Help with VLAN Routing

Can you provide the output of the command?

console# show ip route

It will provide us a look at your routing table.

1)  I see that that you have a default route to an interface on VLAN 3.

ip route 0.0.0.0 0.0.0.0 172.22.144.1

This should point to an interface on your upstream ISP / Firewall (the next hop port towards the internet).  

2)  You will need to remove these:

vlan association subnet 172.22.144.0 255.255.255.0 3

vlan association subnet 172.22.145.0 255.255.255.0 2

That is not needed when using port based VLANs.  When you set up physical ports as switchport access.  That is tagging the traffic coming into the port for the VLAN that is specified.

3)  If you are connected to port 1/g3 can you ping 172.22.144.12?  This should be the gateway address for the device connected to this port and every other device connected to a port configured for access VLAN 3.

4)  If you are connected to port 1/g5 can you ping 172.22.145.1?  This should be the gateway address for the device connected to this port and every other device connected to a port configured for access VLAN 2.

5)  Once both 3 & 4 are successful then try pinging 172.22.145.1 from port 1/g3. Also 172.22.144.12 from 1/g5.

I hope this helps,

Let us know if you have any further questions.

Hi Willy, thanks for the help here is the info you requested:

IP ROUTE:

console#show ip route

Route Codes: R - RIP Derived, O - OSPF Derived, C - Connected, S - Static

      B - BGP Derived, IA - OSPF Inter Area

      E1 - OSPF External Type 1, E2 - OSPF External Type 2

      N1 - OSPF NSSA External Type 1, N2 - OSPF NSSA External Type 2

S      0.0.0.0/0 [1/0] via 172.22.144.1,   vlan 3

C      172.22.144.0/24 [0/1] directly connected,   vlan 3

console#

1) 172.22.144.1 is indeed the next hop towards the internet

2) I've removed the vlan association entries

3) 1/g3 is plugged into switches on the workstation LAN and the 172.22.144.1 gateway.  So from 1/g4 in the same VLAN 3 (TWLAN) I can ping 172.22.144.12

4) From 1/g5 I can ping 172.22.145.1

5) I cannot ping 172.22.145.1 from port 1/g4  but I can ping 172.22.144.12 from 1/g5

Thanks Willy that confirms my suspicions.  The 172.22.144.1 is a WAN router managed by our ISP, when I started this venture I asked them if we should be hanging this 172.22.145.0 subnet off of that router so the WAN and therefore our other sites are aware of the routing.  I will talk with them again today and go through the routing and design with them again.  They seemed to think we could add a subnet onto our existing LAN at the one office and everything would be able to route, which doesn't make much sense as the WAN routers would have no routing information for the 172.22.145.0 network.

"Currently I can ping from a client on 172.22.145.x to the 172.22.144.12 (VLAN 3 ip interface) but cannot ping any other 172.22.144.x devices that are not directly connected to the 6224 switch. "

All the switchports are access. Assuming 1/g3 or 1/g4 go to the router or another switch, the VLAN 3 tag will be stripped from the outgoing packet. You need to make these either general or trunk ports so the VLAN tag is forwarded to the next switch/router.

You can currently ping a layer 3 device that is directly connected to the 6224 because the vlan tag is not dropped within the switch.

After speaking with our LAN provider we will be setting up a "transit" subnet from the WAN router to the 6224 which will have our two subnets defined.  They will then add static routes for the new subnets to the WAN routers.  Thanks for your help Willy.