cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1928
Views
0
Helpful
19
Replies

Switch on Wrong VLAN?

townofnewmarket
Level 1
Level 1

I have about 6 3560s in my network. At one site, they are in VLAN11, and on one switch, I have a 2950 plugged into one of the ports. Anyone hanging on the 2950 is getting IPs from VLAN12...why?

The configuration of the 3560 port with the 2950 off it is like this:

interface FastEthernet0/14

description Connection Cisco 2950

switchport access vlan 11

Any idea what's wrong here? (Obviously I have a fiber trunking port connecting to VLAN12, so that's how the 2950 is getting those 12 addys).

19 Replies 19

Jon Marshall
Hall of Fame
Hall of Fame

Doug

"(Obviously I have a fiber trunking port connecting to VLAN12, so that's how the 2950 is getting those 12 addys)."

Youv'e lost me there :-). Is the 2950 only connected to the 3560 on the access port or is there another connection ?

Jon

Sorry! The 3560 has a GBIC that links with fiber to another building, and in that building is VLAN12. The 2950 only connects to the 3560 via a Cat5 cable on the access port.

Can you post output of "sh vlan" from both switches ?

The IP of the 2950 is 192.168.1.14, which I can't get to because I block 1's from this VLAN.

But here is show Vlan from the 3560:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Gi0/2

5 Voice active

6 Voiceservers active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23

9 Mgmt active

10 Accounting active

11 Main active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/10, Fa0/11, Fa0/12, Fa0/13

Fa0/14, Fa0/15, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23

12 Data active Fa0/9

1002 fddi-default act/unsup

It's difficult to say what is the issue without being able to get the outputs of all switches.

If the 2950 is definitely connected into fa0/14 then there is no reason why clients hanging off the 2950 should be getting addresses in vlan 12.

Could you post a "sh cdp neigh" from the 3560 ?

Jon

What about the DHCP ranges, have they been setup as a superscope?

No, the DHCPs are fed out by Win 2K3 servers. So I'm stumped! And the 2950 has a whole diff way of doing VLANs from the 3560s...(uses the VLAN database).

If anyone wants to really help me out, help me give the 2950 an IP addy in the 11 range. Do I configure

int Vlan11 (which I added to the VLAN db)

inf fa0/1.1

Would make it much easier to config and post the VLAN info instead of using the console!

Thanks.

If you want to manage the switch then yes you need to use a vlan interface.

So

int vlan 11

ip address x.x.x.x

ip default-gateway x.x.x.x where x.x.x.x is the L3 vlan interface that routes vlan 11 - this can either be an SVI on a L3 switch or an interface/subinterface on a router.

Jon

Wow, I've done that! It doesn't even answer pings. I think I better start all over again....

Just curious though. The port on the 3560 that connects to the 2950 is configured like this:

interface FastEthernet0/14

description Connection Cisco 2950

switchport access vlan 11

And the port on the 2950 that connects to the 3560 is configured like this:

interface FastEthernet0/17

switchport access vlan 11

That's about all I need, right?

Yes that should be all you need.

Where is the L3 interface for vlan 11 ?

If it is not on the 3560 then what vlan interface have you got on the 3560 to manage that switch with ?

Jon

On my main 3560 (a 3560G)

I have this:

spanning-tree mode pvst

spanning-tree extend system-id

spanning-tree vlan 1-999 priority 0

!

!

vlan internal allocation policy ascending

interface Vlan11

description Main6 VLAN

ip address 192.168.11.254 255.255.255.0

This 3560G is in a diff building, linked together by fiber. Both Fiber ports (on the local 3560 and the main 3560G in the diff bldg) are trunking ports.

Does that help?

So this switch is responsible for routing vlan 11 traffic ?

Can you -

1) post config of the 3560 that the 2950 is connected to

2) Post output of "sh interface trunk" off both 3560 switches

Jon

Jon,

I think you may have solved my issue just by asking these questions! I *guess* that I need to enable trunking on the 3560 port that the 2950 is connected to (and maybe enable trunking on the 2950 port as well??)

I am hesitant to enter the VLAN DB on the 2950 and add a VLAN11...I already have a VLAN 11 from all my 3560s. But that might be my confusion, perhaps I'm not adding a new VLAN, but the 2950's ABILITY to see a VLAN. Correct me if I'm wrong.

SHO INT TRUNK (MAIN 3560)

Port Mode Encapsulation Status Native vlan

Gi0/24 on 802.1q trunking 1

Gi0/25 on 802.1q trunking 1

Gi0/26 on 802.1q trunking 1

Gi0/27 on 802.1q trunking 1

Gi0/28 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/24 1-4094

Gi0/25 1-4094

Gi0/26 1-4094

Gi0/27 1-4094

Gi0/28 1-4094

Port Vlans allowed and active in management domain

Gi0/24 1,5-6,9-12

Gi0/25 1,5-6,9-12

Gi0/26 1,5-6,9-12

Gi0/27 1,5-6,9-12

Gi0/28 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Gi0/24 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Gi0/25 1,5-6,9-12

Gi0/26 1,5-6,9-12

Gi0/27 1,5-6,9-12

Gi0/28 1,5-6,9-12

SHO INT TRUNK (3560 w/2950 attached)

Port Mode Encapsulation Status Native vlan

Fa0/24 on 802.1q trunking 1

Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/24 1-4094

Gi0/1 1-4094

Port Vlans allowed and active in management domain

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/24 1,5-6,9-12

Gi0/1 1,5-6,9-12

W/that being said however, I still am not understanding how you could have an access port in Vlan 11 and getting IPs from Vlan 12, wouldnt Vlan 12 not be allowed on that port (that is access for Vlan 11)?

side note:

When you said

"int vlan 11

ip address x.x.x.x "

If Vlan11 is not in the vlan db (or passed from a vtp server) on the 2950, then it wouldnt be pingable, and would show as Vlan 11 as down/down.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: