Vlan Inoperability issues

rostoski123 · ‎11-29-2006

Here is the equipment

Layer 3 3560 switch

two vlans:

vlan1 and vlan 20

vlan 1 servers:

gateway is vlan 1 ip

vlan 20 servers:

gateway is vlan 20 ip

Currently vlan 1 or vlan 20 cannot communicate to each other. Vlan 1 cannot ping vlan 20 interface.

I need my vlan 1 servers to be able to connect to my vlan 20 servers. But, disallow vlan 20 servers to directly connect to vlan 1 servers. What am I missing?

Thanks

Ryan

sundar.palaniappan · ‎11-29-2006

Ryan,

It would help if you post the configuration you are currently using on the 3560 switch.

Assuming both VLAN interfaces are up you should be able to ping the VLAN interfaces from a host on another VLAN. Do you have 'ip routing' enabled in the switch? Verify this by doing a show ip route in the switch.

As far as disallowing the servers on VLAN 20 from not talking to servers on VLAN 1 you may be able to do this by using ACLs.

HTH

Sundar

rostoski · ‎11-29-2006

IP Routing is enabled. I really do not want to post my whole config on here.

Both VLAN Interfaces are up.

Do the ports in Vlan 1 need vlan 20 also allowed?

Or something else?

Thanks

sundar.palaniappan · ‎11-29-2006

No, the ports connected to hosts don't have to allow the other VLAN i.e access port on vlan 1 need not allow vlan 20 traffic. The switch should route traffic between the VLANs.

Can you make sure the hosts aren't assigned IP from the wrong VLAN block? Make sure the IP/Subnet mask is configured correctly and the access ports connected to servers are on the correct VLANs. Little things like could very well be the problem. If you are using public IP addresses the post the VLAN IP addresses by hiding the first 2 octects.

HTH

Sundar

glen.grant · ‎11-29-2006

Do a show vlan and make sure both 1 and 20 show active with ports assigned to them .

rostoski · ‎11-29-2006

NIESW3560-48-1#sh run

!

version 12.2

no service pad

service timestamps debug datetime localtime

service timestamps log datetime localtime

service password-encryption

service sequence-numbers

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

ip subnet-zero

ip routing

!

login on-failure

!

no file verify auto

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface GigabitEthernet0/1

description connected to SERVER

spanning-tree portfast

!

interface GigabitEthernet0/2

description connected to SERVER

spanning-tree portfast

!

interface GigabitEthernet0/3

description connected to SERVER

spanning-tree portfast

!

.

!

interface GigabitEthernet0/29

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/30

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/31

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet0/32

description VLAN

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface Vlan1

ip address x.x.80.11 255.255.252.0

!

interface Vlan20

description ATI VLAN

ip address x.x.79.1 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 x.x.80.1

80.1 <----PIX is default route

ip http server

!

end

The show vlan was correct.. Thanks everyone..