3560 communication problems

Answered Question
Feb 11th, 2008
User Badges:

I have a brand new 3560, that I have configured to replace an existing 2651 router. I am using ports 23 and 24 to do this. Port 23 is setup to connect to my firewall, which is a server box, with Checkpoint installed. Port 24 is setup to connect to a port on an HP 4108gl chassis. When I plug the cables in for the new switch, there is no communication. I cannot ping the 3560 from the firewall, and the HP never picks up the MAC address of the 3560, and no ping from either side of the connection. I have the configs of the original 2651, and the 3560, if anyone wants to look at them. I am really banging my head on this, so any help would be greatly appreciated.


My e-mail is jheaton AT etp.ca.gov if anyone would like to see the config files.

Correct Answer by Jon Marshall about 9 years 3 months ago

Hi Joe


Apologies, missed your reply. Have you checked the speed/duplex. If in doubt hardcode both ends and see if that helps.


Also can you post routing table from your router and the 3560 (if you can get them from both devices)


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
srue Mon, 02/11/2008 - 10:05
User Badges:
  • Blue, 1500 points or more

can you post the interface configs for ports 23/24. Can you be more detailed about what you're trying to ping? Is it a VLAN interface? which one? are the servers/firewall on the same VLAN as the interface you're trying to ping?

joeheaton Mon, 02/11/2008 - 10:17
User Badges:

Yes, there are 4 VLANs that will be coming through this port. The port connecting to the firewall is not on a specific "VLAN". Anyway, below are the configs for the 2 ports, and an example of a VLAN config.


interface GigabitEthernet0/23

description **Connection to C4000-Public**

no switchport

ip address 192.168.1.2 255.255.255.0

!

interface GigabitEthernet0/24

description **Connection to HP-4108**

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 10,20,30,40

switchport mode trunk

!

interface Vlan10

description **VLAN-10-UPPER**

ip address 158.96.139.66 255.255.255.192

ip helper-address 158.96.139.79


The other VLANS are going to different public subnets, with the same helper address. I put in the allowed statement this weekend, although I was told it really wasn't needed.

joeheaton Mon, 02/11/2008 - 12:42
User Badges:

Anyone have any ideas on this? I really think it's something to do with the 3560, as everything starts working again when I put it back to the router. As far as the pinging question:


1) I log into my firewall, and am not able to ping port 23 of the 3560, which is manually configured with an IP address.


2) I telnet into the HP switch, and try to ping the IP of VLAN10, which I was thinking would be assigned to port 24 of the 3560.


3) I console into the 3560, and cannot ping the HP switch, or the firewall.



Really banging my head on the wall as to what the problem with this is, so any help would be greatly appreciated.

Jon Marshall Mon, 02/11/2008 - 12:57
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joe


Can you check that you have ip routing enabled on the 3560. Quickest way to make sure it is on


3560(config)# ip routing


Also make sure you don't have a default-gateway configured on the 3560. You should have a default route but not a default-gateway.


HTH


Jon

joeheaton Mon, 02/11/2008 - 13:06
User Badges:

yes, IP routing is in the config.


Yes, I have a default route:

ip route 0.0.0.0 0.0.0.0 192.168.1.1


no, no default gateway.

Jon Marshall Mon, 02/11/2008 - 13:07
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Okay, thanks


Can you verify whether the links are actually showing up on the 3560 ?


Also can you post the config of the 3560 + the output of a "sh vlan".


Jon

joeheaton Mon, 02/11/2008 - 13:19
User Badges:

I'm attaching the config for the 3560, and the output of the sh vlan command. That was an interesting one, as it doesn't show any vlans besides the default one...



Jon Marshall Mon, 02/11/2008 - 13:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joe


You need to create your vlans at layer 2 ie.


3560(config)# vlan 10

3560(config-vlan)# name v10


At the moment you have L3 vlan interfaces but no layer 2 vlans.


Jon

joeheaton Mon, 02/11/2008 - 13:29
User Badges:

So for each vlan, I need to add those two lines?

Jon Marshall Mon, 02/11/2008 - 13:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Yes you do.

joeheaton Mon, 02/11/2008 - 13:32
User Badges:

Fantastic. I will award you with massive points as soon as I'm able to test this, if it works. Thank you so much for your help.

joeheaton Mon, 02/11/2008 - 13:49
User Badges:

Jon,


One more question. Do I need to assign Gi0/24 to each of the 4 layer 2 VLANs I just created? Or is that done automatically?

Jon Marshall Mon, 02/11/2008 - 13:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joe


Gi0/24 is configured as a trunk so once you create the vlans at layer 2 then your trunk should be fine as long as you have configured the other end as a trunk as well.


Jon

Jon Marshall Mon, 02/11/2008 - 13:51
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

One other thing. This does not explain why your L3 port cannot ping the firewall unless of course the firewall is blocking pings.


Jon

joeheaton Mon, 02/11/2008 - 13:54
User Badges:

That may actually be the case, as right now, from the router, which is working, the firewall is not replying to ping.

Jon Marshall Wed, 02/13/2008 - 14:22
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joe


Did you get this working ??


Jon

joeheaton Wed, 02/13/2008 - 14:31
User Badges:

Unfortunately, Tuesday was a state holiday, so my boss wouldn't let me come in and implement. I'm not going to be able to try until Friday now... That was the only problem you saw in the config though, right?

Jon Marshall Thu, 02/14/2008 - 14:41
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Joe


Can't see anything else wrong in config. As long as you are sure the port on the device on the other end of gi0/24 has also been configured as an 802.1q trunk.


Jon

joeheaton Thu, 02/14/2008 - 15:54
User Badges:

The other side is an HP 4108 switch chassis, and the port is TAGGED for all VLANs, which is the same thing as what Cisco calls trunk...

joeheaton Fri, 02/15/2008 - 17:59
User Badges:

No joy on this project yet. I'm attaching a traceroute and constant ping. First is with the switch, and the second is with the original router. We're getting through, but lots of packets are getting dropped. Internet was working with the switch in place, but extremely slow. We're really close, and to be honest, I'm not even sure the problem is with the 3560 at this point, but if you can think of anything else to try, please let me know.


I'm going home for a 3-day weekend, so I'll check back here on Tuesday. Thanks for all your help, and hopefully we can get this thing working...



Attachment: 
joeheaton Tue, 02/19/2008 - 07:31
User Badges:

Bump... anyone have any ideas? I'm thinking port speed mismatch maybe, but I'm not sure.

Correct Answer
Jon Marshall Tue, 02/19/2008 - 12:25
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Hi Joe


Apologies, missed your reply. Have you checked the speed/duplex. If in doubt hardcode both ends and see if that helps.


Also can you post routing table from your router and the 3560 (if you can get them from both devices)


Jon

joeheaton Tue, 02/19/2008 - 12:51
User Badges:

Attached is the routing table from the 2651. The table is blank at the moment for the 3560, since there's nothing connected, but I'm pretty sure it looked very similar to this one.


The port speed is what came to my mind first also, but I just wanted to see if there were any other "gotchas" to look out for.



joeheaton Thu, 02/21/2008 - 15:27
User Badges:

Jon,


Can you think of anything else that could be causing my situation besides port speed/duplex issues? I'm going in on Saturday to try one last time before my boss calls in outside help. I'd really like to be able to get this thing going on my "own" (with your help and a couple others that have helped...hehe)

abelardo.gonzalez Fri, 02/22/2008 - 07:15
User Badges:

does the interfaces are enable?


run this command, show interface status, see if the interfaces status, is must be connected, check for the duplex and speed status

does LEDs are on or blinking state?


see the speed and duplex configuration for the server and configure the same on switch port 23 and 24


if you are working with vlans run the show vlan command and check if all port are configured in the same vlan where you are working for




Actions

This Discussion