new to vlans

Answered Question

I just set up a new vlan (first time at this). I am connecting a HP 28210 to a 4006.

New vlan id is basement 56.

I assigned 10.1.56.1/24 to 56 on the 4006

I set up trunking on both ports connecting the 2850 to the 4006.

On the 2810, I set port23 to vlan56.


vlan 1 is 192.168.x.x/16 range

vlan 56 is 10.1.56./24 range


If I change my pc's IP gateway to 10.1.56.1, I can ping vlan 1 IP's.

However, if I change my pc's IP address from 192.168.100.1/16 to 10.1.56.100/24, I can't ping anything.


On the 4006, if I do show int vlan56, is shows UP and int address of 10.1.56.1/24.

If I do show ip route, it gives me:


10.0.0.0/14 is subnetted, 1 subnets

C 10.1.56.0 is directly connected, vlan56

C 192.168.0.0/16 is directly connected, vlan 1


I have a feeling I'm missing some simple step. So what did I miss?

Correct Answer by Jon Marshall about 8 years 1 month ago

Paul


Can you confirm


1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6


2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1


3) that the device in vlan 1 does not have a firewall on it.


Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?


Jon

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Fri, 05/15/2009 - 13:25
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Paul,

if the port is in vlan56 you should reach hosts in vlan 56 regardless of default gateway settings.

if this doesn't happen probably there is a native vlan mismatch so the two switches think that untagged frames belong to vlan1 or to vlan56 in the two different sides.


for this reason when port 23 is in vlan56 you can reach hosts in vlan1 (in the cisco side I suppose).


Notice that cisco switches use vlan1 as native vlan by default.


Hope to help

Giuseppe


First off, let me apologize. I noticed in my original post I referred to the HP with 3 different numbers. For the record, it is an HP 2810/24.

HP shows native vlan as 1 also.

As I'm just experimenting at this time, my pc would be the only device in vlan56. That is why I'm trying to ping the 192.168.100.x range with my pc's IP set to 10.1.56.10.

SVI on the 4006 is 10.1.56.1 for vlan56.

I was off on medical leave these last few weeks so I wasn't able to post anything about this.

I think my problem, at first, was that I created an L2 vlan and not L3. (The HP was only L2.)

I have re-done my test and this is what I found:


Switches: 4006, 2950

VTP: 4006 server; 2950 client

Vlans: 1, 60 (vlan 60 created on 4006).



Vlan 1: 192.168.x.x/16

Vlan 60: 10.1.60.x/24 (vlan 60 int 10.1.60.1)



Took 2 pc's plugged into 2950, ports 8 and 9.

Ports 8 and 9 are in vlan 60.


Connecting ports between 2950 & 4006 are set to trunk, vlan ALL.



PC #1: 10.1.60.10

PC #2: 10.1.60.11


From pc #1, I can ping both gateway 10.1.60.1 and PC#2.


However, I cannot ping anything outside of the 10.1.60.x range.

Jon Marshall Thu, 06/11/2009 - 11:26
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paul


Where is the L3 vlan interface for vlan 1 ?


The device you are trying to ping, what is it's IP address, is it on vlan 1 ?


Jon

Correct Answer
Jon Marshall Thu, 06/11/2009 - 11:36
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paul


Can you confirm


1) that the device you are pinging on vlan 1 has it's default-gateway set to 192.168.103.6


2) that the 2 PC's in vlan 60 have their default-gateway set to 10.1.60.1


3) that the device in vlan 1 does not have a firewall on it.


Can you ping vlan 1 interface on the 4006 from a pc in vlan 60 ?


Jon

Hi Jon,

Thanks for the quick reply. I think you may have caught my mistake. The minute I read your question about vlan 1 gateway, I realized what the issue may be.

Since we have a flat network, every machine's gateway is set to our firewall for internet access.

When I read your response, it hit me that a responding machine would have no way of knowing how to contact a machine on vlan 60 (if I'm understanding this correctly).

I will test this out and post a message on Tuesday. (Off Monday)

Jon Marshall Fri, 06/12/2009 - 11:13
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Paul


That would explain it. You could either


1) add a route to firewall pointing to the 4006 vlan 1 interface for vlan 60 clients. This may or may not work depending on your firewall


2) Have the default-gateway for vlan 1 clients changed to the 4006, if you need to you could swap the vlan 1 addresses between the 4006 and the firewall so you didn't need to update clients/servers altho you would need to clear out arp tables.


You would then add a default route on the 4006 for all external traffic ie.


ip route 0.0.0.0 0.0.0.0


Jon

Actions

This Discussion