Routing multicast between vlans thru VRF's

Similar Messages

• Difference between VLAN

  Hi,
  whats the difference between layer 2 VLAN and Layer 3 VLAN.
  regards
  Neo

  Here's the IEEE 802.1 defintion of VLAN. This is basically your layer 2 VLAN.
  • Provides for the logical grouping of stations (MAC Service Access Points - MSAPs) and/or switch ports, allowing communications as if all stations/ports are on the same physical LAN segment. This includes stations/ports that are physically located on different LANs or segments within the physical boundary of an 802.1D Bridged LAN. A single Bridged LAN may include multiple VLAN “segments”.
  With that said, as the previous poster mentioned, for a host on a VLAN to communicate with a host on another VLAN you need a layer 3 device (router). Often, this is done by a layer 3 switch (like 3550, 6500 etc.). On a layer 3 device you have to create a logical interface, vlan interface on a switch or sub-interface if you are doing router-on-a-stick, to route traffic between VLANs. This is basically your layer 3 VLAN (interface) if you like to call it that way.
  HTH,
  Sundar
  *Please rate all helpful posts.

• My 1st Generation time capsule won't connect to the internet thru a new motorola sb6121 - get continuously flashing yellow light. Using a router in between the modem and capsule yields good but slower connection to internet. Any thoughts?

  My 1st Generation time capsule won't connect to the internet thru a new motorola sb6121 - get continuously flashing yellow light. Using a router in between the modem and capsule yields good but slower connection to internet. Any thoughts?

  Thanks for your response
  Let me give the history - I started with an Apple Express being fed thru a D-Link  EBTR 2310 cable Router from an RCA DCM315 Modem (Pure). Comcast service all the way.
  Got the 1st generation TC in 2008 and merely replaced the Airport Express with the TC. Worked ok
  A year or two ago I did try removing the modem and feeding the TC directly from the modem. Resulted in the same condition I have now - Continuous flashing amber on the TC. So I put the router back in the chain.
  Some time later, at the recommendation of a Comcast rep, I replaced the router with (a Belkin F5D 5231) to see if speed and dropout problems would be improved. I thought it helped some at the time but now I am not so sure.
  Last week I decided to see if a new modem would help with download speeds. So I got another pure cable modem (Motorola SB 6121- high on the Comcast recommended list).
  Got up and running easily with Comcast help and with the modem connected directly to a computer.
  Next I put the TC in the link and again could not get past the TC continuing to flash amber. Although I did get connected to the internet with this configuration I lost connection two both of my printers - one connected by USB and the other wirelessly to the TC. Again everything works fine when I put the Belkin router back in the system.
  However with the router in there, the modem shows the downstream connection to be 10/100 ethernet speed. (Modem light changes color for indicating speeds.}
  I have gone thru all of the combinations of powering down/ up, but all stays the same.
  I can live with what I have but something still doesn’t seem right.
  Thanks again

• SG300: How to set up routing between VLANs?

  I have recently purchased a Cisco SG300-10.  I need it to perform routing between two VLANs on the switch. Seems like this should be quick and easy to do from the built in GUI. When I configure it according to the documentation, it does not ropute between the VLANs.
  I have set the system mode to L3 (for level 3 switching).
  I have followed the instructions on pages 26 through 33 of the attached PDF (which I obtained from the Cisco site). I used the same ports on the switch and the same IP addresses as shown in the document.
  Everything works until I attempt the step "ping 10.1.1.10" on page 33. This is the step to verify the level 3 switching between the 2 PCs (on separate VLANs).
  The switch Firmware Version (Active Image): 1.3.5.58
  I have attached the running configuration from the switch. It is the file named "running-config.txt".   
  The 2 PCs that I am using are running Windows 7 and Windows 8.

  Hi jkst,
  There is a very minimum requirement to obtain layer 3 intervlan routing
  1- 2 VLAN in layer 3 mode assigned an IP address
  config t
  vlan database
  vlan 2
  int vlan 1
  ip address 192.168.1.1 /24
  int vlan 2
  ip address 192.168.2.1 /24
  2 - Active link state on each VLAN - Define a port for the second vlan then connect an IP device to that port and another device to another port since the rest of the ports will default to vlan 1
  config t
  int gi2
  switchport mode access
  switchport access vlan 2
  3 - Assign your device #1 that connects to any port an ip address on the same subnet as vlan 1
  Computer in vlan 1 IP info=
  192.168.1.100
  255.255.255.0
  192.168.1.1
  Computer in vlan 2 IP info-
  192.168.2.100
  255.255.255.0
  192.168.2.1
  Assuming these devices respond to ping and do not have external wireless communication, this will provide basic IP connectivity through the switch across vlans.
  -Tom
  Please mark answered for helpful posts

• Trouble getting internet route table distributet in a VRF

  Hi every one ..
  I'm have some trouble getting distributed the internet routing table between PE routers ...
  CE1 og PE1 works fine, BGP routes all internet routes are shown i en route table, but distributing between PE1 and PE2 is now working .. any one having a clue !!.
  My gold is to move internet access into it's oven VRF, and away from the global routing table
  In the MPLS core aim running the same AS number as our official AS, that we use for peering to the internet..
  snap of configurations
  ***CE1***
  router bgp 65534
  neighbor 172.31.61.55 remote-as 65534
  neighbor 172.31.61.55 description PE-1
  neighbor 172.31.61.55 shutdown
  neighbor 172.31.61.55 update-source Loopback0
  neighbor 172.31.61.55 next-hop-self
  ***MPLS PE1***
  ip vrf NET-INTERNET
  rd 65534:10051
  route-target export 65534:10051
  route-target import 65534:10051
  interface Port-channel1.35
  encapsulation dot1Q 35
  ip vrf forwarding NET-INTERNET
  ip address 172.31.61.55 255.255.255.224
  mpls label protocol ldp
  tag-switching mtu 1546
  tag-switching ip
  router bgp 65534
  neighbor 192.168.0.146 remote-as 65534
  neighbor 192.168.0.146 description PE2
  neighbor 192.168.0.146 update-source Loopback0
  neighbor 192.168.0.146 version 4
  neighbor 192.168.0.146 next-hop-self
  address-family vpnv4
  neighbor 192.168.0.146 activate
  neighbor 192.168.0.146 send-community both
  exit-address-family
  address-family ipv4 vrf NET-INTERNET
  neighbor 172.31.1.2 remote-as 65534
  neighbor 172.31.1.2 activate
  neighbor 172.31.1.2 description CE1
  no auto-summary
  no synchronization
  exit-address-family
  ***MPLS PE2***
  ip vrf NET-INTERNET
  rd 65534:10051
  route-target export 65534:10051
  route-target import 65534:10051
  interface Port-channel1.67
  encapsulation dot1Q 67
  ip vrf forwarding NET-INTERNET
  ip address 172.31.254.1 255.255.255.252
  mpls label protocol ldp
  tag-switching mtu 1546
  tag-switching ip
  router bgp 65534
  neighbor 192.168.0.132 remote-as 65534
  neighbor 192.168.0.132 description PE1
  neighbor 192.168.0.132 update-source Loopback0
  neighbor 192.168.0.132 version 4
  address-family ipv4 vrf NET-INTERNET
  neighbor 172.31.254.2 remote-as 65534
  neighbor 172.31.254.2 activate
  Best regards
  /Peter

  For VPN routes to be exchanged between the two PEs, you first need to configure VPNv4 address family on each one of the PEs.
  Carrying the full Internet routing table over VPNv4 will work but it is not very scalable since all PE routers have to hold the full Internet routing table in the VRF context in addition to potentially full Internet routing table in the global routing table. If you want to exchange full Internet routing table between the two CEs, it would be preferable to use something Carrier Supporting Carrier (CSC).
  Please refer to the following URL for additional information on CSC:
  http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120limit/120s/120s23/fscscl23.htm
  Hope this helps,

• The IP Routing Process for VLAN's?

  I have the CCNA Study Guide third edition. Chapter five, page 254 has a description of the ip routing process.  It descripes the ip routing process using two nodes on different subnets and a router.
  We've recently deployed VLAN's, so I'm asking if I replace the router with a switch in the description, if the principles would still apply?  I'm also asking if someone knows of a link that describes the ip routing process when using a VLAN?  I'm looking for documentation that's similar to what's in the book, but modernized.
  tia

  I do not have the book but i will try to help:
  Switches dont do inter-vlan routing (Unless you are using a layer 3 switch) so if you are have different Vlans configured on your switch and want them to comunicate each other without a router you cant.
  If you have a router the same principles apply to normal routing, remember that VLANS are just a way of dividing your clients, so your VLANS configured on your subinterfaces will appear directly connected on your ip route table. For example:
  VLAN 10: 192.168.10.0
  VLAN 20: 192.168.20.0
  VLAN 30: 192.168.30.0
  You have vlan 10 and 20 locally on a lan interface (They will be directly connected on your ip route) but vlan 30 is reachable thru a serial interface (ppp or frame relay) you would use:
  ip route 192.168.30.0 255.255.255.0 serialx/x

• Which is the correct way to filter/block traffic between vlans?

    Hi all. My question is: Which is the correct way to filter/block traffic between vlans?
  i have a more than 15 vlans. I want to block traffic between them except 2 vlans.
  source vlan 3 deny destination vlan 4
  #access-list 100 deny ip 192.168.3.0 0.0.0.255 192.168.4.0 0.0.0.255
  and the oposite:
  #access-list 101 deny ip 192.168.4.0 0.0.0.255 192.168.3.0 0.0.0.255
  I have to do this for all VLANs, ono by one. Is that right?
  Thanks.

  There are a couple of ways to achieve that. I assume that you have a Layer3-Switch. There I would configure one ACL per vlan-interface and allow/deny the traffic as you want. Sadly, the Switches don't support object-groups yet, so you have to use the IP-networks here. Only allow/deny traffic based on networks or hosts. Don't even try to be very granular with permit/denys based on ports. Because the switch-ACLs are not statefull you'll run into problems for the return-traffic if you woulf do that. And the return-traffic of course has to be allowed also.
  Another way: with the help of 802.1x you can deploy port-based ACLs for every user. That takes some time for planning, but is one of the most powerful solutions.
  For more control you could remove the L3-interface from your L3-switch and move that to your router or firewall. These devices support stateful filtering and you can control your traffic much tighter tehn with ACLs on the switch.
  Don't stop after you've improved your network! Improve the world by lending money to the working poor:
  http://www.kiva.org/invitedby/karsteni

• L2 and L3 Routed Link between 2 COREs

  Hi
  What is the difference between L2 (Dot1q) and L3 Routed Link between 2 COREs in term of Functionality 
  thanks

  Hello Ibrahim ,
  I will try to explain , 
  VLANs put tag on frames to ensure packet do not leave layer 2 broadcast domain and yet will reach to all ports part of that vlan ( as per tag ) .
  Layer 3 SVIs on other hand provides layer 3 reachability for vlans and hosts inside layer 2 vlan . To achieve this all layer2 vlan host provide with related layer 3 SVIs ip address as gateway .
  I hope you got it by now . 
  HTH
  Sunil Bhadauria 
  ! Kindly rate all helpful posts  and accordingly mark correct answers to help forum !

• SG500 Slow Performance Between Vlans

  Hello,
  I am having an issue with slow performance between vlan 1 and vlan 10, I have IPv4 routing enabled and I have SVI on vlan 1 and vlan 10 respectfully. Within the same vlan the speed is great. Would it also be a problem with using vlan 1 in production for something like this? Normally I stay away from Vlan 1. 
  Thanks

  Hi Alexandery,
  In my opinion, this thread is related to ASP.NET forum. So please post thread on that forum for more effective response. Thank you for understanding. Please refer to the following link.
  http://forums.asp.net/.
  Regards,
  We are trying to better understand customer views on social support experience, so your participation in this interview project would be greatly appreciated if you have time. Thanks for helping make community forums a great place. <br/> Click
  <a href="http://support.microsoft.com/common/survey.aspx?showpage=1&scid=sw%3Ben%3B3559&theme=tech"> HERE</a> to participate the survey.

• After mail was moved to iCloud on jan 1, my mail app emails received have 23 lines of "routing info" between the address and the message. How can I get rid of this info?

  After my mail was moved to iCloud, my mail app emails received have 23 lines of "routing data between the address and the message how can Imget rid of this "data"?

  Found the answer a Mail>preferances>Viewing>Show header detail. Changed it to Default.

• Dynamic routing alternative between ASA and edge routers?

  This is the current setup between two edge routers and an ASA 5580.  The edge routers carry approximately 9200 BGP routes with ISP A also supplying the default route.  Is there a good, i.e. has been successfully implemented, dynamic routing situation between the edge routers and ASA such that the ASA can send traffic to the particular edge router that carries the best specific route?

  Hello,
  Let's remember that the ASA was built as a High-Level Next Generation Firewall.
  That does not mean it's not useful for routing but here we are talking about thousands of routes, I do not think there will be a performance issue on the FW because of that. I mean you have one of the greatest Cisco Firewalls (functionality and power speaking).
  So if that's the case and you really want to do that you will need to implement either RIP,EIGRP,OSPF on the link and then do the redistribution on the routers.
  Makes sense?
  Regards,
  Jcarvaja
  CCIE 42930

• Unable to communicate between VLANs on SG300-10

  Please take a look at my rough drawing of how I would like my network to work:
                          SG300-10
         | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
         |_|___|__________________________________|
           |   |_________________________________
           |_________________                   |
  __________________  _______|_________  _______|_________
  |-----VLAN 1-----|  |----VLAN 10----|  |----VLAN 20----|
  |   Management   |  | 192.168.10.1  |  | 192.168.20.1  |
  | 192.168.1.250  |  |               |  |               |
  |________________|  |Internet Router|  |   Devices:    |
                      | 192.168.10.2  |  | Physical Box  |
                      |_______________|  | 192.168.20.2  |
                                         | Server 2008R2 |
                                         |DNS,DHCP,AD DC |
                                         |               |
                                         |Physical Boxes |
                                         | 192.168.20.x  |
                                         |W7 Workstations|
                                         |_______________|
  I have set static IP addresses on the Server 2008R2 host and Internet Router.  I set up my VLANs, and I set each VLAN IP (as shown above), I set a 0.0.0.0 route to the Internet Router as well as x.x.x.0 routes for each VLAN IP range, and I set the gateway on all hosts on VLAN 20 to be 192.168.20.1. 
  I am unable to get Internet access, ping the router or access the switch management web page from any host on VLAN 20 unless I manually set the IP on the host on VLAN 20 to the same IP range as the device I'm trying to access. As such:
  If I manually set the host IP to 192.168.1.50, I can access the switch management, but then cannot RDP into or ping any of the hosts on VLAN 20 or ping the Internet Router on VLAN 10.
  If I manually set the host IP to 192.168.10.50, I can ping the Internet Router but cannot RDP into or ping any device on VLAN 20, nor can I access the Switch Management page.
  If I allow DHCP to set the IP to 192.168.20.5, I can RDP into and ping all devices on VLAN 20, but I cannot ping any devices on VLAN 10 or access the Switch Management on VLAN 1.
  I know I'm missing something simple, and I've been working on this for about 30 hours now but cannot seem to get this to work. Could anyone possibly help?  Thanks in advance.

  Sorry for the delayed response, but I was not aware that additional routing information needed to be set on the router so once I found that setting (Linksys E2000 / Setup / Advanced Routing), I read the help page and, with the information you provided, am now able to access the Internet on my network! I used the following settings, and understand I'll need to do the same for any additional VLANs:
  Destination LAN IP:  192.168.20.0
  Subnet Mask:  255.255.255.0
  Gateway:  192.168.10.1
  However, I'm having one small problem; if I manually set a wireless host connected to the Linksys Internet Router to an IP within the router's VLAN (192.168.10.x, VLAN10) or a VLAN20 IP and manually set DNS to my Server 2008R2 host (VLAN20), everything works fine on the wireless host. However, if I set the IP to obtain automatically, it cannot find the DNS/DHCP server on VLAN20 and gets an IP of 169.254.36.125 and has no DNS or Gateway information available. I'm thinking this must be either an issue or setting on the router, and I've been poking around but can't find anything on it. I don't think it has anything to do with the Cisco switch. Any thoughts?

• Route Redistribution between RIP and OSPF

  Hi all,
      I'm building my home lab and having difficutly to get this part of router redistribution work. 
      I can't ping from PC, Server and SW1 to R2's int f0/0, f0/1 and SW2's G0/1.
      I can't ping from R1 to R2's f0/1, SW2
      Vice versa,  I can't ping from SW2 to R2's f0/0, R1's f0/0 & f0/1, SW1, PC and Server.
       Also, I can't ping from R2 to R1's f0/1, SW1, Server and PC.
     I think the reason cause these ping's failure is I didn't config the Route Redistribution between RIP and OSPF(on R2)correctly.  I strugled for hours to change comand around but still can't figure it out. I attached my Topology and config. file to you and please help!
  smartd1011

  Hi,
  On R1, you should not be advertising 10.0.0.0/24 via OSPF => redistribution will handle that
  On R1, you should not be advertising 20.0.0.0/24 via EIGRP => redistribution will handle that
  On R2, you should not be advertising 30.0.0.0/24 via OSPF => redistribution will handle that
  On R2, you should not be advertising 20.0.0.0/24 via RIP=> redistribution will handle that
  On R2, under your rip process, you should put a  metric to RIP otherwise it would redistributed with infinite metric (i.e. 16). Btw, you did put a seed metric on your EIGRP redistribution which is fine.
  Also if you're talking RIP with switch2 and would like to send rip updates to him, you remove your passive interface statement
  your rip statement should be somethin like that : 
  router rip
  version 2
  redistribute ospf 1 metric 5
  passive-interface FastEthernet0/0
  network 30.0.0.0
  no auto-summary
  HTH

• Broadcast large UDP datagrams between VLANs

  Hello,
  I wish to broadcast large UDP packets between two VLANs (on the one set of stacked 3750 switches).
  I have setup an ip helper which allows me to broadcast between vlans. That works fine, but I am limited to datagrams around 5912 bytes in size.
  I want to be able to broadcast larger datagrams.
  I can successfully broadcast larger datagrams (65000-ish bytes) within the one vlan, but not between two vlans.
  Am I able to increase the size of broadcast UDP datagrams between vlans and if so, how?
  Thanks in advance.

  Disclaimer
  The Author of this posting offers the information contained within this posting without consideration and with the reader's understanding that there's no implied or expressed suitability or fitness for any purpose. Information provided is for informational purposes only and should not be construed as rendering professional advice of any kind. Usage of this posting's information is solely at reader's own risk.
  Liability Disclaimer
  In no event shall Author be liable for any damages whatsoever (including, without limitation, damages for loss of use, data or profit) arising out of the use or inability to use the posting's information even if Author has been advised of the possibility of such damage.
  Posting
  Hmm, I'm wondering whether a helper cannot forward fragments.
  If not, if you enable jumbo support on the 3750, you might be able to send larger diagrams, but perhaps not larger than MTU.

• SGE Series - Multicast Across VLANs

  Does anyone know if the SGE series switches support multicast across VLANs?
  If so, how do you configure it?
  I have IGMP snooping enabled globally and for each VLAN.
  Bridge multicast filtering is enabled as well.

  Yes, the sg300 can, and yours probably can too. It's either the settings or the application. What are you trying to accomplish with the multicast over vlan? I had a situation where I was trying to get a DNLA tv to find a DNLA media server (Dnla uses multicast broadcasts for discovery) on a different vlan/subnet. While multicast across vlan worked, the Samsung tv would only look for media servers on its own subnet, regardless of the multicast. You may be facing some limitation of your application, rather than the switch. How about you post some screenshots of the multicast config, then generate some multicast traffic on one vlan and use wireshark to see if you can see it on the other.
  Best,
  David
  Sent from Cisco Technical Support iPad App
  Please rate helpful posts.