VLAN routing on Catalyst plus external WAN router issue......
Hi,
Bit of advice if possible.
I've got a project to implement VLAN's on a MAN, which is easy enough, using CAT4506 and a mixture of 3750 and 2950 switches. The Vlan aspect is OK but I'm a bit unsure as to how to integrate the WAN into the design.
I have two core WAN access sites each with 2 * cat4506 switches of which one at each site attach to a WAN router (3725)
The CAT4506 switches will be doing the vlan routing but the 3725 routers (one at each site in a HSRP group) will be routing the WAN. Obviously these need to be attached to the catalysts for WAN access. As I have seperate routers for vlan routing and wan routing, what is the best way to configure this ?????
Is configuring a seperate VLAN for the routers the best idea ? or is it best to use the sub interface option on the router ethernet ports ?
Do I just use a static route of last resort on the Catalyst pointing to the routers ?
Help :-)
When you arte still in the design-phase, I want to strongly discourage you from designing a network with vlans that span multiple sites.
You will always run int STP issues in one way or another. The following link will give some sensible information on this subject:
http://www.cisco.com/en/US/netsol/ns340/ns394/ns147/ns17/networking_solutions_white_paper09186a00800a3e16.shtml
I hope that it will point you to the right (or at leats an optimal) solution for your specific design.
Regards,
Leo
Similar Messages
-
Inter-vlan routing issues (one device isn't pingable from one VLAN, is pingable from others).
Greetings network wizards,
I'm facing an interesting issue in our enterprise network.
There is management VLAN. There are various devices in management VLAN (e.g. WLC controllers, SVIs for management on our catalysts, interfaces for management of servers, ...).
There are also other VLANs (office100, office101, printers, technology, ...). I'm unable to ping one device on our management VLAN from office VLAN. From all other VLANs, the ping works fine.
In terms of CLI (where a.b.c.d is problematic destination addres in management VLAN):
ping a.b.c.d. source vlan 20 = success
ping a.b.c.d source vlan 50 = success
ping a.b.c.d source vlan 90 = success
ping a.b.c.d source vlan 101 = failure
The ping is launched from either of our two L3 switches and the a.b.c.d address belongs to computer shown in the bottom of the picture.
The excerpt of our physical topplogy can be seen below.
The L3 switches depicted above are our two 4506 catalyst switches with SVIs for our multiple VLANs. There is also HSRP group for each VLAN on our L3 switches.
I checked all the relevant data structures (arp, mac, fib, adjacency tables) and everything seems OK. What is also worth to mention, is the fact, that the IP address of the switch shown in the bottom of the picture is in same VLAN as the device represented by PC attached to the switch in the bottom. That management SVI of the switch is pingable and working regardless of the source VLAN.
Any help would be appreciated.
Best regards,
SZHi,
I'm afraid, that the configuration you posted above won't solve my issues. It is so because of following packet flow:
Ping from VLAN 101 (office) to VLAN 900 (management) flows to either of my L3 switches. L3 switch takes a look at the destination IP addres and assumes, he should use VLAN900. Thus, he uses VLAN900 SVI, encapsulates the frame to VLAN900 802.1q frame and sends it out of the appropriate trunk (the appropriate trunk is identified by destination IP address and corresponding MAC address).
Please, keep in mind that the topology is only excerpt and other switches are physically present, too (but not shown here). These other switches have clients from VLAN101 attached and these clients can easily ping the access switch (VLAN900) shown in the picture, but they're unable to ping the PC (VLAN900) attached to the same access switch. PC's switchport is assigned to correct VLAN. The frame coming from VLAN101 from another switch (not shown in picture) is rerouted at L3 switch and is put on trunk as VLAN900 frame. Then it flows down to the access switch. STP and trunks are fine ... because:
If I had STP issue or trunk misconfiguration in place, I wouldn't be able to reach the access switch (from whatever VLAN). In my current situation, I'm able to reach it easily.
Best regards,
SZ -
RV180 Router: Cannot get Inter-VLAN Routing to work.
I have been banging at this now for two days and just cannot get Inter-VLAN routing working to work on this router.
Here is the est-up:.
Upgraded to latest Cisco firmware (1.0.1.9).
Starting with factory default settings, I added 2 VLANS as follows:
vlan default(id=1): dhcpmode=server IP=192.168.1.1/24 port 1
vlan vlan2 (id=2): dhcpmode=server IP=192.168.2.1/24 port 2
vlan vlan3 (id=3): dhcpmode=server IP=192.168.3.1/24 port 3
(unconnected)
WAN port
|
Routing/NAT
|
vlan ip 192.168.1.1 192.168.2.1 192.168.3.1
vlan name default vlan2 vlan3
vlan id ID=1 ID=2 ID=3
Inter-VLAN Routing No Yes Yes
Port 1 Untagged Excluded Excluded
Port 2 Excluded Untagged Excluded
Port 3 Excluded Excluded Untagged
Port 4(not of interest) Untagged Excluded Excluded
Port 1 Port 2 Port 3
| | |
AdminPC PC2 PC3
192.168.2.191 192.168.3.181
PC2 gets assigned an IP Address of 192.168.2.191 (DGW=192.168.2.1) - OK
PC3 gets assigned an IP Address of 192.168.3.181 (DGW=192.168.3.1) - OK
PC2 with (IP 192.168.2.191) can ping 192.168.2.1 and 192.168.3.1 - OK
PC3 with (IP 192.168.3.181) can ping 192.168.3.1 and 192.168.2.1 - OK
BUT....
PC2 cannot ping PC3 - NOT WORKING
PC3 cannot ping PC2 - NOT WORKING
(does not work in both Gateway Mode and Router Mode)
ANYONE CAN HELP ME FIGURE OUT WHY ??????
Your help is much appreciated.
I bought this device specifically because it supported inter-VLAN routing!.
Venu
Supporting Information:
Screen captures:
VLAN Membership:
VLAN ID Description Inter VLAN Device Port 1 Port 2 Port 3 Port 4
Routing Mgment
1 Default Disabled Enabled Untagged Excluded Excluded Untagged
2 VLAN2 Enabled Enabled Excluded Untagged Excluded Excluded
3 VLAN3 Enabled Enabled Excluded Excluded Untagged Excluded
Multiple VLAN Subnets:
VLAN ID IP Address Subnet Mask DHCP Mode DNS Proxy Status
1 192.168.1.1 255.255.255.0 DHCP Server Enabled
2 192.168.2.1 255.255.255.0 DHCP Server Enabled
3 192.168.3.1 255.255.255.0 DHCP Server Enabled
Routing Table (Gateway Mode)
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 bdg3 Dynamic UP
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 bdg1 Static UP,Gateway
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic
Routing Table (Router Mode)
(Same)cadet alain, you hit the nail on the head. The router was doing Iner-VLAN routing, but the PCs were blocking the pings because they came from another subnet. Thank you for your help in resolving this.
I have a follow-up question if I may - I need to add a default route but can't seem to find a way to do that. Tried adding a static route with IP=0.0.0.0 Mask=0.0.0.0 but it will not allow it. My current routing table looks like this:
Destination Gateway Genmask Metric Ref Use Interface Type Flags
127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 lo Static UP,Gateway,Host
192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 bdg2 Dynamic UP
192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 bdg1 Static UP
127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo Dynamic UP
It routes all packets to VLAN2 and VLAN3 correctly; but if a packet arrives to any other network address, I would like to get it to forward to another gateway on VLAN2 (at address 192.168.2.254). Can't seem to find a way to add a default route. -
Inter Vlan Routing on a Cisco 861 Router
Hi all
I have a Network with 2 Subnets (2 DHCP servers) , Cisco Switch and a Cisco 861 Router.
On the Router
Fa 4 (WAN port) is connected to the ADSL line
All other 4 ports which are layer 2 ports
I need to achieve inter vlan routing
I have created 2 SVI's and assigned the default ip address on these SVI vlans
I have selected fa 3 as the uplink trunk port that connects to the Switch.
The config on the Fa 3 Trunk port is as shown below
switchport mode trunk
switchport trunk encapsulation dot.1q
switchport trunk allowed vlan all
This config does not show up on the Show Run config even though i did configure it. Is that normal ?
so will inter vlan routing work in this way ?
there should be only one connection between switch and router
Many Thanks.Hi David,
I have enabled what you have specified above which has blocked traffic both ways but it seems to be ignoring all rules to allow RDP, SMTP, IMAP, FTP ect. Settings shown below:
Rules 34 - 38 seem to be ignored for some reason not sure why?
Kind Regards
Richard -
How to configure switch to route ISP ethernet handoff? (L3 or VLAN routing)
I have an ISP providing a redundant internet circuit through Ethernet handoff, and I need to route their border network to my firewall which will hold the public IP address block. The handoffs will go into 2 3750 switches stacked, which in turn will be uplinked to an ASA active/standby pair. How do I configure the switches to handle the traffic? The equipment isn't in place yet so I can't test the configuration; just trying to validate the plan. I'm not sure of the pros/cons of using L3 switchport vs VLAN routing.
Example, ISP provides 2 drops, 10.10.10.1/29 and 10.10.10.2/29, and a virtual gateway to route traffic out to the internet, 10.10.10.3/29 (FYI - in reality these are public IP's, just using privates for example). Assume the public block is 192.168.0.0/24. I need to configure the 3750 switches with interfaces of 10.10.10.4/29 and 192.168.0.1/24. The ASA firewall outside interface will be 192.168.0.2/24.
The ISP routes everything destined for 192.168.0.0/24 to 10.10.10.4/29. I need to route all outbound internet traffic to 10.10.10.3/29.
So the 3750 would have a layer 3 port-channel with IP 10.10.10.4/29 to uplink to the ISP drops. It will also have another layer 3 port-channel with IP 192.168.0.1 (or should I use a VLAN interface for both or either?). The ASA outside interface will be 192.168.0.2. On the ASA my default route out is 0.0.0.0 0.0.0.0 192.168.0.1. The default route on the 3750 stack will be 0.0.0.0 0.0.0.0 10.10.10.3.
Thoughts?
[ISP-BORDER1-10.10.10.1]
[INTERNET]----[ISP-BORDER-VIP-10.10.10.3] [3750-L3-PORT-10.10.10.4/192.168.0.1]----------[ASA-192.168.0.2]
[ISP-BORDER2-10.10.10.2]Hi,
Any update on above queries.
Need Solution. -
Vlan routing with Linksys sge2000
hi I have a Linksys sge2000 with two vlans, one has interface 192.168.50.10 /18 and the second has 192.168.30.10 /24, I need to get communication between these networks, because few computers must access to other network, so that’s why I ask you for some help, because until now I couldn’t find if its possible in this switch thank you in advanceDaniel
it is not possible for those 2 vlans to communicate with each other unless you hook up a router to those 2 vlans. the device is not capable for inter vlan routing alone so you will need to use layer 3 device.
-
RV130W Inter-VLAN Routing occurs even when disabled
On my RV130W I have two VLANs set up:
VLAN1:
VLAN100:
Inter-VLAN Routing is NOT enabled:
Why then am I able to ping hosts in a different VLAN?
Does this require a bug fix?I put my theory to the test and it worked as I thought
which is that vlan 101 could get to vlan 102 and vice versa
but vlan 1 could get to either and vice versa
I take it that this is probably due to how the router os is setup and hardware options on it
based on that there is probably only a couple of real interfaces
and that the vlan 1 is assigned to the one of them or to the switch interface
and the other vlans are just attached to it,
vlan 1 has to be able to cross communicate due to my guess that there aren't enough real interfaces
in that vlan is the end gateway and the other vlans are just virtual gateways if you will
This is what I did with the ports
In my lab I actually don't assign vlan 1 to any ports at all, nothing is on it except that actual router
but I left it on a port for you to see, as it might be handy to connect to in worst case scenarios
which works because of routing
as to whether its a feature or a bug or a limitation is hard to say without more info from cisco -
Migrating: Collo being difficult :( need some simple vlan/routing answers)
Hello,
I just purchased 2xc2950's, and a 515E.
One 2950 is for outside, one inside, with the 515E protecting the inside.
We have been renting these devices from our collocation, and the lease is up. So we've decided to manager our own, BUT, now they're being difficult with giving me ANY kind of information, (like configs, etc).
What I do know, is that the outside switch has at least 4 vlans.
With the 515E having settings such as:
nat from xxx.xxx.43.xxx to {inside}
nat from xxx.xxx.42.xxx to {inside}
What I would like to know, is what would be the best way to "migrate" everything over.
1. We have a redundant internet feed, is this possible with vlans?
2. What is it called, where all the vlans route traffic to the single port (firewall)? interVLAN?
3. Is it possible to link our 2950 internal to their internal? and slowly move the connections over?
4. would I need their routing tables to set things up properly?
Any help would be appreciated!
ps. anyone from the toronto area who's a cisco export that I can pick their brain for a day $$$ of course, let me know.yes, it is possible to have a redundant internet feed, and it is possible with vlans. All the vlans route traffic to the single port (firewall)? interVLAN and this intervaln routing is same as normal one. Is it possible to link your 2950 internal to their internal but different network IP and VLANS may be assigned.
-
ACE design with inter-Vlan routing
Hello all.
I'm working on a design for a customer where the ACE will perform inter vlan routing.
A few questions about that :
- is routed traffic enforced in hardware with some kind of CEF-like mechanism ? (I suppose yes because there is a FIB ? per
https://supportforums.cisco.com/docs/DOC-19253 ) we expect a certain load and routing is software will not be acceptable
- if I put my VIPs within the VLANs hosting the application, is there any restriction on accesses made to this VIP (if the VIP is reached after the routing process is performed) ?
example :
VLAN2 (client) ----- ACE ----- VLAN3 (servers)192.168.2.0/24 192.168.3.0/24
If I try to access the VIP (192.168.3.20) from a PC in the VLAN2 (192.168.2.15) does it work ?
I assume yes because the VIP appears as a connected /32 in the routing table, I just want to be sure to not fall into some tricky part of code because the access to the VIP is done after the routing process. I just want to be sure there is no drawback / restriction about that.
Thanks in advance.Hello Surya!
Yes this is possible. You can reach the VIP from one VLAN to another (The VIP is not really inside of the VLAN). Important is to check your ACLs and you need to have the service-policy either globally or local on both VLAN-interfaces.
And I guess there is nothing like CEF implemented in the ACE, because it is not needed there.
Cheers,
Marko -
Inter VLAN Routing for IEC 61850
Hello,
Hoping someone can help me with this query. I'm in the process of configuring two CGS2520 switches located in two electrical substations. Each of these switches have Protection Relays and Remote Terminal Units (RTUs) connected to them. These devices communicate with each other as follows:
IEC 61850 GOOSE: http://en.wikipedia.org/wiki/Generic_Substation_Events
IEC 61850 MMS: http://en.wikipedia.org/wiki/IEC_61850
- Protection Relay to Protection Relay communication within either substation (Using IEC 61850 GOOSE - VLAN 11 and VLAN 21)
- Protection Relay to Protection Relay communication between substations (Using IEC 61850 GOOSE - VLAN 50)
- RTU to Protection Relay (Using IEC 61850 MMS - VLAN 10 and VLAN 20)
I've attached an image (hope that clears things out). Basically GOOSE traffic is VLAN tagged and and the MMS traffic is untagged.
I need to be able to route between VLAN 10 and VLAN 20 between the substations and I want to allow VLAN 50 between the substations. How do I go about configuring this?
So far I've configured the interfaces as follows:
Switch A2:
Fa0/5 and Fa0/7 (Protection Relay Ports)
port type nni
switchport trunk native vlan 10
switchport trunk allowed vlan 11, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 10
Switch B1
Fa0/4 and Fa0/5 (Protection Relay Ports)
port type nni
switchport trunk native vlan 20
switchport mode allowed vlan 21, 50
switchport mode trunk
Fa0/3 (RTU Port)
port type nni
switchport access vlan 20
Locally at each substation this seems to work (I can ping the Protection Relays from the RTU port and the Protection Relays send each other GOOSE messages). However I don't know how to configure the inter vlan routing (I want to be able to ping a Protection Relay Substation B from the RTU Port at Substation A) at and how to configure the switch interfaces that connect to each other?
Any help is much appreciated.
Thanks
DarshHello DarshanaD,
Could you fix this? Im asking because I have the same problem right now.
I'll appreciated if you can tell me how did you configure the inter VLAN routing.
Thanks
Ali -
Inter-VLAN routing, Auto-Voice VLAN and IP Address-Helper
Hope that somebody can help me with the setup in the screenshot.
Planning to use Auto-Voice VLAN and Smartports to configure VOIP
LLDP-MED will be enabled on the switch to detect the IP phones so they will be moved to the Voice VLAN (If not the first 6 signs will be added to the OID table). The Voice VLAN ID will be 2 >> Voice VLAN will be automatically enabled once a device is recognized as a IP phone right?
Workstations will be connected to the Cisco switch, VLAN data will be untagged and will remain on the native VLAN.
Smartports will be used to configure the ports (Macro's) >> Should configure the ports as trunks as assigns the correct VLANs right?
But how do i configure the IP Helper-Address? Do i have to create the Voice VLAN on both switches and then run the command "IP Helper Address" to specify a DHCP server? From what i've been reading it's required, when using Inter-VLAN routing, to configure the VLAN interface with an IP address. But it's going to give problems when both switches are connected to eachother and both have the same VLAN configured including the same IP address assigned to their VLAN interface?
Normal data should pass the ASA firewall, VOIP traffic should go through the Vigor modem to a hosted VOIP provider. The best way, i assume, is to configure 2 separate scopes on the DHCP server?
Still confused on how to set it up, hope that someone can point me in the right directionIf you're sending voice to only the Vigor modem then there is no need for a trunk between the SF-300 and the Vigor modem. You can just set that to an untag packet for the VLAN 2 between that switch and the Vigor modem.
On the 'edge' SF300 where the IP phone/PC is it is obviously going to interoute there and of course the phone port is tagged and PC port is untagged.
For the IP helper, it uses UDP-RELAY and it should be enabled on the port itself and enabled on the global configuration. You may also need option 82. Also keep in mind, depending how your DHCP server works, it may need option 82 configured as well or at least a route to understand the subnets in the layer 3 environment to get traffic across the VLANS. -
Hi, I could use some help with an issue I'm experiencing setting up a lab environment, just getting into learning some networking. Using a 2960S-24PD-L switch, running the 'lanbase-routing' template and IOS is 15.2.
I have created a few VLANs (vlan10, vlan 20 & vlan100) & SVIs, 'ip routing' has been run and all, well most, inter-vlan routing is working. VLAN100 (IP 10.100.0.254/16) is on G1/0/24, connected to a TMG server IP 10.100.0.1/16. On the TMG server I added the routes and can connect to all vlans on the switch. The problem is any hosts on vlan10 or vlan20 can't connect to the TMG server; I can ping the SVI 10.100.0.254, but not the TMG at 10.100.0.1. All ports are configured as access ports and routing between the vlans is otherwise working. So in summary, TMG-->switch is working, switch-->TMG not so much :0).
Not sure what I'm missing but wouldn't be surprised if it's something simple I overlooked, still very much a network noob!! Any help is appreciated, I can post configs tomorrow when I get back to the switch.
Thanks.Thanks Reza. The hosts are using the SVI address, so hosts on VLAN10 use 172.16.10.254/24 for the GW, and hosts on VLAN20 use 172.16.20.254/24 for the GW. VLAN100 GW is 10.100.0.254/16. From the switch itself I'm unable to ping the TMG at 10.100.0.1/16. I thought it might be a firewall on the TMG but Windoze fwall is off and I've added a rule to allow incoming pings from the internal side. I can't seem to get this working :0(
sw01#sh run
Building configuration...
Current configuration : 3139 bytes
! Last configuration change at 23:21:36 EST Sat Jul 12 2014
! NVRAM config last updated at 23:08:52 EST Sat Jul 12 2014
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
hostname sw01
boot-start-marker
boot-end-marker
enable secret
enable password
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-c2960s-24pd-l
ip routing
spanning-tree mode rapid-pvst
spanning-tree extend system-id
vlan internal allocation policy ascending
interface FastEthernet0
no ip address
no ip route-cache
shutdown
interface GigabitEthernet1/0/1 - 21
interface GigabitEthernet1/0/22
switchport access vlan 10
switchport mode access
interface GigabitEthernet1/0/23
switchport access vlan 20
switchport mode access
interface GigabitEthernet1/0/24
switchport access vlan 100
switchport mode access
interface GigabitEthernet1/0/25
interface GigabitEthernet1/0/26
interface TenGigabitEthernet1/0/1
interface TenGigabitEthernet1/0/2
interface Vlan1
no ip address
shutdown
interface Vlan10
ip address 172.16.10.254 255.255.255.0
interface Vlan20
ip address 172.16.20.254 255.255.255.0
interface Vlan100
ip address 10.100.0.254 255.255.0.0
ip http server
ip http secure-server
ip route 0.0.0.0 0.0.0.0 10.100.0.1
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
end
sw01#
sw01#
sw01#
sw01#
sw01#ping 172.16.10.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.10.254, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 ms
sw01#ping 172.16.20.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.20.254, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
sw01#ping 10.100.0.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.254, timeout is 2 seconds:
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/5 ms
sw01#ping 10.100.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.100.0.1, timeout is 2 seconds:
Success rate is 0 percent (0/5)
sw01# -
Migrate network segment to vlan routing with dlsw+
Currently, the dlsw are terminated on the core router which has token ring interface. The rest of the network are segmented using ethernet interface on the core router.
I need to migrate the network segment on the core router to cat6509 which will run inter-vlan routing.
My concern is when I move down the bridge group from the router ethernet, any issue will arise?
core router core router
| |
cat6509--------cat6509Hi,
My HQ router running SRB/TB to allow ethernet segment at HQ router to access IBM host. There is an active dlsw peer to BR1 and backup peer to BR2.
L1 and L2 are links between gigabit interface to routed port at core switch which running bridge group 1.
CS2 will be the root for vlan 20,40,200. CS1 will be the root for vlan 10,30,100.
L3 and L4 are trunk link to CS1 and CS2. AS1 is connected to DS1 on a port assigned to VLAN200. SNA client is on vlan 200.
Vlan 20,40,200 are assigned to bridge group 1.
For normal operation, SNA client establish circuit to the host. From CS1, I can see host mac address learn through bridge which is from gigabit interface connected to BR1. From CS2, I can see the host mac address learn through port channel.
When L4 link down, the circuit still maintain with interruption. This time CS2 does not display any host mac address due DS1 will forward vlan 200 to CS1. The SNA traffic will go direct to BR1.
During L4 recover ( meaning reconnect back the lost connection), I can see host mac address learn through vlan 20,40,200.
After the mac aging, all mac address disappear and I cant establish any SNA session. What could be the problem for this? -
Hello,
Searched through conference and still have no resolution.
Switch: Cisco SGE 2000
Layer3 mode enabled through console
swich has following configuration (from lcli):
console# sh version
SW version 3.0.0.18 ( date 08-Nov-2009 time 16:21:37 )
Boot version 2.0.0.03 ( date 18-May-2009 time 11:44:56 )
HW version 00.00.01
console# sh running-config
interface port-channel 1
switchport mode trunk
exit
vlan database
vlan 10
exit
interface range ethernet g(12,24)
channel-group 1 mode auto
exit
interface vlan 1
ip address 192.168.16.5 255.255.255.0
exit
interface vlan 10
ip address 192.168.14.2 255.255.255.0
exit
ip route 0.0.0.0 0.0.0.0 192.168.16.3
username admin password aaaaaaaaaaaaaaaaaaa7e61ed2b3086 level 15 encrypt
ed
console# sh ip interface
Proxy ARP is disabled
IP Address I/F Type Directed Precedence
Broadcast
192.168.14.2/24 vlan 10 Static disable No
192.168.16.5/24 vlan 1 Static disable No
console# sh vlan
Vlan Name Ports Type Authorization
1 1 g(1-11,13-23),ch(1-8) other Required
10 10 permanent Required
console# sh ip route
Maximum Parallel Paths: 1 (1 after reset)
Codes: C - connected, S - static
S 0.0.0.0/0 [1/1] via 192.168.16.3 2:42:31 vlan 1
C 192.168.16.0/24 is directly connected vlan 1
Question 1:
Why route table does not show VLAN 10 as directly connected?
Question 2:
Why I can't ping VLAN 10 interface (see below)
console# ping 192.168.14.2
Pinging (192.168.14.2) with 56 bytes of data:
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
PING: no reply from 192.168.14.2
PING: timeout
----192.168.14.2 PING Statistics----
4 packets transmitted, 0 packets received, 100% packet loss
Question 3:
How to setup inter-vlan routing properly?
Question 4:
May be I need to just reload switch?
P.S.
This note - http://www.cisco.com/en/US/products/ps9967/products_qanda_item09186a0080a36455.shtml
has a sample with 2 interfaces where 2 routes showed as "Local" (directly connected).
The only difference that I jave 2 VLAN instafaces instead of physical interfaces.
Thank you!Finally I did it. Looks like you need add at least one port to VLAN membership. Even TRUNK port.
console# configure
console(config)# int port-channel 1
console(config-if)# switchport trunk allowed vlan add 10
console(config-if)# exit
console(config)# exit
console# sh interfaces switchport port-channel 1
Port : ch1
Port Mode: Trunk
Gvrp Status: disabled
Ingress Filtering: true
Acceptable Frame Type: admitAll
Ingress UnTagged VLAN ( NATIVE ): 1
Port is member in:
Vlan Name Egress rule Port Membership Type
1 1 Untagged System
10 10 Tagged Static
Forbidden VLANS:
Vlan Name
Classification rules:
console# sh ip route
Maximum Parallel Paths: 1 (1 after reset)
Codes: C - connected, S - static
S 0.0.0.0/0 [1/1] via 192.168.16.3 3:9:8 vlan 1
C 192.168.14.0/24 is directly connected vlan 10
C 192.168.16.0/24 is directly connected vlan 1
console# ping 192.168.14.2
Pinging (192.168.14.2) with 56 bytes of data:
56 bytes from 192.168.14.2: icmp_seq=1. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=2. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=3. time=0 ms
56 bytes from 192.168.14.2: icmp_seq=4. time=0 ms
----192.168.14.2 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0 -
Hi there,
I've got a problem with VLAN routing.
First said, I'm new to VLAN's.
I've set up a Debian DHCP Server with following VLANS:
eth0 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:360 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:1000
RX bytes:28838 (28.1 KiB) TX bytes:16833 (16.4 KiB)
eth0.1 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.1.0.1 Bcast:10.1.15.255 Mask:255.255.240.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.5 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.105.100.1 Bcast:10.105.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.10 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.110.100.1 Bcast:10.110.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:347 errors:0 dropped:0 overruns:0 frame:0
TX packets:139 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:26816 (26.1 KiB) TX bytes:15165 (14.8 KiB)
eth0.15 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.115.100.1 Bcast:10.115.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
eth0.20 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.120.100.1 Bcast:10.120.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:5 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:230 (230.0 B) TX bytes:0 (0.0 B)
eth0.30 Link encap:Ethernet HWaddr b8:27:eb:69:d0:18
inet addr:10.130.100.1 Bcast:10.130.103.255 Mask:255.255.252.0
UP BROADCAST RUNNING MULTICAST MTU:1500 Metric:1
RX packets:4 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:184 (184.0 B) TX bytes:0 (0.0 B)
lo Link encap:Local Loopback
inet addr:127.0.0.1 Mask:255.0.0.0
UP LOOPBACK RUNNING MTU:65536 Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:0
RX bytes:0 (0.0 B) TX bytes:0 (0.0 B)
and the switch configuration is the following: (shortened for the problems purpose)
switchcfd817#show running-config
config-file-header
switchcfd817
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system queues-mode 4
file SSD indicator encrypted
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
vlan database
vlan 2,5,10,15,20,30
exit
voice vlan id 15
voice vlan state disabled
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp relay address 10.110.100.1
ip dhcp relay enable
bonjour interface range vlan 1
hostname switchcfd817
re: <space>, Quit: q or CTRL+Z, One line: <return> ip ssh password-auth : <return>
clock timezone " " 1
clock summer-time web recurring eu
ip domain polling-interval 18
ip address 10.1.0.10 255.255.240.0
no ip address dhcp
ip dhcp relay enable
interface vlan 2
name Admin
ip address 10.102.100.10 255.255.252.0
interface vlan 5
name Guests
ip address 10.105.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 10
name Server
ip address 10.110.100.10 255.255.252.0
interface vlan 15
name Voice
ip address 10.115.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 20
name Printer
ip address 10.120.100.10 255.255.252.0
ip dhcp relay enable
interface vlan 30
name "Mechanical Engineers"
ip address 10.130.100.10 255.255.252.0
ip dhcp relay enable
interface gigabitethernet1/1/19
switchport trunk allowed vlan add 10,20,30
interface gigabitethernet1/1/20
switchport trunk native vlan 10
interface gigabitethernet1/1/25
switchport mode access
switchport access vlan 5
interface Port-channel1
description data-syn-1
exit
macro auto built-in parameters printer $native_vlan 20
macro auto built-in parameters host $max_hosts 10 $native_vlan 1
With a client connected to a VLAN 30 or VLAN 10 port I get an IP from the DHCP, so DHCP relaying works.
Now the Problem:
I want to ping the DHCP Server on it's VLAN 10 IP 10.110.100.1 from VLAN 5 (static IP: 10.105.100.50 GW: 10.105.100.10)
this shows the routes automatically setup by the switch:
switchcfd817#show ip route
Maximum Parallel Paths: 1 (1 after reset)
IP Forwarding: enabled
Codes: > - best, C - connected, S - static,
R - RIP
C 10.1.0.0/20 is directly connected, vlan 1
C 10.105.100.0/22 is directly connected, vlan 5
C 10.110.100.0/22 is directly connected, vlan 10
C 10.120.100.0/22 is directly connected, vlan 20
C 10.130.100.0/22 is directly connected, vlan 30
and the ARP list from the switch:
switchcfd817#show arp
Total number of entries: 2
VLAN Interface IP address HW address status
vlan 5 gi1/1/25 10.105.100.50 00:80:80:8a:61:14 dynamic
vlan 10 gi1/1/19 10.110.100.1 b8:27:eb:69:d0:18 dynamic
I'm able to ping 10.110.100.10 (Switch on VLAN10) from VLAN 5 but not the DHCP Server.
What am I missing there?
best regards
SundyphaAfter mirroring port GE19 (DHCP Server) I see that the Switch is sending the ping packet to the DHCP Server. But without a VLAN Tag. So what do I have to do, to let the DHCP Server accept VLan10 as it's native? or better, to let the swtich tag the native vlan on a trunk interface to prevent double-tagged packets? And the Switch also does an ARP Request who has 10.110.100.1 despite it should know it in it's ARP Table.
Maybe you are looking for
-
Hi Guys I am trying to do Planning for GL - by using transaction code GP12n with the Planner Profile SAPFIGL and the Summary Table GLT0 and it works all fine; However, now I have a requirement to be able to plan for the same GL account with postings
-
Export a subset of an iTunes library.
I have a MacBook Pro with a large iTunes library. I have just bought a MacBook Air for travel purposes. I want to transfer a subset of my main iTunes library so I can take it with me when I travel. I used HomeSharing. It transfers the selected songs,
-
Erroneous errors in sccheck output?
Hi All, I'm using Solaris 10 u6 & Sun Cluster 3.2 u2 to build out a cluster framework. I'm seeing 2 errors in the sccheck log output and I'm suspicious that they are false positives: 1. CHECK ID : 1212 SEVERITY : CRITICAL PROBLEM : Unsupported Real T
-
File Properties (Meta Data) and Indexing
Meta Edit™ Find what you need, when you need it. If you manage a large network or portal, chances are that there are thousands of documents floating around that are difficult to locate due to poor file property information. With MetaEdit™, it's easy
-
Import iPhotos Events into Photos and maintain previous structure?
I'm a long time iPhoto user and have about 45,000 photos from over a 30 year period that are organized into separate events with the event title being Year-Month-Activity. Such as "2015-4 Easter". It was painful to create those events but once they