Switches, Hubs, and Modems
cancel
Showing results for 
Search instead for 
Did you mean: 

VLAN Routing Problem

SOLVED
Go to solution
Rajiv Dodderi
Occasional Visitor

VLAN Routing Problem

I have 2650 series switches and in a mess trying to configure VLAN routing.

Scenario

VLAN1 - Infra VLAN
VLAN2 - Project1
VLAN3 - HR
VLAN4 - Rest of Organization

VLAN1 should be able to talk to VLAN2,3 & 4 and vice versa since the infra VLAN will have the router, Domain controllers etc

VLAN2 ,3 and 4 should not be able to talk to each other.

I have been trying this on a single physical switch by segreggating the ports and unable to successfully route between the VLANs.

Is this scenario possible without having to buy a router?

Note* I have a single physical network.

Eventually I will have 5 2650 48 port switches catering to 240 LAN points altogether.
4 REPLIES
Mohieddin Kharnoub
Honored Contributor

Re: VLAN Routing Problem

Hi

The 2650 can easily route between its Vlans without any problems.

Usually, for a Vlan has internet connectivity (Vlan1 i assume in your case), a default route command should be entered on the 2650 switch global configuration, and on the router side, you should add 3 Static routes to your Vlan2,3 and 4 (Route Back).
Example, if you have 4 Vlans with these IP addresses,
Vlan1: 10.1.1.1
Vlan2: 10.1.2.1
Vlan3: 10.1.3.1
Vlan4: 10.1.4.1

In your case, Vlan1 has the router and Servers ...., so if this router for internet or WAN connectivity, add the following static routes:

ip route 10.1.2.0 255.255.255.0 10.1.1.1
ip route 10.1.3.0 255.255.255.0 10.1.1.1
ip route 10.1.4.0 255.255.255.0 10.1.1.1

or you can summarize:
ip route 10.1.0.0 255.255.0.0 10.1.1.1

This will guarantee your route back, but, say you disconnected this router from the 2650, and you want simple to route between a station on Vlan4 and another on Vlan3, then you should be able to do that when you enable routing on the 2650 switch.

Good Luck !!!
Science for Everyone
Matt Hobbs
Honored Contributor
Solution

Re: VLAN Routing Problem

With the 2600 Series you will not be able to achieve this goal: "VLAN2 ,3 and 4 should not be able to talk to each other."

Usually you would do this through ACL's which the 2600 does not support, or source-port filtering - which does not work on the 2600 when using routing.

I would recommend you look into something like the 5300xl as your core switch instead.

Rajiv Dodderi
Occasional Visitor

Re: VLAN Routing Problem

Thanks for letting me know.Can I achieve the same scenarion by placing a firewall between the VLAN ? or another switch which can act as a router and also have ACL ?

we have already purchased 5 of these switches and re investing in new switches may not go well with the execs.

What other alternatives do I have ?

Thanks in Advance.
Rajiv Dodderi
Occasional Visitor

Re: VLAN Routing Problem

Answer Received to my queries