How do I get my VLAN's to use a common Gateway to the Internet

[ndinc]

I am new to VLAN's. This is a non production switch for testing. It is connected to a live router (NAT) and the gateway is active and running on all VLAN1 ports but not on VLAN2, VLAN3 or VLAN4.

Did I miss something?

Any ideas?

Thanks.

!
interface FastEthernet0/1
!
interface FastEthernet0/2
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/3
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/4
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/10
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/11
switchport access vlan 3
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/12
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
switchport access vlan 4
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/18
switchport access vlan 4
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/19
switchport access vlan 4
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
speed 10
duplex full
!
interface FastEthernet0/23
speed 10
duplex full
!
interface FastEthernet0/24
switchport mode access
speed 100
duplex full
!
interface Vlan1
ip address 10.3.3.100 255.255.255.240
no ip route-cache
!
interface Vlan2
ip address 10.3.3.145 255.255.255.248
no ip route-cache
shutdown
!
interface Vlan3
ip address 10.3.3.161 255.255.255.248
no ip route-cache
shutdown
!
interface Vlan4
ip address 10.3.3.169 255.255.255.248
no ip route-cache
shutdown
!
ip default-gateway 10.3.3.1
ip http server
!

vlan2950#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/1, Fa0/5, Fa0/6, Fa0/7
Fa0/8, Fa0/12, Fa0/13, Fa0/14
Fa0/15, Fa0/16, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24
2 customera active Fa0/2, Fa0/3, Fa0/4
3 customerb active Fa0/9, Fa0/10, Fa0/11
4 customerc active Fa0/17, Fa0/18, Fa0/19
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

vlan2950#
vlan2950#

 

[ADB100]

Yes I think you missed something........

The 2950 is only a LAYER-2 switch and cannot route between VLAN's, that is why only one of the 'interface Vlan X' is up and the rest are shutdown. Only one of these can be active at any one time and is purely for management of the switch, this has nothing to do with IP Routing. With the 3550 (3560, 3750 etc) you can enable IP Routing and route between the VLAN's and therefore have many 'Interface Vlan X' up and active simultaneously (as well as Physical Interfaces with IP addresses as opposed to VLAN interfaces.

Unless you have a Layer-3 switch or router you need to 'flatten' your network to be a single VLAN and point all your hosts at your default-gateway (10.3.3.1?).

Andy

 

[Zen37]

Well, first of all, your vlan 2 to 4 are in shutdown mode. You should do a "no shut" on all of them to get them up and running.
After that, you will need to route the traffic between the vlans to get reach the Internet gateway.

You will also need to put your Default gateway on a vlan of your switch. Right now, your DG has an ip of 10.3.3.1 but there is no vlan that can take that ip in your configuration.

 

[ndinc]

I knew there was a limit to the Layer 2 switching and that makes sense. I wish there was a way around this other than a 3550 switch

I am using a Cisco 2600 (non production) wiht 3 Ethernet interfaces on it e 0/0 is public e 0/1 is 10.3.3.1 and I am running dhcp and NAT on it.

Ultimately I wanted to isolate customers to individual VLANS which I have done and tested. But we need a common gateway as we are providing Internet. If I "flatten" the ports to default VLAN1 then we loose the security component.

Any other ideas other then L3 switching?

Thanks for your replies.

 

[ADB100]

If the 2600 has FastEthernet interfaces you could create an 802.1q trunk and put the Layer-3 Interfaces on the 2600 and route between the VLAN's here:

!Cat-2950
interface FastEthernet0/0
description Trunk to 2600
speed 100
duplex full
switchport mode trunk
switchport nonegotiate
switchport trunk allowed vlan 1,2,3,4
switchport trunk native vlan 1000
!

!2600-Router
interface FastEthernet0/0
no ip address
speed 100
duplex full
no shut
!
interface FastEthernet0/0.1
description VLAN 1
encapsulation dot1q 1
ip address 10.3.3.100 255.255.255.240
!
interface FastEthernet0/0.2
description VLAN 2
encapsulation dot1q 2
ip address 10.3.3.145 255.255.255.248
!
interface FastEthernet0/0.3
description VLAN 3
encapsulation dot1q 3
ip address 10.3.3.161 255.255.255.248
!
interface FastEthernet0/0.3
description VLAN 4
encapsulation dot1q 4
ip address 10.3.3.169 255.255.255.248
!

You will need IP Plus software (or IP Services) on the 2600 to support 802.1q, plus a FastEthernet interface (I think you may even be able to use a 10Mb Ethernet Interface in some IOS releases with the 2600 as well?).


Good luck

Andy

 

[ndinc]

Great idea. I was reading about the VLAN Trunks and thought that is was for sending information to many switches.

I think it worth a shot. If not I will have to sell some equipment for a 3550 L3 switch.

The 2600 IOS is 12.3(6) running Ethernet 10Mb, thats why its a non production router. The 2950 is brand new.

Any suggestions on what IOS I might need to try this?

Thanks again for all.

 

[AJ1982]

The IOS you need is IP PLUS, which I belive has been rebranded as Advanced IP Services or IP Voice.

Ta

AJ

===

Fatman Superstar (Andrew James)

CCNA, CCAI