Skip to main content

Cisco Catalyst 3550 VLAN Routing

More
19 years 3 months ago #9459 by lotus-eater
I have a Cisco Catalyst 3550 with 2950s branched off of it using multiple VLANs. I am able to route between the VLANs when the IP config is manually setup and the 3550 is used as the gateway device.

However, I need to be able to forward traffic from this network to our internet router which is also connected to the 3550. This router currently serves as our DHCP server as well. How can I forward both internet requests and dhcp requests to this router?

Currently the port for that router is setup one only one vlan. I do not think that multi-mode is possible on my 3550. Do I need to manually set the link up as a trunk to the internet router?

Thank You,
Jake
More
19 years 3 months ago #9461 by jwj
I'm assuming you want your 3550 to continue routing your internal network, so no, you don't need to set up a trunk between the 3550 and your internet router. To forward dhcp requests from the 3550, you will need to configure something known as the ip helper address. As you may know, dhcp requests are broadcasted out, and routers don't forward broadcasts unless configured. That's what this ip helper address does, it specifies in your configuration the ip address of the dhcp server that you want dhcp requests forwarded to. The router will forward them as an UDP unicast.

So, for each interface on the 3550 you want to forward dhcp requests, configure the ip helper address. Example:
(config)#interface vlan 25
(config-if)#ip helper address 192.168.100.10

192.168.100.10 is the dhcp server ip address.

-Jeremy-
More
19 years 3 months ago #9468 by lotus-eater
Being the newbie that I am, I was unable to make that work.

I guess my first goal is this:

I have a Sonicwall router (xxx.xxx.5.1) that is currently being used to route traffic and serve as a dhcp server. The 3550 network that I am working on is tree'd off underneath that router. I am working on dividing the network under the 3550 into multiple VLANs. I have two PCs with both of their gateways set to the 3550. One is on Vlan 1 (xxx.xxx.5.x) and the other is on Vlan 2 (xxx.xxx..15.x). I am able to ping back and forth between the two PCs. I can ping the Sonicwall router and receive DHCP requests from a PC on VLAN 1. However, I am not able to ping the Sonicwall router or receive DHCP requests from a PC on VLAN 2.

The following commands are being used:
ip subnet-zero
ip routing
ip default-gateway xxx.xxx.5.1
ip classless
ip route 0.0.0.0 0.0.0.0 xxx.xxx.5.1
ip http server

Can someone explain what I might be missing. The ethernet line coming into the 3550 from the network above it (Sonicwall router network) is using 'static access' VLAN 1 on it's port on the 3550.

Please let me know if I need to clarify some things.
More
19 years 3 months ago #9471 by jwj
Give this a try in the 3550:

(config)#interface eth0 (or whatever your uplink int. is)
(config-if)#switchport trunk
(config-if)#switchport encapsulation dot1q

This will create a trunk to pass your two vlans through to the sonicwall.

-Jeremy-
More
19 years 3 months ago #9472 by Chris
lotus-eater,

I'd suggest a slightly different approach that will remove the unnecessary complexity of having your router perform the DHCP service.

Since you've got a 3550 Catalyst, you can use it to perform all internal routing, offloading the process from your router. The 3550 series are very powerful layer 3 switches, absolutely capable of handling more than 500 network devices with multiple VLANs and ip routing between them - that's experience speaking:)

Let me know if you would like to proceed with this option so I can provide you with more information and associated commands.

Coming to your current question/problem with your sonicwall router/firewall - it seems like your 3550's configuration is okay and since you've enabled IP Routing between VLANs and set a default gateway - your set.

The problem not being able to ping or receive DHCP requests from VLAN2 could be due to a routing table issue.

You mentioned that PC1 (VLAN1) is on the same network as your SonicWall router, so it correctly communicates with it, however, PC2 (VLAN2) is on a different network (xxx.xxx.15.x).

This means that you'll have you add a static route in your router telling it that 'you can reach network xxx.xxx.15.x via my 3550'

Here's a similar command that would be valid for a Cisco router:

#ip route 192.168.15.0 255.255.255.0 192.168.5.1

The above command assumes your 3550's VLAN1 interface has IP Address 192.168.5.1 and your VLAN2 network is 192.168.15.0/24.

Entering the above should resolve your connectivity problem. For DHCP, you'll need to use the DHCP helper address as jwj so correctly noted.

Closing, I believe you'll be in less pain and complexity if you simply move the DHCP service on to your wonderful 3550!

Let us know how it went!

Cheers,

Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
19 years 3 months ago #9474 by jwj
I definitely agree with Chris that the DHCP should be moved to the 3550 for simplicity sake. Here's something I'm wondering about this set-up, and vlan 2 not reaching the sonicwall router.

Since the link between the 3550 and the sonicwall is ethernet, that means that the routed packets will be encapsulated into frames as they travel over the ethernet link. The reason I don't believe that it is a routing issue is that he has the route of last resort configured correctly, and it's obviously working for vlan 1. Since the ethernet interface to the sonicwall router is configured with the default of being an access port on vlan 1, it is my opinion that trunking is needed.

Basically, when frames reach the interface for vlan 2, the will be tagged as belonging to vlan 2, since previously they were untagged. When the router determines it needs to be routed to it's route of last resort, the frame header would still have the vlan tag. Since the ethernet interface from the 3550 to the sonicwall is not configured as a trunk, it will not pass frames from any vlan other vlan 1, or untagged frames.

However, I may be wrong. I don't know for a fact whether the frame header information stays with the packet as it is routed. So, anyways, if anyone does know, please post.

-Jeremy-
Time to create page: 0.134 seconds