Vlan routing questions on the 6509

Similar Messages

• Two quick VLAN routing questions

  lets say I have a L3 switch routing 4 VLANs
  VLAN 1 is 192.168.10.0/24, the switch's virtual interface is 192.168.10.254 inside this vlan
  VLAN 2 is 192.168.20.0/24, the switch's virtual interface is 192.168.20.254 inside this vlan
  VLAN 3 is 192.168.30.0/24, the switch's virtual interface is 192.168.30.254 inside this vlan
  VLAN 4 is 192.168.40.0/24, the switch's virtual interface is 192.168.40.254 inside this vlan
  there is only one router going out from this switch to the net, and lets say it is in VLAN 1 and it's address is 192.168.10.1
  first question-- inside of the L3 switch I will need to add a default route of 0.0.0.0 0.0.0.0 192.168.10.1
  so that all traffic not corresponding to a 192.168.x.x address knows where to get out to the net, correct?
  secondly- when configuring that router, is there a difference if I use the following static route:
  192.168.20.0 255.255.255.0 192.168.10.254
  instead of
  192.168.20.0 255.255.255.0 192.168.20.254
  either way, the packet gets to the L3 switch, but in one case it gets there via the VLAN interface inside of VLAN 1, and in the other case, it gets there via the VLAN interface inside of the VLAN for which the traffic is destined anyway. what im trying to figure out is, will this make any difference at all? especially in terms of broadcast packets?
  if it makes no difference, then is it safe to say that the following static route would be optimal?
  192.168.0.0 255.255.0.0 192.168.10.254
  Solved!
  Go to Solution.

  Re "firstly". Correct. The L3 switch will route traffic according to its routing table. By default it knows all IP subnets to which it is directly connected to, i.e. all the VLAN subnets. If you have to add a default route manually or not depends on the exact implementation. It may well be that the L3 switch will use the any default gateway for routing which you use for the IP settings of the switch itself (if there is an option in the web interface to set a default gateway). If you cannot define a default gateway on the L3 switch you probably have to add a static route manually. The easiest way should be to check the current routing table and see if there is a default gateway or not.
  Re "secondly". A router can only forward packets to the next hop router. The next hop router must be connected to that router. The route "192.168.20.0 255.255.255.0 192.168.10.254" is correct for a router with IP address 192.168.10.1 and subnet mask 255.255.255.0 as 192.168.10.254 is connected to the router. "192.168.20.0 255.255.255.0 192.168.20.254" is not correct. The router cannot learn the path to a specific subnet 192.168.20.0/255.255.255.0 by using a gateway in that subnet. It is not correct to use that kind of a route and you should not use it even if it might even work (because the router does a plain ARP request to find the MAC address of 192.168.20.254 and your L3 switch will respond to the ARP request even if it is on the internet of 192.168.10.254). The very moment when there would be another router between the 10 and 20 subnets it would not work anymore...
  Re your conclusion: I would recommend to keep four static routes for the existing subnets on the L3 switch instead of putting everything into a larger single subnet which includes a lot of addresses which are not connected there. Technically it works if you only use working IP addresses. But you will see some loops if you send something to 192.168.55.50 or similar. The gateway router will send it to the L3 switch which will send it back to the gateway. They should figure it's a loop but still I would not recommend this kind of setup... Add routes for each of the L3 switch subnet...

• Basic Vlan routing question

  I am connecting a 4503 to a 2950.  I have native Vlan 1 between them on the trunk.  On that vlan 1 the subnet is 172.16.138.0.  The default gateway on the 2950 is 172.16.138.1.  There are devices attached to the 2950 that are all subnet 172.16.98.0.  I need to be able to get those devices to talk to the 4503. The only vlan I had on the 2950 is vlan 1.   I made another vlan on the 2950 but when I try to no sh it I get kicked out of the switch.     Any ideas?              

  The 2950 is a L2 switch and can only have a single vlan interface for management. When you're creating a new vlan, it's kicking you out because the 4500 doesn't have the vlan configured to support the new vlan that you're creating. That being said, you should be able to do the following to route your other subnet:
  If the 4500 vlan 1 subnet is 172.16.138.0/24, and you're wanting to create 172.16.98.0/24, you'll need to do it on the 4500.
  4500: (Assuming you want to create vlan 10)
  vlan 10
  int vlan 10
  ip address 172.16.98.1 255.255.255.0
  Then you'll need to trunk the port that leads to the 2950 - assume that's fa0/1
  int fa0/1
  switchport trunk encaps dot1q
  switchport mode trunk
  Then on the 2950, you'll need to keep your vlan 1 interface:
  int vlan 1
  ip address 172.16.138.2 255.255.255.0
  ip default-gateway 172.16.138.1 <-- this is to get to the management vlan interface above from another subnet
  Then create your vlan that matches on the 4500 (vlan 10)
  vlan 10
  Trunk the port that leads to the 4500 (assuming f0/1)
  int fa0/1
  switchport trunk encaps dot1q
  switchport mode trunk
  Then the ports that you want on vlan 10, you'll put in the vlan:
  int range fa1/2-48
  switchport mode access
  switchport access vlan 10
  Your hosts will use 172.16.98.1 as a default gateway, but that traffic will be routed at the 4500 series switch. The 2950 cannot do the routing for you, but it can carry the vlan information that you need.
  HTH,
  John
  *** Please rate all useful posts ***

• WRVS4400N 801.Q intra-vlan routing question

  Hi all,
  I have a question in regards to the 802.1Q intervlan feature on the WRVS4400N. My goal is to setup a test network with atleast 10 departmental VLAN(s). By reading the WRVS4400N's data sheet I know that it supports up to 4 VLAN(s). I decided to purchase a Linksys SRW224G4 since it can create more than 4 VLAN(s).
  With my previous Cisco experience I used to configure VLAN(s) on a Catalyst 2940 and trunk them to a Cisco 2501 series router by configuring trunk ports on the Catalyst and sub interfaces with 802.1q tagging on the routers.
  I was wondering if I could trunk 10 VLAN(s) from my SRW224G4 to my WRVS4400N?
  This is what I have tried to do so far
  On the SRW224G4 I configured 10 VLAN(s) and set port G1 as a trunk port to port 1 on my WRVS4400N.
  On my WRVS4400N I configured port 1 as a trunk port that accepts all frames.
  When I look at the LAN settings on my WRVS4400N it doesn't give me the option to configure gateways for my VLAN(s). Does this router only support 4 VLAN(s)? if it does is there another router I can look into that has the ability to support more than 4?
  I purchased the Linksys/Cisco small business series thinking that it can provide me with the basics to create a small network. I never thought the WRVS4400N would have a 4 VLAN limitation even when I trunk VLAN(s) from a switch.
  Thanks for the input guys
  Cheers

  Hello,
  i'm new here and planning to do something similar to what you suggest.
  I also have a slm2024 on which i plan to create more than 4 vlans. I'm looking for a gigabit router to route all my network and act as dhcp server. I will connect the switch to the router by a trunk.
  In my setup only 4 of my vlans will need a dhcp server. So if my understanding is correct, the integrated dhcp will be able to serve those 4 vlans if they are created on the router. Is it correct ? In this guide http://www.cisco.com/en/US/docs/routers/csbr/wrvs4400n/administration/guide/WVRS4400N_Admin_Guide_v2.pdf page 60, there is an illustration of dhcp configuration but i don't see anything allowing to select the vlan. How does it work in fact ?
  In my ideal setup, i would like to distribute a different subnet by vlan. Ex : 192.168.2.0 for vlan 2; 192.168.3.0 for vlan 3; etc...
  For the other vlans i would affect static IPs.
  Is this setup possible with this router ? If it's not, which other cisco router would you suggest me ?
  Thanks in advance for your answer.

• NETGEAR Wireless router question reguarding the Macbook

  Im proud to say that my MacBook will be arriving this Thursday, but I was wondering.
  I have a NETGEAR wireless WGT624 which is hooked up to my dads eMac and my crappy *** Windows, will it work on the MacBook with the intergrated 802.11b/g in it or do I have to by an adapter?

  Welcome to the discussions!
  I use the Netgear WGR614 in my mixed network of 2 Mac and three PCs without a problem. I have it set up so that we can share the internet, files, and printers. It was not ard at all.
  If that is what you want to do, take a look at the fine pages set up by iFelix and Joel Shoemaker. They have both taken the time so set up complete, easy to use pages on how to do it.

• Migrating: Collo being difficult :( need some simple vlan/routing answers)

  Hello,
  I just purchased 2xc2950's, and a 515E.
  One 2950 is for outside, one inside, with the 515E protecting the inside.
  We have been renting these devices from our collocation, and the lease is up. So we've decided to manager our own, BUT, now they're being difficult with giving me ANY kind of information, (like configs, etc).
  What I do know, is that the outside switch has at least 4 vlans.
  With the 515E having settings such as:
  nat from xxx.xxx.43.xxx to {inside}
  nat from xxx.xxx.42.xxx to {inside}
  What I would like to know, is what would be the best way to "migrate" everything over.
  1. We have a redundant internet feed, is this possible with vlans?
  2. What is it called, where all the vlans route traffic to the single port (firewall)? interVLAN?
  3. Is it possible to link our 2950 internal to their internal? and slowly move the connections over?
  4. would I need their routing tables to set things up properly?
  Any help would be appreciated!
  ps. anyone from the toronto area who's a cisco export that I can pick their brain for a day $$$ of course, let me know.

  yes, it is possible to have a redundant internet feed, and it is possible with vlans. All the vlans route traffic to the single port (firewall)? interVLAN and this intervaln routing is same as normal one. Is it possible to link your 2950 internal to their internal but different network IP and VLANS may be assigned.

• Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper

  Hope that somebody can help me with the setup in the screenshot. 
  Planning to use Auto-Voice VLAN and Smartports to configure VOIP
  LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right? 
  Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
  Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
  But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
  Normal data should pass  the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
  Still confused on how to set it up, hope that someone can point me in the right direction

  If you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
  On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
  For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS.

• 6509 and 4948 Switch Routing Question

  We have a 6509 switch in our core that handles routing between dozens of VLANs with it's MSFC.  I'm connecting a remote Layer 3 4948 Switch to the 6509 via a Gigabit Fiber Link. 
  The 4948 will be connected to servers on a couple subnets as well as an alternate internet connection that I would like to have the 4948 route between locally but also send traffic to the VLAN's on the 6509.  We are using EIGRP as our internal routing protocol. 
  The question I'm running into is whether I can setup a trunk link between the 6509 and the 4948, VTP, and setup EIGRP to route only using one of the trunk VLANs and between the local VLANs (with SVIs) and routed ports or would it be best to just setup a routed port to connect to one VLAN on the 6509. 
  The advantage I see if the trunk idea is feasible is that I can allocate certain ports to be access ports and go back to the 6509 to route and not be affected by local routing on the 4948.  I absolutely do not want the 4948 to take over routing of my entire network as it will be on the edge and the 6509 is the core switch/router. 
  The advantage with using the 4948 connected to the 6509 as a routed port is that nothing on the 4948 will interface with the 6509 at Layer 2 and I can also keep VLAN's local to that switch.  On the downside though this would prevent me from setting up VLAN's that span across the network connected to the 6509 or other areas of the network. 
  My other question is whether I should use the same EIGRP AS# on the 4948 so it interacts and shares routes with the 6509 or use a separate AS# to keep things isolated. 
  Any thoughts or ideas on these questions? 

  Thanks for the advice.  
  I would assume then I would simply assign one physical port on my 4948 with an IP address with the no switchport command and  then set the ip address configuration rather than assign a SVI identical to the subnet connected to on the 6509?
  Then could I create a new VLAN on the 4948 for the servers with an SVI to point my servers to as their default gateway.  I could then use eigrp to get routes shared between the switches and across my network.  I'm assuming I could just assign the physical port on the 6509 to one of my vlans as an access port (old 6509 CATOS so I don't have the "no switchport" configuration option).  
  Also, will it cause any problems if I have the same vlan setup on both switches (even though I'm not trunking them) as long as I don't use the same ip address space on each?
  Does that sound about right?
  Any other thoughts or suggestions?
  Jim

• Adding VLAN to Po-Group and OSPF routing what is the correct way?

  Hi Community,
  I recently had an issue that brought down the links between a couple of switches...luckily this was done after hours and I did not save the config so was able to revert back.
  The basic scope of my project is:
  We are running out of IP's on the 192.168.1.0/24 sunbnet so wanted to create a seperate VLAN/Subnet  for physical workstations.
  He is what I orginally did;
  1) On our core switch; (Switch1) 
       Create the VLAN,
       VLAN interface,
       DHCP pool,
       excluded address'
  2) On second  switch (Switch 2)
       Add VLAN name, no interface
  3) I then updated the PO-group on Switch1 with new VLAN  (this brought down the link before I was able to finish my config)
      Therefore I was not able to complete the following:
            add vlan to spanning-tree or updated OSPF routing
  Here is what I assume to be the correct order?
  1) On Core Switch (Switch 1)
       Create VLAN
       VLAN interface
       DHCP pool
       excluded address'
       add vlan to spanning-tree
       add vlan (passive interface) and sunbet to OSPF routing
  2) On Switch 2
       Add vlan name/interfaces with no ip
  3) Update PO groups after the above has been configured
       Add new VLAN to Po-Group on Switch 2
       Add new VLAN to Po-Group on Switch 1
  4) Last steps
       Updated specific access ports with new VLAN and test
       upon completion of testing, update all other access ports connected ot workstations with new VLAN
  Questions:
  Did my links go down because I added new VLAN to Po-group BEFORE  updating spanning-tree and OSPF routing?
  Can anyone verify the order as outlined in the section "Here is what I assume to be the correct order"

  So the order in which to apply TASKS is correct?
  also just to clarify the following TASK  based on your comments.
  Step 4- Add new VLANs to OSPF as passive interface
  On Switch 1 (core)
  We have this line of code
  router ospf 100
  router-id 192.168.1.10
  log-adjacency-changes
  passive-interface Vlan10
  passive-interface Vlan30
  passive-interface Vlan50
  passive-interface Vlan500
  network 192.168.0.2 0.0.0.0 area 0
  network 192.168.1.10 0.0.0.0 area 0
  network 192.168.30.254 0.0.0.0 area 0
  network 192.168.33.254 0.0.0.0 area 0
  network 192.168.51.254 0.0.0.0 area 0
  network 192.168.99.5 0.0.0.0 area 0
  network 192.168.200.254 0.0.0.0 area 0
  TASK: OSPF - Add new VLANs(40 & 41) to OSPF as Passive Interface
  ******* Begin Here  *********
  config t
  router ospf 100
  passive-interface vlan40
  passive-interface vlan41
  !WE SHOULD ADD THIS LINE OF CODE
  network 192.168.40.254 0.0.0.0 area 0
  network 192.168.41.254 0.0.0.0 area 0
  ******* End Here  *********
  RESULT:
  router ospf 100
  router-id 192.168.1.10
  log-adjacency-changes
  passive-interface Vlan10
  passive-interface Vlan30
  passive-interface Vlan40
  passive-interface Vlan41
  passive-interface Vlan50
  passive-interface Vlan500
  network 192.168.0.2 0.0.0.0 area 0
  network 192.168.1.10 0.0.0.0 area 0
  network 192.168.30.254 0.0.0.0 area 0
  network 192.168.33.254 0.0.0.0 area 0
  network 192.168.40.254 0.0.0.0 area 0
  network 192.168.41.254 0.0.0.0 area 0
  network 192.168.51.254 0.0.0.0 area 0
  network 192.168.99.5 0.0.0.0 area 0
  network 192.168.200.254 0.0.0.0 area 0
  Better??
  Again thanks...your feedback have been a tremendous help!

• USB External Hard Drive Question for the E4200 v1 router

  I know this is going to be a really dumb question, especially coming from a computer tech of 25 years, but I'm going to ask it just to be safe.
  First off, my router is the E4200 v1.  It's a substitute for my older WRT54GS router.  One of the features I am quite fascinated with is the USB external drive usage.  Here's my question.  I have a Western Digital My Passport Essentials 500 GB external drive (Model #WDBAAA5000ABB-02) that I want to use on it.  I know it's not on the Official List of tested USB storage devices for the Linksys E4200 but I really want to use it, especially for storage on my three computer systems.  My question is do I need to unplug the router power supply BEFORE I plug in the external drive to the USB port on the back, or does it matter?
  Any help is appreciated.  Again, I know it's a dumb question, but the guides and "How-To" on the Linksys website isn't exactly clear.  Thanks in advance!
  ~Jeffrey
  ~JRK 2014
  "Your bark is only as good as your bite. BITE HARD!" ~JRK 2004

  Errr... Nevermind.  I think I found a better way to use the external drive without the use of the router.  Thanks anyway.
  ~JRK 2014
  "Your bark is only as good as your bite. BITE HARD!" ~JRK 2004

• OTV vlans routing on the 1 device and switching on the other

  Hi there seems to having OTV issues where the odd vlana are on agg1 is showing as routing and even vlan are using the OTV .  and on AGG 2 vice versa
  my presumption was that using OTV all vlans configured for access would use OTV instead of routing
  agg1# show ip route  10.128.105.133
  IP Route Table for VRF "default"
  '*' denotes best ucast next-hop
  '**' denotes best mcast next-hop
  '[x/y]' denotes [preference/metric]
  10.128.105.128/25, ubest/mbest: 1/0
      *via 192.168.28.50, Po5, [19/51456], 4d00h, eigrp-128, external
       via 10.101.0.25, [200/51712], 4d00h, bgp-65149, internal, tag 65149
  agg1# show ip route  10.128.106.133
  IP Route Table for VRF "default"
  '*' denotes best ucast next-hop
  '**' denotes best mcast next-hop
  '[x/y]' denotes [preference/metric]
  10.128.106.128/25, ubest/mbest: 1/0, attached
      *via 10.128.106.130, Vlan806, [0/0], 4d02h, direct
       via 10.101.0.25, [200/51712], 3d20h, bgp-65149, internal, tag 65149
  agg2 show ip route  10.128.106.133
  IP Route Table for VRF "default"
  '*' denotes best ucast next-hop
  '**' denotes best mcast next-hop
  '[x/y]' denotes [preference/metric]
  10.128.106.128/25, ubest/mbest: 1/0
      *via 192.168.28.49, Po5, [19/51456], 4d00h, eigrp-128, external
       via 10.101.0.25, [200/51712], 3d20h, bgp-65149, internal, tag 65149
  agg2# show ip route  10.128.105.133
  IP Route Table for VRF "default"
  '*' denotes best ucast next-hop
  '**' denotes best mcast next-hop
  '[x/y]' denotes [preference/metric]
  10.128.105.128/25, ubest/mbest: 1/0, attached
      *via 10.128.105.132, Vlan805, [0/0], 4d00h, direct
       via 10.101.0.25, [200/51712], 4d00h, bgp-65149, internal, tag 65149
  how otv adjacency
  Overlay Adjacency database
  Overlay-Interface Overlay1  :
  Hostname                         System-ID      Dest Addr       Up Time   State
  MCC-N7K2-OTV                     04c5.a4ea.8b42 192.168.26.54   4d12h     UP  
                                   04c5.a4ea.93c2 192.168.28.42   4d09h     UP  
  LDC-N7K2-OTV                     04c5.a4ea.6042 192.168.28.46   1d22h     UP 
  Does the OTV device need to be physically connected to each other
  It seem that vlans at layer 2 do no span across the AGG switches
  diagram

  You did not configure PBR on the CSS since it does not have this function.
  You simply configured static routing.
  As so, the CSS will route between the vlans.
  If you want a firewall to protect every vlan from the other ones, you should have a one-armed design where the firewall does the routing between the vlans and the CSS is doing the loadbalancing.
  ie:
  ........vlan1
  ..........|
  .vlan2 ---FW----- CSS
  ..........|
  ........Vlan2
  You'll need to do client nat on the css or implement some form of PBR on the firewall.
  PBR means routing based on another factore than the destination ip address. In this case, it is necessary to route based on the source port.
  That might be too complex, so an easier choice would be
  ..vlan1(ext).....vlan2(ext)
  ....|...............|
  ....+-------FW------+
  .............|
  ..........+-CSS-+
  ..........|.....|
  ........vlan3 vlan4
  there is no protection between internal vlan but you don't need policy routing or client nat.
  Gilles.

• VLAN routing on the WRVS4400N

  I have installed a WRVS4400N router for a client and created 3 vlans.  I would like to route some traffic between the vlans so I turned on intra-vlan routing.  Is there  a way to limit what traffic is routed between the vlans?  I only want computers on vlan 1 to access computers on vlan 2 and computers on vlan 3 should not be able to access any other computers on any other vlans.  Thanks for your help.

  Ken,
  Yes in these models it's only inter-vlan routing on or off. We can't restrict certain vlans and not others. So it's either all or nothing. In our RV (RV120 RV220)(SA5xx) models gives the ability to turn inter-vlan routing on the vlan itself which is what you are trying to accomplish.
  Thanks,
  Jason
  Cisco Support Engineer
  .:|:.:|:..

• Question about the dot1q native vlan

  On a dot1q trunk, the switch can send untagged frames in the native vlan and tagged frames in the other vlans.
  Both end switches know the native vlan id, but firstly, the receiving switch must determine which frame type(tagged or untagged) the frame is.
  The peer switch how to determine that the received framed is tagged or untagged? There are not any bits in the frame header in either frame format(ethernet or dot1q format) indicating that "I" am untagged or tagged.
  In the other word, after a frame is received , how the receiving switch make certain that the two bytes after the "source mac address" in the frame is a "TPID" field (dot1q tag) but not a "Type/Length" field (untaged Ethernet frame ), or vice versa.

  If the frame's Type/Length field value equals 0x8100 the a TPID field will follow.

• ACE design with inter-Vlan routing

  Hello all.
  I'm working on a design for a customer where the ACE will perform inter vlan routing.
  A few questions about that :
  - is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
  https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
  - if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
  example :
  VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24                 192.168.3.0/24
  If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
  I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
  Thanks in advance.

  Hello Surya!
  Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
  And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
  Cheers,
  Marko

• RV180 Router: Cannot get Inter-VLAN Routing to work.

  I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
  Here is the est-up:.
  Upgraded to latest Cisco firmware (1.0.1.9).
  Starting with factory default settings, I added 2 VLANS as follows:
      vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
      vlan vlan2  (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
      vlan vlan3  (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
                                     (unconnected)
                                       WAN port
                                          |         
                                      Routing/NAT
                                          |
  vlan ip                   192.168.1.1   192.168.2.1   192.168.3.1
  vlan name                   default        vlan2        vlan3
  vlan id                       ID=1          ID=2         ID=3
  Inter-VLAN Routing             No           Yes          Yes
  Port 1                     Untagged       Excluded     Excluded
  Port 2                     Excluded       Untagged     Excluded
  Port 3                     Excluded       Excluded     Untagged
  Port 4(not of interest)    Untagged       Excluded     Excluded
                              Port 1         Port 2       Port 3
                                |              |            |
                             AdminPC          PC2          PC3
                                         192.168.2.191   192.168.3.181
  PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
  PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
  PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
  PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
  BUT....
  PC2 cannot ping PC3  - NOT WORKING
  PC3 cannot ping PC2  - NOT WORKING
  (does not work in both Gateway Mode and Router Mode)
  ANYONE CAN HELP ME FIGURE OUT WHY ??????
  Your help is much appreciated.
  I bought this device specifically because it supported inter-VLAN routing!.
  Venu
  Supporting Information:
  Screen captures:
  VLAN Membership:
    VLAN ID  Description  Inter VLAN  Device   Port 1    Port 2    Port 3    Port 4  
                          Routing     Mgment
         1   Default      Disabled    Enabled  Untagged  Excluded  Excluded  Untagged  
         2   VLAN2        Enabled     Enabled  Excluded  Untagged  Excluded  Excluded  
         3   VLAN3        Enabled     Enabled  Excluded  Excluded  Untagged  Excluded 
  Multiple VLAN Subnets:
     VLAN ID IP Address   Subnet Mask    DHCP Mode    DNS Proxy Status  
          1  192.168.1.1  255.255.255.0  DHCP Server  Enabled  
          2  192.168.2.1  255.255.255.0  DHCP Server  Enabled  
          3  192.168.3.1  255.255.255.0  DHCP Server  Enabled
  Routing Table (Gateway Mode)
  Destination     Gateway   Genmask         Metric  Ref   Use   Interface   Type     Flags
  127.0.0.1     127.0.0.1   255.255.255.255 1       0     0     lo          Static   UP,Gateway,Host
  192.168.3.0     0.0.0.0   255.255.255.0   0       0     0     bdg3        Dynamic   UP
  192.168.2.0     0.0.0.0   255.255.255.0   0       0     0     bdg2        Dynamic   UP
  192.168.1.0     0.0.0.0   255.255.255.0   0       0     0     bdg1        Static   UP
  192.168.1.0 192.168.1.1   255.255.255.0   1       0     0     bdg1        Static   UP,Gateway
  127.0.0.0       0.0.0.0   255.0.0.0       0       0     0     lo          Dynamic
  Routing Table (Router Mode)
  (Same)

  cadet alain, you hit the nail on the head.    The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet.  Thank you for your help in resolving this.
  I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that.  Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it.  My current routing table looks like this:
  Destination   Gateway     Genmask           Metric  Ref   Use  Interface  Type    Flags
  127.0.0.1     127.0.0.1   255.255.255.255   1       0     0    lo         Static  UP,Gateway,Host
  192.168.2.0   0.0.0.0     255.255.255.0     0       0     0    bdg2       Dynamic UP
  192.168.1.0   0.0.0.0     255.255.255.0     0       0     0    bdg1       Static  UP
  127.0.0.0     0.0.0.0     255.0.0.0         0       0     0    lo         Dynamic UP
  It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254).  Can't seem to find a way to add a default route.