How to configure Cisco 3750 for Inter-Vlan Communication

I have a router that has 4 VLANs configured, with an interface on each vlan, the router serves as a gateway and provides internet access.

VLAN  |  Interface      |  Function
---------------------------------------
  1   |  192.168.1.1/24  |  DMZ
  2   |  192.168.2.1/24  |  Phones
  3   |  192.168.3.1/24  |  Work Stations
  4   |  192.168.4.1/24  |  Servers

The router has a single cable connecting it to a Cisco 3750 (Gi1/0/1), this connection is setup as an 802.11q trunk.

Other than the trunk port, the other ports on the switch are split among the 4 VLANs.

VLAN  |  Interface
--------------------
1     |  Gi1/0/2-6
2     |  Gi1/0/7-12
3     |  Gi1/0/13-18
4     |  Gi1/0/19-24

How can I set up the switch so that all VLANs have internet access, via there respective gateways on the router. While still allowing any required inter-vlan communication to occur on the switch itself?

The inter-vlan communication I require is as follows:

from   |  to
--------------
2      |  1
3      |  1
4      |  1

I would prefer to run the DHCP server on the Cisco switch, but if necessary I can run it on the router.

James

Posted 2016-05-14T05:17:14.407

Reputation: 121

A switch is simply not a router. – Julie Pelletier – 2016-05-14T06:06:39.577

@JuliePelletier But it is a layer 3 switch: System image file is "flash:c3750-advipservicesk9-mz.122-35.SE5.bin" – James – 2016-05-14T06:10:55.577

I don't have access to such a switch to check it fully but I think http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3750/software/release/12-2_55_se/configuration/guide/scg3750/swfallbk.html could help you.

– Julie Pelletier – 2016-05-14T06:15:58.367

It's hard to give you a useful answer without understanding a lot more about your setup. For example, does the router that provides Internet access have routes to all these subnets? Can it NAT for them? And so on. – David Schwartz – 2016-05-14T06:30:41.497

@DavidSchwartz Yes the router can NAT for the subnet. It could provide full DHCP to the subnet, or I could add static routes as necessary. – James – 2016-05-14T06:35:29.750

@JamesG Then it sounds like there's really nothing special you need to do except configure DHCP. – David Schwartz – 2016-05-14T23:31:34.460

@DavidSchwartz But If I configure DHCP on the router then any inter-vlan traffic will pass through the router, I want the inter-vlan traffic to occur on the switch only. – James – 2016-05-16T00:44:28.473

@JamesG Where DHCP is configured has no effect on where the traffic goes. How DHCP is configured determines that. – David Schwartz – 2016-05-16T00:55:11.530

@DavidSchwartz So how can I configure the the DHCP on the router to achieve inter vlan routing on the switch while still routing each VLANs internet traffic via their respective gateways. I don't think it is possible, I think I the solution is to use Policy Based Routing, but I need to read up on it. – James – 2016-05-17T06:37:18.037

@JamesG No, you don't need policy based routing. Why do you think it makes any difference where the DHCP server runs? Just make sure that each DHCP offer includes the correct default gateway. (You will need a DHCP server in each VLAN, so if the router is only on VLAN, it can't be the DHCP server for the other VLANs, without proxying.) – David Schwartz – 2016-05-17T07:17:09.733

@DavidSchwartz But what I am trying to do is effectively have two default gateways for the PC. Use the switch as the gateway if the traffic is destined for another vlan, use the router for the default gateway when the destination is the internet. Obviously the DHCP can't be configured to serve up two default gateways, so the problem becomes, how can I have different routing rules per vlan? Set the default gateway to the switch, then use PBR to alter the routes according to VLAN? – James – 2016-05-17T20:19:57.717

@JamesG This is what ICMP redirects are for. Unless you break it, it will "just work". – David Schwartz – 2016-05-17T21:30:20.903

There is no such thing as 802.11q. I think you mean 802.1q. – Ron Maupin – 2016-06-15T22:42:07.877

Answers

Let me assume that the interface of the router connected to the Cisco 3750 switch is FastEthernet 0/0, and the interface connected to internet is FastEthernet 0/1

The following router configuration would suffice for connectivity to the internet and inter-vlan communications :

!
interface FastEthernet0/0
 ip address 192.168.1.100 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.2
 encapsulation dot1Q 2
 ip address 192.168.2.100 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.3
 encapsulation dot1Q 3
 ip address 192.168.3.100 255.255.255.0
 ip nat inside
!
interface FastEthernet0/0.4
 encapsulation dot1Q 4
 ip address 192.168.4.100 255.255.255.0
 ip nat inside
!
interface FastEthernet0/1
 ip address 170.150.160.100 255.255.0.0
 ip nat outside
!
!
ip nat inside source list 10 interface FastEthernet0/1 overload
ip classless
!
!
access-list 10 permit 192.168.0.0 0.0.255.255
!
!

The DHCP on the switch must be as given bellow (its made to match the above router configuration) :

!
ip dhcp pool p1
 network 192.168.1.0 255.255.255.0
 default-router 192.168.1.100
ip dhcp pool p2
 network 192.168.2.0 255.255.255.0
 default-router 192.168.2.100
ip dhcp pool p3
 network 192.168.3.0 255.255.255.0
 default-router 192.168.3.100
ip dhcp pool p4
 network 192.168.4.0 255.255.255.0
 default-router 192.168.4.100
!
!
interface Vlan1
 ip address 192.168.1.1 255.255.255.0
!
interface Vlan2
 ip address 192.168.2.1 255.255.255.0
!
interface Vlan3
 ip address 192.168.3.1 255.255.255.0
!
interface Vlan4
 ip address 192.168.4.1 255.255.255.0
!
!

NOTE : I have removed commands irrelevant to our context.

You can copy-paste the above configuration at the Global Configuration Mode of the respective devices if you wish

Nithin Kumar

Posted 2016-05-14T05:17:14.407

Reputation: 41

First let me say that the new design you have proposed is the best practice and the one you should have implemented from the beginning: a L3 switch such as a 3750 is perfectly capable of performing the inter-VLAN routing, with great performance too.

For this implementation you will have to create a fifth network, one to connect the switch with the router (let's say 192.168.5.1/24 for router LAN port and 192.168.5.2/24 for the switch Gi1/0/1 port).

In general you will have to make these changes:

On the switch

Create 4 interface vlans with the ip addresses 192.168.1.1 through 192.168.4.1 for each vlan respectively.
Delete the configuration of the port Gi1/0/1 and add this:
```
no switchport 
ip address 192.168.5.2 255.255.255.0
```
Add the default route (gateway) like this:
```
ip route 0.0.0.0 0.0.0.0 192.168.5.1 
```
Assuming that the router was acting like a DHCP server, now you will have to configure the switch as a DHCP server instead.

On the router

LAN interface: delete all router subinterfaces and 802.11q trunking and assign the ip address 192.168.5.1/24.

Add 4 static routes for networks 192.168.1.0/24 through 192.168.4.0/24 like this:

ip route 192.168.1.0 255.255.255.0 192.168.5.2 
ip route 192.168.2.0 255.255.255.0 192.168.5.2 
ip route 192.168.3.0 255.255.255.0 192.168.5.2 
ip route 192.168.4.0 255.255.255.0 192.168.5.2

Depending the router (you didn't say if it is Cisco one or a basic home router) and your willingness to maintain a clean configuration you may want to disable the DHCP server. Also pay attention how NAT is implemented and whether you have to reimplement it.

That's all! Now enjoy higher performance inter-VLAN routing. Also, the router-switch link will only be used for the internet traffic form now on.

Elias Bats

Posted 2016-05-14T05:17:14.407

Reputation: 31