VLAN 2960 and 3640 can't pass traffic

Unanswered Question
Mar 15th, 2007

I am trying to setup a VLAN between a 2860 switch and a 3640 router.


Attached are samples of my config. I am unable to pass traffic across the VLANs. I think I am missing a command, but I haven't found my problem yet.. I have been staring at the config for hours and need a new set of eyes on it..


I have backed out most of my changes to the 2960. I am thinking the issue is with the 3640 side..


The 3640 is running 12.2(13a)

The 2960 is running 12.2(25r)FX


Any help would be appreciated.. Thanks



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ankbhasi Thu, 03/15/2007 - 22:56

Hi Friend,


Are the machines in respective vlans able to ping their gateway?


Also can you paste the output of "sh ip route" from your router?


Regards,


Ankur

paarlberg Fri, 03/16/2007 - 04:05

The output of sh ip route shows that the IP addresses of the different VLANs are directly connected, as it should.


The machines can't ping their gateways.

glen.grant Fri, 03/16/2007 - 01:42

On the router try this .


interface FastEthernet1/0.11

description Switch Management VLAN

encapsulation dot1Q 11 native

ip address 10.40.1.1 255.255.255.0


Also not sure what you are doing with this entry , router can be managed with any active address on the box.


interface FastEthernet1/0.10

description Router Management VLAN

encapsulation dot1Q 10

ip address 10.40.0.1 255.255.255.0

-----------------------------------------------


On the switch side get rid of "all" the layer 3 SVI's you have in there , they are not needed except one . "no interface vlan 12, no interface vlan 10 etc.... You won't be able to get rid of interface vlan 1 , just make sure it is shutdown. . Leave interface vlan 11 .do not get rid of the layer 2 vlan definitions .


Put the switch in vlan 11 as this appears to be your management vlan .


interface Vlan11

ip address 10.x.x.17 255.255.255.0

no ip route-cache

no shut



on the uplink add

switchport trunk native vlan 11



paarlberg Fri, 03/16/2007 - 04:03

Thanks, I will try that. I created a few management VLANs and wanted to use Private IP addresses and only allow connections to the routers, switches and power strips via the internal network only.

paarlberg Fri, 03/16/2007 - 04:57

That didn't work..


Here is what I am trying to do.. maybe this will make it easier..


I will have the following VLANs


VLAN <99 internal and management VLANs

VLAN 100 windows shared hosting VLAN

VLAN 300 linux shared hosting VLAN

VLAN 500-699 windows dedicated hosting VLAN 1 vlan per client

VLAN 700-899 linux dedicated hosting VLAN 1 vlan per client


Each VLAN will most likely have more than 1 port on the switch assigned to it. Currently it looks like this..

Fa0/1 no vlan at the moment (mail firewall)

Fa0/2 - Fa0/7 VLAN 300

Fa0/9 - Fa0/14 VLAN 100


Int Gi0/1 is the uplink to router 1 on Fa1/0, Gi0/2 will go to router 2 at a later time for redundancy.


Temporarily, on the switch Fa0/21 has a feed to our upstream provider in the colo, and Fa0/22 goes to Router 1 on Fa0/0. This will be removed once the switch is up with VLANs configured.

paarlberg Fri, 03/16/2007 - 05:14

I think I just figured out why it wasn't working..


I moved the IP on the router to Fa0/0 as a secondary IP. I removed the VLAN from the switch port and now I can get thru. It appears that the cable from Fa1/0 isn't correct, it shows a link but no traffic crosses it. It was a shot in the dark test, but removes the cable from the equation. Time to go to the DC with some new cables.

Actions

This Discussion