what is this meaning???

nelba_aldovino · ‎06-30-2010

Hi again to all,

just want to ask if anyone know what is the fcpa in cisco catalyst 3750?

it is a catalyst 3750- 12 SFP port. and i need to configure it with vlan and access list.

my problem is when i already configured it and test it connection it doesnt work.

but in my packet tracer when i try the same configuration it works.

I think my problem is the configuration on the fiber portl.

I dont know how to trunk the fiber port going to the switch.

here's my configuration

urrent configuration : 1568 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
switch 1 provision ws-c3750g-12s
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 172.17.3.162 255.255.0.0
ip access-group ACL_TO_SERVERS out
!
interface Vlan3
ip address 172.25.70.1 255.255.255.0
ip access-group ACL_TO_SERVERS out
!
interface Vlan4
ip address 172.25.71.1 255.255.255.0
ip access-group ACL_TO_SERVERS out
!
ip classless
ip http server
!
ip access-list extended ACL_TO_SERVERS
permit ip 172.25.70.0 0.0.0.255 172.25.71.0 0.0.0.255
permit ip 172.25.71.0 0.0.0.255 172.25.70.0 0.0.0.255
permit ip 172.25.70.0 0.0.0.255 host 172.17.3.120
permit ip 172.25.71.0 0.0.0.255 host 172.17.3.120
permit ip host 172.17.3.120 172.25.70.0 0.0.0.255
permit ip host 172.17.3.120 172.25.71.0 0.0.0.255
!
!
control-plane
!
!
line con 0
line vty 5 15

Interface GigabitEthernet1/0/1 is configured as trunk going to the other switch.

but i think it doesnt work.

can anyone help me how to make it work and what command should i do to trunk the fiber optic port?

please help me....

thank you so much......

Leo Laohoo · ‎06-30-2010

Where's your VLAN instance???

conf t

vlan 2-4

end

nelba_aldovino · ‎06-30-2010

The catalyst 3750 is connected on the SRW2016.

Vlan instance is on the SRW2016.

here's the configuration of the SRW2016

interface ethernet g16
switchport mode trunk
exit
vlan database
vlan 2-4
exit
interface range ethernet g(2-5)
switchport access vlan 2
exit
interface range ethernet g(6-10)
switchport access vlan 3
exit
interface range ethernet g(11-15)
switchport access vlan 4
exit
interface vlan 2
name SUBNET16
exit
interface vlan 3
name SERVERS
exit
interface vlan 4
name IT

Leo Laohoo · ‎06-30-2010

Ok. SO where is the VLAN instances on the 3750?

nelba_aldovino · ‎06-30-2010

sorry but what do you mean by vlan instances?

thank you...

nelba_aldovino · ‎06-30-2010

hi leolaohoo,

this is what my design

in packet tracer it works but when it comes to real switches it doesnt work.

i did same configuration as what i did on the packet tracer.

taali · ‎06-30-2010

Nelba

Can you paste the output of 'show vlan brief' and 'show interfaces trunk' from both switches.

nelba_aldovino · ‎06-30-2010

hi taali,

here'e the utput for Catalyst 3750

Switch#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/2, Gi1/0/3, Gi1/0/4
                                                Gi1/0/5, Gi1/0/6, Gi1/0/7
                                                Gi1/0/8, Gi1/0/9, Gi1/0/10
                                                Gi1/0/11, Gi1/0/12
2    SUBNET16                         active
3    SERVERS                          active
4    IT                               active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Switch#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi1/0/1 1-4094

Port Vlans allowed and active in management domain
Gi1/0/1 1-4

Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1-4

here's the output for SRW2016

console# show vlan

Vlan Name Ports Type Authorization

---- ----------------- --------------------------- ------------ -------------

1 1 g(1,16),ch(1-8) other Required

2 SUBNET16 g(2-5,16) permanent Required

3 SERVERS g(6-10,16) permanent Required

4 IT g(11-16) permanent Required

There is no show int trunk command in linksys cisco SRW2016

that's why i'll just show the startup-config output of it which is equivalent to show running-config in cisco cli.

console# show startup-config
interface ethernet g16
switchport mode trunk
exit
vlan database
vlan 2-4
exit
interface range ethernet g(2-5)
switchport access vlan 2
exit
interface ethernet g16
switchport trunk allowed vlan add 2
exit
interface range ethernet g(6-10)
switchport access vlan 3
exit
interface ethernet g16
switchport trunk allowed vlan add 3
exit
interface range ethernet g(11-15)
switchport access vlan 4
exit
interface ethernet g16
switchport trunk allowed vlan add 4
exit
interface vlan 2
name SUBNET16
exit
interface vlan 3
name SERVERS
exit
interface vlan 4
name IT

nelba_aldovino · ‎07-01-2010

I can now ping the ip on the cisco 3750.

I have now another problem with my access list.

My accesslist was configured on cisco 3750 but it was not detected when connected to the SRW2016.

I dont know what's the problem..

here's the scenario:

i did the figure above on the real switch i connect a pc on SRW2016

here's the ACL configuration of cisco 3750

          Extended IP access list ACL_TO_SERVERS
              10 permit ip 172.25.70.0 0.0.0.255 172.25.71.0 0.0.0.255
              20 permit ip 172.25.71.0 0.0.0.255 172.25.70.0 0.0.0.255

In packet tracer it works but on the real switch I can't ping the DC server from the pc or vise versa.

But i can ping the gateway on the cisco 3750 of the DC Server and pc.

I dont know if the problem is on the cisco or on the SRW2016.

but i think configuration on cisco is correct i just don't know how will i connect the ACL from the cisco to SRW2016.

In packet tracer by using trunk it will allow all the configuration of the cisco to the switch.

But i already trunk the cisco to switch as shown on the figure but unfortunately it doesnt work

please help.....