×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Vlan Inoperability issues

Unanswered Question
Nov 29th, 2006
User Badges:

Here is the equipment


Layer 3 3560 switch


two vlans:

vlan1 and vlan 20


vlan 1 servers:

gateway is vlan 1 ip


vlan 20 servers:

gateway is vlan 20 ip


Currently vlan 1 or vlan 20 cannot communicate to each other. Vlan 1 cannot ping vlan 20 interface.


I need my vlan 1 servers to be able to connect to my vlan 20 servers. But, disallow vlan 20 servers to directly connect to vlan 1 servers. What am I missing?


Thanks

Ryan

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
sundar.palaniappan Wed, 11/29/2006 - 11:03
User Badges:
  • Green, 3000 points or more

Ryan,


It would help if you post the configuration you are currently using on the 3560 switch.


Assuming both VLAN interfaces are up you should be able to ping the VLAN interfaces from a host on another VLAN. Do you have 'ip routing' enabled in the switch? Verify this by doing a show ip route in the switch.


As far as disallowing the servers on VLAN 20 from not talking to servers on VLAN 1 you may be able to do this by using ACLs.



HTH


Sundar



rostoski Wed, 11/29/2006 - 11:15
User Badges:

IP Routing is enabled. I really do not want to post my whole config on here.


Both VLAN Interfaces are up.


Do the ports in Vlan 1 need vlan 20 also allowed?


Or something else?


Thanks




sundar.palaniappan Wed, 11/29/2006 - 11:31
User Badges:
  • Green, 3000 points or more

No, the ports connected to hosts don't have to allow the other VLAN i.e access port on vlan 1 need not allow vlan 20 traffic. The switch should route traffic between the VLANs.


Can you make sure the hosts aren't assigned IP from the wrong VLAN block? Make sure the IP/Subnet mask is configured correctly and the access ports connected to servers are on the correct VLANs. Little things like could very well be the problem. If you are using public IP addresses the post the VLAN IP addresses by hiding the first 2 octects.


HTH


Sundar

glen.grant Wed, 11/29/2006 - 11:33
User Badges:
  • Purple, 4500 points or more

Do a show vlan and make sure both 1 and 20 show active with ports assigned to them .

rostoski Wed, 11/29/2006 - 12:29
User Badges:

NIESW3560-48-1#sh run


!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service sequence-numbers

!



!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

ip routing

!

login on-failure


!

!

!

no file verify auto

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

description connected to SERVER

spanning-tree portfast

!

interface GigabitEthernet0/2

description connected to SERVER

spanning-tree portfast

!

interface GigabitEthernet0/3

description connected to SERVER

spanning-tree portfast

!

.

.

.

!

interface GigabitEthernet0/29

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/30

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/31

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/32

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface Vlan1

ip address x.x.80.11 255.255.252.0

!

interface Vlan20

description ATI VLAN

ip address x.x.79.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.80.1

80.1 <----PIX is default route


ip http server

!


!

!

end


The show vlan was correct.. Thanks everyone..

Actions

This Discussion