I'm setting up a lab switch, WS-C3560X-24T-L to a DSL router/modem and i cannot seem to get the routing from VLAN100 to the DSL router/ modem to work.
int g0/1 is connected to the DSL router/ modem
int g0/10 is connect to the client (10.10.100.10)
From the 3560, I can ping the DSL router (192.168.1.1), the client (10.10.100.10) and I can ping the internet.
From the client connected to to the 3560, I can ping the g0/1 interface IP address (192.168.1.201), but not the DSL router (192.168.1.1).
From the DSL router, I can ping the internet and the 3560 g0/1 ip address (192.168.1.201) but cannot ping the client (10.10.100.10)
Config from 3560 follows:
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname 3560Lab1-DLS2
!
boot-start-marker
boot-end-marker
!
no aaa new-model
system mtu routing 1500
vtp domain TestLab
vtp mode transparent
ip routing
ip name-server 4.2.2.2
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 100
name Home_VLAN
interface GigabitEthernet0/1
description To DSL
no switchport
ip address 192.168.1.201 255.255.255.0
!
<snip>
!
interface GigabitEthernet0/10
description Client
switchport access vlan 100
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
ip address 10.10.100.1 255.255.255.0
!
!
router eigrp 100
network 10.10.100.0 0.0.0.255
network 192.168.1.0 0.0.0.255
!
ip http server
ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 192.168.1.1
I'm actually not sure. I have uverse and the modem that they supply allows you to put all of your traffic into a dmz. I had my router on the dmz interface which allowed my public address to be assigned to my router instead of the modem. The problem with that in this situation is that the 3560 doesn't support natting as far as I know, so it doesn't make sense to put your public ip on you switch.
So, another test that you could do if you wanted is to put your lan side ip on your dsl modem on the 10 subnet. Then you'd have to change the ip on vlan 10, but you'd be able to see if your 10.x.x.x host could get on the internet. I'm almost sure that's what this is. Now it doesn't explain why you couldn't ping between devices on the same switch in different vlans earlier though. You have the vlan created and a l3 svi attached with routing on, so those subnets are locally connected and should be able to route between vlans with no issue. Through all of this, I'm not sure if that part was ever fixed. Have you checked the ios version that you're on to see if you're running the latest?
If you decide to do the internal lan side address change on the dsl modem and it works, I'm afraid that you may not be able to segment your network into different subnets if you can't nat them via the modem. You could still create your vlans for internal testing, but they wouldn't be able to get on the internet because of the natting issue. This is one reason a lot of people on the forums will put a cisco router in between their dsl modem and switches. You could also do WS-C3560X-24T-S this with an ASA as well.
没有评论:
发表评论