VLAN 2960 and 3640 can't pass traffic

Unanswered Question
Mar 15th, 2007
User Badges:

I am trying to setup a VLAN between a 2860 switch and a 3640 router.


Attached are samples of my config. I am unable to pass traffic across the VLANs. I think I am missing a command, but I haven't found my problem yet.. I have been staring at the config for hours and need a new set of eyes on it..


I have backed out most of my changes to the 2960. I am thinking the issue is with the 3640 side..


The 3640 is running 12.2(13a)

The 2960 is running 12.2(25r)FX


Any help would be appreciated.. Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ankbhasi Thu, 03/15/2007 - 22:56
User Badges:
  • Cisco Employee,

Hi Friend,


Are the machines in respective vlans able to ping their gateway?


Also can you paste the output of "sh ip route" from your router?


Regards,


Ankur

paarlberg Fri, 03/16/2007 - 04:05
User Badges:

The output of sh ip route shows that the IP addresses of the different VLANs are directly connected, as it should.


The machines can't ping their gateways.

glen.grant Fri, 03/16/2007 - 01:42
User Badges:
  • Purple, 4500 points or more

On the router try this .


interface FastEthernet1/0.11

description Switch Management VLAN

encapsulation dot1Q 11 native

ip address 10.40.1.1 255.255.255.0


Also not sure what you are doing with this entry , router can be managed with any active address on the box.


interface FastEthernet1/0.10

description Router Management VLAN

encapsulation dot1Q 10

ip address 10.40.0.1 255.255.255.0

-----------------------------------------------


On the switch side get rid of "all" the layer 3 SVI's you have in there , they are not needed except one . "no interface vlan 12, no interface vlan 10 etc.... You won't be able to get rid of interface vlan 1 , just make sure it is shutdown. . Leave interface vlan 11 .do not get rid of the layer 2 vlan definitions .


Put the switch in vlan 11 as this appears to be your management vlan .


interface Vlan11

ip address 10.x.x.17 255.255.255.0

no ip route-cache

no shut



on the uplink add

switchport trunk native vlan 11



paarlberg Fri, 03/16/2007 - 04:03
User Badges:

Thanks, I will try that. I created a few management VLANs and wanted to use Private IP addresses and only allow connections to the routers, switches and power strips via the internal network only.

paarlberg Fri, 03/16/2007 - 04:57
User Badges:

That didn't work..


Here is what I am trying to do.. maybe this will make it easier..


I will have the following VLANs


VLAN <99 internal and management VLANs

VLAN 100 windows shared hosting VLAN

VLAN 300 linux shared hosting VLAN

VLAN 500-699 windows dedicated hosting VLAN 1 vlan per client

VLAN 700-899 linux dedicated hosting VLAN 1 vlan per client


Each VLAN will most likely have more than 1 port on the switch assigned to it. Currently it looks like this..

Fa0/1 no vlan at the moment (mail firewall)

Fa0/2 - Fa0/7 VLAN 300

Fa0/9 - Fa0/14 VLAN 100


Int Gi0/1 is the uplink to router 1 on Fa1/0, Gi0/2 will go to router 2 at a later time for redundancy.


Temporarily, on the switch Fa0/21 has a feed to our upstream provider in the colo, and Fa0/22 goes to Router 1 on Fa0/0. This will be removed once the switch is up with VLANs configured.

paarlberg Fri, 03/16/2007 - 05:14
User Badges:

I think I just figured out why it wasn't working..


I moved the IP on the router to Fa0/0 as a secondary IP. I removed the VLAN from the switch port and now I can get thru. It appears that the cable from Fa1/0 isn't correct, it shows a link but no traffic crosses it. It was a shot in the dark test, but removes the cable from the equation. Time to go to the DC with some new cables.

Actions

This Discussion