Vlans internetworking

Unanswered Question
Aug 12th, 2007

Hi all,

Could you please advise. we have set a new network using 4507 as cores,3750 as distribution,2960 as access switches. now the vlans doesn't see each other and you can't access remotely to any host on a different vlan! how can i assign the IT ports the privilege to see all VLANS and access them. i only can access servers remotely if i disabled the firewall.

P.S: the IT are connected to the access which is connected to the distribution which is connected to the cores. the distribution and access are clients and the cores are servers

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (2 ratings)
glen.grant Sun, 08/12/2007 - 05:17

It is hard to say without seeing your configs. Obviously something is misconfigured either at layer 2 or 3 or you have trunks or etherchannels misconfigured . we would need to see what the configs look like for core, dist, acess switches .

Edison Ortiz Sun, 08/12/2007 - 07:45

To understand your topology a bit better, please type the following commands on each switch:

show cdp ne

show vtp status

show vlan

show int trunk

b.petronio Mon, 08/13/2007 - 04:58

I think u miss the "ip routing" command in the core configuration, then it dont make the intervlan routing.

Try it and tell us how it as.

Best Regards,

Bruno Petr?nio

Edison Ortiz Mon, 08/13/2007 - 15:02

4507 comes with 'ip routing' enabled by default.

The only way to see ip routing in the config, is by typing 'no ip routing' as default commands don't show up in the running config.

b.petronio Tue, 08/14/2007 - 00:15

Many Thanks Edison.

I'm always learning in this forum :)

Best Regards,

Bruno Petr?nio

mmohanni1981 Tue, 08/14/2007 - 04:21

i'v tried to enable this by ACL's what i did is:

i added an ACL on the core

access-list 110 permit tcp any any

access-list 110 permit udp any any

and i assigned the IT ports on the access-group 110.

the problem is now everyone sees everyone ?? should i add an ACL before 110 and say DENY ANY ANY.

also after i'm seeing all the computers i can't access them remotly or offer remote assistance as i was before installing the new network gear.


This Discussion