Multi vlan access ?

oOSebBartOo · ‎02-01-2010

Hi,

Im looking to access to multiple vlan.

Configuration is :

Vlan 90 : VoIP

Vlan 30 : Data

I want from my computer ( 1 interface ), acces to those both vlan.

My port configuration is :

interface GigabitEthernet1/0/18
description D9
switchport access vlan 30
switchport mode access
switchport voice vlan 90
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
srr-queue bandwidth share 10 10 60 20
srr-queue bandwidth shape 10 0 0 0
queue-set 2
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
spanning-tree bpduguard enable
!

Thanks helping....

sachinraja · ‎02-01-2010

Hi Sebastine

What exactly do you mean, by access to both voice and data vlans ? the config looks good for a standard PC---> IP phone setup, where the auxillary vlan allows PC to get an ip address from vlan 90, and the PC to get IP from VLAN 30 ...

Please let us know in detail..

Raj

oOSebBartOo · ‎02-01-2010

Hi and thanks for that fast response :-)

I will try to explain it a bit more, i have 2 vlan 30 ( data ), 90 ( voice ).

On Vlan 90, i have my cisco-phone, some server ( ipbx, etc.. ), that i need to connect on. Vlan are affected by port and not by mac address.

So by default, my computer access on vlan30. I can access on all on that vlan. But i want to access on vlan90 without modification on my computer.

I tryed to create some virtual network interface on my ubuntu desktop, it works, but i think there is something easyest than that.

I hope i've explained better this time... :-)

Switchs are Cisco 3750 Catalyst, conf of vlan on switch is :

interface Vlan30
ip address 172.17.1.252 255.255.255.0
!
interface Vlan90
description VoIP
ip address 172.17.129.3 255.255.255.0
!
ip default-gateway 172.17.1.252
ip classless
ip route 0.0.0.0 0.0.0.0 172.17.1.253
ip route 0.0.0.0 0.0.0.0 172.17.1.254
ip route 172.17.129.0 255.255.255.0 Vlan90
ip route 192.168.41.176 255.255.255.240 192.168.41.177

Thankies ^^

sachinraja · ‎02-01-2010

Hi Sebastine

Thanks for a detailed explanation.. again, i have another small query.. what do you want to access in voice vlan ? do you want to access the Call manager or IP PBX server , or the ip phones ?

You have layer 3 routing enabled on the switch, .. as per your config:

interface Vlan30
ip address 172.17.1.252 255.255.255.0
!
interface Vlan90
description VoIP
ip address 172.17.129.3 255.255.255.0

so, your PC is in 172.17.1.x segment, and your IP PBX is in 172.17.129.x ?? If so, are you not able to ping 172.17.129.x from your PC ? or are you not able to do http from your PC to the IP PBX ?

Thanks again

Raj

oOSebBartOo · ‎02-01-2010

You are right.

i want to access on IPbx, and http server on ip phone.

Actually, i am not able to ping something on 172.17.129.X

sachinraja · ‎02-01-2010

Hi

is the IP PBX on the same switch as your PC, or different (through a trunk).. if so, have you allowed the appropriate VLANs on trunk ? just to troubleshoot, can you configure a switch directly as "access vlan 30" (no voice vlan configured), and try pinging IP PBX ? are the default gateways set right ? can ping the vlan 90 SVI from your PC ? can you ping the IP PBX from the layer 3 switch ?

Raj

oOSebBartOo · ‎02-01-2010

Hi again

No IP PBX is not on the same switch. Switchs are configured on trunk, allowing all.

I have try to configure a port only with access vlan30 and i can't ping 172.17.129.0 network

The default gateway seems right.

I am not able to ping the SVI of vlan 90 from my computer, SVI of vlan30 is OK.

Ping from switch to ipbx is OK .

I hope it can help you ^^

Seb

sachinraja · ‎02-01-2010

Hi Seb

Not sure why you need these routes:

ip default-gateway 172.17.1.252
ip route 172.17.129.0 255.255.255.0 Vlan90

i see 172.17.1.252 as the local switch VLAN 30 IP address.. you can remove these, or change it, .. this anyway wouldnt solve your issue.. one question was, from the IP PBX, are you able to ping the PC ? (opposite direction) ?

Raj

oOSebBartOo · ‎02-01-2010

Hi,

Ok i have modifier default gateway, suppressed other route.

From IP PBX, same problem, i can ping all server on Vlan90, but no one on Vlan 30.

ipbx 172.17.129.11, other server on vlan90 172.17.129.69, my computer on vlan30 172.17.1.120

It seems that switch cannot acces to both vlan, ( i have ip-routed enable of course ).

Seb

Jon Marshall · ‎02-01-2010

oOSebBartOo wrote:

Hi,

Ok i have modifier default gateway, suppressed other route.

From IP PBX, same problem, i can ping all server on Vlan90, but no one on Vlan 30.

ipbx 172.17.129.11, other server on vlan90 172.17.129.69, my computer on vlan30 172.17.1.120

It seems that switch cannot acces to both vlan, ( i have ip-routed enable of course ).

Seb

Can you just confirm -

1) what default-gateway are you using for vlan 30 clients

2) what default-gateway are you using for vlan 90 clients

3) do you have an acls on either of these interfaces ?

Can we have a "sh ip route" from the 3750 and also the config ?

Jon

oOSebBartOo · ‎02-01-2010

Hi Jon,

Thanks for help too.

Default gateway for both vlan is a switch with network interface on both vlan.

i have no acl on this interface.

IP route is :

Gateway of last resort is 192.168.69.1 to network 0.0.0.0

     172.17.0.0/24 is subnetted, 2 subnets
C       172.17.129.0 is directly connected, Vlan90
C       172.17.1.0 is directly connected, Vlan30
C    192.168.69.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.69.1
               [1/0] via 172.17.1.254
               [1/0] via 172.17.1.253

192.168.69.X is the vlan1, default from cisco switch.

Thanks :-)

Jon Marshall · ‎02-01-2010

oOSebBartOo wrote:

Hi Jon,

Thanks for help too.

Default gateway for both vlan is a switch with network interface on both vlan.

i have no acl on this interface.

IP route is :

Gateway of last resort is 192.168.69.1 to network 0.0.0.0

     172.17.0.0/24 is subnetted, 2 subnets
C       172.17.129.0 is directly connected, Vlan90
C       172.17.1.0 is directly connected, Vlan30
C    192.168.69.0/24 is directly connected, Vlan1
S*   0.0.0.0/0 [1/0] via 192.168.69.1
               [1/0] via 172.17.1.254
               [1/0] via 172.17.1.253

192.168.69.X is the vlan1, default from cisco switch.

Thanks :-)

Seb

Default gateway for both vlan is a switch with network interface on both vlan.

Sorry, do you mean that the default-gateway for vlan 30 clients is the vlan 30 interface on the 3750 switch ? And the default-gateway for vlan 90 clients is the vlan 90 interface on the 3750 switch ?

Jon

oOSebBartOo · ‎02-01-2010

Yeah, lan network is :

switch "interconnection" 1 port access to lan with a other site, 2 port for 2 switchs.

default gateway is that interconnection switch ( 172.17.1.253 )

172.17.1.253(vlan30) - 172.17.129.1(vlan90)

____________________|_________________

| |

172.17.1.252(vlan30) - 172.17.129.3(vlan90) 172.17.1.250(vlan30) - 172.17.129.5(vlan90)

| |

My PC 172.17.1.120(vlan30) IP PBX 172.17.129.11

Other PC on 172.17.129.8(vlan90) DHCP server with 2 network card 172.17.1.69(vlan30) - 172.17.129.69(vlan90)

I hope it can help....

Seb

Jon Marshall · ‎02-01-2010

oOSebBartOo wrote:

Yeah, lan network is :

switch "interconnection" 1 port access to lan with a other site, 2 port for 2 switchs.

default gateway is that interconnection switch ( 172.17.1.253 )

172.17.1.253(vlan30) - 172.17.129.1(vlan90)

____________________|_________________

| |

172.17.1.252(vlan30) - 172.17.129.3(vlan90) 172.17.1.250(vlan30) - 172.17.129.5(vlan90)

| |

My PC 172.17.1.120(vlan30) IP PBX 172.17.129.11

Other PC on 172.17.129.8(vlan90) DHCP server with 2 network card 172.17.1.69(vlan30) - 172.17.129.69(vlan90)

I hope it can help....

Seb

Can you post config of interconnection switch + sh int trunk for both the other switches.

Jon

oOSebBartOo · ‎02-01-2010

Oki,

172.17.1.252 :

Port        Mode         Encapsulation Status        Native vlan
Gi1/0/10    on           802.1q         trunking      90
Gi1/0/48    on           802.1q         trunking      99

Port        Vlans allowed on trunk
Gi1/0/10    1-4094
Gi1/0/48    1-4094

Port        Vlans allowed and active in management domain
Gi1/0/10    1,30,90,99
Gi1/0/48    1,30,90,99

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/10    1,30,90,99
Gi1/0/48    1,30,90,99

172.17.1.250 :

Port Mode Encapsulation Status Native vlan
Gi1/0/48 on 802.1q trunking 99

Port Vlans allowed on trunk
Gi1/0/48 1-4094

Port Vlans allowed and active in management domain
Gi1/0/48 1,30,90,99

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/48 1,30,90,99

172.17.1.253 :

interface GigabitEthernet1/0/48
description Rocade RdC - Etage
switchport trunk encapsulation dot1q
switchport trunk native vlan 99
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!

interface Vlan1
no ip address
!
interface Vlan30
ip address 172.17.1.253 255.255.255.0
!
interface Vlan43
description L2L STO
ip address 192.168.41.174 255.255.255.240
!
interface Vlan44
ip address 192.168.41.190 255.255.255.240
!
interface Vlan90
description VoIP
ip address 172.17.129.1 255.255.255.0
!
interface Vlan99
description VOIP
no ip address
!
ip default-gateway 192.168.41.177
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.41.161
ip route 192.168.41.176 255.255.255.240 192.168.41.177