Hi Kenneth

Thanks for the input.

Wouldn't putting them into "mode trunk" make them layer 3 routed ports? I still want to maintain the layer 2 functionality of the ports but with layer 3 routing on the VLANs.

My understanding of the NM-ESW-16 is that by adding it to a router, you are effectively creating a layer 3 capable switch?

Maybe I'm in over my head, but I am just tinkering :)

Mike

Not quite. I believe that putting an IP address on the ports would make them layer 3 routed ports. And also I believe the the NM-16ESW just adds layer 2 switch functionality to the router as opposed to having to buy separate layer 2 switch such as a 2950.

Also, putting a port in trunk mode allows it to pass traffic for multiple vlans.

You may want to check your default gateway of your pcs. Your default gateway needs to be the interface vlan ip of each respective vlan.

Hi all

Thanks for all your replies.

@Kenneth

Thanks for the info. I tried what you said and I was then unable to ping within the same VLAN (I assume because the ports in that VLAN would not have any IP's bound to them?).

@Edison (& mattcalderon)

"Can you ping all interfaces from within the router ?"

No, I am unable to.

"Can a device connected on the following ports

(POD active Fa1/0, Fa1/1, Fa1/2, Fa1/3, Fa1/4, Fa1/5) able to ping 192.168.1.33?"

Yes. I am connected to VLAN 30 with an OpenBSD laptop configured with the following in its hostname.fxp0 config:

inet 192.168.1.100 255.255.255.224 192.168.1.127

What that means (if you are not familiar with OpenBSD) is that the first field denotes that the address family is inet (as opposed to inet6 for example), the second field is the assigned static IP, the third field is the broadcast IP. The gateway address is set in a file called /etc/mygate and that contains the address of VLAN 30's assigned IP, 192.168.1.97

I can't however ping outside of VLAN 30, say to VLAN 10.

"What the subnet mask on those devices?"

The subnet is /27 on a class C address, laid out as follows:

192.168.1.0 <1-30> 192.168.1.31 VLAN 1

192.168.1.32 <33-62> 192.168.1.63 VLAN 10

192.168.1.64 <65-94> 192.168.1.95 VLAN 20

192.168.1.96 <97-126> 192.168.1.127 VLAN 30

192.168.1.128 <129-158> 192.168.1.159

192.168.1.160 <161-190> 192.168.1.191

192.168.1.192 <193-222> 192.168.1.223

192.168.1.224 <225-254> 192.168.1.255

"What devices are you trying to ping to and from?"

Pinging from the OpenBSD box to the VLAN assigned IP's.

Mike

do a sh ip int brief and verify that your interface vlans are up up.

If they are not up, then this is the reason that you can not ping between vlans. If they are admin down just issue a no shut.

Hi Matt

Yeah, I already checked this, but for clarity:

R0#sh ip int brie

Interface IP-Address OK? Method Status Protocol

FastEthernet0/0 192.168.1.2 YES manual up up

Serial0/0 unassigned YES NVRAM administratively down down

BRI0/0 unassigned YES NVRAM administratively down down

BRI0/0:1 unassigned YES unset administratively down down

BRI0/0:2 unassigned YES unset administratively down down

Serial0/1 unassigned YES NVRAM administratively down down

FastEthernet1/0 unassigned YES unset up down

FastEthernet1/1 unassigned YES unset up down

FastEthernet1/2 unassigned YES unset up down

FastEthernet1/3 unassigned YES unset up down

FastEthernet1/4 unassigned YES unset up down

FastEthernet1/5 unassigned YES unset up down

FastEthernet1/6 unassigned YES unset up up

FastEthernet1/7 unassigned YES unset up down

FastEthernet1/8 unassigned YES unset up down

FastEthernet1/9 unassigned YES unset up down

FastEthernet1/10 unassigned YES unset up down

FastEthernet1/11 unassigned YES unset up up

FastEthernet1/12 unassigned YES unset up down

FastEthernet1/13 unassigned YES unset up down

FastEthernet1/14 unassigned YES unset up down

FastEthernet1/15 unassigned YES unset up down

Vlan1 unassigned YES manual up down

Vlan10 192.168.1.33 YES manual up down

Vlan20 192.168.1.65 YES manual up up

Vlan30 192.168.1.97 YES manual up up

R0#

The line protocol is down on VLAN 10 as I switched off a box as it was getting too warm in here :)

Mike

For clarity, here is my running config:

R0#sh run

Building configuration...

Current configuration : 1958 bytes

!

version 12.4

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname R0

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

no network-clock-participate slot 1

no network-clock-participate wic 0

ip cef

!

!

!

!

no ip domain lookup

!

!

!

!

username mlott privilege 15 secret xxx

!

!

!

!

!

interface FastEthernet0/0

ip address 192.168.1.2 255.255.255.224

duplex auto

speed auto

!

interface Serial0/0

no ip address

shutdown

!

interface BRI0/0

no ip address

encapsulation hdlc

shutdown

!

interface Serial0/1

no ip address

shutdown

!

interface FastEthernet1/0

switchport access vlan 10

!

interface FastEthernet1/1

switchport access vlan 10

!

interface FastEthernet1/2

switchport access vlan 10

!

interface FastEthernet1/3

switchport access vlan 10

!

interface FastEthernet1/4

switchport access vlan 10

!

interface FastEthernet1/5

switchport access vlan 10

!

interface FastEthernet1/6

switchport access vlan 20

!

interface FastEthernet1/7

switchport access vlan 20

!

interface FastEthernet1/8

switchport access vlan 20

!

interface FastEthernet1/9

switchport access vlan 20

!

interface FastEthernet1/10

switchport access vlan 20

!

interface FastEthernet1/11

switchport access vlan 30

!

interface FastEthernet1/12

switchport access vlan 30

!

interface FastEthernet1/13

switchport access vlan 30

!

interface FastEthernet1/14

switchport access vlan 30

!

interface FastEthernet1/15

switchport access vlan 30

!

interface Vlan1

no ip address

!

interface Vlan10

ip address 192.168.1.33 255.255.255.224

!

interface Vlan20

ip address 192.168.1.65 255.255.255.224

!

interface Vlan30

ip address 192.168.1.97 255.255.255.224

!

!

ip http server

no ip http secure-server

!

!

!

control-plane

!

!

!

!

line con 0

exec-timeout 30 0

logging synchronous

login local

line aux 0

line vty 0 4

exec-timeout 30 0

logging synchronous

login local

!

!

end

R0#

Mike

There looks to be absolutely not reason that you can't ping your interface vlans from the router itself.

Config itself looks fine. You are saying you can not ping any of the vlan interfaces from the router?

And you have created your vlan correct? You shouldn't be able to even add interfaces to vlans if they were not created.

Hi Matt

Well, it looks like I'm tired (it's getting late here). When I replied to you earlier, I tried with the interface I had just unplugged...

Both VLAN's 20 and 30 respond to ping requests.

My apologies.

Mike

For clearness here, you have added your vlans correct?

vlan 3

name test

above as an example from config mode

I had to add them using "vlan database" from priv EXEC mode as follows:

R0#vlan database

R0(vlan)#vlan 3 name test

VLAN 3 added:

Name: test

R0(vlan)#apply

APPLY completed.

R0(vlan)#exit

APPLY completed.

Exiting....

R0#

In global config mode, I only have the following option when issuing the "vlan" command:

R0(config)#vlan ?

accounting VLAN accounting configuration

R0(config)#vlan

Mike

Ok i guess they are using vlan database vs the vlan config mode. Not sure what to tell you. You have a very basic config and your switchports are in the right vlans and you are able to ping your SVIs so, I would maybe look at your boxes. From your servers can you ping your default gateways?