All VLAN not reachable

ronald.ramzy · ‎06-21-2009

Hi,

Can you review the config and help.

Layer2_switch cannot ping any other subnet except management_Vlan subnet

Core_switch is defined as VTP Server and other switches as client

I can see all vlan propogated on other switches but cannot ping other vlans.

I have 5 vlans created on Core_switch

Vlan 5 - Server_farm

Vlan 6 - User_farm

Vlan 7 - Accounting_users

Vlan 8 - Management_Vlan

vlan 9 - Visitors_vlan

Vlan 5

ip address 192.168.1.0 255.255.255.0

Vlan 6

ip address 192.168.2.0 255.255.255.0

Vlan 7

ip address 192.168.3.0 255.255.255.0

Vlan 8

ip address 192.168.100.0 255.255.255.0

Vlan 9

ip address 192.168.4.0 255.255.255.0

I have 3 layer2 Switches and all are connected on fiber port

interface g0/1

switchport trunk encap dot1q

switchport mode trunk

Router ospf 5

network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

network 192.168.3.0 0.0.0.255

network 192.168.4.0 0.0.0.255

network 192.168.100.0 0.0.0.255

on Layer2_Switch#1

interface vlan 8

ip address 192.168.100.1 255.255.255.0

Other requirements are allowing visitor_Vlan to access only one specific host. Visitor_Vlan should not be reached by other vlans and vice-versa

Jon Marshall · ‎06-21-2009

Ronald

There are a couple of confusing things -

1) On your Core switch all your vlan IP addresses are the actual subnet address eg.

Vlan 5

ip address 192.168.1.0 255.255.255.0

Vlan 6

ip address 192.168.2.0 255.255.255.0

you can't use the actual subnet address ie. the address should be from the range 1 -> 254

2) On your L2 switch do you have an ip default-gateway configured ie.

switch(config)# ip default-gateway x.x.x.x where x.x.x.x is the IP address assigned to the management vlan on your core switch.

As for restricting traffic between vistor vlan and other vlans just use acls on the L3 vlan interfaces on your core switch.

Jon