11-16-2007 02:14 AM - edited 03-05-2019 07:27 PM
Any help/input/idea is appreciated.
Environment:
(1)Core switches: 3750s running L3 routing
(2) Dis. switches: 2960s
Problem:
Had created a VLAN10 (let's assume I only have two, the default VLAN 1 plus the one in question). Eveything works fine as expected. No routing issues/networking issues. All machines function normally. But the machines on the newly created VLAN10 cannot be seen from any machines(VLAN1) in Network Places (windows). However, machines in the new VLAN10 can see everything. On VLAN1, I can see all machines (again except VLAN10), even those across the WAN, in network places. Everything works find, no problem except windows browsing (having said that, the only problem is that the machines not showing up in Network Places. One still can get to it[them] by \\machines, for example). I am wondering if I can make the browsing work. We are Windows 2003 server base environement, no legacy issue. No WINS (and is not going to use WINS no matter what), only DNS, DHCP, etc.
Question: Can I actually browse across VLAN? If not, then why am I able to see those machines across the WAN? Machines in VLAN10 is getting their IPs from the DHCP server, just like the rest of the machines on the network. Here's the short version of the config (catalyst 2960):
!
version 12.2
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport access vlan 159
switchport mode access
spanning-tree portfast trunk
interface FastEthernet0/48
switchport access vlan 159
switchport mode access
spanning-tree portfast trunk
!
interface GigabitEthernet0/1
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/2
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan159
ip address x.x.x.x 255.255.255.0
ip helper-address x.x.x.x
no ip route-cache
!
ip default-gateway x.x.x.x (the default G/W is the VLAN interface on the L3 upstream 3750 switch)
ip http server
!
control-plane
!
end
11-22-2007 07:48 AM
it seems to be a layer 2 issue.. Which VLANs are you able to ping and which VLANS are you not able to ping?
11-22-2007 07:56 AM
Normally you would point an ip helper-address at the WINS server. But you say you don't have a WINS server. So what is the ip helper-address pointing to?
I don't see your VLAN 10 in your config. Can the machines in VLAN 159 browse OK?
The network browser service is heavily dependant on broadcast forwrding, and that is where ip helper-address comes in.
Kevin Dorrell
Luxembourg
11-24-2007 05:39 AM
Thank you for the input. I have solved this problem by, you guess right, the normal Microsoft procedure, i.e. all else fail, reboot!
Seriously, I looked at the switches' config files multiple times and did not find any problem whatsoever. The ip-helper address point to one of the Domain Controller (runing DNS and DHCP), by default, netbios traffic ports are two of the eight can be forwarded. By rebooting the DC, everything showed up correctly.
Thanks.
11-27-2007 03:08 AM
In a MS Networking environment the Browse List is held on each IP Network/Subnet by a Browse Master & a Backup Browse Master. When you open Network Neighborhood you actually query the Browse Master for the list. The Browse Master (& Backup Browse Master) periodically update this list by querying their WINS Server. If you don't have a Browse Master on your subnet for whatever reason you can usually get to servers explicitly by connecting to them directly (\\Server\share\) as long as name resolution is working (DNS or WINS).
If you enable IP Helpers and leave the defaults intact it breaks this Browse Master behaviour as it forwards NetBIOS Name Server & NetBIOS Datagram Broadcasts to the 'Helper'. If you use the Network Browser functionality then you should ensure each subnet has two Stable MS machines (2000, XP or 2003) that can be the Browse Master and the Backup Browse Master. You can enforce this behaviour through a registry tweak (Master, Backup or None). You should also disable the additional UDP broadcasts that are forwarded by default when you enable IP Helpers:
no ip forward-protocol udp tftp
no ip forward-protocol udp nameserver
no ip forward-protocol udp domain
no ip forward-protocol udp time
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
no ip forward-protocol udp tacacs
The browse list is not essential to MS Networking and can be disabled in a lot of cases by disabling NetBIOS over TCP/IP. AD can be used to store Shared Folder information instead. Some applications still need NetBT so check your applications compatibility first.
I have sucessfully removed NetBT from my network and don't have any issues (obviously except there are no computers in Network Neighborhood/My Network Places).
In your config you also list the command 'ip default-gateway x.x.x.x'. This is only relevent if the switch has IP routing disabled, if IP routing is enabled you must use the command 'ip route 0.0.0.0 0.0.0.0 x.x.x.x' to specify a gateway of last resort. Or alternatively use a routing protocol.
HTH
Andy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: