You are on page 1of 12

Configuring InterVLAN Routing with Catalyst

3750/3560/3550 Series Switches
Document ID: 41260

Contents
Introduction
Prerequisites
Requirements
Components Used
Related Products
Conventions
Background Theory
Configure
Network Diagram
Configurations
Verify
Troubleshoot
Troubleshooting Procedure
Related Information

Introduction
This document explains how to configure interVLAN routing with Cisco Catalyst 3750/3560/3550 series
switches. The document provides a sample configuration for interVLAN routing with a Catalyst 3550 series
switch that runs enhanced multilayer image (EMI) software in a typical network scenario. The document uses
a Catalyst 2950 series switch and a Catalyst 2948G switch as Layer 2 (L2) closet switches that connect to the
Catalyst 3550. The Catalyst 3550 configuration also has a default route for all traffic that goes to the Internet
when the next hop points to a Cisco 7200VXR router. You can substitute a firewall or other routers for the
Cisco 7200VXR router.

Prerequisites
Requirements
Ensure that you meet these requirements before you attempt this configuration:
• Knowledge of how to create VLANs
For more information, refer to Creating Ethernet VLANs on Catalyst Switches.
• Knowledge of how to create VLAN trunks
For more information, refer to the Configuring VLAN Trunks section of Configuring VLANs.

Components Used
The information in this document is based on these software and hardware versions:
• Catalyst 3550−48 that runs Cisco IOS® Software Release 12.1(12c)EA1 EMI
• Catalyst 2950G−48 that runs Cisco IOS Software Release 12.1(12c)EA1 EI

Background Theory In a switched network. used as the access layer switch Conventions Refer to Cisco Technical Tips Conventions for more information on document conventions. The switch receives a packet. In the example in this document. A typical network design segments the network based on the group or function to which the device belongs. you must have the IP services image. Such a VLAN design also has an additional benefit. In order to use this feature. determines that the packet belongs to another VLAN. The information in this document was created from the devices in a specific lab environment. Related Products This configuration can also be used with these hardware and software versions: • Any Catalyst 3750/3560/3550 switch that runs EMI software or standard multilayer image (SMI) Cisco IOS Software Release 12. formerly known as the enhanced multilayer image (EMI). For example. you can use access lists to restrict the engineering VLAN from access to devices on the finance VLAN. Devices in separate VLANs require a routing device to communicate with one another.3(10) Note: The configuration from the Cisco 7200VXR is not relevant. VLANs separate devices into different collision domains and Layer 3 (L3) subnets. the engineering VLAN only has devices that relate to the engineering department.• Catalyst 2948G that runs Catalyst OS (CatOS) version 6. The device is either external to the switch or in another module on the same chassis. and sends the packet to the appropriate port on the other VLAN. If you enable routing. All of the devices used in this document started with a cleared (default) configuration. installed on your switch. Devices within a VLAN can communicate with each other without the need for routing. you are presented with the information to configure the features described in this document. L2−only switches require an L3 routing device.1(11)EA1 and later • Any Catalyst 2900XL/3500XL/2950/3550 or CatOS switch model. the devices in each VLAN can talk to one another without the need for all the devices to be in the same broadcast domain. A new breed of switches incorporate routing capability within the switch. The design allows the administrator to restrict communication between VLANs with use of access lists. Here is a link to a video (available on Cisco Support Community InterVLAN routing on a Catalyst 3550 series switch: ) that demonstrates how to configure the How To Configure InterVLAN Routing On Layer 3 Switches Configure In this section. . so this document does not show the configuration. make sure that you understand the potential impact of any command. If your network is live. The switch does not route non−IP packets between VLANs and routed ports. You can forward these non−IP packets with fallback bridging. and the finance VLAN only has devices that relate to finance. An example is the 3550.

for servers. . you must enable IP routing globally.Note: Use the Command Lookup Tool commands used in this document. These VLANs are the three VLANs that the user defines: • VLAN 2user VLAN • VLAN 3server VLAN • VLAN 10management VLAN The default gateway configuration on each server and host device must be the VLAN interface IP address that corresponds on the 3550. The Catalyst 3550 uses this default route to route traffic destined for the Internet.1. are trunked to the Catalyst 3550 switch. For example. (registered customers only) to find more information on the Network Diagram This document uses this network setup: In this diagram. Therefore.1.3. a small sample network with the Catalyst 3550 provides interVLAN routing between the various segments. The access layer switches. In order to make the switch function as an L3 device and provide interVLAN routing. the Catalyst 3550 switch acts as an L2 device with disablement of IP routing. traffic for which the 3550 does not have a routing table entry forwards to the 7200VXR for process. The default route for the Catalyst 3550 points to the Cisco 7200VXR router. the default gateway is 10. By default. which are the Catalyst 2950 and 2948G.

For more information on the configuration of HSRP. • Do not use VLAN 1 for management. you can configure EtherChannel. any broadcast/packet storm that occurs in the user or server VLAN does not affect the management of switches. This setup is best if there is only one route to the Internet. ip routing !! ! . • Do not run a routing protocol between the Catalyst 3550 and the Internet gateway router. Configurations This document uses these configurations: • Catalyst 3550 • Catalyst 2950 • Catalyst 2948G Catalyst 3550 (Catalyst 3550−48 Switch) Cat3550#show running−config Building configuration. as the second tip explains. This step is very important because this configuration does not use routing protocols. as in this diagram. EtherChannel also provides link redundancy in the case of a link failure.. • If you need additional bandwidth for the uplink ports. • If you have two Catalyst 3550 switches in your network. This failure to transmit correctly can imply some connectivity issues in your network. preferably summarized.1 no service single−slot−reload−enable no service pad service timestamps debug uptime service timestamps log uptime no service password−encryption ! hostname Cat3550 ! ! ip subnet−zero !−−− Enable IP routing for interVLAN routing. The management VLAN is different from the user or server VLAN.1Q trunk is the same on both ends of the trunk link. The use of VLAN 1 for management can cause potential issues for the management of switches. In this example. • Separate the management VLAN from the user or server VLAN. and any devices that connect to nonconfigured ports are in VLAN 1. Current configuration : 3092 bytes ! version 12. Make sure to configure static routes. If the native VLAN on one end of the trunk is different than the native VLAN on the other end. on the gateway router (7200VXR) for subnets that can be reached by the Catalyst 3550. With this separation. you can dual connect the access layer switches to both 3550 switches. refer to the Configuring HSRP section of Configuring IP Services. All ports in Catalyst switches default to VLAN 1. This example configures a static default route on the 3550 instead. the traffic of the native VLANs on both sides cannot be transmitted correctly on the trunk.. Run Hot Standby Router Protocol (HSRP) between the switches to provide redundancy in the network. you can easily replace a Cisco 7200VXR router with a firewall that connects to the Internet gateway router. • Use a Layer 3 (routed) port to connect to the default gateway port.Practical Tips • Ensure that the native VLAN for an 802.

spanning−tree portfast ! !−−− Output suppressed.1. on the L2 switch. with negotiation. ip address 200. Note: The default trunking mode is dynamic auto.255. even though a trunk has been established on the interface. the trunk does not appear in the configuration.1 255. switchport trunk encapsulation dot1q no ip address ! interface GigabitEthernet0/2 description To 2948G switchport trunk encapsulation dot1q no ip address ! interface Vlan1 no ip address .spanning−tree extend system−id ! ! ! interface FastEthernet0/1 no ip address ! !−−− Output suppressed. ! interface FastEthernet0/48 description To Internet_Router !−−− The port that connects to the router converts into a routed (L3) port. Refer to !−−− Using PortFast and Other Commands to Fix Workstation Startup Connectivity Delays !−−− for more information. switchport mode access no ip address !−−− Configure PortFast for initial Spanning Tree Protocol (STP) delay.1 (dot1q) trunking. no switchport !−−− Configure the IP address on this port. VLAN 3. If you establish a trunk link with the default trunking mode. If there is not support for Dynamic Trunking Protocol (DTP) on the far switch.255.252 ! interface GigabitEthernet0/1 description To 2950 !−−− !−−− !−−− !−−− !−−− !−−− !−−− !−−− Configure IEEE 802. switchport access vlan 3 !−−− Configure the port to be an access port to prevent trunk negotiation delays. ! interface FastEthernet0/5 description to SERVER_1 !−−− Configure the server port to be in the server VLAN.1. issue the switchport mode trunk command to force the switch port to trunk mode. Use the show interfaces trunk command to verify the establishment of the trunk.

2.shutdown ! interface Vlan2 description USER_VLAN !−−− This IP address is the default gateway for users.1 255. is the 7200VXR (Fe 0/0 interface).255.1 255.255.3. This switch uses these commands to create a VTP server with the three VLANs that the user defined from global configuration mode: Cat3550(config)#vtp domain cisco Cat3550(config)#vtp mode server Cat3550(config)#vlan 2 Cat3550(config−vlan)#name USER_VLAN Cat3550(config−vlan)#exit Cat3550(config)#vlan 3 Cat3550(config−vlan)#name SERVER_VLAN Cat3550(config−vlan)#exit Cat3550(config)#vlan 10 Cat3550(config−vlan)#name MANAGEMENT Catalyst 2950 (Catalyst 2950G−48 Switch) Cat2950#show running−config Building configuration.0..1.255.0 200.0.1.2 ip http server ! ! ! line con 0 line vty 5 15 ! end Note: Since the 3550 has configuration as a VLAN Trunk Protocol (VTP) server.1. This behavior is standard.0 0.0 ! ip classless !−−− This route statement allows the 3550 to send Internet traffic to !−−− the default router which. the switch does not display the VTP configuration.255.10. Current configuration : 2883 bytes ! version 12. in this case. ip route 0.255.0 ! interface Vlan10 description MANAGEMENT_VLAN !−−− This IP address is the default gateway for other L2 switches.0.1. ip address 10. ip address 10.255.0.0 ! interface Vlan3 description SERVER_VLAN !−−− This IP address is the default gateway for servers.1 255.1. ip address 10.1 no service single−slot−reload−enable no service pad service timestamps debug uptime ..

ip address 10. interface FastEthernet0/16 no ip address ! interface FastEthernet0/17 description SERVER_2 switchport access vlan 3 switchport mode access no ip address spanning−tree portfast ! !−−− Output suppressed.255.2 255.1.255.10.0 no ip route−cache ! . switchport access vlan 2 switchport mode access no ip address spanning−tree portfast ! !−−− Output suppressed. VLAN 2. interface GigabitEthernet0/1 switchport trunk encapsulation dot1q no ip address ! interface GigabitEthernet0/2 no ip address ! interface Vlan1 no ip address no ip route−cache shutdown ! interface Vlan10 description MANAGEMENT !−−− This IP address manages this switch.service timestamps log uptime no service password−encryption ! hostname Cat2950 ! ! ip subnet−zero ! spanning−tree extend system−id ! ! interface FastEthernet0/1 no ip address ! !−−− Output suppressed. ! interface FastEthernet0/33 description HOST_1 !−−− Configure HOST_1 to be the user VLAN.

... This behavior is standard.!−−− Configure the default gateway so that the switch is reachable from other !−−− VLANs/subnets.. 05:04:47 ! #version 6. ...1 ip http server ! ! line con 0 line vty 5 15 ! end Note: Since the Catalyst 2950 has configuration as a VTP client. . ip default−gateway 10. the switch does not display the VTP configuration.3(10) ! ! #system web interface version(s) ! #test ! #system set system name Cat2948G ! #frame distribution method set port channel all distribution mac both ! #vtp !−−− Configure the VTP domain to be the same as the 3550. set vtp domain cisco !−−− Choose the VTP mode as client for this switch. The 2950 acquires the VLAN information from the VTP server..... begin ! # ***** NON−DEFAULT CONFIGURATION ***** ! ! #time: Fri Jun 30 1995. the VTP server.1....10.... .... .... Use 'show config all' to show both default and non−default configurations.... This 2950 switch uses these commands to make the switch a VTP client in the VTP domain cisco from global configuration mode: Cat2950(config)#vtp domain cisco Cat2950(config)#vtp mode client Catalyst 2948G Switch Cat2948G> (enable) show config This command shows non−default configurations only. The gateway points to the VLAN 10 interface on the 3550. which is the 3550. set vtp mode client ! #ip !−−− Configure the management IP address in VLAN 10....

255.10. set ip route 0.0.255 set interface sl0 down set interface me1 down !−−− Define the default route so that the switch is reachable.0. set set set set vlan vlan port port 2 2/2 3 2/23 name name 2/2 To HOST_2 2/23 to SERVER_3 !−−− Configure trunk to 3550 with dot1q encapsulation.1 ! #set boot command set boot config−register 0x2 set boot system flash bootflash:cat4000.10. set trunk 2/49 desirable dot1q 1−1005 end Verify This section provides information you can use to confirm your configuration works properly.1.1q Port Vlans allowed on trunk Status trunking trunking Native vlan 1 1 .255.3/255. Catalyst 3550 • show vtp status Cat3550#show vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 1005 Number of existing VLANs : 8 VTP Operating Mode : Server VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x54 0xC0 0x4A 0xCE 0x47 0x25 0x0B 0x49 Configuration last modified by 200.10.0 10.1 on interface Vl2 (lowest numbered VLAN interface found) • show interfaces trunk Cat3550#show interfaces trunk Port Gi0/1 Gi0/2 Mode desirable desirable Encapsulation 802.1.1.set interface sc0 10 10.bin ! #module 1 : 0−port Switching Supervisor ! #module 2 : 50−port 10/100/1000 Ethernet !−−− Configure HOST_2 and SERVER_3 ports in respective VLANs.1q 802.1.0/0.1.1.2. The Output Interpreter Tool (registered customers only) (OIT) supports certain show commands.0.0. Use the OIT to view an analysis of show command output.1 at 3−1−93 01:06:24 Local updater ID is 10.6−3−10.0 10.

Gi0/1 Gi0/2 1−4094 1−4094 Port Gi0/1 Gi0/2 Vlans allowed and active in management domain 1−3.0.10 1−3. M − mobile.1.2. O − OSPF.1.10 Port Vlans in spanning tree forwarding state and not pruned Gi0/1 Gi0/2 1−3.10 • show ip route Cat3550#show ip route Codes: C − connected.1.1.0.0/0 [1/0] via 200.10 1−3. I − IGRP.10. L1 − IS−IS level−1. E − EGP i − IS−IS. E2 − OSPF external type 2.1. Vlan10 10.0. o − ODR P − periodic downloaded static route Gateway of last resort is 200.0 is directly connected.3. FastEthernet0/48 10. B − BGP D − EIGRP. R − RIP.0.2 C C C C S* Catalyst 2950 • show vtp status Cat2950#show vtp status VTP Version : 2 Configuration Revision : 3 Maximum VLANs supported locally : 250 Number of existing VLANs : 8 VTP Operating Mode : Client VTP Domain Name : cisco VTP Pruning Mode : Disabled VTP V2 Mode : Disabled VTP Traps Generation : Disabled MD5 digest : 0x54 0xC0 0x4A 0xCE 0x47 0x25 0x0B 0x49 Configuration last modified by 200.1.0/24 is subnetted.0.10 Port Gi0/1 Vlans in spanning tree forwarding state and not pruned 1−3. Vlan3 10.10 . L2 − IS−IS level−2. EX − EIGRP external.1q Status trunking Native vlan 1 Port Gi0/1 Vlans allowed on trunk 1−4094 Port Gi0/1 Vlans allowed and active in management domain 1−3.0 is directly connected.1.0 is directly connected.0 is directly connected. 1 subnets 200. U − per−user static route.1.2 to network 0.1. S − static. N2 − OSPF NSSA external type 2 E1 − OSPF external type 1.1.1. IA − OSPF inter area N1 − OSPF NSSA external type 1. ia − IS−IS inter area * − candidate default.0.1.1 at 3−1−93 01:06:24 • show interfaces trunk Cat2950#show interfaces trunk Port Gi0/1 Mode desirable Encapsulation 802.0/30 is subnetted.0 200. 3 subnets 10. Vlan2 0.1.

In order to check the VLAN assignment.1 disabled disabled 2−1000 • show trunk Cat2948G> (enable) show trunk * − indicates vtp domain mismatch Port Mode Encapsulation −−−−−−−− −−−−−−−−−−− −−−−−−−−−−−−− 2/49 desirable dot1q Status −−−−−−−−−−−− trunking Native vlan −−−−−−−−−−− 1 Port −−−−−−−− 2/49 Vlans allowed on trunk −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1−1005 Port −−−−−−−− 2/49 Vlans allowed and active in management domain −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1−3. If the source and destination are not in the same switch. check that the native VLAN matches on either side. In order to check the configuration.10 Port −−−−−−−− 2/49 Vlans in spanning tree forwarding state and not pruned −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− 1−3.Catalyst 2948G • show vtp domain Cat2948G> (enable) show vtp domain Domain Name Domain Index VTP Version Local Mode Password −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− −−−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−−− −−−−−−−−−− cisco 1 2 client − Vlan−count Max−vlan−storage Config Revision Notifications −−−−−−−−−− −−−−−−−−−−−−−−−− −−−−−−−−−−−−−−− −−−−−−−−−−−−− 8 1023 3 disabled Last Updater V2 Mode Pruning PruneEligible on Vlans −−−−−−−−−−−−−−− −−−−−−−− −−−−−−−− −−−−−−−−−−−−−−−−−−−−−−−−− 200. issue the show port mod/port command for CatOS or the show interface status command for Cisco IOS Software.1. make sure that you have configured trunking properly. issue the show trunk command for CatOS or the show interfaces trunk command for Cisco IOS Software. Also.1. 2.10 Troubleshoot Use this section to troubleshoot your configuration. Note: See Step 1. check the VLAN assignment of the source and destination ports to make sure that the source and destination are in the same VLAN. make sure that you can ping the respective default gateway. Make sure that the subnet mask matches between the source and destination devices. If you are not able to ping devices in different VLANs. . Troubleshooting Procedure Follow these instructions: 1. If you are not able to ping devices within the same VLAN.

Inc. If you are not able to reach the Internet. Related Information • Creating Ethernet VLANs on Catalyst Switches • LAN Product Support • LAN Switching Technology Support • Technical Support & Documentation − Cisco Systems Contacts & Feedback | Help | Site Map © 2013 − 2014 Cisco Systems. 2012 Document ID: 41260 . and that the subnet address matches the Internet gateway router. make sure that the default route on the 3550 points to the correct IP address. Make sure that the Internet gateway router has routes to the Internet and the internal networks. 3. Terms & Conditions | Privacy Statement | Cookie Policy | Trademarks of Cisco Systems.Also. In order to check. Inc. make sure that the default gateway of the device points to the correct VLAN interface IP address. Make sure that the subnet mask matches. issue the show ip interface interface−id command and the show ip route command. All rights reserved. Updated: Feb 23.