05-15-2009 12:05 PM - edited 03-06-2019 05:45 AM
I just set up a new vlan (first time at this). I am connecting a HP 28210 to a 4006.
New vlan id is basement 56.
I assigned 10.1.56.1/24 to 56 on the 4006
I set up trunking on both ports connecting the 2850 to the 4006.
On the 2810, I set port23 to vlan56.
vlan 1 is 192.168.x.x/16 range
vlan 56 is 10.1.56./24 range
If I change my pc's IP gateway to 10.1.56.1, I can ping vlan 1 IP's.
However, if I change my pc's IP address from 192.168.100.1/16 to 10.1.56.100/24, I can't ping anything.
On the 4006, if I do show int vlan56, is shows UP and int address of 10.1.56.1/24.
If I do show ip route, it gives me:
10.0.0.0/14 is subnetted, 1 subnets
C 10.1.56.0 is directly connected, vlan56
C 192.168.0.0/16 is directly connected, vlan 1
I have a feeling I'm missing some simple step. So what did I miss?
Solved! Go to Solution.
06-11-2009 11:36 AM
Paul
Can you confirm
1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6
2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1
3) that the device in vlan 1 does not have a firewall on it.
Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?
Jon
05-15-2009 01:25 PM
Hello Paul,
if the port is in vlan56 you should reach hosts in vlan 56 regardless of default gateway settings.
if this doesn't happen probably there is a native vlan mismatch so the two switches think that untagged frames belong to vlan1 or to vlan56 in the two different sides.
for this reason when port 23 is in vlan56 you can reach hosts in vlan1 (in the cisco side I suppose).
Notice that cisco switches use vlan1 as native vlan by default.
Hope to help
Giuseppe
05-18-2009 09:10 AM
First off, let me apologize. I noticed in my original post I referred to the HP with 3 different numbers. For the record, it is an HP 2810/24.
HP shows native vlan as 1 also.
As I'm just experimenting at this time, my pc would be the only device in vlan56. That is why I'm trying to ping the 192.168.100.x range with my pc's IP set to 10.1.56.10.
SVI on the 4006 is 10.1.56.1 for vlan56.
06-11-2009 09:16 AM
I was off on medical leave these last few weeks so I wasn't able to post anything about this.
I think my problem, at first, was that I created an L2 vlan and not L3. (The HP was only L2.)
I have re-done my test and this is what I found:
Switches: 4006, 2950
VTP: 4006 server; 2950 client
Vlans: 1, 60 (vlan 60 created on 4006).
Vlan 1: 192.168.x.x/16
Vlan 60: 10.1.60.x/24 (vlan 60 int 10.1.60.1)
Took 2 pc's plugged into 2950, ports 8 and 9.
Ports 8 and 9 are in vlan 60.
Connecting ports between 2950 & 4006 are set to trunk, vlan ALL.
PC #1: 10.1.60.10
PC #2: 10.1.60.11
From pc #1, I can ping both gateway 10.1.60.1 and PC#2.
However, I cannot ping anything outside of the 10.1.60.x range.
06-11-2009 11:26 AM
Paul
Where is the L3 vlan interface for vlan 1 ?
The device you are trying to ping, what is it's IP address, is it on vlan 1 ?
Jon
06-11-2009 11:31 AM
Vlan 1 int is 192.168.103.6 on the 4006.
Vlan 60 int is 10.1.60.1 on the 4006.
I tried pinging 10.1.60.11 from 10.1.60.12 (both are
on the 2950) successfully. I could also
ping the Vlan 60 gateway of 10.1.60.1.
However, I cannot ping anything on vlan1.
06-11-2009 11:36 AM
Paul
Can you confirm
1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6
2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1
3) that the device in vlan 1 does not have a firewall on it.
Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?
Jon
06-12-2009 11:03 AM
Hi Jon,
Thanks for the quick reply. I think you may have caught my mistake. The minute I read your question about vlan 1 gateway, I realized what the issue may be.
Since we have a flat network, every machine's gateway is set to our firewall for internet access.
When I read your response, it hit me that a responding machine would have no way of knowing how to contact a machine on vlan 60 (if I'm understanding this correctly).
I will test this out and post a message on Tuesday. (Off Monday)
06-12-2009 11:13 AM
Paul
That would explain it. You could either
1) add a route to firewall pointing to the 4006 vlan 1 interface for vlan 60 clients. This may or may not work depending on your firewall
2) Have the default-gateway for vlan 1 clients changed to the 4006, if you need to you could swap the vlan 1 addresses between the 4006 and the firewall so you didn't need to update clients/servers altho you would need to clear out arp tables.
You would then add a default route on the 4006 for all external traffic ie.
ip route 0.0.0.0 0.0.0.0
Jon
06-25-2009 12:53 PM
Thanks, Jon. I gave you a '5' on your previous post. Changing g/way on vlan 1 device did the trick.
Now to work on the routes to get to the internet.
Once again, thanks a lot.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: