29:09.467032 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
11: 17:29:15.476537 802.1Q vlan#20 P0 10.10.20.101.1189 > 216.49.94.13.80: S 4
7080594:47080594(0) win 65535
12: 17:30:17.417245 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
13: 17:30:18.156043 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
14: 17:30:20.378688 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
15: 17:30:23.220356 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
16: 17:30:26.388102 802.1Q vlan#20 P0 10.10.20.101.1190 > 216.49.94.13.80: S 1
445997597:1445997597(0) win 65535
17: 17:30:28.721047 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
18: 17:30:34.222507 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
19: 17:33:43.156928 802.1Q vlan#20 P0 arp who-has 10.10.20.101 tell 10.10.20.1
01
20: 17:33:44.187002 802.1Q vlan#20 P0 arp who-has 10.10.20.1 tell 10.10.20.101
21: 17:33:44.187047 802.1Q vlan#20 P0 arp reply 10.10.20.1 is-at 54:75:d0:ba:4
6:bb
22: 17:33:44.187261 802.1Q vlan#20 P0 10.10.20.101 > 10.10.20.1: icmp: echo re
quest
23: 17:33:44.187520 802.1Q vlan#20 P0 10.10.20.1 > 10.10.20.101: icmp: echo re
ply
24: 17:33:44.239016 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
25: 17:33:44.327360 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
26: 17:33:44.989740 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
27: 17:33:45.150611 802.1Q vlan#20 P0 10.10.20.101.6646 > 10.10.20.255.6646:
udp 236
28: 17:33:45.331312 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
29: 17:33:45.740943 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
30: 17:33:46.331892 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
31: 17:33:46.492131 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
32: 17:33:47.243502 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
33: 17:33:47.994501 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
34: 17:33:48.335050 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
35: 17:33:48.335141 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
36: 17:33:48.745658 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
37: 17:33:49.496861 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
38: 17:33:50.248812 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
39: 17:33:50.249300 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
40: 17:33:50.999170 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
41: 17:33:50.999246 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
42: 17:33:51.750342 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
43: 17:33:51.750418 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
44: 17:33:52.341336 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.26.53:
udp 34
45: 17:33:52.341474 802.1Q vlan#20 P0 10.10.20.101.53835 > 208.231.55.27.53:
udp 34
46: 17:33:52.501576 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
47: 17:33:52.501652 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
48: 17:33:53.254183 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
49: 17:33:53.254320 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 204
50: 17:33:54.134361 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
51: 17:33:54.755118 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
52: 17:33:54.823535 802.1Q vlan#20 P0 10.120.2.198.1261 > 161.69.12.13.443: R
250934743:250934743(0) ack 2427374744 win 0
53: 17:33:54.823901 802.1Q vlan#20 P0 10.120.2.198.1262 > 161.69.12.13.443: R
3313764765:3313764765(0) ack 1397588942 win 0
54: 17:33:54.824618 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
55: 17:33:56.257448 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
56: 17:33:57.759833 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
57: 17:33:57.779729 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
58: 17:33:59.245394 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
59: 17:33:59.262178 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
60: 17:34:00.263780 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
61: 17:34:01.265382 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
62: 17:34:02.266908 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 186
63: 17:34:03.268540 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
64: 17:34:03.789189 802.1Q vlan#20 P0 10.10.20.101.1269 > 161.69.12.13.443: S
2860571026:2860571026(0) win 65535
65: 17:34:04.019591 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
66: 17:34:04.745933 802.1Q vlan#20 P0 10.10.10.101 > 10.10.20.101: icmp: echo
request
67: 17:34:04.770757 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
68: 17:34:05.521991 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
69: 17:34:06.273209 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
70: 17:34:07.024367 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
71: 17:34:07.775518 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
72: 17:34:08.526706 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 68
73: 17:34:09.277939 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
74: 17:34:09.278061 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 174
75: 17:34:09.278702 802.1Q vlan#20 P0 10.10.20.101.138 > 10.10.20.255.138: ud
p 204
76: 17:34:15.810489 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
77: 17:34:16.809726 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
78: 17:34:17.811222 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
79: 17:34:19.814349 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
80: 17:34:19.814380 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
81: 17:34:23.820682 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.26.53:
udp 31
82: 17:34:23.820788 802.1Q vlan#20 P0 10.10.20.101.49796 > 208.231.55.27.53:
udp 31
83: 17:34:30.822924 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
84: 17:34:31.572892 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
85: 17:34:32.324079 802.1Q vlan#20 P0 10.10.20.101.137 > 10.10.20.255.137: ud
p 50
86: 17:34:33.083079 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
87: 17:34:34.077007 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
88: 17:34:35.078639 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
89: 17:34:37.081584 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
90: 17:34:37.081706 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
91: 17:34:41.087809 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.26.53:
udp 44
92: 17:34:41.087840 802.1Q vlan#20 P0 10.10.20.101.61089 > 208.231.55.27.53:
udp 44
92 packets shown

Inter-vlan routing on CIsco 881 router ?

Hello, I have configured my 881 to perform inter-VLAN routing i.e. I am using ports 0-2 as tagged switch ports (with PC's plugged in and addressed on their relevant subnets) and port 3 as a trunk feeding in to port 4 as a router on stick configuration.
For some reason I am unable to ping between subnets. It seems the trunk is failing ?
Could someone please take a look and help me out. It must be something basic. This is driving me crazy.
p.s. I have entered 'switchport trunk encapsulation dot1q' on port 3 (the trunk) however it is not showing up.
Thank you kindly for any help.
Building configuration...
Current configuration : 1564 bytes
! Last configuration change at 22:45:55 UTC Wed Apr 29 2015
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
hostname Router
boot-start-marker
boot-end-marker
no aaa new-model
memory-size iomem 10
ip flow-cache timeout active 1
ip cef
no ipv6 cef
license udi pid CISCO881-K9 sn FGL171824DY
interface FastEthernet0
switchport access vlan 10
no ip address
interface FastEthernet1
switchport access vlan 10
no ip address
interface FastEthernet2
switchport access vlan 2
no ip address
interface FastEthernet3
switchport trunk native vlan 15
switchport mode trunk
no ip address
spanning-tree portfast
interface FastEthernet4
no ip address
ip flow ingress
ip flow egress
duplex auto
speed auto
interface FastEthernet4.1
encapsulation dot1Q 15 native
ip address 192.168.15.1 255.255.255.0
interface FastEthernet4.2
encapsulation dot1Q 2
ip address 192.168.2.1 255.255.255.0
interface FastEthernet4.10
encapsulation dot1Q 10
ip address XXX.XXX.XXX.XXX 255.255.255.252 <== altered to block public ip address details
interface Vlan1
ip address 192.168.1.1 255.255.255.0
ip default-gateway XXX.XXX.XXX.XXX <== altered to block public ip address details
ip forward-protocol nd
no ip http server
no ip http secure-server
ip flow-export source FastEthernet4
ip flow-export version 5 origin-as
ip flow-export destination 192.168.247.232 9996
ip route 0.0.0.0 0.0.0.0 XXX.XXX.XXX.XXX <== altered to block public ip address details
line con 0
no modem enable
line aux 0
line vty 0 4
login
transport input all
end

Are you able to provide a diagram please? Having trouble understanding what you are trying to do.

Cisco Sg500X inter vlan routing - Cisco can you please help - holding up a project

Hey guys
I am simply trying to get inter vlan routing working on an SG500X operating in standalone mode.
I have setup a couple of vlan interfaces on the switch which I assume are routed automatically when ip routing is enabled.
I can ping these vlan interfaces from a pc on the appropriate VLAN (ie - I can ping what should be the default gateway and the gateway and IP are setup correctly on the pc's in question but no traffic will pass from pc to pc.
Have probably missed something obvious - any help would be greatly appreciated, config below:
skelta-dist#sh run
config-file-header
skelta-dist
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2000,3000,4092-4093
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname skelta-dist
line console
exec-timeout 0
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 0
exit
logging console debugging
username admin password encrypted 54f0197510fc8f980214826ad98ecc0291956ebc privilege 15
username cisco password encrypted 007253f1436da456a0880a66bbcc7c1b4a3af284 privilege 15
username readonly password encrypted 9a27718297218c3757c365d357d13f49d0fa3065
snmp-server location "Skelta comms room"
snmp-server contact [email protected]
ip http timeout-policy 0
interface vlan 1
ip address 1.1.1.1 255.255.255.0
no ip address dhcp
interface vlan 2000
name backup
ip address 192.168.50.241 255.255.255.0
interface vlan 3000
name user
ip address 10.129.53.241 255.255.254.0
interface vlan 4092
name server
ip address 10.129.38.241 255.255.255.0
interface vlan 4093
ip address 10.129.100.241 255.255.255.0
interface gigabitethernet1/1
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/2
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/3
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/4
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/5
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/6
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/7
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/8
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/9
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/10
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/11
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/12
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/13
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/14
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/15
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/16
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/17
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/18
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/19
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/20
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/21
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/22
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/23
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/24
switchport mode access
switchport access vlan 2000
interface tengigabitethernet1/1
channel-group 1 mode on
interface tengigabitethernet1/2
channel-group 1 mode on
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
macro auto processing type ap disabled
ip helper-address all 0.0.0.0 7
skelta-dist#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 1.1.1.0/24 is directly connected, vlan 1
C 10.129.38.0/24 is directly connected, vlan 4092
C 10.129.52.0/23 is directly connected, vlan 3000
skelta-dist#sh arp
Total number of entries: 3
VLAN Interface IP address HW address status
vlan 3000 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
vlan 4092 10.129.38.2 a4:5d:36:18:12:d6 dynamic
These are the two VLANs and above are the two ARP entries for the pc's.
and these are the default gateways:
skelta-dist#sh ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
1.1.1.1/24 vlan 1 Static disable No Valid
10.129.38.241/24 vlan 4092 Static disable No Valid
10.129.53.241/23 vlan 3000 Static disable No Valid
10.129.100.241/24 vlan 4093 Static disable No Valid
192.168.50.241/24 vlan 2000 Static disable No Valid

Hi Rajeevsh
Ip routing is turned on, the correct connected routes are in the route table, I can see the arp entries for the two pc's but the two pc's cant ping each other (windows firewall is turned off).
I CAN ping the vlan interfaces from both pc's but the pc's cant talk to each other.
The ports are in untagged (switchport access) and obviously in the correct vlans
skelta-dist#sh ip route address 10.129.38.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.38.0/23 is directly connected, vlan 4092
skelta-dist#sh ip route address 10.129.53.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.53.0/24 is directly connected, vlan 1
skelta-dist#sh arp
Total number of entries: 2
VLAN Interface IP address HW address status
vlan 1 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
skelta-dist#sh ip interface
IP Address I/F I/F Status Type Directed Precedence Status
admin/oper Broadcast
10.129.38.241/23 vlan 4092 UP/UP Static disable No Valid
10.129.53.241/24 vlan 1 UP/UP Static disable No Valid

How to configure switch to route ISP ethernet handoff? (L3 or VLAN routing)

I have an ISP providing a redundant internet circuit through Ethernet handoff, and I need to route their border network to my firewall which will hold the public IP address block. The handoffs will go into 2 3750 switches stacked, which in turn will be uplinked to an ASA active/standby pair. How do I configure the switches to handle the traffic?  The equipment isn't in place yet so I can't test the configuration; just trying to validate the plan. I'm not sure of the pros/cons of using L3 switchport vs VLAN routing.
Example, ISP provides 2 drops, 10.10.10.1/29 and 10.10.10.2/29, and a virtual gateway to route traffic out to the internet, 10.10.10.3/29 (FYI - in reality these are public IP's, just using privates for example).  Assume the public block is 192.168.0.0/24. I need to configure the 3750 switches with interfaces of 10.10.10.4/29 and 192.168.0.1/24. The ASA firewall outside interface will be 192.168.0.2/24.
The ISP routes everything destined for 192.168.0.0/24 to 10.10.10.4/29. I need to route all outbound internet traffic to 10.10.10.3/29.
So the 3750 would have a layer 3 port-channel with IP 10.10.10.4/29 to uplink to the ISP drops. It will also have another layer 3 port-channel with IP 192.168.0.1 (or should I use a VLAN interface for both or either?). The ASA outside interface will be 192.168.0.2. On the ASA my default route out is 0.0.0.0 0.0.0.0 192.168.0.1. The default route on the 3750 stack will be 0.0.0.0 0.0.0.0 10.10.10.3.
Thoughts?
                                                                             [ISP-BORDER1-10.10.10.1]
[INTERNET]----[ISP-BORDER-VIP-10.10.10.3]                                                 [3750-L3-PORT-10.10.10.4/192.168.0.1]----------[ASA-192.168.0.2]
                                                                            [ISP-BORDER2-10.10.10.2]

Hi,
Any update on above queries.
Need Solution.

Vlan routing with Linksys sge2000

hi I have a Linksys sge2000 with two vlans, one has interface 192.168.50.10 /18 and the second has 192.168.30.10 /24, I need to get communication between these networks, because few computers must access to other network, so that’s why I ask you for some help, because until now I couldn’t find if its possible in this switch thank you in advanceDaniel

it is not possible for those 2 vlans to communicate with each other unless you hook up a router to those 2 vlans. the device is not capable for inter vlan routing alone so you will need to use layer 3 device.

Basic Vlan routing question

Similar Messages

Maybe you are looking for