Accessing two local networks through one switch

[n0hc]

I have a managed Cisco switch and it is pretty much just set to default at this moment. I have two local networks (one on 10.0.99.0/24 and a 192.168.0.0/24 network). I need to be able to access the 10.0.99.0/24 network from the 192.168.0.0/24 network. Is there something that I can set in the routing table to be able to do this? Or how do you guys recommend I accomplish this?

What would be the command to make this work? Thanks!

 

[Blue Fox]

If your switch cannot route between VLANs (which you'll need to start using), you will need a router to do that.

 

[/usr/home]

Need more information. What model of switch and what router are you using?

 

[n0hc]

The switch is a 3560g. The 192.168.0.0/24 network has a hub with 5 devices attatched in the 192.168.0.0/24 network. I only plan on running one wire between that hub and the 3560g switch. So if I have to create seperate vlans for this I can but I just didnt know what would be the easiest way to make this happen.I was just wanting to do this the simplest way possible.

 

[dgingeri]

You can use a Linux VM as a router, but you'll have to set up a static route on all your machines to do it. Or, you could possibly set up routing using Linux for routing between the two networks and the internet, or you could connect the networks serially so that one connects to the internet through the other. I'll try to draw this out using a text picture:

idea 1:

[192.168.X.X]---------------
| |
[Linux router] [internet gateway]-------------------{internet}
| |
[10.0.99.X]-------------------

idea 2:
[192.168.X.X]---------------
|
[linux router]-----------------{internet}
|
[10.0.99.X]-------------------

idea 3:
[192.168.X.X]------[Linux router]------[10.0.99.X]------[internet gateway]----------{internet}

I hope this looks right when I post it.

Well, not really, but I hope you get the idea. the pipes are supposed to be vertical lines to connect between things. It seems the formatting takes out unnecessary spaces. annoying.

 

[Jay_2]

Why use a linux VM when a 3560g is a Layer 3 switch?

Just setup 2 Vlans and you are good to go.

 

[dgingeri]

Cisco's routing gets mixed up pretty easily unless it is done precisely right, which is why I recommended using a Linux VM or machine. I only know of a couple places where it was set up completely right and has no problems. I've seen problems in over 20 different companies because of static routes, where it will work for a while and then suddenly quit working for no apparent reason.

 

[n0hc]

Why use a linux VM when a 3560g is a Layer 3 switch?

Just setup 2 Vlans and you are good to go.

So if I would set interface 5 to vlan 3 (which would connect to the hub on the 192.168.0.0/24 network) and leave the rest as the default vlan1, would I be able to access the two vlans from each other or what do I need to do to make this work? Thanks for the help!

 

[Shadowspawn]

You need to create the VLANs (or just VLAN 3 and use the default 1 as well).

You also need to create a VLAN interface for each of those VLANs and give it an IP address in the appropriate subnet.

Lastly, you need to enable IP routing.

Also, the IP you gave each of the interfaces will need to be used as the gateway address on the clients.

 

[Shadowspawn]

Cisco's routing gets mixed up pretty easily unless it is done precisely right, which is why I recommended using a Linux VM or machine. I only know of a couple places where it was set up completely right and has no problems. I've seen problems in over 20 different companies because of static routes, where it will work for a while and then suddenly quit working for no apparent reason.

There is a lot wrong with this statement, but in reference to the OP's question, no routing statements are required. The routes to the two subnets are local to the layer 3 switch. Just enable ip routing, create the vlan interfaces, change the VLAN on the interface the network is connected to, and you are done.

 

[firedrow]

Google "router on a stick" or "one-armed router". You may even find the VLAN routing for a 3560 that way. You will want to setup a VLAN for each network and then route between them using either the switches built in IP routing mode or a physical router to route between VLANs.

Setup VLAN1 (10.0.99.xxx/24) with assigned Untagged/Access ports 1-12
Setup VLAN2 (192.168.0.xxx/24) with assigned Untagged/Access ports 13-23
Setup port 24 as a Tagged/Trunk port for VLAN1 and VLAN2. Connect your one-armed router here with the same Tagged/Trunk setup for it. Then you should be able to route between them.

 

[malcolmputer]

firedrow is correct.

 

[n0hc]

Google "router on a stick" or "one-armed router". You may even find the VLAN routing for a 3560 that way. You will want to setup a VLAN for each network and then route between them using either the switches built in IP routing mode or a physical router to route between VLANs.

Setup VLAN1 (10.0.99.xxx/24) with assigned Untagged/Access ports 1-12
Setup VLAN2 (192.168.0.xxx/24) with assigned Untagged/Access ports 13-23
Setup port 24 as a Tagged/Trunk port for VLAN1 and VLAN2. Connect your one-armed router here with the same Tagged/Trunk setup for it. Then you should be able to route between them.

So for the switches built in IP routing mode is that something that I can just enable and then it will route between those two vlans?

 

[tangoseal]

Firstly I have to LOL at some (not all) of these responses. If this is a CISCO specific question do not come in recommending other routers etc... he has a Cisco router and therefore needs Cisco advice. Noble efforts but it is just going to confuse the living shit out of this guy. Cisco routing does NOT get all screwy and requires precision blah ...it just requires knowledge of what to do and what is allowable and what is not.

I am not sure why everyone's nuking this crap ... here is what you need to do OP:

In your config run the following commands .... I am not sure what IOS version blah blah but these will work across the board and this will get you up and running....

1.login to the switch via telnet/ssh/or rollover - console
2. enter CMD aka exec mode
3. enter configuration terminal mode ( config t )
4. enable ip routing on the switch ( ip routing ) this will allow intervlan routing and the use of other items that are off-topic right now.
5. create your two vlans example follows:

you will be at the <config># prompt when entering these commands.
Vlan 100
name Subnet A
exit

vlan 200
name Subnet B
exit

interface vlan 100
desc Vlan for 192 subnet
ip address 192.168.1.1 255.255.255.0
no shut
exit

interface vlan 200
desc Vlan for the 10 subnet
ip address 10.0.99.1 255.255.255.0
no shut
exit

Now you need to tell the switch what ports you want to be a member of what VLAN....

int gig 0/1 or 1/1 depending on your switch, I cant remember but you will know.
switchport mode access
switchport access vlan 100 <--- This will place this port 0/1 in the 100 VLAN.
no shut

int range gig 0/2 - 16 <---an example that you can set a bunch of ports to 200 VLAN
switchport mode access
switchport access vlan 200
no shut

Now the important part ...
on your PC's etc... it is important that their default gateway be set to the appropriate IP of the vlan they are connecting to i.e. You have a PC plugged into the port 0/1 which is a member of VLAN 100 so therefore you need to set the gateway IP of the PC to 192.168.1.1 anything else and it will not work.

Same goes with a PC or any device plugged into the VLAN 200 you will need to set their gateway locally on the PC or device to 10.0.99.1 or else they will not be able to communicate with other vlans.

The reason you are using the vlan interface IPs as your gateways is you are telling the switch to do the routing between vlans as the switch WILL KNOW where all the hosts are connected on both those vlans as long as the switch is doing the routing.

Remember if you intend to use your router, the one that connects to the internet, you are going to need to set a static route for the switch to know how to get out in the event one of those two PCs in this example want to connect to google so you would do the following:

<config># ip route 0.0.0.0 0.0.0.0 1.2.3.4 (1.2.3.4 being representative of your routers inside IP, the one it always before you added this switch to your network. Remember if your router is not 192 or 10.0.99 then you will need either Re-IP the address of the router and place it on a port in one of the vlans above or create a new vlan just for the router and place a port on the switch in that VLAN and plug the router in the port.

There you go ... free CCNA lesson of the day for you. No need to nuke this crap .Use the KISS method.

 

[Jay_2]

This thread is an embarrassing mess. Thanks tango for giving some propper advice. I know thete are a few old timers who have stopped posting in this forum because of threads like this. I know I'm being unusualy harsh but it just had to be said.

 

[/usr/home]

This thread is an embarrassing mess. Thanks tango for giving some propper advice. I know thete are a few old timers who have stopped posting in this forum because of threads like this. I know I'm being unusualy harsh but it just had to be said.

Yup.

 

[n0hc]

Firstly I have to LOL at some (not all) of these responses. If this is a CISCO specific question do not come in recommending other routers etc... he has a Cisco router and therefore needs Cisco advice. Noble efforts but it is just going to confuse the living shit out of this guy. Cisco routing does NOT get all screwy and requires precision blah ...it just requires knowledge of what to do and what is allowable and what is not.

I am not sure why everyone's nuking this crap ... here is what you need to do OP:

In your config run the following commands .... I am not sure what IOS version blah blah but these will work across the board and this will get you up and running....

1.login to the switch via telnet/ssh/or rollover - console
2. enter CMD aka exec mode
3. enter configuration terminal mode ( config t )
4. enable ip routing on the switch ( ip routing ) this will allow intervlan routing and the use of other items that are off-topic right now.
5. create your two vlans example follows:

you will be at the <config># prompt when entering these commands.
Vlan 100
name Subnet A
exit

vlan 200
name Subnet B
exit

interface vlan 100
desc Vlan for 192 subnet
ip address 192.168.1.1 255.255.255.0
no shut
exit

interface vlan 200
desc Vlan for the 10 subnet
ip address 10.0.99.1 255.255.255.0
no shut
exit

Now you need to tell the switch what ports you want to be a member of what VLAN....

int gig 0/1 or 1/1 depending on your switch, I cant remember but you will know.
switchport mode access
switchport access vlan 100 <--- This will place this port 0/1 in the 100 VLAN.
no shut

int range gig 0/2 - 16 <---an example that you can set a bunch of ports to 200 VLAN
switchport mode access
switchport access vlan 200
no shut

Now the important part ...
on your PC's etc... it is important that their default gateway be set to the appropriate IP of the vlan they are connecting to i.e. You have a PC plugged into the port 0/1 which is a member of VLAN 100 so therefore you need to set the gateway IP of the PC to 192.168.1.1 anything else and it will not work.

Same goes with a PC or any device plugged into the VLAN 200 you will need to set their gateway locally on the PC or device to 10.0.99.1 or else they will not be able to communicate with other vlans.

The reason you are using the vlan interface IPs as your gateways is you are telling the switch to do the routing between vlans as the switch WILL KNOW where all the hosts are connected on both those vlans as long as the switch is doing the routing.

Remember if you intend to use your router, the one that connects to the internet, you are going to need to set a static route for the switch to know how to get out in the event one of those two PCs in this example want to connect to google so you would do the following:

<config># ip route 0.0.0.0 0.0.0.0 1.2.3.4 (1.2.3.4 being representative of your routers inside IP, the one it always before you added this switch to your network. Remember if your router is not 192 or 10.0.99 then you will need either Re-IP the address of the router and place it on a port in one of the vlans above or create a new vlan just for the router and place a port on the switch in that VLAN and plug the router in the port.

There you go ... free CCNA lesson of the day for you. No need to nuke this crap .Use the KISS method.

Awesome! Thanks for the detailed post I was hoping somebody would be able to guide me in the right direction. So I have the 10.0.99 subnet behind a firewall (gateway) with the address 10.0.99.254. Which in this case would be on vlan 200. So the ip route would be:
<config># ip route 0.0.0.0 0.0.0.0 10.0.99.254

Just to make sure that I am understanding everything right . When I create the vlans and their IP address. Does that, in the example above, set the IP 192.168.1.1 on the VLAN itself? Thanks!

 

[tangoseal]

Yes it does set the IP of the vlan. They are called SVIs or Switch Virtual Interfaces.

Think of it like... even an IP assigned to a vlan means that you can access your switch and control ot etc.... using that or any vlans IP address given you dont create acls blocking such activity. So if vlan 1 was 192 and 2 was 172 and vlan 3 was 10.x. your switch has 3 IP addresses you can connect to and manage your switch from any host in those respective subnets.

as long as your switch can ping that router IP it will work. That is called a static route and works like this..

ip route (destination network) (destination subnet) (next router hop to get you out to those) aka 0.0.0.0 0.0.0.0 means any network and any subnet will be routed to via 10.0.99.254.

Oh and btw you can chane the name and desc lines to say anything you want. Those have no impact on configuration other than organization of knowing what is what in your zoo of vlans..

see Cisco is friggin easy mode when you know what you are doing.