cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
694
Views
0
Helpful
9
Replies

new to vlans

paulc
Level 1
Level 1

I just set up a new vlan (first time at this). I am connecting a HP 28210 to a 4006.

New vlan id is basement 56.

I assigned 10.1.56.1/24 to 56 on the 4006

I set up trunking on both ports connecting the 2850 to the 4006.

On the 2810, I set port23 to vlan56.

vlan 1 is 192.168.x.x/16 range

vlan 56 is 10.1.56./24 range

If I change my pc's IP gateway to 10.1.56.1, I can ping vlan 1 IP's.

However, if I change my pc's IP address from 192.168.100.1/16 to 10.1.56.100/24, I can't ping anything.

On the 4006, if I do show int vlan56, is shows UP and int address of 10.1.56.1/24.

If I do show ip route, it gives me:

10.0.0.0/14 is subnetted, 1 subnets

C 10.1.56.0 is directly connected, vlan56

C 192.168.0.0/16 is directly connected, vlan 1

I have a feeling I'm missing some simple step. So what did I miss?

1 Accepted Solution

Accepted Solutions

Paul

Can you confirm

1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6

2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1

3) that the device in vlan 1 does not have a firewall on it.

Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?

Jon

View solution in original post

9 Replies 9

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Paul,

if the port is in vlan56 you should reach hosts in vlan 56 regardless of default gateway settings.

if this doesn't happen probably there is a native vlan mismatch so the two switches think that untagged frames belong to vlan1 or to vlan56 in the two different sides.

for this reason when port 23 is in vlan56 you can reach hosts in vlan1 (in the cisco side I suppose).

Notice that cisco switches use vlan1 as native vlan by default.

Hope to help

Giuseppe

First off, let me apologize. I noticed in my original post I referred to the HP with 3 different numbers. For the record, it is an HP 2810/24.

HP shows native vlan as 1 also.

As I'm just experimenting at this time, my pc would be the only device in vlan56. That is why I'm trying to ping the 192.168.100.x range with my pc's IP set to 10.1.56.10.

SVI on the 4006 is 10.1.56.1 for vlan56.

I was off on medical leave these last few weeks so I wasn't able to post anything about this.

I think my problem, at first, was that I created an L2 vlan and not L3. (The HP was only L2.)

I have re-done my test and this is what I found:

Switches: 4006, 2950

VTP: 4006 server; 2950 client

Vlans: 1, 60 (vlan 60 created on 4006).

Vlan 1: 192.168.x.x/16

Vlan 60: 10.1.60.x/24 (vlan 60 int 10.1.60.1)

Took 2 pc's plugged into 2950, ports 8 and 9.

Ports 8 and 9 are in vlan 60.

Connecting ports between 2950 & 4006 are set to trunk, vlan ALL.

PC #1: 10.1.60.10

PC #2: 10.1.60.11

From pc #1, I can ping both gateway 10.1.60.1 and PC#2.

However, I cannot ping anything outside of the 10.1.60.x range.

Paul

Where is the L3 vlan interface for vlan 1 ?

The device you are trying to ping, what is it's IP address, is it on vlan 1 ?

Jon

Vlan 1 int is 192.168.103.6 on the 4006.

Vlan 60 int is 10.1.60.1 on the 4006.

I tried pinging 10.1.60.11 from 10.1.60.12 (both are

on the 2950) successfully. I could also

ping the Vlan 60 gateway of 10.1.60.1.

However, I cannot ping anything on vlan1.

Paul

Can you confirm

1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6

2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1

3) that the device in vlan 1 does not have a firewall on it.

Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?

Jon

Hi Jon,

Thanks for the quick reply. I think you may have caught my mistake. The minute I read your question about vlan 1 gateway, I realized what the issue may be.

Since we have a flat network, every machine's gateway is set to our firewall for internet access.

When I read your response, it hit me that a responding machine would have no way of knowing how to contact a machine on vlan 60 (if I'm understanding this correctly).

I will test this out and post a message on Tuesday. (Off Monday)

Paul

That would explain it. You could either

1) add a route to firewall pointing to the 4006 vlan 1 interface for vlan 60 clients. This may or may not work depending on your firewall

2) Have the default-gateway for vlan 1 clients changed to the 4006, if you need to you could swap the vlan 1 addresses between the 4006 and the firewall so you didn't need to update clients/servers altho you would need to clear out arp tables.

You would then add a default route on the 4006 for all external traffic ie.

ip route 0.0.0.0 0.0.0.0

Jon

Thanks, Jon. I gave you a '5' on your previous post. Changing g/way on vlan 1 device did the trick.

Now to work on the routes to get to the internet.

Once again, thanks a lot.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco