02-11-2008 09:51 AM - edited 03-05-2019 09:04 PM
I have a brand new 3560, that I have configured to replace an existing 2651 router. I am using ports 23 and 24 to do this. Port 23 is setup to connect to my firewall, which is a server box, with Checkpoint installed. Port 24 is setup to connect to a port on an HP 4108gl chassis. When I plug the cables in for the new switch, there is no communication. I cannot ping the 3560 from the firewall, and the HP never picks up the MAC address of the 3560, and no ping from either side of the connection. I have the configs of the original 2651, and the 3560, if anyone wants to look at them. I am really banging my head on this, so any help would be greatly appreciated.
My e-mail is jheaton AT etp.ca.gov if anyone would like to see the config files.
Solved! Go to Solution.
02-19-2008 12:25 PM
Hi Joe
Apologies, missed your reply. Have you checked the speed/duplex. If in doubt hardcode both ends and see if that helps.
Also can you post routing table from your router and the 3560 (if you can get them from both devices)
Jon
02-11-2008 10:05 AM
can you post the interface configs for ports 23/24. Can you be more detailed about what you're trying to ping? Is it a VLAN interface? which one? are the servers/firewall on the same VLAN as the interface you're trying to ping?
02-11-2008 10:17 AM
Yes, there are 4 VLANs that will be coming through this port. The port connecting to the firewall is not on a specific "VLAN". Anyway, below are the configs for the 2 ports, and an example of a VLAN config.
interface GigabitEthernet0/23
description **Connection to C4000-Public**
no switchport
ip address 192.168.1.2 255.255.255.0
!
interface GigabitEthernet0/24
description **Connection to HP-4108**
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,40
switchport mode trunk
!
interface Vlan10
description **VLAN-10-UPPER**
ip address 158.96.139.66 255.255.255.192
ip helper-address 158.96.139.79
The other VLANS are going to different public subnets, with the same helper address. I put in the allowed statement this weekend, although I was told it really wasn't needed.
02-11-2008 12:42 PM
Anyone have any ideas on this? I really think it's something to do with the 3560, as everything starts working again when I put it back to the router. As far as the pinging question:
1) I log into my firewall, and am not able to ping port 23 of the 3560, which is manually configured with an IP address.
2) I telnet into the HP switch, and try to ping the IP of VLAN10, which I was thinking would be assigned to port 24 of the 3560.
3) I console into the 3560, and cannot ping the HP switch, or the firewall.
Really banging my head on the wall as to what the problem with this is, so any help would be greatly appreciated.
02-11-2008 12:57 PM
Joe
Can you check that you have ip routing enabled on the 3560. Quickest way to make sure it is on
3560(config)# ip routing
Also make sure you don't have a default-gateway configured on the 3560. You should have a default route but not a default-gateway.
HTH
Jon
02-11-2008 01:06 PM
yes, IP routing is in the config.
Yes, I have a default route:
ip route 0.0.0.0 0.0.0.0 192.168.1.1
no, no default gateway.
02-11-2008 01:07 PM
Okay, thanks
Can you verify whether the links are actually showing up on the 3560 ?
Also can you post the config of the 3560 + the output of a "sh vlan".
Jon
02-11-2008 01:19 PM
02-11-2008 01:26 PM
Joe
You need to create your vlans at layer 2 ie.
3560(config)# vlan 10
3560(config-vlan)# name v10
At the moment you have L3 vlan interfaces but no layer 2 vlans.
Jon
02-11-2008 01:29 PM
So for each vlan, I need to add those two lines?
02-11-2008 01:31 PM
Yes you do.
02-11-2008 01:32 PM
Fantastic. I will award you with massive points as soon as I'm able to test this, if it works. Thank you so much for your help.
02-11-2008 01:49 PM
Jon,
One more question. Do I need to assign Gi0/24 to each of the 4 layer 2 VLANs I just created? Or is that done automatically?
02-11-2008 01:50 PM
Joe
Gi0/24 is configured as a trunk so once you create the vlans at layer 2 then your trunk should be fine as long as you have configured the other end as a trunk as well.
Jon
02-11-2008 01:51 PM
One other thing. This does not explain why your L3 port cannot ping the firewall unless of course the firewall is blocking pings.
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: