Switch on Wrong VLAN?

Unanswered Question
Aug 19th, 2009

I have about 6 3560s in my network. At one site, they are in VLAN11, and on one switch, I have a 2950 plugged into one of the ports. Anyone hanging on the 2950 is getting IPs from VLAN12...why?

The configuration of the 3560 port with the 2950 off it is like this:

interface FastEthernet0/14

description Connection Cisco 2950

switchport access vlan 11

Any idea what's wrong here? (Obviously I have a fiber trunking port connecting to VLAN12, so that's how the 2950 is getting those 12 addys).

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jon Marshall Wed, 08/19/2009 - 10:51

Doug

"(Obviously I have a fiber trunking port connecting to VLAN12, so that's how the 2950 is getting those 12 addys)."

Youv'e lost me there :-). Is the 2950 only connected to the 3560 on the access port or is there another connection ?

Jon

townofnewmarket Wed, 08/19/2009 - 10:54

Sorry! The 3560 has a GBIC that links with fiber to another building, and in that building is VLAN12. The 2950 only connects to the 3560 via a Cat5 cable on the access port.

townofnewmarket Wed, 08/19/2009 - 11:39

The IP of the 2950 is 192.168.1.14, which I can't get to because I block 1's from this VLAN.

But here is show Vlan from the 3560:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/2

5 Voice active

6 Voiceservers active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23

9 Mgmt active

10 Accounting active

11 Main active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23

12 Data active Fa0/9

1002 fddi-default act/unsup

Jon Marshall Wed, 08/19/2009 - 12:09

It's difficult to say what is the issue without being able to get the outputs of all switches.

If the 2950 is definitely connected into fa0/14 then there is no reason why clients hanging off the 2950 should be getting addresses in vlan 12.

Could you post a "sh cdp neigh" from the 3560 ?

Jon

ktwaddell Thu, 08/20/2009 - 06:35

What about the DHCP ranges, have they been setup as a superscope?

townofnewmarket Thu, 08/20/2009 - 09:43

No, the DHCPs are fed out by Win 2K3 servers. So I'm stumped! And the 2950 has a whole diff way of doing VLANs from the 3560s...(uses the VLAN database).

If anyone wants to really help me out, help me give the 2950 an IP addy in the 11 range. Do I configure

int Vlan11 (which I added to the VLAN db)

inf fa0/1.1

Would make it much easier to config and post the VLAN info instead of using the console!

Thanks.

Jon Marshall Thu, 08/20/2009 - 09:51

If you want to manage the switch then yes you need to use a vlan interface.

So

int vlan 11

ip address x.x.x.x

ip default-gateway x.x.x.x where x.x.x.x is the L3 vlan interface that routes vlan 11 - this can either be an SVI on a L3 switch or an interface/subinterface on a router.

Jon

townofnewmarket Thu, 08/20/2009 - 10:05

Wow, I've done that! It doesn't even answer pings. I think I better start all over again....

Just curious though. The port on the 3560 that connects to the 2950 is configured like this:

interface FastEthernet0/14

description Connection Cisco 2950

switchport access vlan 11

And the port on the 2950 that connects to the 3560 is configured like this:

interface FastEthernet0/17

switchport access vlan 11

That's about all I need, right?

Jon Marshall Thu, 08/20/2009 - 10:10

Yes that should be all you need.

Where is the L3 interface for vlan 11 ?

If it is not on the 3560 then what vlan interface have you got on the 3560 to manage that switch with ?

Jon

townofnewmarket Thu, 08/20/2009 - 10:16

On my main 3560 (a 3560G)

I have this:

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-999 priority 0

!

!

vlan internal allocation policy ascending

interface Vlan11

description Main6 VLAN

ip address 192.168.11.254 255.255.255.0

This 3560G is in a diff building, linked together by fiber. Both Fiber ports (on the local 3560 and the main 3560G in the diff bldg) are trunking ports.

Does that help?

Jon Marshall Thu, 08/20/2009 - 10:42

So this switch is responsible for routing vlan 11 traffic ?

Can you -

1) post config of the 3560 that the 2950 is connected to

2) Post output of "sh interface trunk" off both 3560 switches

Jon

townofnewmarket Sat, 08/22/2009 - 07:13

Jon,

I think you may have solved my issue just by asking these questions! I *guess* that I need to enable trunking on the 3560 port that the 2950 is connected to (and maybe enable trunking on the 2950 port as well??)

I am hesitant to enter the VLAN DB on the 2950 and add a VLAN11...I already have a VLAN 11 from all my 3560s. But that might be my confusion, perhaps I'm not adding a new VLAN, but the 2950's ABILITY to see a VLAN. Correct me if I'm wrong.

SHO INT TRUNK (MAIN 3560)

Port Mode Encapsulation Status Native vlan

Gi0/24 on 802.1q trunking 1

Gi0/25 on 802.1q trunking 1

Gi0/26 on 802.1q trunking 1

Gi0/27 on 802.1q trunking 1

Gi0/28 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/24 1-4094

Gi0/25 1-4094

Gi0/26 1-4094

Gi0/27 1-4094

Gi0/28 1-4094

Port Vlans allowed and active in management domain

Gi0/24 1,5-6,9-12

Gi0/25 1,5-6,9-12

Gi0/26 1,5-6,9-12

Gi0/27 1,5-6,9-12

Gi0/28 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Gi0/24 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Gi0/25 1,5-6,9-12

Gi0/26 1,5-6,9-12

Gi0/27 1,5-6,9-12

Gi0/28 1,5-6,9-12

SHO INT TRUNK (3560 w/2950 attached)

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Gi0/1 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

jimmysands73_2 Sat, 08/22/2009 - 08:58

W/that being said however, I still am not understanding how you could have an access port in Vlan 11 and getting IPs from Vlan 12, wouldnt Vlan 12 not be allowed on that port (that is access for Vlan 11)?

side note:

When you said

"int vlan 11

ip address x.x.x.x "

If Vlan11 is not in the vlan db (or passed from a vtp server) on the 2950, then it wouldnt be pingable, and would show as Vlan 11 as down/down.

Jon Marshall Sat, 08/22/2009 - 10:30

Doug

I'm not sure we are solving this.

If you only want vlan 11 to be present on the 2950 switch then the connection does not need to be a trunk to the 3560. It just needs to be what you have currently configured.

If you are using hyperterm to connect via the console you can actually capture the output into a text file so you can do a "sh run" and have this saved to a file.

Basically to get to the bottom of this we need to know -

1) Which switch is routing for vlan 11 - at the moment we seem to be saying it is the 3560 that is not connected to the 2950.

2) What are the DHCP scopes ie. subnet and subnet mask for vlan 11 & vlan 12

3) Can you post the output of

"sh cdp neighbor" from the 2950 and the 3560 that the 2950 is connected to.

4) the output of

"sh vlan" from the 2950

5) Ideally the configuration of all 3 switches but at a minimum the full config of the 3560 that is connected to the 2950 and the 2950.

I mentioned the bit about hyperterm as this should help you post the switch configs.

Jon

Mohitkumarp Tue, 08/25/2009 - 04:00

Can you Post the LAN Diagram with ip address mentioned here and also the sh run on the uplink port on all the switches + sh run of the interface from all the switches ( one specific port that is having problem)

townofnewmarket Thu, 09/03/2009 - 06:53

My apologies for being so late with this. I was on vacation for a couple of weeks. So to get back to this, I have attached a quick and dirty network diagram. To answer your questions:

1. The 3560G does all the VLAN routing. The 3560G is in a diff building, connected by fiber.

2. For the 11, the scope is 192.168.11.100-200, with subnet of 255.255.255. The 12 scope is the same, just 192.168.12.100-200.

3. From the 2950:

switch-2950>sho cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch-3560-2 Fas 0/17 128 S I WS-C3560-2Fas 0/14

From the 3560 (just for Fa0/14):

switch-2950 Fas 0/14 177 T S WS-C2950T-Fas 0/17

4. Sh vlan from 2950:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/1, Gi0/2

5 Voice active

6 Voiceservers active

9 Mgmt active

10 Accounting active

11 Main active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

Fa0/9, Fa0/10, Fa0/11, Fa0/12,

Fa0/13, Fa0/14, Fa0/15, Fa0/16,

Fa0/18, Fa0/19, Fa0/20, Fa0/21,

Fa0/22, Fa0/23, Fa0/24

12 Data active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

5 enet 100005 1500 - - - - - 0 0

6 enet 100006 1500 - - - - - 0 0

9 enet 100009 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

11 enet 100011 1500 - - - - - 0 0

12 enet 100012 1500 - - - - - 0 0

1002 fddi 101002 1500 - 0 - - - 0 0

1003 tr 101003 1500 - 0 - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

The PC plugged into the 2950, Win XP, type "ipconfig /all" and one of the settings says

DHCP Server 192.168.12.49

I originally set this PC up in my office where the 12 network is. Is this something I need to wipe out in the registry??

Let me know if you need anything else to help me out here! I appreciate it!

townofnewmarket Thu, 09/03/2009 - 06:50

My apologies for being so late with this. I was on vacation for a couple of weeks. So to get back to this, I have attached a quick and dirty network diagram. To answer your questions:

1. The 3560G does all the VLAN routing. The 3560G is in a diff building, connected by fiber.

2. For the 11, the scope is 192.168.11.100-200, with subnet of 255.255.255. The 12 scope is the same, just 192.168.12.100-200.

3. From the 2950:

switch-2950>sho cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch-3560-2 Fas 0/17 128 S I WS-C3560-2Fas 0/14

From the 3560 (just for Fa0/14):

switch-2950 Fas 0/14 177 T S WS-C2950T-Fas 0/17

4. Sh vlan from 2950:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/1, Gi0/2

5 Voice active

6 Voiceservers active

9 Mgmt active

10 Accounting active

11 Main active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

Fa0/9, Fa0/10, Fa0/11, Fa0/12,

Fa0/13, Fa0/14, Fa0/15, Fa0/16,

Fa0/18, Fa0/19, Fa0/20, Fa0/21,

Fa0/22, Fa0/23, Fa0/24

12 Data active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

5 enet 100005 1500 - - - - - 0 0

6 enet 100006 1500 - - - - - 0 0

9 enet 100009 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

11 enet 100011 1500 - - - - - 0 0

12 enet 100012 1500 - - - - - 0 0

1002 fddi 101002 1500 - 0 - - - 0 0

1003 tr 101003 1500 - 0 - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

The PC plugged into the 2950, Win XP, type "ipconfig /all" and one of the settings says

DHCP Server 192.168.12.49

I originally set this PC up in my office where the 12 network is. Is this something I need to wipe out in the registry??

Let me know if you need anything else to help me out here! I appreciate it!

Attachment: 
townofnewmarket Thu, 09/03/2009 - 06:52

My apologies for being so late with this. I was on vacation for a couple of weeks. So to get back to this, I have attached a quick and dirty network diagram. To answer your questions:

1. The 3560G does all the VLAN routing. The 3560G is in a diff building, connected by fiber.

2. For the 11, the scope is 192.168.11.100-200, with subnet of 255.255.255. The 12 scope is the same, just 192.168.12.100-200.

3. From the 2950:

switch-2950>sho cdp neigh

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch-3560-2 Fas 0/17 128 S I WS-C3560-2Fas 0/14

From the 3560 (just for Fa0/14):

switch-2950 Fas 0/14 177 T S WS-C2950T-Fas 0/17

4. Sh vlan from 2950:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/1, Gi0/2

5 Voice active

6 Voiceservers active

9 Mgmt active

10 Accounting active

11 Main active Fa0/1, Fa0/2, Fa0/3, Fa0/4,

Fa0/5, Fa0/6, Fa0/7, Fa0/8,

Fa0/9, Fa0/10, Fa0/11, Fa0/12,

Fa0/13, Fa0/14, Fa0/15, Fa0/16,

Fa0/18, Fa0/19, Fa0/20, Fa0/21,

Fa0/22, Fa0/23, Fa0/24

12 Data active

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

5 enet 100005 1500 - - - - - 0 0

6 enet 100006 1500 - - - - - 0 0

9 enet 100009 1500 - - - - - 0 0

10 enet 100010 1500 - - - - - 0 0

11 enet 100011 1500 - - - - - 0 0

12 enet 100012 1500 - - - - - 0 0

1002 fddi 101002 1500 - 0 - - - 0 0

1003 tr 101003 1500 - 0 - - srb 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

The PC plugged into the 2950, Win XP, type "ipconfig /all" and one of the settings says

DHCP Server 192.168.12.49

I originally set this PC up in my office where the 12 network is. Is this something I need to wipe out in the registry??

Let me know if you need anything else to help me out here! I appreciate it!

Attachment: 

Actions

This Discussion