Layer 2 traffic between VLANs on a 3560 Switch

Unanswered Question
Feb 11th, 2010
User Badges:

Hi all,


I have a problem with two VLANs linked throu a crossover link in each VLAN

Please see picture:


VLAN-to-VLAN.jpg



I can't access the routers from the VLAN20 IP 10.10.1.3 and the other way roung.

The same config is working fine on a 4507 switch.

What is wrong?

Can somebody help me with this?


Christoph

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Leo Laohoo Thu, 02/11/2010 - 14:47
User Badges:
  • Super Gold, 25000 points or more
  • Hall of Fame,

    The Hall of Fame designation is a lifetime achievement award based on significant overall achievements in the community. 

  • Cisco Designated VIP,

    2017 LAN, Wireless

Is your diagram right?  Is 10.10.10.0/24 the managmenet IP address for VLAN 10 or 20?  And you've got access ports?  How can inter-vlan work if your uplinks are all access ports instead of trunks?

Jon Marshall Thu, 02/11/2010 - 15:03
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

leolaohoo wrote:


Is your diagram right?  Is 10.10.10.0/24 the managmenet IP address for VLAN 10 or 20?  And you've got access ports?  How can inter-vlan work if your uplinks are all access ports instead of trunks?


Leo


The setup is fine. This is the way to connect devices running in transparent mode ie. on each side of the transparent device, the IPS in this case, you have the same IP subnet because the device is simply acting at L2. So it has to be the same IP subnet on both sides. But you can't use the same vlan on both sides otherwise you get an STP loop, so you use 2 vlans and literally "join" them with the transparent device.


This is the way you deply the FWSM/IPS/ACE modules in transparent mode.


Jon

christoph.bloos Fri, 02/12/2010 - 00:28
User Badges:

Jon,


That is exact what I am dooing. But it is not working on the 3560. I also replaced the IPS with a crossover cable, wich causes the same issue.

But it is working on two diffrent 4507R. (Same IOS Version 12.2(20))


Christoph

Jon Marshall Fri, 02/12/2010 - 03:27
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

christoph.bloos wrote:


Jon,


That is exact what I am dooing. But it is not working on the 3560. I also replaced the IPS with a crossover cable, wich causes the same issue.

But it is working on two diffrent 4507R. (Same IOS Version 12.2(20))


Christoph


Christoph


How are you trying to access the routers ie. is it with ping from the 3560 ? If so are you using vlan 20 as the source interface ?


Can you also check on what STP is doing regarding the links.


Jon

christoph.bloos Fri, 02/12/2010 - 04:13
User Badges:

Hi Jon,


I am pining from the 3560 with sourch interface 10.10.10.3


If I connect a device via access port to VLAN20 (laptop) with IP 10.10.10.4, I can reach the 10.10.10.1 and .2, also in other direction.


below the  "sh spanning-tree"


gi0/1 is a router (10.10.10.1) VLAN10

gi0/11 is the IPS VLAN10


gi0/12 is the IPS VLAN20

gi0/23 is a Laptop (10.10.10.4) VLAN20


VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    24707
             Address     0012.daa4.11c0
             Cost        27
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0013.1a8d.e280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Root FWD 19        128.1    P2p
Gi0/11           Desg FWD 4         128.11   P2p


VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    24707
             Address     0012.daa4.11c0
             Cost        31
             Port        13 (GigabitEthernet0/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0013.1a8d.e280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/13           Root FWD 4         128.13   P2p
Gi0/23           Desg FWD 4         128.23   Edge




Christoph

christoph.bloos Tue, 02/16/2010 - 08:36
User Badges:

Hi all,


I have found a way where it is working:


I have added an IP for the VLAN 10


     Interface VLAN 10

          ip address 192.168.0.1 255.255.255.0


Than it is working! But this IP is not used...

And It is also working without ip routing enabled!


If this is the work arround I can live with it ;-)


Thanks!


Christoph

Actions

This Discussion