cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2624
Views
5
Helpful
4
Replies

Across VLAN Windows browsing

ewong0088
Level 1
Level 1

Any help/input/idea is appreciated.

Environment:

(1)Core switches: 3750s running L3 routing

(2) Dis. switches: 2960s

Problem:

Had created a VLAN10 (let's assume I only have two, the default VLAN 1 plus the one in question). Eveything works fine as expected. No routing issues/networking issues. All machines function normally. But the machines on the newly created VLAN10 cannot be seen from any machines(VLAN1) in Network Places (windows). However, machines in the new VLAN10 can see everything. On VLAN1, I can see all machines (again except VLAN10), even those across the WAN, in network places. Everything works find, no problem except windows browsing (having said that, the only problem is that the machines not showing up in Network Places. One still can get to it[them] by \\machines, for example). I am wondering if I can make the browsing work. We are Windows 2003 server base environement, no legacy issue. No WINS (and is not going to use WINS no matter what), only DNS, DHCP, etc.

Question: Can I actually browse across VLAN? If not, then why am I able to see those machines across the WAN? Machines in VLAN10 is getting their IPs from the DHCP server, just like the rest of the machines on the network. Here's the short version of the config (catalyst 2960):

!

version 12.2

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 159

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/48

switchport access vlan 159

switchport mode access

spanning-tree portfast trunk

!

interface GigabitEthernet0/1

switchport mode trunk

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

!

interface GigabitEthernet0/2

switchport mode trunk

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

!

interface Vlan1

no ip address

no ip route-cache

!

interface Vlan159

ip address x.x.x.x 255.255.255.0

ip helper-address x.x.x.x

no ip route-cache

!

ip default-gateway x.x.x.x (the default G/W is the VLAN interface on the L3 upstream 3750 switch)

ip http server

!

control-plane

!

end

4 Replies 4

bwilmoth
Level 5
Level 5

it seems to be a layer 2 issue.. Which VLANs are you able to ping and which VLANS are you not able to ping?

Kevin Dorrell
Level 10
Level 10

Normally you would point an ip helper-address at the WINS server. But you say you don't have a WINS server. So what is the ip helper-address pointing to?

I don't see your VLAN 10 in your config. Can the machines in VLAN 159 browse OK?

The network browser service is heavily dependant on broadcast forwrding, and that is where ip helper-address comes in.

Kevin Dorrell

Luxembourg

Thank you for the input. I have solved this problem by, you guess right, the normal Microsoft procedure, i.e. all else fail, reboot!

Seriously, I looked at the switches' config files multiple times and did not find any problem whatsoever. The ip-helper address point to one of the Domain Controller (runing DNS and DHCP), by default, netbios traffic ports are two of the eight can be forwarded. By rebooting the DC, everything showed up correctly.

Thanks.

In a MS Networking environment the Browse List is held on each IP Network/Subnet by a Browse Master & a Backup Browse Master. When you open Network Neighborhood you actually query the Browse Master for the list. The Browse Master (& Backup Browse Master) periodically update this list by querying their WINS Server. If you don't have a Browse Master on your subnet for whatever reason you can usually get to servers explicitly by connecting to them directly (\\Server\share\) as long as name resolution is working (DNS or WINS).

If you enable IP Helpers and leave the defaults intact it breaks this Browse Master behaviour as it forwards NetBIOS Name Server & NetBIOS Datagram Broadcasts to the 'Helper'. If you use the Network Browser functionality then you should ensure each subnet has two Stable MS machines (2000, XP or 2003) that can be the Browse Master and the Backup Browse Master. You can enforce this behaviour through a registry tweak (Master, Backup or None). You should also disable the additional UDP broadcasts that are forwarded by default when you enable IP Helpers:

no ip forward-protocol udp tftp

no ip forward-protocol udp nameserver

no ip forward-protocol udp domain

no ip forward-protocol udp time

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-dgm

no ip forward-protocol udp tacacs

The browse list is not essential to MS Networking and can be disabled in a lot of cases by disabling NetBIOS over TCP/IP. AD can be used to store Shared Folder information instead. Some applications still need NetBT so check your applications compatibility first.

I have sucessfully removed NetBT from my network and don't have any issues (obviously except there are no computers in Network Neighborhood/My Network Places).

In your config you also list the command 'ip default-gateway x.x.x.x'. This is only relevent if the switch has IP routing disabled, if IP routing is enabled you must use the command 'ip route 0.0.0.0 0.0.0.0 x.x.x.x' to specify a gateway of last resort. Or alternatively use a routing protocol.

HTH

Andy

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: