InterVLAN Routing and Multiple Switches

I have a Cisco Catalyst 3550 switch that I am using as a testing environment before going live on my 4507R.

My current network architecture has two VLANs, one for voice traffic (100), and one for data traffic (900). My original problem was connecting the two VLANs. That was solved when I found out about the ip routing command. With this command, I was essentially enabling Layer 3 functionality, turning on the routing of packets between the two VLANs. I used this command on my lab/testing switch (a Catalyst 3550). I attached a lab PC to a port that was set up for VLAN 100. I attached another PC to a port that was set up on VLAN 900. I manually gave these client PCs valid IP addresses, and default gateways (the address of it's VLAN on the 3550 switch). After a few seconds, the PCs were able to ping one another. Life was good.

I then decided that since I had this working, it was time to move on to my next challenge. That challenge was to connect this 3550 to a 4507R, and have a PC on VLAN100 of the 3550 talk to devices on the 4507R that are on VLAN 900.

Again, just to be as clear as I can, I would plug a PC into a switchport of the 3550 that was on VLAN900, and let the [be]ip routing[/b] functionality of the 3550 carry that traffic across to VLAN100 (still within the 3550. Then, the packet would be on VLAN100 in the 3550. From here, it would go out an interface on VLAN100 and across the ethernet cable to a port on the 4507 that is also on VLAN100. From here, it would be able to get to it's destination, that is, a device on VLAN100 that is plugged into the 4507.

If this comes off as unclear, please forgive me, this situation doesn't lend itself well to plain speaking. I am looking for an answer on how this can be done, because I tried it, and it didn't work for me. I couldn't ping from a host on VLAN900 on the 3550 to a host on VLAN 100 on the 4507. The theory behind what I am trying to accomplish here is that I can do my ip routing on the 3550, before the packet ever hits the 4507. The packet originating from VLAN900 can route over to VLAN100 before it ever gets to the 4507.

Before I conclude, I want to mention that I've got a feeling this has something to do with the gateway configuration on my PC, or the ip helper command on my switch. That, or the packet doesn't see it's destination because it's destination lies on another switch altogether. I'm honestly at a loss. Any help is appreciated.

You need a trunk between the two switch.

I have a Cisco Catalyst 3550 switch that I am using as a testing environment before going live on my 4507R.

My current network architecture has two VLANs, one for voice traffic (100), and one for data traffic (900). My original problem was connecting the two VLANs. That was solved when I found out about the ip routing command. With this command, I was essentially enabling Layer 3 functionality, turning on the routing of packets between the two VLANs. I used this command on my lab/testing switch (a Catalyst 3550). I attached a lab PC to a port that was set up for VLAN 100. I attached another PC to a port that was set up on VLAN 900. I manually gave these client PCs valid IP addresses, and default gateways (the address of it's VLAN on the 3550 switch). After a few seconds, the PCs were able to ping one another. Life was good.

I then decided that since I had this working, it was time to move on to my next challenge. That challenge was to connect this 3550 to a 4507R, and have a PC on VLAN100 of the 3550 talk to devices on the 4507R that are on VLAN 900.

Again, just to be as clear as I can, I would plug a PC into a switchport of the 3550 that was on VLAN900, and let the [be]ip routing[/b] functionality of the 3550 carry that traffic across to VLAN100 (still within the 3550. Then, the packet would be on VLAN100 in the 3550. From here, it would go out an interface on VLAN100 and across the ethernet cable to a port on the 4507 that is also on VLAN100. From here, it would be able to get to it's destination, that is, a device on VLAN100 that is plugged into the 4507.

If this comes off as unclear, please forgive me, this situation doesn't lend itself well to plain speaking. I am looking for an answer on how this can be done, because I tried it, and it didn't work for me. I couldn't ping from a host on VLAN900 on the 3550 to a host on VLAN 100 on the 4507. The theory behind what I am trying to accomplish here is that I can do my ip routing on the 3550, before the packet ever hits the 4507. The packet originating from VLAN900 can route over to VLAN100 before it ever gets to the 4507.

Before I conclude, I want to mention that I've got a feeling this has something to do with the gateway configuration on my PC, or the ip helper command on my switch. That, or the packet doesn't see it's destination because it's destination lies on another switch altogether. I'm honestly at a loss. Any help is appreciated.

If I run a trunk between these two switches, could I only enable VLAN100 to cross this trunk, thus still allowing routing to take place?

In other words, if I were to enable trunking on the two switches, I wonder how the routing of traffic would take place. Say I enable this trunk, and let data from VLAN900 and VLAN100 on the 3550 travel over this trunk link to the 4507R. Then I connect a host to VLAN900 on the 3550 and ping a host on the VLAN100 of the 4507R. How would the 3550 know where this host was if it isn't directly connected to an interface on the 3550, but instead connected to one of the 4507R interfaces?

Just so that you all know, the reason I am going through this is because I am working on setting up softphones, that is, IP telephony software that runs on a standard PC and connects to a call server. The problem is that I have two VLANs, VLAN100 for data and VLAN900 for voice, and I need to route between them. All of my PCs are plugged into VLAN100, and all of my IP hardphones (regular physical handsets) are configured to send VLAN-tagged packets out that automatically tells the 4507R to put them (the phones) on VLAN900. Unfortunately, when running softphone clients on a PC, this VLAN-tagging method of getting the voice traffic on VLAN900 goes out the window because the PC also needs to be on VLAN100 to have access to all of my data servers. Before going ahead with this sort of change (allowing IP routing) on our main switch, I want to be sure that I understand what sort of effect turning on IP routing will have, which is why I'm doing all of this experimentation with a spare 3550. I ultimately plan on connecting the 3550 to my 4507R and using it as a switch to offload/plug all of my telephone hardware into (call servers, etc.) This hardware is all on VLAN900, while my data hardware is on VLAN100. Again, I understand this is a mouthful, but any input or advice is appreciated!

You need a trunk between the two switch.

I spoke too soon when I said you need a trunk earlier. I didn't get a chance to finish reading what you wanted to do. I thought you wanted to create a vlan 100 and 900 on both switches and need the devices in vlan 900 to communicate with the devices in the same vlan in another switch. The same goes for your vlan 100.


A layer 2 VLAN cannot send traffic to another layer 2 vlan without any layer 3 involvement. Now, when you enable ip routing, you will still need to assign ip address to interface vlan 100 and interface vlan 900. Now if you want to move vlan 900 to another switch, you'll need layer 3 routing between the 4507 and the 3550. If your 3550 has layer 3 capabilities, tie the two switches together with a point to point, route the traffic across this point to point.

I have a Cisco Catalyst 3550 switch that I am using as a testing environment before going live on my 4507R.

My current network architecture has two VLANs, one for voice traffic (100), and one for data traffic (900). My original problem was connecting the two VLANs. That was solved when I found out about the ip routing command. With this command, I was essentially enabling Layer 3 functionality, turning on the routing of packets between the two VLANs. I used this command on my lab/testing switch (a Catalyst 3550). I attached a lab PC to a port that was set up for VLAN 100. I attached another PC to a port that was set up on VLAN 900. I manually gave these client PCs valid IP addresses, and default gateways (the address of it's VLAN on the 3550 switch). After a few seconds, the PCs were able to ping one another. Life was good.

I then decided that since I had this working, it was time to move on to my next challenge. That challenge was to connect this 3550 to a 4507R, and have a PC on VLAN100 of the 3550 talk to devices on the 4507R that are on VLAN 900.

Again, just to be as clear as I can, I would plug a PC into a switchport of the 3550 that was on VLAN900, and let the [be]ip routing[/b] functionality of the 3550 carry that traffic across to VLAN100 (still within the 3550. Then, the packet would be on VLAN100 in the 3550. From here, it would go out an interface on VLAN100 and across the ethernet cable to a port on the 4507 that is also on VLAN100. From here, it would be able to get to it's destination, that is, a device on VLAN100 that is plugged into the 4507.

If this comes off as unclear, please forgive me, this situation doesn't lend itself well to plain speaking. I am looking for an answer on how this can be done, because I tried it, and it didn't work for me. I couldn't ping from a host on VLAN900 on the 3550 to a host on VLAN 100 on the 4507. The theory behind what I am trying to accomplish here is that I can do my ip routing on the 3550, before the packet ever hits the 4507. The packet originating from VLAN900 can route over to VLAN100 before it ever gets to the 4507.

Before I conclude, I want to mention that I've got a feeling this has something to do with the gateway configuration on my PC, or the ip helper command on my switch. That, or the packet doesn't see it's destination because it's destination lies on another switch altogether. I'm honestly at a loss. Any help is appreciated.

I tried to do this. I connected my 3550 with a crossover to my 4507R on a port that was not a trunk. I enabled routing between VLANs on the 3550, and I pinged a host on the 4507R. It didn't work. This is actually why I'm here in the first place, because of the fact that this didn't work. I would imagine it has something to do with the configuration of the gateway or ip helper addresses being required. I'm not quite sure, and I'd much rather do this in an organized, scientific way, than take random stabs at it using different ideas and cross my fingers until something works. I'm here because I'd much rather learn why it wasn't working than just get it working and forget about it.

I've decided to get everything out below... This is my setup and my situation:

---

Catalyst 3550<---Trunk Link--->Catalyst 4507R

VLAN100 is configured on the 3550 and the 4507R
VLAN900 is configured on the 3550 and the 4507R

VLAN100 on the 3550 has an IP of 192.168.1.1/24
VLAN900 on the 3550 has an IP of 172.19.8.199/24 (as 172.19.8.1 is already taken by a device plugged into the 4507)

Switchports 1-12 on the 3550 are on VLAN100
Switchports 13-24 on the 3550 are on VLAN900

ip routing is enabled on the 3550

I configure a laptop plugged into the 3550 (we'll call it HOST A) like so:
IP: 192.168.1.2
Subnet: 255.255.255.0
Gateway: 192.168.1.1

I configure a second laptop plugged into the 3550 (we'll call it HOST like so:
IP: 172.19.8.2
Subnet: 255.255.255.0
Gateway: 172.19.8.199

I configure a third laptop, this one plugged into the 4507R (we'll call it HOST C) like so:
IP: 172.19.8.3
Subnet: 255.255.255.0
Gateway: 172.19.8.1 (BTW, this is the current default gateway address for all of the voice devices we currently have on VLAN900 that are plugged into the 4507R).

I ping from HOST A (VLAN100) on the 3550 to HOST B (VLAN900) on the same 3550, success.
I ping from HOST B (VLAN900) on the 3550 to HOST A (VLAN100) on the same 3550, success.
I ping from HOST A (VLAN100) on the 3550 to HOST C (VLAN900) on the 4507R... FAIL.
I ping from HOST B (VLAN900) on the 3550 to HOST C (VLAN900) on the 4507R... FAIL

What would you do to resolve this?

---

As before, any help/suggestions/ideas are appreciated.

I spoke too soon when I said you need a trunk earlier. I didn't get a chance to finish reading what you wanted to do. I thought you wanted to create a vlan 100 and 900 on both switches and need the devices in vlan 900 to communicate with the devices in the same vlan in another switch. The same goes for your vlan 100.


A layer 2 VLAN cannot send traffic to another layer 2 vlan without any layer 3 involvement. Now, when you enable ip routing, you will still need to assign ip address to interface vlan 100 and interface vlan 900. Now if you want to move vlan 900 to another switch, you'll need layer 3 routing between the 4507 and the 3550. If your 3550 has layer 3 capabilities, tie the two switches together with a point to point, route the traffic across this point to point.

Much better... you need a layer 2 trunk between the two switches. The traffic needs to be switched at layer 2 and if you don't have a trunk, that traffic isn't gonna get to the other switch.


switchport mode trunk
switchport trunk allow vlan <vlanid> {or you can omit this, by default it allows all VLANs defined to span the trunk}

I tried to do this. I connected my 3550 with a crossover to my 4507R on a port that was not a trunk. I enabled routing between VLANs on the 3550, and I pinged a host on the 4507R. It didn't work. This is actually why I'm here in the first place, because of the fact that this didn't work. I would imagine it has something to do with the configuration of the gateway or ip helper addresses being required. I'm not quite sure, and I'd much rather do this in an organized, scientific way, than take random stabs at it using different ideas and cross my fingers until something works. I'm here because I'd much rather learn why it wasn't working than just get it working and forget about it.

I've decided to get everything out below... This is my setup and my situation:

---

Catalyst 3550<---Trunk Link--->Catalyst 4507R

VLAN100 is configured on the 3550 and the 4507R
VLAN900 is configured on the 3550 and the 4507R

VLAN100 on the 3550 has an IP of 192.168.1.1/24
VLAN900 on the 3550 has an IP of 172.19.8.199/24 (as 172.19.8.1 is already taken by a device plugged into the 4507)

Switchports 1-12 on the 3550 are on VLAN100
Switchports 13-24 on the 3550 are on VLAN900

ip routing is enabled on the 3550

I configure a laptop plugged into the 3550 (we'll call it HOST A) like so:
IP: 192.168.1.2
Subnet: 255.255.255.0
Gateway: 192.168.1.1

I configure a second laptop plugged into the 3550 (we'll call it HOST like so:
IP: 172.19.8.2
Subnet: 255.255.255.0
Gateway: 172.19.8.199

I configure a third laptop, this one plugged into the 4507R (we'll call it HOST C) like so:
IP: 172.19.8.3
Subnet: 255.255.255.0
Gateway: 172.19.8.1 (BTW, this is the current default gateway address for all of the voice devices we currently have on VLAN900 that are plugged into the 4507R).

I ping from HOST A (VLAN100) on the 3550 to HOST B (VLAN900) on the same 3550, success.
I ping from HOST B (VLAN900) on the 3550 to HOST A (VLAN100) on the same 3550, success.
I ping from HOST A (VLAN100) on the 3550 to HOST C (VLAN900) on the 4507R... FAIL.
I ping from HOST B (VLAN900) on the 3550 to HOST C (VLAN900) on the 4507R... FAIL

What would you do to resolve this?

---

As before, any help/suggestions/ideas are appreciated.

I spoke too soon when I said you need a trunk earlier. I didn't get a chance to finish reading what you wanted to do. I thought you wanted to create a vlan 100 and 900 on both switches and need the devices in vlan 900 to communicate with the devices in the same vlan in another switch. The same goes for your vlan 100.


A layer 2 VLAN cannot send traffic to another layer 2 vlan without any layer 3 involvement. Now, when you enable ip routing, you will still need to assign ip address to interface vlan 100 and interface vlan 900. Now if you want to move vlan 900 to another switch, you'll need layer 3 routing between the 4507 and the 3550. If your 3550 has layer 3 capabilities, tie the two switches together with a point to point, route the traffic across this point to point.