Multi vlan access ?

Unanswered Question
Feb 1st, 2010
User Badges:

Hi,


Im looking to access to multiple vlan.


Configuration is :


Vlan 90 : VoIP

Vlan 30 : Data


I want from my computer ( 1 interface ), acces to those both vlan.


My port configuration is :


interface GigabitEthernet1/0/18                                                                                                
description D9                                                                                                                
switchport access vlan 30                                                                                                     
switchport mode access                                                                                                        
switchport voice vlan 90                                                                                                      
switchport port-security maximum 2                                                                                            
switchport port-security                                                                                                      
switchport port-security aging time 2                                                                                         
switchport port-security violation restrict                                                                                   
switchport port-security aging type inactivity                                                                                
srr-queue bandwidth share 10 10 60 20                                                                                         
srr-queue bandwidth shape  10  0  0  0                                                                                        
queue-set 2                                                                                                                   
mls qos trust device cisco-phone                                                                                              
mls qos trust cos                                                                                                             
auto qos voip cisco-phone                                                                                                     
spanning-tree portfast                                                                                                        
spanning-tree bpduguard enable                                                                                                
!        


Thanks helping....

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sachinraja Mon, 02/01/2010 - 07:00
User Badges:
  • Red, 2250 points or more

Hi Sebastine


What exactly do you mean, by access to both voice and data vlans ? the config looks good for a standard PC---> IP phone setup, where the auxillary vlan allows PC to get an ip address from vlan 90, and the PC to get IP from VLAN 30 ...


Please let us know in detail..


Raj

oOSebBartOo Mon, 02/01/2010 - 07:10
User Badges:

Hi and thanks for that fast response :-)


I will try to explain it a bit more, i have 2 vlan 30 ( data ), 90 ( voice ).


On Vlan 90, i have my cisco-phone, some server ( ipbx, etc.. ), that i need to connect on. Vlan are affected by port and not by mac address.


So by default, my computer access on vlan30. I can access on all on that vlan. But i want to access on vlan90 without modification on my computer.

I tryed to create some virtual network interface on my ubuntu desktop, it works, but i think there is something easyest than that.


I hope i've explained better this time... :-)


Switchs are Cisco 3750 Catalyst, conf of vlan on switch is :


interface Vlan30                                                                                                               
ip address 172.17.1.252 255.255.255.0                                                                                         
!                                                                                                                              
interface Vlan90                                                                                                               
description VoIP                                                                                                              
ip address 172.17.129.3 255.255.255.0                                                                                         
!                                                                                                                 
ip default-gateway 172.17.1.252                                                                                                
ip classless                                                                                                                             
ip route 0.0.0.0 0.0.0.0 172.17.1.253                                                                                          
ip route 0.0.0.0 0.0.0.0 172.17.1.254                                                                                          
ip route 172.17.129.0 255.255.255.0 Vlan90                                                                                     
ip route 192.168.41.176 255.255.255.240 192.168.41.177


Thankies ^^

sachinraja Mon, 02/01/2010 - 07:16
User Badges:
  • Red, 2250 points or more

Hi Sebastine


Thanks for a detailed explanation.. again, i have another small query.. what do you want to access in voice vlan ? do you want to access the Call manager or IP PBX server  , or the ip phones ?


You have layer 3 routing enabled on the switch, .. as per your config:


interface Vlan30                                                                                                               
ip address 172.17.1.252 255.255.255.0                                                                                         
!                                                                                                                              
interface Vlan90                                                                                                               
description VoIP                                                                                                              
ip address 172.17.129.3 255.255.255.0    


so, your PC is in 172.17.1.x segment, and your IP PBX is in 172.17.129.x ?? If so, are you  not able to ping 172.17.129.x from your PC ? or are you not able to do http from your PC to the IP PBX ?


Thanks again


Raj

oOSebBartOo Mon, 02/01/2010 - 07:19
User Badges:

You are right.

i want to access on IPbx, and http server on ip phone.


Actually, i am not able to ping something on 172.17.129.X

sachinraja Mon, 02/01/2010 - 07:36
User Badges:
  • Red, 2250 points or more

Hi


is the IP PBX on the same switch as your PC, or different (through a trunk).. if so, have you allowed the appropriate VLANs on trunk ? just to troubleshoot, can you configure a switch directly as "access vlan 30" (no voice vlan configured), and try pinging IP PBX ? are the default gateways set right ? can ping the vlan 90 SVI from your PC ? can you ping the IP PBX from the layer 3 switch ?


Raj

oOSebBartOo Mon, 02/01/2010 - 07:48
User Badges:

Hi again


No IP PBX is not on the same switch. Switchs are configured on trunk, allowing all.

I have try to configure a port only with access vlan30 and i can't ping 172.17.129.0 network


The default gateway seems right.

I am not able to ping the SVI of vlan 90 from my computer, SVI of vlan30 is OK.


Ping from switch to ipbx is OK .


I hope it can help you ^^


Seb

sachinraja Mon, 02/01/2010 - 08:11
User Badges:
  • Red, 2250 points or more

Hi Seb


Not sure why you need these routes:


ip default-gateway 172.17.1.252   
ip route 172.17.129.0 255.255.255.0 Vlan90    


i see 172.17.1.252 as the local switch VLAN 30 IP address.. you can remove these, or change it, .. this anyway wouldnt solve your issue.. one question was, from the IP PBX, are you able to ping the PC ? (opposite direction) ?


Raj

oOSebBartOo Mon, 02/01/2010 - 08:22
User Badges:

Hi,


Ok i have modifier default gateway, suppressed other route.

From IP PBX, same problem, i can ping all server on Vlan90, but no one on Vlan 30.


ipbx 172.17.129.11, other server on vlan90 172.17.129.69, my computer on vlan30 172.17.1.120


It seems that switch cannot acces to both vlan, ( i have ip-routed enable of course ).


Seb

Jon Marshall Mon, 02/01/2010 - 08:39
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

oOSebBartOo wrote:


Hi,


Ok i have modifier default gateway, suppressed other route.

From IP PBX, same problem, i can ping all server on Vlan90, but no one on Vlan 30.


ipbx 172.17.129.11, other server on vlan90 172.17.129.69, my computer on vlan30 172.17.1.120


It seems that switch cannot acces to both vlan, ( i have ip-routed enable of course ).


Seb


Seb


Can you just confirm -


1) what default-gateway are you using for vlan 30 clients

2) what default-gateway are you using for vlan 90 clients


3) do you have an acls on either of these interfaces ?


Can we have a "sh ip route" from the 3750 and also the config ?


Jon

oOSebBartOo Mon, 02/01/2010 - 08:52
User Badges:

Hi Jon,


Thanks for help too.


Default gateway for both vlan is a switch with network interface on both vlan.


i have no acl on this interface.


IP route is :

Gateway of last resort is 192.168.69.1 to network 0.0.0.0


     172.17.0.0/24 is subnetted, 2 subnets
C       172.17.129.0 is directly connected, Vlan90
C       172.17.1.0 is directly connected, Vlan30
C    192.168.69.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.69.1
               [1/0] via 172.17.1.254
               [1/0] via 172.17.1.253



192.168.69.X is the vlan1, default from cisco switch.


Thanks :-)

Jon Marshall Mon, 02/01/2010 - 09:00
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

oOSebBartOo wrote:


Hi Jon,


Thanks for help too.


Default gateway for both vlan is a switch with network interface on both vlan.


i have no acl on this interface.


IP route is :

Gateway of last resort is 192.168.69.1 to network 0.0.0.0


     172.17.0.0/24 is subnetted, 2 subnets
C       172.17.129.0 is directly connected, Vlan90
C       172.17.1.0 is directly connected, Vlan30
C    192.168.69.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.69.1
               [1/0] via 172.17.1.254
               [1/0] via 172.17.1.253



192.168.69.X is the vlan1, default from cisco switch.


Thanks :-)

Seb


Default gateway for both vlan is a switch with network interface on both vlan.


Sorry, do you mean that the default-gateway for vlan 30 clients is the vlan 30 interface on the 3750 switch ? And the default-gateway for vlan 90 clients is the vlan 90 interface on the 3750 switch ?


Jon

oOSebBartOo Mon, 02/01/2010 - 09:23
User Badges:

Yeah, lan network is :


switch "interconnection" 1 port access to lan with a other site, 2 port for 2 switchs.


default gateway is that interconnection switch ( 172.17.1.253 )


                                    172.17.1.253(vlan30) - 172.17.129.1(vlan90)

                              ____________________|_________________

                              |                                                                 |

172.17.1.252(vlan30) - 172.17.129.3(vlan90)                  172.17.1.250(vlan30) - 172.17.129.5(vlan90)

                               |                                                                 |

               My PC 172.17.1.120(vlan30)                             IP PBX 172.17.129.11

               Other PC on 172.17.129.8(vlan90)                DHCP server with 2 network card 172.17.1.69(vlan30) - 172.17.129.69(vlan90)




I hope it can help....


Seb

Jon Marshall Mon, 02/01/2010 - 09:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

oOSebBartOo wrote:


Yeah, lan network is :


switch "interconnection" 1 port access to lan with a other site, 2 port for 2 switchs.


default gateway is that interconnection switch ( 172.17.1.253 )


                                    172.17.1.253(vlan30) - 172.17.129.1(vlan90)

                              ____________________|_________________

                              |                                                                 |

172.17.1.252(vlan30) - 172.17.129.3(vlan90)                  172.17.1.250(vlan30) - 172.17.129.5(vlan90)

                               |                                                                 |

               My PC 172.17.1.120(vlan30)                             IP PBX 172.17.129.11

               Other PC on 172.17.129.8(vlan90)                DHCP server with 2 network card 172.17.1.69(vlan30) - 172.17.129.69(vlan90)



I hope it can help....


Seb


Can you post config of interconnection switch + sh int trunk for both the other switches.


Jon

oOSebBartOo Mon, 02/01/2010 - 09:41
User Badges:

Oki,


172.17.1.252 :


Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/10    on           802.1q         trunking      90
Gi1/0/48    on           802.1q         trunking      99


Port        Vlans allowed on trunk
Gi1/0/10    1-4094
Gi1/0/48    1-4094


Port        Vlans allowed and active in management domain
Gi1/0/10    1,30,90,99
Gi1/0/48    1,30,90,99


Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/10    1,30,90,99
Gi1/0/48    1,30,90,99


172.17.1.250 :


Port        Mode             Encapsulation  Status        Native vlan
Gi1/0/48    on               802.1q         trunking      99


Port        Vlans allowed on trunk
Gi1/0/48    1-4094


Port        Vlans allowed and active in management domain
Gi1/0/48    1,30,90,99


Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/48    1,30,90,99






172.17.1.253 :




interface GigabitEthernet1/0/48                                                                                                                                                
description Rocade RdC - Etage                                                                                                                                                
switchport trunk encapsulation dot1q                                                                                                                                          
switchport trunk native vlan 99                                                                                                                                               
switchport mode trunk                                                                                                                                                         
macro description cisco-switch                                                                                                                                                
auto qos voip trust                                                                                                                                                           
spanning-tree link-type point-to-point                                                                                                                                        
!


interface Vlan1                                                                                                                                                                
no ip address                                                                                                                                                                 
!                                                                                                                                                                              
interface Vlan30                                                                                                                                                               
ip address 172.17.1.253 255.255.255.0
!
interface Vlan43
description L2L STO
ip address 192.168.41.174 255.255.255.240
!
interface Vlan44
ip address 192.168.41.190 255.255.255.240
!
interface Vlan90
description VoIP
ip address 172.17.129.1 255.255.255.0
!
interface Vlan99
description VOIP
no ip address
!
ip default-gateway 192.168.41.177
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.41.161
ip route 192.168.41.176 255.255.255.240 192.168.41.177

oOSebBartOo Mon, 02/01/2010 - 09:42
User Badges:

Int trunk for interco switch ( .253 ) :


Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/45    on           802.1q         trunking      99
Gi1/0/46    on           802.1q         trunking      99
Gi1/0/47    on           802.1q         trunking      1
Gi1/0/48    on           802.1q         trunking      99


Port        Vlans allowed on trunk
Gi1/0/45    1-4094
Gi1/0/46    1-4094
Gi1/0/47    43,98
Gi1/0/48    1-4094


Port        Vlans allowed and active in management domain
Gi1/0/45    1,30,43-44,90,98-99
Gi1/0/46    1,30,43-44,90,98-99
Gi1/0/47    43,98
Gi1/0/48    1,30,43-44,90,98-99


Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/45    1,30,43-44,90,98-99
Gi1/0/46    1,30,43-44,90,98-99
Gi1/0/47    43,98
Gi1/0/48    1,30,43-44,90,98-99

sachinraja Mon, 02/01/2010 - 10:14
User Badges:
  • Red, 2250 points or more

Hi Seb


Why do we see native vlan 99 on all trunks ? shouldnt it be vlan 90 ? and what is gig 1/0/47 on .253 switch ? i do not see both data and voice vlans on that trunk ?


Raj

oOSebBartOo Mon, 02/01/2010 - 11:24
User Badges:

Hi,


Vlan 99 is an "old" vlan, that is not use actually.

Interface  gig 1/0/47 is an other lan on a different localisation ( fiberchannel connexion ), so this one don't need to have voice or data vlan.


Seb

sachinraja Mon, 02/01/2010 - 11:34
User Badges:
  • Red, 2250 points or more

Hi Seb


Can you change the native vlan to VLAN 90 (instead of 99) on all uplink ports and then try pinging this ?


Also, your edge switches are layer 2 in nature, right ? are you sure you pointed the default gateway to the core switch , and not the access ?


Raj

oOSebBartOo Mon, 02/01/2010 - 11:42
User Badges:

Ok i will try to  modify vlan to 90 on all.


Yes i'm sure for core switch, .252 that you have seen was a copy / paste mistake


I don't understand what you mean with "your edge switches are layer 2 in nature, right" ?

sachinraja Mon, 02/01/2010 - 11:47
User Badges:
  • Red, 2250 points or more

Hi seb


i just meant that the layer 3 routing should be performed only at one place, which will be the aggregation switch .. on your interconnect switches, you should do layer 2 switching, with vlans configured etc.. all default gateway should point to your aggregation switch, where you define multiple vlans for routing...


Hope this helps..


Raj

oOSebBartOo Mon, 02/01/2010 - 11:48
User Badges:

Ok i'll try, on switch .252 i set default gateway himself so, right?

Actions

This Discussion