Vlan name vs interface vlan ip address

Hello,
What is consider for ports to be in the same Vlan subnet, is it Vlan name or the ip address given to the SVI or the subnet advertise for that vlan on a layer 3 switch.  Like for example say have 4  layer 3 switches connected where some ports on each switch are put under vlan 802. The SVI ip address for vlan 802 is different on each switch and under eigrp advertises 802 vlan svi with there subnet. Are all those ports under 802 vlan in the same subnet because the vlan name is still 802 but the svi for each 802 vlan is different subnet just the vlan name is the same.  So that mean I have 4 subnets under vlan 802 or there all act as one subnet because the vlan name is the same?
Thanks,

It's not really to do with the name or subnet. It really depends on how the switches are connected.
So in general terms for any vlan if all the switches are interconnected with -
1) access port links where each end of the link was in that vlan
or
2) trunk links where that vlan was allowed on that link
or a combination of the above then that vlan would be the same L2 broadcast domain across all your switches.
Usually it is one subnet per vlan but you can if you want use multiple subnets per vlan although if you do this generally you add secondary addressing to the one L3 SVI for that vlan and have a different SVI per switch.
However, if your switches are interconnected with - 
1) access port links where the access port is not that vlan
2) trunk links but that vlan is not allowed on that link
3) L3 routed links
then the vlan is a different vlan per switch.
From the sounds of what you are describing each switch has it's own vlan with it's own subnet and they are not the same vlan across all the switches.
Usually it is a good idea if this is the case not to reuse the same vlan number on multiple switches because it just leads to confusion.
Jon

Similar Messages

  • Unknown interface vlan on fwsm

    ive done the ff. on the msfc
    firewall module 2 vlan-group 1
    firewall vlan-group 1 100,200,300
    interface Vlan100
    no ip address
    interface Vlan200
    no ip address
    shutdown
    interface Vlan300
    no ip address
    shutdown
    BUT WHEN I DO THE FF ON THE FWSM
    int vlan 300
    i get the foloowing
    FWSM# conf t
    FWSM(config)# int vlan 300
    Unknown interface vlan.
    the fwsm is not recognizing my vlan. what is missing?
    thanks

    Hi
    Have you created the vlans at Layer 2 ie. if you do a "sh vlan" on the 6500 do you see your vlans ?
    You do not create layer 2 vlans by entering
    int vlan300
    no ip address
    shutdown.
    If you want vlan 300 to be firewalled then please
    1) remove the "interface vlan 300" from the 6500 ie.
    6500(config)# no interface vlan 300
    2) Add the vlan at layer 2 on the 6500 ie.
    6500(config)# vlan 300
    6500(config-vlan)# name vlan300
    Do this for all vlans you want to firewall.
    Jon

  • Interface vlan does not up!

    Hi all,
    I create a vlan follows an interface vlan, but the interface vlan does not up.
    I'm using RSP7600 Adv IP Service with ES20 line card. Please help.
    Thanks million!

    Hello,
    A SVI interface for a VLAN X will be up/up if there is an access port alive in the VLAN X on the switch, or if there is a trunk port alive on the switch on which the VLAN X is allowed. Are these requirements met in your particular case?
    Best regards,
    Peter

  • WLC 5508 , AP client dhcp address different from WLAN interface VLAN subnet?

    Hope the title makes sense, here's my situation: I have multiple businesses on 1 WLC 5508, there's a LAG to my core switch with seperate interfaces for each, broken up by vlans.
    My question is: if i have a WLAN setup to use interface "Company A" which is vlan 10 with an ip of 10.0.1.5 which then points to 10.0.1.10 for dhcp.
    Can the WLAN client connecting to the Company A WLAN use an IP in a different IP range?(192.168.1.10?) can the wlc route? from the perspective of the DHCP server where doers the request come from? (10.0.1.5?)
    Can the DHCP server 10.0.10.10 on vlan 10 respond back with and ip on a different subnet to assign to the client to use and still be fully fonctioning? would the default gateway for the client need to be 10.0.1.5?  So the clients ip would be 192.168.1.10 /24 with a gateway of 10.0.1.5 (ip adress fo vlan10 interface on WLC) And if multiple clients on the same subnet wanted to talk to each other woudl the WLC know how to route them to each other without passing through the default gateway?
    Sorry if this is confusing I'm having a bit of a hard time explaining it in works, i can try and draw somethign up if it makes more sense.
    thanks
    Eric

    I think if you want these clients to stick to a WLAN configured on a VLAN that has a different IP addressing you could configure your VLAN with the normal IP addressing then add on the SVI the 2nd IP_Class_default_gateway.
    E.G.
    Vlan 10
    interface vlan 10
    ip address 10.0.10.1 255.255.255.0
    ip address 192.168.1.1 255.255.255.0 secondary
    Clients that receive IP address from 192.168.1.0/24 network will be able to reach 192.168.1.1 and all traffic will pass right.

  • Guest VLAN unable to get DHCP IP address from Anchor Controller

    Hello everybody,
    In our test set up, we have two WLC 5508 Controllers connected via Checkpoint UTM-1 firewall Inside and DMZ Interfaces. Both the WLC controllers are connected to the firewall via Cisco 3750 switch. On the Local (Inside) Controller, guest SSID is enabled and attached to the wireless management Interface. On the remote anchor controller, guest SSID is enabled and attached to the Management Interface as well. The following configs are replicated on both the Controllers.
    SSID Name - guest
    Interface - Management ( VLAN 10 on Local and VLAN 20 on remote) -
    Mobility Group: Same configs at both ends
    SSID Anchor : Anchor SSID on local and local SSID on Anchor.
    AP: CAPWAP 3502 Management Subnet
    SSID Security etc all defaults and matching on  both ends
    Checkpoint Firewall Rules: Allowed 16666-7, IP 97 etc on the firewall
    Checkpoint Inside/DMZ to Outside(Internet) is NAT enabled.
    EoIP Tunnel Status: Up, UP - Both ends
    Mping - OK
    eping - OK
    WLC Sofware Version on Local - 7.0.98.0
    WLC Sofware Version on Local - 7.0.116.0
    DHCP Scope: Definitions on Anchor Controller and Guest Anchor SSID points to the Anchor management IP as the Primary DHCP server.
    Management IP Subnet on Local: 10.x.x.x
    Management IP Subnet on Anchor: 172.x.x.x
    The problem definition as follows:
    When guest SSID associates to the local AP, the guest SSID never gets a DHCP address assigned from the Anchor Controller and the following debugs are obtained.
    1. WLAN ID 1 (for Guest SSID Number) delete message appears in the Controller message logs, but the SSID does not DHCP from the local Management Subnet and i can see DHCP request via the tunnel to the Anchor WLC as follows:
    DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 0, port 13, encap 0xec03)
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54774 (1237665652), secs: 42, flags: 0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 24 17:20:46.612: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to EoIP tunnel
    2. Similar debugs on the Anchor controller yields the following results;
    Cisco Controller) >*DHCP Socket Task: Feb 25 04:30:25.488: 64:b9:e8:33:2d:13 DHCP options end, len 72, actual 64
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 20, port 1, encap 0xec05)
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54778 (1237665656), secs: 52, flags: 0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:44.246: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to DS
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP received op BOOTREQUEST (1) (len 308,vlan 20, port 1, encap 0xec05)
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP processing DHCP DISCOVER (1)
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   op: BOOTREQUEST, htype: Ethernet, hlen: 6, hops: 0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   xid: 0x49c54778 (1237665656), secs: 61, flags: 0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   chaddr: 64:b9:e8:33:2d:13
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   ciaddr: 0.0.0.0,  yiaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP   siaddr: 0.0.0.0,  giaddr: 0.0.0.0
    *DHCP Socket Task: Feb 25 04:36:53.208: 64:b9:e8:33:2d:13 DHCP successfully bridged packet to DS
    *apfOrphanSocketTask: Feb 25 04:37:49.931: 34:51:c9:59:b1:c7 Invalid MSCB state: ipAddr=169.254.254.148, regType=2, Dhcp required!
    Is there any thing missing in the wireless configs and or the firewall rules as i could not see DHCP request back from the Anchor Controller. Also, after DHCP is obtained, the web authentication request will be redirected to an Amigopod device for authentication. In this case is the redirect URL congiguration to be performed only on the Anchor Controller or is this to be replicated on both the Local and Anchor Controllers.
    Thanks and Regards.

    The DHCP issue is resolved if external DHCP server is configured on a 3750 switch connected to the WLC and the default gateway for DHCP points to the Firewall, which is in the data path between the Inside and Anchor Controllers. DHCP is essentially bridged (no Proxy setting now) from the EoIP tunnel to the Distribution system network. We will test this solution on pilot production and then consider upgrading to 7.0.116.0, as there are about six offices running 7.0.98.0, which will need to be upgraded. 
    For L3 security,  configuration is set up on both the controllers for external captive portal redirection.I will try this only on the Anchor and revert.
    Thanks again very much for all your help.

  • Interface Vlan is not installed in routing table

    Dear All, 
    Today I faced a strange problem and I want to share it with you to find what is the problem ? 
    we have a VRF for one customer and we use interface vlan to define customer's branch.
    The customer interface is  VLAN 422 and it is defined under customer VRF probably . 
    PE#sh running-config vrf  V3056:RIYADHBANK
    Building configuration...
    Current configuration : 1321 bytes
    ip vrf V3056:RIYADHBANK
     rd 65000:3887
     maximum routes 1400 80
     route-target export 65000:5405
     route-target import 65000:5405
     route-target import 65000:5406
    interface Vlan422
     description By *****
     ip vrf forwarding V3056:RIYADHBANK
     ip address 172.29.12.97 255.255.255.252
     service-policy input 2M_IN
    PE#sh vlan id 422
    VLAN Name                             Status    Ports
    422   422                                 active    Gi3/0/11 efp_id 422
    VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
    422  enet  100422     1500  -      -      -        -    -        0      0   
    Remote SPAN VLAN
    Disabled
    Primary Secondary Type              Ports
    PE#
    we can see the interface vlan is up 
    PE-L3Agg-Khu-107-2#sh int vlan 422 description 
    Interface                      Status         Protocol Description
    Vl422                          up             up       ****
    PE#
    and we can see the vlan 422 belongs to the correct VRF
    PE#sh vrf V3056:RIYADHBANK
      Name                             Default RD          Protocols   Interfaces
      V3056:RIYADHBANK                 65000:3887          ipv4        Vl627
                                                                       Vl775
                                                                       Vl422
    PE#
    when we tried to troubleshoot the customer routing we found :
    PE-L3Agg-Khu-107-2#ping vrf V3056:RIYADHBANK 172.29.12.97
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.29.12.97, timeout is 2 seconds:
    Success rate is 0 percent (0/5)
    PE-#
    we could not ping the ip address of interface vlan 422.
    PE#sh ip route vrf V3056:RIYADHBANK 172.29.12.97
    Routing Table: V3056:RIYADHBANK
    % Subnet not in table
    PE#
    PE#show ip route vrf V3056:RIYADHBANK connected 
    Routing Table: V3056:RIYADHBANK
    Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
           D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
           ia - IS-IS inter area, * - candidate default, U - per-user static route
           o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
           + - replicated route, % - next hop override
    Gateway of last resort is 192.168.111.16 to network 0.0.0.0
          172.29.0.0/16 is variably subnetted, 338 subnets, 2 masks
    C        172.29.12.44/30 is directly connected, Vlan627
    L        172.29.12.45/32 is directly connected, Vlan627
    PE-L3Agg-Khu-107-2#
    PE-L3Agg-Khu-107-2#
    My question is: Why the interface vlan 422 is not installed in VRF Table as it is UP ?? 
    thanks in advance!
    Rashed Wardi.

    what platform is this? can you please paste the output of show version  and show run?
    Also when you tested this was int Gi3/0/11  up/up?
    Best Regards,
    Bheem

  • 'secondary' vlan names in ISE

    I am planning wired ISE for large university network where authenticated users will be assigned to a default data vlan by default.
    There are a few departments across the university that will require thier own vlans, usually in specific locations.
    example:
    'medical' vlan name is configured on access switches in a medical building, so any users in the medical group will be placed in a medical vlan on successful authentication, so they can access sensitive information.
    However, If those users go to other locations, where 'medical' is not configured on the access switches they will get no network access at all.
    I would like ISE to offer a 'secondary' option of the 'default data' vlan, so the authenticated user can still access core college resources+www wherever they are, even if they are not able to access specific 'medical' resources.       
    thanks

    Define VLANs Based on Enforcement States
    Use the following command lines to define the VLAN names, numbers, and SVIs based on known
    enforcement states in your network. Create the re
    spective VLAN interfaces to
    enable routing between
    networks. This can be especially helpful to handle
    multiple sources of traffic passing over the same
    network segments—traffic from both PCs and the IP phone through which the PC is connected to the
    network, for example.
    Note
    The first IP helper goes to the DHCP server and the se
    cond IP helper sends a copy of the DHCP request
    to the inline posture node for profiling.
    vlan <
    VLAN_number
    >
    name ACCESS
    vlan <
    VLAN_number
    >
    name VOICE
    interface <
    VLAN_number
    >
    description ACCESS
    ip address 10.1.2.3 255.255.255.0
    ip helper-address <
    DHCP_Server_IP_address
    >
    ip helper-address <
    Cisco_ISE_IP_address
    >
    interface <
    VLAN_number
    >
    description VOICE
    ip address 10.2.3.4 255.255.255.0
    ip helper-address <
    DHCP_Server_IP_address
    >
    ip helper-address <
    Cisco_ISE_IP_address
    >

  • Cisco SG 300-10 VLAN and IP Interface Question

    Hello,
        Please forgive me if you find my question too basic. But, I would really appreciate an answer as I am having a heck of a time getting the VLANs to work. I have several VLANs configured as follows, but, my question is related only two VLANS: VLAN 104 and VLAN 2000. Followings are the screenshots.  I have connected cable from Port 6 of the switch to the NIC2 of Windows 8.1 PC. When I use GE6 as access port for VLAN 104, I am able to ping to the NIC2 configured with static IP 10.10.30.30. However, when use GE as Trunk Port for VLAN 104 and 2000, I am not able to ping the NIC2 configured with static IP 10.10.30.30 or static IP 10.10.110.30. I am using the ping utility from the GUI. 
       If there is a better way to test the trunk port, please let me know.
        At this point, I am assuming that something is wrong with my configuration as the NIC2 is unable to receive IP address.
         The other assumption is that NICs with Windows 8.1 OS does not accept Traffic from Tagged VLANS. 
    VLAN TableShowing 1-11 of 1110203050per page
    VLAN ID
    VLAN Name
    Originators
    VLAN Interface State
    Link Status 
    SNMP Traps
    1
    Default
    Enabled
    Enabled
    100
    Management A
    Static
    Disabled
    Enabled
    101
    Management B
    Static
    Disabled
    Enabled
    102
    VXLAN A
    Static
    Disabled
    Enabled
    103
    VXLAN B
    Static
    Disabled
    Enabled
    104
    vMotion
    Static
    Enabled
    Enabled
    105
    IP Storage
    Static
    Disabled
    Enabled
    106
    HQ Uplink
    Static
    Disabled
    Enabled
    107
    HQ Access
    Static
    Disabled
    Enabled
    1000
    Test VLAN
    Static
    Disabled
    Enabled
    2000
    Test2 VLAN
    Static
    Enabled
    Enabled
    Port VLAN Membership Table
    Filter:
    Interface Type
    equals to
    PortLAG
    Go
    Interface
    Mode
    Administrative VLANs
    Operational VLANs
    LAG
    GE1
    Trunk
    1UP
    1UP
    GE2
    Trunk
    1UP
    1UP
    GE3
    Trunk
    1UP
    1UP
    GE4
    Trunk
    1UP
    1UP
    GE5
    Trunk
    1UP
    1UP
    GE6
    Trunk
    1UP, 104T, 2000T
    1UP, 104T, 2000T
    GE7
    Trunk
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    GE8
    Trunk
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    GE9
    Trunk
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    GE10
    Trunk
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    1T, 100UP, 101T, 102T, 103T, 104T, 105T, 106T, 107T
    IPv4 Interface TableShowing 1-11 of 1110203050per page
    Interface
    IP Address Type
    IP Address
    Mask
    Status
    VLAN 105
    Static
    10.10.20.1
    255.255.255.0
    Valid
    VLAN 104
    Static
    10.10.30.1
    255.255.255.0
    Valid
    VLAN 2000
    Static
    10.10.110.1
    255.255.255.0
    Valid
    VLAN 1
    Static
    192.168.0.39
    255.255.255.0
    Valid
    VLAN 1000
    Static
    192.168.1.1
    255.255.255.0
    Valid
    VLAN 106
    Static
    192.168.100.1
    255.255.255.0
    Valid
    VLAN 100
    Static
    192.168.110.1
    255.255.255.0
    Valid
    VLAN 107
    Static
    192.168.130.1
    255.255.255.0
    Valid
    VLAN 102
    Static
    192.168.150.1
    255.255.255.0
    Valid
    VLAN 101
    Static
    192.168.210.1
    255.255.255.0
    Valid
    VLAN 103
    Static
    192.168.250.1
    255.255.255.0
    Valid
    Ping
    Host Definition:
    By IP address
    By name
    IP Version:
    Version 6
    Version 4
    <tr id="trSourceIP" display:none"="">
    Source IP:
    Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)Autofe80::5267:aeff:fe3d:83b3(VLAN1)Auto10.10.20.1(VLAN105)10.10.30.1(VLAN104)10.10.110.1(VLAN2000)192.168.0.39(VLAN1)192.168.1.1(VLAN1000)192.168.100.1(VLAN106)192.168.110.1(VLAN100)192.168.130.1(VLAN107)192.168.150.1(VLAN102)192.168.210.1(VLAN101)192.168.250.1(VLAN103)fe80::5267:aeff:fe3d:83b3(VLAN1)
    Destination IPv6 Address Type:
    Link Local
    Global
    Link Local Interface:
    VLAN 1
    Destination IP Address/Name:
    Ping Interval:
    Use Default
    User Defined
    ms (Range: 0 - 65535, Default: 2000)
    Number of Pings:
    Use Default
    User Defined
    (Range: 1 - 65535, Default: 4)
    Status:

    Tom and Michal, your response is much appreciated. You are 100% right. The issue was with the Windows recognizing the VLAN tags. I have tested trunking by using the vmxnet3 driver from VMware and it works. 
    I had another question where I can use your help too. I am not sure how to connect two Cisco SG300 switches - one with L3 mode and the second one with L2 mode. I have configured GVRP for Port 5 of both switches and run a cable connecting to Port 5 of each switch. I have made port 5 of both switches trunk mode ( 1U, 1000T). I have created VLAN 1000 on both switches. With L3 switch, I have added IP Interface (192.168.100.1) to VLAN 1000. My issues is that, I am not able to access the management port (192.168.1.238) of the L2 switch. Note that the L2 switch has only on uplink, which is to the L3 switch. Since the Port 5 also receives untagged traffic from VLAN1 (192.168.1.1), I am assuming that it would receive the management network from VLAN1. 

  • [switchport port-security mac ] on [interface VLAN n?]

    Hello,
    did anyone tried to use the command [switchport port-security mac-address n?] on [interface VLAN n?] ? (for example in a 2950).
    I don't have the material to make that test, and I am not sure if it works or not.
    Many thanks!

    Hi,
    Switchport port-security as the name implies is to be configured on switchport. VLAN interface on the switch is a routed interface and hence, you can't apply any switchport configuration on it and that includes, port security.
    HTH
    Sundar

  • Ip address on created Mangement VLAN shuts down 255 VLAN 1.0 subnet

    My predecessor created a VLAN 255 to replace VLAN 1 as the Management VLAN.  I noticed a some of the switches had there IP's on Fas0 out of band interface. To me it made more sense to put that ip address on a int vlan 255 on all the switches. As I did to my 4th Core Switch I added the ip address *.1.24 and it shut down the entire 255 vlan with affect the .1.0 subnet.  I for the life of me can can't figure out what is causing the problem. It is not like any other device is using the 1.24 ip address and even if it was it should affect access to that device not all other devices on the 1.0 subnet.
    The message in the log (doing the show log command) only shows interface 255 going up and down. The subnet mask is 255.255.255.0 (/24).  I just put the ip in the interface again and pinged devices in the 1.0 subnet when I brought the interface back up yet I could not access any services on the 1.0 subnet from my workstations. I shut the interface again and could access services In that subnet again.

    The VLAN is in the trunk. shouldn't that be enough as for as putting it in the port goes?  I already have the interface shut and configured. When I unshut the entire .1.0 subnet does down. To me it's just so unlogical.

  • Extending VLANs across routed interfaces

    Hello;
    I'm trying to create a L3 core network. The core equipment will be Cisco 3750 enhanced. My idea is make each link between core 3750 a routed interface, with /30 IP addresses.
    The problem is the customer needs some VLANs extended across the full enterprise. Is there any way to encapsulate the VLAN inside routed interface?
    Thanks in advance.

    I realize this thread is 5+ years old, but I feel like commenting anyway.
    If you want to encapsulate the vlan across that link, you won't be able to use routed interfaces.  You will need to use a layer 2 trunk(dot1q).  Therefore, I wouldn't bother with the /30 addresses unless you want to monitor that specific link by IP.  In that case, use a special VLAN just for those two interfaces and put your /30 addresses on the vlan interfaces.
    If you want fast fail over on a layer 2 link, well then, use Rapid STP.  The goal should be to get rid of those flat VLANs that span the core and switch to your original plan of routed interfaces using EIGRP or OSPF.

  • Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper

    Hope that somebody can help me with the setup in the screenshot. 
    Planning to use Auto-Voice VLAN and Smartports to configure VOIP
    LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right? 
    Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
    Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
    But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
    Normal data should pass  the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
    Still confused on how to set it up, hope that someone can point me in the right direction

    If you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
    On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
    For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS.

  • Interface vlan - ACL - pinging issues.

    I'm trying to understand why an ACL which is applied to an interface vlan is affecting the traffic for a different interface vlan.
    Both vlans are configured on the same device and there's a trunk connecting the "access" switch to the "distribution" switch.
    so, what we have is:
    UD-1 UD-1B
    UA
    Int vlan are configured in both UDs and the vlan is allowed in the trunk that connects the UD to the UA.
    There's an ACL blocking traffic to the int vlan 225 ip that is configured in the UA, but there's no ACL on the vlan 185 (the same IP that Im trying to ping).
    So , why is this happening?
    configs:
    UD-1A:
    interface Vlan185
    ip address 10.8.185.3 255.255.255.0
    interface Vlan225
    ip address 10.18.225.3 255.255.255.0
    ip access-group ud1 in
    int gi1/1
    interface GigabitEthernet1/1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 225
    switchport trunk allowed vlan 185,225
    switchport mode trunk
    UD-1B
    interface Vlan185
    ip address 10.8.185.4 255.255.255.0
    interface Vlan225
    ip address 10.18.225.4 255.255.255.0
    ip access-group al_rpf_sre_ud1_pro in
    interface GigabitEthernet4/4
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 225
    switchport trunk allowed vlan 185,225
    switchport mode trunk
    interface Vlan185
    ip address 10.8.185.7 255.255.255.0
    ip access-group ro in
    interface GigabitEthernet1/1
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 225
    switchport trunk allowed vlan 185,225
    switchport mode trunk
    interface GigabitEthernet1/2
    switchport trunk encapsulation dot1q
    switchport trunk native vlan 225
    switchport trunk allowed vlan 185,225
    switchport mode trunk
    so, when I ping 10.8.185.7
    I get:
    GMT-3: ICMP: dst (10.8.185.7) administratively prohibited unreachable rcv from 10.8.185.4
    %SEC-6-IPACCESSLOGDP: list ud1 denied icmp 10.8.185.7 (GigabitEthernet1/1) -> 10.18.232.58 (0/0), 3 packets
    anybody?

    Hello Paresh,
    thanks for replying.
    But, actually I dont think this is what happening.
    Because 10.18.232.58 comes from an uplink - core router, which enters from a different interface.
    Let me give you the configs:
    uplinks:
    interface GigabitEthernet3/1
    no switchport
    ip address 10.18.192.26 255.255.255.252
    And the core are doing load-balancing to reach the UA.
    So, icmp packets are arriving from these 2 interfaces, the uplink gi3/1 (router port) and from the link that connects the UA switch.
    so, pinging from the BC you have 2 ways to get to the UA, from UD1 and UD1-B, when it reaches UD1-B it goes to the vlan (ie. goes down to the UA and up to UD1A).
    Not sure if this is helping.
    If you need any other info let me know.
    this is killing me.

  • Route map does not applied on interface vlan

    Hi all,
    could you pls tell me why i can't apply a route-map on an interface vlan,
    belown my config:
    SWBBO(config-if)#ip policy route-map TEST
                               ^
    % Invalid input detected at '^' marker.
    Cisco IOS Software, C3750E Software (C3750E-UNIVERSALK9-M), Version 15.0(2)SE1, RELEASE SOFTWARE (fc1)
    Technical Support: http://www.cisco.com/techsupport
    Copyright (c) 1986-2013 by Cisco Systems, Inc.
    Compiled Fri 04-Jan-13 01:38 by prod_rel_team
    ROM: Bootstrap program is C3750E boot loader
    BOOTLDR: C3750E Boot Loader (C3750X-HBOOT-M) Version 12.2(53r)SE2, RELEASE SOFTWARE (fc1)
    BBWMASALE01 uptime is 40 weeks, 1 day, 6 minutes
    System returned to ROM by power-on
    System restarted at 22:12:07 UTC Mon Feb 18 2013
    System image file is "flash:/c3750e-universalk9-mz.150-2.SE1.bin"
    Best regards,
    James

    Hi jon,
    belown the result of sh sdm prefer,so need i a licence ip service to apply the route-maap on the interface vlan,or just entrer the config"sdm prefer routing" and reboot the switch?
    SWBB0#sh sdm prefer
    The current template is "desktop default" template.
    The selected template optimizes the resources in
    the switch to support this level of features for
    8 routed interfaces and 1024 VLANs.
      number of unicast mac addresses:                  6K
      number of IPv4 IGMP groups + multicast routes:    1K
      number of IPv4 unicast routes:                    8K
        number of directly-connected IPv4 hosts:        6K
        number of indirect IPv4 routes:                 2K
      number of IPv6 multicast groups:                  64
      number of directly-connected IPv6 addresses:      74
      number of indirect IPv6 unicast routes:           32
      number of IPv4 policy based routing aces:         0
      number of IPv4/MAC qos aces:                      0.5K
      number of IPv4/MAC security aces:                 0.875k
      number of IPv6 policy based routing aces:         0
      number of IPv6 qos aces:                          0
      number of IPv6 security aces:                     60

  • Policy-map input on an interface VLAN

    Hi there,
    I have a problem with a policy-map on an interface VLAN on my Cisco 6509-E.
    The switch has the IOS Version 12.2(33)SXI10, RELEASE SOFTWARE (fc2).
    I have configured this policy-map:
    policy-map PM-10Mbit
      class class-default
       police cir 10000000 bc 1875000 be 3750000    conform-action transmit     exceed-action drop     violate-action drop
     I bind this map on a physical interface
    interface GigabitEthernet2/2
     description <removed>
     ip vrf forwarding <removed>
     ip address <removed>
     ip access-group <removed> out
     service-policy input PM-10Mbit
     service-policy output PM-10Mbit
    and get this result:
    show policy-map interface
    GigabitEthernet2/2
      Service-policy input: PM-10Mbit
        class-map: class-default (match-any)
          Match: any
          police :
            10000000 bps 1875000 limit 1875000 extended limit
          Earl in slot 5 :
            6428065284 bytes
            5 minute offered rate 14696 bps
            aggregate-forwarded 6294160565 bytes action: transmit
            exceeded 133904719 bytes action: drop
            aggregate-forward 584 bps exceed 0 bps
      Service-policy output: PM-10Mbit
        class-map: class-default (match-any)
          Match: any
          police :
            10000000 bps 1875000 limit 1875000 extended limit
          Earl in slot 4 :
            10335145381 bytes
            5 minute offered rate 21536 bps
            aggregate-forwarded 10142894661 bytes action: transmit
            exceeded 192250720 bytes action: drop
            aggregate-forward 128 bps exceed 0 bps
          Earl in slot 5 :
            263335780 bytes
            5 minute offered rate 176 bps
            aggregate-forwarded 263335780 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 448 bps exceed 0 bps
    But when I bind it on an interface VLAN i see no incoming traffic:
    show policy-map interface
     Vlan1012
      Service-policy input: PM-100Mbit
        class-map: class-default (match-any)
          Match: any
          police :
            100000000 bps 18750000 limit 18750000 extended limit
          Earl in slot 4 :
            0 bytes
            30 second offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
          Earl in slot 5 :
            0 bytes
            30 second offered rate 0 bps
            aggregate-forwarded 0 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 0 bps exceed 0 bps
      Service-policy output: PM-100Mbit
        class-map: class-default (match-any)
          Match: any
          police :
            100000000 bps 18750000 limit 18750000 extended limit
          Earl in slot 4 :
            1005376843668 bytes
            30 second offered rate 33016448 bps
            aggregate-forwarded 1005362388151 bytes action: transmit
            exceeded 14455517 bytes action: drop
            aggregate-forward 30943792 bps exceed 0 bps
          Earl in slot 5 :
            1828318775 bytes
            30 second offered rate 1296 bps
            aggregate-forwarded 1828318775 bytes action: transmit
            exceeded 0 bytes action: drop
            aggregate-forward 1272 bps exceed 0 bps
    Is this a bug or am I doing something wrong here?

    Hello
    As I understand it , this is command is required in mls qos because on a SVI ( L3 vlan interface) runs in a vlan-based mode which differs from normal L3 routed interfaces which run in interface mode.
    As per cisco ="In VLAN-based mode, the policy map that is attached to the Layer 2 interface is ignored, and QoS is driven by the policy map that is attached to the corresponding VLAN interface."
    Lastly regards
    Try matching on all traffic incoming on the trunk interface on that switch for it to successfully police incoming traffic:
    class-map V102
    match input-interface x/x
    Policy-map POLICE
    class V102
    Police xxxx xxxx
    res
    Paul

Maybe you are looking for

  • Payment Terms on PO Header is not coming automatically from vendor master

    Hi Experts, I have two plants maintained as vendors in my system. Both have payment terms maintained in the Vendor master (Purchasing as well as Payment Transaction view) but when I create POs (all with the same document type), for one of the vendors

  • Automatic restart of Error-Message in Adapter-Engine (Job?)

    Hi, we are working on PI 7.11 and facing following problem: Often in message-monitoring error-messages are forgotten because of wrong date-selections by the monitorer (not enough days back). It would be very nice, if there is a function witch is repe

  • How to void matching process in accounts payable module

    Hi, I am working on Accounts payable module. in ap where did u setup matching process is optional.it means how to void matching process. give me navigation.. any one knows these answer. please help me Regards Ravi

  • Family Sharing not separating not working

    My wife and I have been using family sharing.  It went well for 3 weeks but in the last week my wife cannot updated any apps that I purchased and we are getting duplicate texts whenever we send and recieve texts.  I've looked at everything.  We are s

  • How to run tools from a java archive

    I used to run Multivalent from http://multivalent.sourceforge.net/ but am now getting error messages like this: Exception in thread "main" java.lang.NoClassDefFoundError: tools/pdf/Impose This happens even when I'm in the directory containing the jar