VLAN doesn't work after replacing core switch and route

Unanswered Question

We hired a consultant to replace PIX (default gateway) with ASA and 3650 switch (core) with 3570. The VLAN 1/private network works fine. However, all VLANs such as vlan 100, 200, and 300 and 400 don't work. Then the consultant tried many hours to make another switches to work. He said he didn't make any changes on the working switch. So he suggested us to reboot all switches.  We have tried to reboot the other switches, but that doesn't fix the problem. The consultant is out of ideas.

For a test, I configure a port in working switch to use vlan 300, my laptop get a good IP from the DHCP server that is located in the VLAN 200. If I use the same port configuration in the problematic switch, my laptop doesn't receive IP from the DHCP server. From the problematic switch, I can ping the DHCP server. The show vlan displays all VLAN in the problematic switch. What could be the problem?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sheldonscott Wed, 12/30/2009 - 11:27

Try putting a static address on a computer on the problem switch for let's say vlan200 first instead of a pulling a DHCP address. Without looking at the configurations you may need the IP helper address to get the DHCP addresses for the host.

ericn8484_2 Wed, 12/30/2009 - 11:33

What does the configuration of the ASA firewall look like? Because you are using the ASA as your default gateway, the ASA is going to need a subinterface configured for every one of your VLAN's. Also, what model of ASA do you have and your license? That dictates how many VLAN's you are allowed.

example configuration:

http://www.networkfoo.org/cisco-articles/configuring-cisco-asa-8021q-vlan-trunk-extreme-summit-400-48t-network-switches

ericn8484_2 Wed, 12/30/2009 - 11:53

Ok so it sounds like you have a Cisco ASA firewall which connects into a Cisco 3560 which is your core switch which then connects to other switches in your environment. Is the Cisco 3560 series the switch that has all the VLAN's assigned and the default gateways or is it your ASA firewall?

Sorry, I gave incoroect information. The core switch and most new switches are 3750. Other are 3500 and 3600 switches. Also, when I do more tests. I found teh static settings works. If I assign static IP, DG and DNS, the VLAN 200/300 clients can access the Internet.

The most swicthes' DG is 10.0.0.2 - core switch. Some switches don't setup DG. Even the switches with correct DG 10.0.0.2, they don't work or VLAN 200/300 clients can't get IP.

OK, let's keep simple and focus on two switches only. Core 3750 switch 10.0.0.2 |                                      | non-work switch        work switch 10.0.20.12                  10.0.20.13 int G1/0/13                  int G3/0/11 Both ports are configured as same as shown below. switchport access vlan 300 switchport mode access no ip address no mdix auto spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable 10.0.20.13 port int G3/0/11works and 10.0.20.12 port int G1/0/13 doesn't. I also attached both running-config files.

Jon Marshall Thu, 12/31/2009 - 03:07

[email protected]

OK, let's keep simple and focus on two switches only. Core 3750 switch 10.0.0.2 |                                      | non-work switch        work switch 10.0.20.12                  10.0.20.13 int G1/0/13                  int G3/0/11 Both ports are configured as same as shown below. switchport access vlan 300 switchport mode access no ip address no mdix auto spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable 10.0.20.13 port int G3/0/11works and 10.0.20.12 port int G1/0/13 doesn't. I also attached both running-config files.

Can we clarify setup ?

You have 3750 switch as core switch which is routing for all vlans ie. vlan 1, 200, 300 - is this correct ?

You have other switches which are a mixture of 3550, 3560 3750s which are connected to 3750 via L2 trunks ?

You have an ASA firewall which is connected to the 3750 ?. On the 3750 you have a default-route pointing to the ASA inside interface.

You can access the internet from vlan 200/300 if you statically assign IPs instead of relying on DHCP ?

If the above is all correct can you

1) confirm what is the DHCP server and what it's IP address is

2) post the running config of the 3750 which is responsible for routing vlans 1,200,300

3) post the running config of one of the other switches where you are connecting a client in vlan 200 or 300 (you may already have attached this in your last post -   just let me know)

4) Can you post output of "sh vlan" from the both the above switches

5) post the output of "sh ip route" from the 3750 doing the inter-vlan routing

Apologies for asking for so much but it is needed.

Jon

Jigar Dave Thu, 12/31/2009 - 06:40

Hello,

As per my understanding, you need to enable routing on L3 Switch by command

conf t

ip routing

this enables reachability between vlans defined on the L3 switch

so try enabling routing on all new switches.

I am sure that you have already enable ip routing command in all old switches.

Best Regards,

Jigar Dave

CSCO11167812 Thu, 12/31/2009 - 07:52

Hi,

Try with the "show interface trunk"
command to see if the vlan's are transported over the trunks.

Also look at spanning-tree for blocked vlans.

hth

Michel

Actions

This Discussion