Vlan & Inter Vlan question

Here is my network layout:
I have a cable modem connecting to a Linksys WRT54GL (DDWRT) router. Port 1 on the WRT54GL is connect to port 01 on the SG300-10 switch.
On the SG300-10 I've created two Vlans (Vlan 30 & Vlan 40). I assigned ports 3 & 4 on the SG300-10 to Vlan 30 and ports 5 & 6 to Vlan 40. Vlan 30 has the IP Address 10.10.30.1 and Vlan 40 has an Address of 10.10.40.1. The default Vlan (Vlan1) has an Address of 10.10.20.2. The default gateway (WRT54GL router) has an Address of 10.10.20.1. I have also enable DHCP relay on the switch and enter the command "ip routing". My question is on either vlan if I wanted to setup static addresses for clients would I use the 10.10.20.1 (WRT54GL) address as the default gateway? Also, what additional configurations do I need to make for the Vlans to be able to talk to each other and be able to access the internet?
Thanks,

Van,
Thanks for the reply. The SG300-10 is in layer 3 mode. I have configured the DHCP server accordingly. Here is my setup:
                   cable modem
                          |
                          |
                   linksys wrt54gl (10.10.20.1)
                          |
                          |
                   sg300-10 Vlan1= 10.10.20.2 (manage)
                                  Vlan30= 10.10.30.0 /24 (GW= 10.10.30.1)
                                  Vlan40= 10.10.40.0 /24 (GW= 10.10.40.1)
You said that for inter-Vlan to work I need to set the clients GW to the switch. Would that be the Vlan's gateway for clients in each vlan? For example if a client was in vlan30 their gw would be 10.10.30.1?
The clients are not able to access the internet from the vlan. How would I configure the static on the switch for the vlans to be able to access the internet? Would this work: ip route 0.0.0.0 0.0.0.0 10.10.20.1?

Similar Messages

VLAN, Inter-Vlan I need help...

Hi guys. I just wanna ask if it's possible to block 192.168.98.2 pc from accessing the 192.168.99.11?
Router 0
interface GigabitEthernet0/0.98
encapsulation dot1Q 98
ip address 192.168.98.254 255.255.255.0
interface GigabitEthernet0/0.99
encapsulation dot1Q 99
ip address 192.168.99.254 255.255.255.0
VLAN 98 and VLAN 99 is already connect via Inter-Vlan. My problem now is, how can I block PC 192.168.98.2 from accessing PC 192.168.99.11?
Thanks
Best Regards,
Jaycer
[email protected]

Hello
access-list 100 deny ip host 192.168.98.2 host 192.168.99.11
access-list 100 permit ip any any
interface GigabitEthernet0/0.98
ip access-group 100 in
or
interface GigabitEthernet0/0.99
ip access-group 100 out
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.

ACE design with inter-Vlan routing

Hello all.
I'm working on a design for a customer where the ACE will perform inter vlan routing.
A few questions about that :
- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
example :
VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24 192.168.3.0/24
If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
Thanks in advance.

Hello Surya!
Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
Cheers,
Marko

RV180 Router: Cannot get Inter-VLAN Routing to work.

I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Here is the est-up:.
Upgraded to latest Cisco firmware (1.0.1.9).
Starting with factory default settings, I added 2 VLANS as follows:
    vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
    vlan vlan2 (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
    vlan vlan3 (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
                                   (unconnected)
                                     WAN port
                                        |
                                    Routing/NAT
                                        |
vlan ip                   192.168.1.1   192.168.2.1   192.168.3.1
vlan name                   default        vlan2        vlan3
vlan id                       ID=1          ID=2         ID=3
Inter-VLAN Routing             No           Yes          Yes
Port 1                     Untagged       Excluded     Excluded
Port 2                     Excluded       Untagged     Excluded
Port 3                     Excluded       Excluded     Untagged
Port 4(not of interest)    Untagged       Excluded     Excluded
                            Port 1         Port 2       Port 3
                              |              |            |
                           AdminPC          PC2          PC3
                                       192.168.2.191   192.168.3.181
PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
BUT....
PC2 cannot ping PC3 - NOT WORKING
PC3 cannot ping PC2 - NOT WORKING
(does not work in both Gateway Mode and Router Mode)
ANYONE CAN HELP ME FIGURE OUT WHY ??????
Your help is much appreciated.
I bought this device specifically because it supported inter-VLAN routing!.
Venu
Supporting Information:
Screen captures:
VLAN Membership:
VLAN ID Description Inter VLAN Device   Port 1    Port 2    Port 3    Port 4
                        Routing     Mgment
       1   Default      Disabled    Enabled Untagged Excluded Excluded Untagged
       2   VLAN2        Enabled     Enabled Excluded Untagged Excluded Excluded
       3   VLAN3        Enabled     Enabled Excluded Excluded Untagged Excluded
Multiple VLAN Subnets:
   VLAN ID IP Address   Subnet Mask    DHCP Mode    DNS Proxy Status
        1 192.168.1.1 255.255.255.0 DHCP Server Enabled
        2 192.168.2.1 255.255.255.0 DHCP Server Enabled
        3 192.168.3.1 255.255.255.0 DHCP Server Enabled
Routing Table (Gateway Mode)
Destination     Gateway   Genmask         Metric Ref   Use   Interface   Type     Flags
127.0.0.1     127.0.0.1   255.255.255.255 1       0     0     lo          Static   UP,Gateway,Host
192.168.3.0     0.0.0.0   255.255.255.0   0       0     0     bdg3        Dynamic   UP
192.168.2.0     0.0.0.0   255.255.255.0   0       0     0     bdg2        Dynamic   UP
192.168.1.0     0.0.0.0   255.255.255.0   0       0     0     bdg1        Static   UP
192.168.1.0 192.168.1.1   255.255.255.0   1       0     0     bdg1        Static   UP,Gateway
127.0.0.0       0.0.0.0   255.0.0.0       0       0     0     lo          Dynamic
Routing Table (Router Mode)
(Same)

cadet alain, you hit the nail on the head.    The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet. Thank you for your help in resolving this.
I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that. Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it. My current routing table looks like this:
Destination   Gateway     Genmask           Metric Ref   Use Interface Type    Flags
127.0.0.1     127.0.0.1   255.255.255.255   1       0     0    lo         Static UP,Gateway,Host
192.168.2.0   0.0.0.0     255.255.255.0     0       0     0    bdg2       Dynamic UP
192.168.1.0   0.0.0.0     255.255.255.0     0       0     0    bdg1       Static UP
127.0.0.0     0.0.0.0     255.0.0.0         0       0     0    lo         Dynamic UP
It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254). Can't seem to find a way to add a default route.

SA540 Inter-VLAN ACL Support Options

We have several VLANs, basically a different VLAN for each department (i.e. Developers, Payroll, Accounting, etc.) with Inter VLAN Routing turned off. We have several printers with static IPs that are currently part of a near by VLAN. We would like to group/share most of our printers across all/most of our current VLANs though. How can this be achieved? We don't want to turn Inter VLAN Routing on
If we had to, it may be possible to move all the printers we want to share across the existing VLANs to a new VLAN (and turn Inter VLAN routing on for that VLAN). Would that allow all the existing VLANs access to the new *printer* VLAN? Would all the existing VLANs still be separate and secure from one another?
We were hoping for Inter VLAN Firewall ACL support in the latest firmware as we were told is was on the roadmap for the SA500 Series routers. However, we are currently beta testing the 2.2.0.3_1 firmware and Inter VLAN Firewall ACLs are still not possible to create. Is there anyway to get that into the next firmware release (2.2.0.x) that is coming out soon?

Good morning.
Hi Curtis Counsil my name is Johnnatan and I am part of the Small business Support community, unfortunately it is not possible to create ACL´s in your device, the solution is to enable inter vlan or placing a printer for each vlan's with the inconvenience that it could not communicate with each other, however that's what you do not want. I recommended to you get or buy a Cisco layer 3 device that supports ACL. Such a router or a Switch L3, you can contact our presales team and explain your newortk issue and they will help you with your case
http://www.cisco.com/web/siteassets/contacts/international.html?reloaded=true
Thank you and have a nice day!!!
I hope you find this answer useful, if it was satisfactory for you, please mark the question as Answered.
Best regards.
Johnn.
Cisco network support engineer.

No Inter-VLAN, Just the Internet, Still Layer3 needed?

Hi Guys,
If inter-VLAN communications is not required on a LAN, and clients at each VLAN just need outside (Internet) access, then do I still need to have a layer 3 device in my network?
To be more specific, wireless VLANs are going to be created on a WLC for a Hotel. There is no layer 3 device involved in the network. There is a gateway made by a company called SolutionIP which is used for Internet billing and management. The only reason that I'm creating wireless VLANs and AP groups is to break up broadcast domains because of the size of the network (122 APs and up to 2000 users). So actually there is no need for users on a building to communicate with users on another building. All they need is to connect to that gateway, pick up a connection in their browser, pay with the credit card and surf the Internet.
If the answer of the above question is "no", then what IP address should I use for the default gateway when I'm creating dynamic interfaces on the controller?
Regards,
Saman
Internet Billing and Management

You don't need routing on this deployment, APs can be contained within a VLAN and configure the WLC with an interface defined as AP management with a IP address. You will need DHCP for this VLAN to serve the APs.
Configure multiple interfaces on the controller for clients, these can be configured to be a member of an interface-group, this interface-group is then mapped to the WLAN profile you create. Users will then be dropped onto the interfaces in a round robin fashion, this way you can serve 1000 users with 4 subnets each of 250 addresses (Class C). No requirement for routing or large CIDR (supernetted) addresses. Each interface would need its own DHCP scope which can be done on the internal DHCP server on the WLC.
As long as your default gateway device, in your case the SolutionIP can be configured with multiple VLANs and IP addresses so it can handle the different subnets then no problem.

Inter-vlan bridging for sna/netbios

I have a requirement to have several vlans bridged because of sna/netbios applications. I have heard that inter-vlan bridging has the potential for many problems and have heard that running the dec protocol for bridging on the core routers instead of ieee would help in preventing these problems. I do not want the router interfaces to be root. Has anyone done this, and are there any pitfalls?
thankx

This is from a co-worker, Matthias Binzer:
Hi,
is the question that the customer wants to bridge into dlsw?
If yes they can use a different bridge-group per interface, thus they do not bridge the vlan's together but only into dlsw.
If you talk about pure transparent bridging i guess the answer is it depends. It depends on your topology and on the other devices paritcipating in the spanning tree. If you dont want the router doing the transparent bridging to become root while you use ieee spanning tree on the router and the switches you can set the bridge priority higher than the default. Thus we would not attempt to become root given that there are other devices with a
better bridge priority.
the usage of dec spanning tree will work as long as there is no other device bridging the same vlan's together. If there is i.e. another router bridging the same vlan's you MUST make sure that this second router also uses dec spanning tree, otherwise you create a loop.
What you essentialy do is to create separate spanning trees overlaying each other.
thanks...
Matthias

2960X and Inter-vlan

I have read from cisco sites that 2960X with Lan base supports up to 16 static routes however I believe this is a layer 2 switch . One of my confusion is that would I be able to do Inter-vlan routing with this . Has anyone tried this ?

Thanks for the reply .
Yes i understand that dyamic routing is not supported . If we have one switch I can make 3 SVI and assign each port to each SVI , later each port can be connected to a Laptop . This way each laptop will have different IP . Because Laptop's default gateway would be SVI created on switch all data would travel there .
Now if i do a show ip route on that switch I will see all 3 SVI as Directly Connected route with an administrative distance of 0 because the line protocol of SVI is up .
My question is would Laptop A be able to ping Laptop B , Intervlan routing ?

Cisco Sg500X inter vlan routing - Cisco can you please help - holding up a project

Hey guys
I am simply trying to get inter vlan routing working on an SG500X operating in standalone mode.
I have setup a couple of vlan interfaces on the switch which I assume are routed automatically when ip routing is enabled.
I can ping these vlan interfaces from a pc on the appropriate VLAN (ie - I can ping what should be the default gateway and the gateway and IP are setup correctly on the pc's in question but no traffic will pass from pc to pc.
Have probably missed something obvious - any help would be greatly appreciated, config below:
skelta-dist#sh run
config-file-header
skelta-dist
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2000,3000,4092-4093
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname skelta-dist
line console
exec-timeout 0
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 0
exit
logging console debugging
username admin password encrypted 54f0197510fc8f980214826ad98ecc0291956ebc privilege 15
username cisco password encrypted 007253f1436da456a0880a66bbcc7c1b4a3af284 privilege 15
username readonly password encrypted 9a27718297218c3757c365d357d13f49d0fa3065
snmp-server location "Skelta comms room"
snmp-server contact [email protected]
ip http timeout-policy 0
interface vlan 1
ip address 1.1.1.1 255.255.255.0
no ip address dhcp
interface vlan 2000
name backup
ip address 192.168.50.241 255.255.255.0
interface vlan 3000
name user
ip address 10.129.53.241 255.255.254.0
interface vlan 4092
name server
ip address 10.129.38.241 255.255.255.0
interface vlan 4093
ip address 10.129.100.241 255.255.255.0
interface gigabitethernet1/1
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/2
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/3
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/4
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/5
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/6
switchport mode access
switchport access vlan 3000
interface gigabitethernet1/7
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/8
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/9
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/10
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/11
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/12
switchport mode access
switchport access vlan 4092
interface gigabitethernet1/13
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/14
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/15
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/16
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/17
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/18
switchport mode access
switchport access vlan 4093
interface gigabitethernet1/19
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/20
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/21
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/22
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/23
switchport mode access
switchport access vlan 2000
interface gigabitethernet1/24
switchport mode access
switchport access vlan 2000
interface tengigabitethernet1/1
channel-group 1 mode on
interface tengigabitethernet1/2
channel-group 1 mode on
exit
macro auto disabled
macro auto processing type host enabled
macro auto processing type ip_phone disabled
macro auto processing type ip_phone_desktop disabled
macro auto processing type router enabled
macro auto processing type ap disabled
ip helper-address all 0.0.0.0 7
skelta-dist#sh ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 1.1.1.0/24 is directly connected, vlan 1
C 10.129.38.0/24 is directly connected, vlan 4092
C 10.129.52.0/23 is directly connected, vlan 3000
skelta-dist#sh arp
Total number of entries: 3
VLAN Interface IP address HW address status
vlan 3000 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
vlan 4092 10.129.38.2 a4:5d:36:18:12:d6 dynamic
These are the two VLANs and above are the two ARP entries for the pc's.
and these are the default gateways:
skelta-dist#sh ip interface
IP Address I/F Type Directed Precedence Status
Broadcast
1.1.1.1/24 vlan 1 Static disable No Valid
10.129.38.241/24 vlan 4092 Static disable No Valid
10.129.53.241/23 vlan 3000 Static disable No Valid
10.129.100.241/24 vlan 4093 Static disable No Valid
192.168.50.241/24 vlan 2000 Static disable No Valid

Hi Rajeevsh
Ip routing is turned on, the correct connected routes are in the route table, I can see the arp entries for the two pc's but the two pc's cant ping each other (windows firewall is turned off).
I CAN ping the vlan interfaces from both pc's but the pc's cant talk to each other.
The ports are in untagged (switchport access) and obviously in the correct vlans
skelta-dist#sh ip route address 10.129.38.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.38.0/23 is directly connected, vlan 4092
skelta-dist#sh ip route address 10.129.53.1
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.129.53.0/24 is directly connected, vlan 1
skelta-dist#sh arp
Total number of entries: 2
VLAN Interface IP address HW address status
vlan 1 gi1/4 10.129.53.1 a4:5d:36:18:12:d6 dynamic
vlan 4092 gi1/12 10.129.38.1 04:7d:7b:5b:f1:1f dynamic
skelta-dist#sh ip interface
IP Address I/F I/F Status Type Directed Precedence Status
admin/oper Broadcast
10.129.38.241/23 vlan 4092 UP/UP Static disable No Valid
10.129.53.241/24 vlan 1 UP/UP Static disable No Valid

SG 300 - Inter VLAN

Hi forumers'
My problem statement
a. how to let a single switchport to carry vlan voice and vlan data?
say i had create and configure the vlan voice (20) and vlan data (10)
first i do as this (attach voice vlan.png)
what should i do over
a1. VLAN Management-Port to VLAN
(set the interface as general, but then should i tick PVID, tag or untag? )
a2. VLAN Management-VLAN to Port
(is it let vlan 10 and vlan 20 to join the switchport?) (attach VLAN to Port.png)
b. can this switch doing "ip routing" for inter VLAN routing?
say i create the VLAN, assign IP for the virtual interface for it. What need to do to enable inter-VLAN routing?
I check the switch only switch IPv4 Static Route, is it need to manual create the static route to reach every VLAN's subnet?
c. can this switch be NTP server?
Thanks
Noel

Hi!
a. Create vlan 10 (data) and vlan 20 (voice). Set the switchport where you have an IP phone attached to the Trunk mode (Vlan Management -> Interface Settings). Administrative PVID of the port should be 10. Go to VLAN Management -> Port VLAN membership, select the switchport and click Join VLAN button. In the right column you should have "10UP" (VLAN 10 Untagged, PVID: 10). From the left column select 20, Tagging should be Tagged, click right arrow button to add VLAN 20 Tagged to the port and click Apply.
These settings will make switchport transferring traffic from VLAN10 (data) as untagged and voice traffic from VLAN20 as tagged to the phone. Respectively your phone, if it has a PC attached to it should be configured to tag voice traffic with VLAN20 tag and pass data traffic untagged to the PC. Voice VLAN settings keep like shown on the screenshot - it will let the switch assign the optimal QoS settings to the voice vlan traffic.
b. If you have the latest firmware installed the Inter VLAN routing is enabled by default. Just create SVI interfaces (assign an IP address to the VLAN interface) and if you have at least one host connected to the switchport member of the VLAN, the route to that subnet will appear in the switch routing table automatically. If you have several VLANs with IP addresses assigned and active hosts on these VLANs - all these networks will appear in the routing table as directly connected and hosts from all VLANs will be able to reach each other. If you need to restrict Inter VLAN communication - use IP ACLs.
c. No, the switch can be SNTP client only.

RV130W Inter-VLAN Routing occurs even when disabled

On my RV130W I have two VLANs set up:
VLAN1:
VLAN100:
Inter-VLAN Routing is NOT enabled:
Why then am I able to ping hosts in a different VLAN?
Does this require a bug fix?

I put my theory to the test and it worked as I thought
which is that vlan 101 could get to vlan 102 and vice versa
but vlan 1 could get to either and vice versa
I take it that this is probably due to how the router os is setup and hardware options on it
based on that there is probably only a couple of real interfaces
and that the vlan 1 is assigned to the one of them or to the switch interface
and the other vlans are just attached to it,
vlan 1 has to be able to cross communicate due to my guess that there aren't enough real interfaces
in that vlan is the end gateway and the other vlans are just virtual gateways if you will
This is what I did with the ports
In my lab I actually don't assign vlan 1 to any ports at all, nothing is on it except that actual router
but I left it on a port for you to see, as it might be handy to connect to in worst case scenarios
which works because of routing
as to whether its a feature or a bug or a limitation is hard to say without more info from cisco

ACL with Inter Vlan

We are used Cisco 3750 Layer 3 Switch and linksys switch at Layer 2 level.
We are used total 10 VLAN, We want block all inter-vlan communication, So no body can access inter vlan .
All vlan can access server vlan
Thanks
Dinesh Chavan

Dinesh Chavan
Based on what you have told us one solution would be to configure an access list for each of the SVIs on your 3750 switch and apply it on the inbound direction for the interface. In the access list you would permit packets with source address in the vlan of that interface a destination of the server vlan. You would deny all other traffic. This would allow each vlan to communicate with the server vlan but not with any other vlan.
HTH
Rick

Setting Inter VLAN in the Router.

Hi,
I trying to set up inter VLAN on the Cisco 2651XM router. I try to type the IP address on the sub interface but it gives me an error. I need to set up first
the encapsulation dot1 q. I type encapsulation command but it doesn't recognized.
This is the version of my router
Cisco Internetwork Operating System Software
IOS (tm) C2600 Software (C2600-I-M), Version 12.2(8)T5, RELEASE SOFTWARE (fc1)
TAC Support: http://www.cisco.com/tac
Copyright (c) 1986-2002 by cisco Systems, Inc.
Compiled Fri 21-Jun-02 08:50 by ccai
Image text-base: 0x80008074, data-base: 0x80A2BD40
ROM: System Bootstrap, Version 12.2(8r) [cmong 8r], RELEASE SOFTWARE (fc1)
Router uptime is 32 minutes
System returned to ROM by power-on
System image file is "flash:c2600-i-mz.122-8.T5.bin"
cisco 2651XM (MPC860P) processor (revision 0x100) with 125952K/5120K bytes of memory.
Processor board ID JAD07130B30 (708131756)
M860 processor: part number 5, mask 2
Bridging software.
X.25 software, Version 3.0.0.
2 FastEthernet/IEEE 802.3 interface(s)
2 Serial network interface(s)
32K bytes of non-volatile configuration memory.
32768K bytes of processor board System flash (Read/Write)
Configuration register is 0x2142
Do I need to update my cisco IOS if I do what os version I need and how can i download the cisco IOS.

Thanks for the help. I don't need to change the version. I figure it out already..

881 - How to configure inter-VLAN routing

I hesitate to post here -- I know that I should know my job. But here goes...
Small business wants to use an ASA 5505 firewall on the edge connected to VDSL modem, and then an 881 to route internally (see attachment). The 881 has a downstream link to a 2960.
Want the following "blocks":
VLAN 33 - CLIENTS
VLAN 55 - SERVERS
VLAN 101 - CDLAB
The lab is for testing, and will be connected via Cisco 2500 series router. The server farm (Server 2008 domain +) will be connected via layer 2 switch over VLAN. A DMZ is anticipated after basic connectivity is established. Connectivity is already verified from a client connected to the INSIDE interface of the ASA going to the OUTSIDE and back.
Before I started I wiped the devices in order to start clean. Both the router and the switch are in vtp mode transparent.
To build a trunk link, I connected the 881 and the 2960 using a crossover cable from int fa0 to int fa0/8 respectively.
On both devices' interfaces I set switchport mode trunk.
I configured the 3 VLANs on the 881, assigned IP addresses to them, and used switchport trunk allowed vlan add 33,55,101 to assign them to the trunk but that doesn't appear in the sh run output under the interface.
I set both devices' to switchport nonegotiate (best practices?). Once again, on the 881 this command doesn't appear in the running config.
I configured the 3 VLANs on the 2960, then used the same switchport commands as above to assign them to the trunk.
Here's the deal.
From a client connected to a VLAN 33 access port on the 2960, I can't ping, for example, the VLAN 55 IP address. I can ping the VLAN 33 IP address. I also can't ping the IP address of the interface on the far side of the router headed to the ASA (int fa4).
What am I doing wrong? I'll gladly post the running configs if anyone wants to see. I've spent most of the day on this racking my brain and literally scouring the Internet. I'd be very grateful for some assistance.
Help!

Thanks, Mike.
Yeah, I might not have been too clear. But on the router, each VLAN was created using the vlan 33 command (for example) and given a name. Then I went to int vlan 33 (for example) and used ip address 10.0.33.xx 255.255.255.0 for the address and subnet mask. Those have been in place since I started. And like I said, I can ping the SVI for VLAN 33, which is mapped to the client access port I'm on.
The problem is, I still can't ping inter-VLAN and I still can't ping the far side interface.
Bummer...

Inter VLAN Routing for IEC 61850

Hello,
Hoping someone can help me with this query. I'm in the process of configuring two CGS2520 switches located in two electrical substations. Each of these switches have Protection Relays and Remote Terminal Units (RTUs) connected to them. These devices communicate with each other as follows:
IEC 61850 GOOSE: http://en.wikipedia.org/wiki/Generic_Substation_Events
IEC 61850 MMS: http://en.wikipedia.org/wiki/IEC_61850
- Protection Relay to Protection Relay communication within either substation (Using IEC 61850 GOOSE - VLAN 11 and VLAN 21)
- Protection Relay to Protection Relay communication between substations (Using IEC 61850 GOOSE - VLAN 50)
- RTU to Protection Relay (Using IEC 61850 MMS - VLAN 10 and VLAN 20)
I've attached an image (hope that clears things out). Basically GOOSE traffic is VLAN tagged and and the MMS traffic is untagged.
I need to be able to route between VLAN 10 and VLAN 20 between the substations and I want to allow VLAN 50 between the substations. How do I go about configuring this?
So far I've configured the interfaces as follows:
Switch A2:
Fa0/5 and Fa0/7 (Protection Relay Ports)
port type nni
switchport trunk native vlan 10
switchport trunk allowed vlan 11, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 10
Switch B1
Fa0/4 and Fa0/5 (Protection Relay Ports)
port type nni
switchport trunk native vlan 20
switchport mode allowed vlan 21, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 20
Locally at each substation this seems to work (I can ping the Protection Relays from the RTU port and the Protection Relays send each other GOOSE messages). However I don't know how to configure the inter vlan routing (I want to be able to ping a Protection Relay Substation B from the RTU Port at Substation A) at and how to configure the switch interfaces that connect to each other?
Any help is much appreciated.
Thanks
Darsh

Hello DarshanaD,
Could you fix this? Im asking because I have the same problem right now.
I'll appreciated if you can tell me how did you configure the inter VLAN routing.
Thanks
Ali

Vlan & Inter Vlan question

Similar Messages

Maybe you are looking for