2 questions about Cisco 3750 Intervlan configuration

assalihin · ‎10-19-2010

I have about 20 switches scattered around 3 plants connected in a circle kind of.

--One 3750
--Six Ce500-12 Ports (No Cli-Just web access)
--Twelve Ce500-24 Ports(No Cli-Just web access)
--One Dell Powerconnect 5324.
--Windows 2008 r2 acting as Dhcp server.

I am running out of Ips on my one and only subnet.
I would like to set up Vlans to separate traffic and also solve my ip issue.

Ip routing is enabled on the 3750. Looks like trunk encapsulation is too. This is from my Sh run:

interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/24
description Dell Switch
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/26
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/27
description Fiber
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/28
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address X.X.X.X X.X.X.X
!
ip default-gateway X.X.X.X
ip classless
ip http server

---------------------------------------------------------------------------------
interface GigabitEthernet1/0/24 is copper connected to the 5324 PowerConnect Dell switch.
interface GigabitEthernet1/0/27 is Fiber connected to another Cisco ce500 Series switch

I am thinking about having 2 Vlans to start with. 10.5.0.0/24 and 10.6.0.0/24

My question is:

Which port should I use to configure the Sub interfaces for vlans?

What would be the commands to type in?

Thanks for your help

Jon Marshall · ‎10-19-2010

My question is:

Which port should I use to configure the Sub interfaces for vlans?

What would be the commands to type in?

You don't use subinterfaces on a L3 switch, you use L3 vlan interfaces. So lets say you want 2 vlans -

vlan 10 = 192.168.5.0/24

vlan 11 = 192.168.6.0/24

assuming you have already created the vlans in the vlan database -

1) create a L3 interface for each vlan eg.

int vlan 10

ip address 192.168.5.1 255.255.255.0 <-- this IP is the default-gateway for clients in vlan 10

no shut

int vlan 11

ip address 192.168.6.1 255.255.255.0 <-- this is default-gateway for vlan 11 clients

no shut

2) you need to enable ip routing on the 3750 -

3750(config)# ip routing

3) remove the ip default-gateway statement from your 3750 switch

then as long as vlan 10 and 11 are allowed on the trunk links to other switches, and they will be by default, it should all work fine.

Jon

assalihin · ‎10-19-2010

No I have not already created the vlans in the vlan database.

How do I do that?

Also, is there any helper command to point to the my dhcp server so they can get ip addresses?

Thanks for your help

Jon Marshall · ‎10-19-2010

assalihin wrote:

No I have not already created the vlans in the vlan database.

How do I do that?

Also, is there any helper command to point to the my dhcp server so they can get ip addresses?

Thanks for your help

to create in vlan database -

3750(config)# vlan 10

and the same for vlan 11

3750# sh vlan brief

and you should see the vlans in the vlan database.

For DHCP you add this under the L3 vlan interfaces -

int vlan 10

ip address 192.168.5.1 255.255.255.0

ip helper-address x.x.x.x <-- where x.x.x.x is the DHCP server IP

note you don't need the ip helper-address on the L3 vlan interface where the DHCP server resides.

Jon

assalihin · ‎10-19-2010

Done.

I created the vlan 10 on my ce 500 to which the test workstation is connected

On that switch also I made the port to which the workstaion is connecte dpart of Vlan10

I created the new scopes on the Dhcp server for Vlan 10 and 11

But

the workstation doesn't get an ip.

even if i plug in a static ip with the 192.168.5.1 as its gateway, it doesn't ping 192.168.5.1

I cannot ping the workstation from the L3 switch.

Any ideas to why I have no connectivity on the workstation?

Here is a Vlan brief:

3750#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.5.0/24 is directly connected, Vlan10
C    192.168.6.0/24 is directly connected, Vlan11
C    192.168.1.0/24 is directly connected, Vlan1

3750#sh vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/25
                                                Gi1/0/26, Gi1/0/28
10   VLAN0010                         active
11   VLAN0011                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Arup Dutta · ‎10-19-2010

Hi assalihin ,

would you like to send show running config deta.

Jon Marshall · ‎10-20-2010

assalihin wrote:
Done.
I created the vlan 10 on my ce 500 to which the test workstation is connected
On that switch also I made the port to which the workstaion is connecte dpart of Vlan10
I created the new scopes on the Dhcp server for Vlan 10 and 11
But
the workstation doesn't get an ip.
even if i plug in a static ip with the 192.168.5.1 as its gateway, it doesn't ping 192.168.5.1
I cannot ping the workstation from the L3 switch.
Any ideas to why I have no connectivity on the workstation?
Here is a Vlan brief:
3750#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C    192.168.5.0/24 is directly connected, Vlan10
C    192.168.6.0/24 is directly connected, Vlan11
C    192.168.1.0/24 is directly connected, Vlan1
3750#sh vlan brief
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12
                                                Gi1/0/13, Gi1/0/14, Gi1/0/15
                                                Gi1/0/16, Gi1/0/17, Gi1/0/18
                                                Gi1/0/19, Gi1/0/20, Gi1/0/21
                                                Gi1/0/22, Gi1/0/23, Gi1/0/25
                                                Gi1/0/26, Gi1/0/28
10   VLAN0010                         active
11   VLAN0011                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

Please post config of 3750.

Also which ce 500 have you attached the workstation to. Bear in mind if it is the second one in your diagram ie. the one that connects to the other ce 500 then that connection between ce switches will need to be a trunk.

Jon

assalihin · ‎10-20-2010

Jon,

All the ports connecting to the other switches are trunk ports. I had missing switchport trunk allowed vlan 1,10,11 so I added it yesterday but no luck yet. Thanks for taking the time to look into it.

Dc1#sh run
Building configuration...

Current configuration : 3269 bytes
!
! Last configuration change at 22:38:09 UTC Tue Oct 19 2010
! NVRAM config last updated at 17:02:09 UTC Tue Oct 19 2010 by xxxxx
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Dc1
!
enable secret 5
!
no aaa new-model
clock timezone UTC -6
clock summer-time UTC recurring
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
description Esx Server
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
description Ibm Eblade center
!
interface GigabitEthernet1/0/8
description Ibm Eblade center
!
interface GigabitEthernet1/0/9
description Ibm Eblade center
!
interface GigabitEthernet1/0/10
description Ibm Eblade center
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
description Link-Surf
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/24
description Dell Switch
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/26
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/27
description Fiber
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,11
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/28
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address x.x.x.x x.x.x.x
!
interface Vlan10
ip address x.x.x.x x.x.x.x
ip helper-address x.x.x.x
!
interface Vlan11
ip address x.x.x.x x.x.x.x
!
ip default-gateway x.x.x.x
ip classless
ip http server
!
snmp-server community xxxxx RO
snmp-server location Servers Room
snmp-server contact xxxx
snmp-server enable traps license
!
control-plane
!
!
line con 0
line vty 0 4
password xxxxxx
login
length 0
line vty 5 15
password xxxxxxx
login
length 0
!
end

ARMANDO ALVARADO · ‎10-20-2010

what kind of protocol are you using is it eigrp for routing.

assalihin · ‎10-20-2010

IP routing command. That's all is needed to enable routing on the 3750.

Jon Marshall · ‎10-20-2010

Couple of things -

1) remove this from your config -

ip default-gateway x.x.x.x

and replace it with -

ip route 0.0.0.0 0.0.0.0 x.x.x.x

2) can you post "sh ip int br" from the 3750

3) can you confirm that vlan 10 and vlan 11 exists on the ce 500

Jon

assalihin · ‎10-20-2010

1-To remove default-gateway x.x.x.x I have to use "no default-gateway x.x.x.x" then type in ip route 0.0.0.0 0.0.0.0 x.x.x.x where x.x.x.x is the ip of my firewall, right?

3- yes, Vlan 10, and 11 exist on the Ce 500

2- Here is the results of sh ip int br:

Dc1#sh ip int br
Interface IP-Address OK? Method Status Protocol

Vlan1 192.168.1.3 YES NVRAM up up

Vlan10 192.168.5.1 YES manual up up

Vlan11 192.168.6.1 YES manual up up

GigabitEthernet1/0/1 unassigned YES unset down down

GigabitEthernet1/0/2 unassigned YES unset down down

GigabitEthernet1/0/3 unassigned YES unset down down

GigabitEthernet1/0/4 unassigned YES unset down down

GigabitEthernet1/0/5 unassigned YES unset up up

GigabitEthernet1/0/6 unassigned YES unset up up

GigabitEthernet1/0/7 unassigned YES unset up up

GigabitEthernet1/0/8 unassigned YES unset up up

GigabitEthernet1/0/9 unassigned YES unset up up

GigabitEthernet1/0/10 unassigned YES unset up up

GigabitEthernet1/0/11 unassigned YES unset up up

GigabitEthernet1/0/12 unassigned YES unset up up

GigabitEthernet1/0/13 unassigned YES unset up up

GigabitEthernet1/0/14 unassigned YES unset up up

GigabitEthernet1/0/15 unassigned YES unset up up

GigabitEthernet1/0/16 unassigned YES unset down down

GigabitEthernet1/0/17 unassigned YES unset down down

GigabitEthernet1/0/18 unassigned YES unset down down

GigabitEthernet1/0/19 unassigned YES unset down down

GigabitEthernet1/0/20 unassigned YES unset down down

GigabitEthernet1/0/21 unassigned YES unset down down

GigabitEthernet1/0/22 unassigned YES unset down down

GigabitEthernet1/0/23 unassigned YES unset down down

GigabitEthernet1/0/24 unassigned YES unset up up

GigabitEthernet1/0/25 unassigned YES unset down down

GigabitEthernet1/0/26 unassigned YES unset down down

GigabitEthernet1/0/27 unassigned YES unset up up

GigabitEthernet1/0/28 unassigned YES unset down down

Jon Marshall · ‎10-20-2010

assalihin wrote:

1-To remove default-gateway x.x.x.x I have to use "no default-gateway x.x.x.x" then type in ip route 0.0.0.0 0.0.0.0 x.x.x.x where x.x.x.x is the ip of my firewall, right?

3- yes, Vlan 10, and 11 exist on the Ce 500

2- Here is the results of sh ip int br:

Dc1#sh ip int br
Interface IP-Address OK? Method Status Protocol

Vlan1 192.168.1.3 YES NVRAM up up

Vlan10 192.168.5.1 YES manual up up

Vlan11 192.168.6.1 YES manual up up

1) Yes, the firewall is usually the choice

2) can you post "sh int trunk" from the 3750 switch ?

3) can you try "sh int trunk" on the ce 500 switches - don't know if it will work as i have never used them before.

Just to clarify, you have connected a device into vlan 10 on a ce 500, allocated the port on the ce 500 into vlan 10 and given the device an address from the vlan 10 subnet and you still cannot ping the 192.168.5.1 address ?

If so there must be something missing between the ce500 and the 3750.

Jon

assalihin · ‎10-20-2010

1- Results of sh int trunk from the 3750

Dc1#sh int trunk

Port        Mode         Encapsulation Status        Native vlan
Gi1/0/24    on           802.1q         trunking      1
Gi1/0/27    on           802.1q         trunking      1

Port        Vlans allowed on trunk
Gi1/0/24    1-4094
Gi1/0/27    1,10-11

Port        Vlans allowed and active in management domain
Gi1/0/24    1,10-11
Gi1/0/27    1,10-11

Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/24    1,10-11
Gi1/0/27    1,10-11

2- The ce500 doesn't support the cli/telnet but I can see through the web that the ports G1 and g2 are set as trunks.

3- for the clarification:

I have connected a device into vlan 10 on a ce 500, allocated the port on the ce 500 into vlan 10 and given the device an address from the vlan 10 subnet and I still cannot ping the 192.168.5.1 address.

Here is an update drawing showing where those switches are.

Jon Marshall · ‎10-20-2010

Okay, the updated diagram shows a much longer path between the ce500 and the 3750. Firstly there are L2 loops by the looks of it so STP will be blocking some of the links.

What you need to do is work out the active path from the ce500 to the 3750 and then log onto every device in that path to make sure -

1) that they have vlan 10 on them

2) that the trunk links are allowing vlan 10

It's not enough to simply configure the ce500 ports as trunk links and the 3750's, all the intervening switches must pass vlan 10 on the trunk links and have vlan 10 in the local vlan database or it will not work. I suspect this is where the problem is.

Jon