I've run into a problem with a 2960. I assigned an IP address of 10.50.50.1/28 to VLAN 50 and assigned several ports to the VLAN. There are other vlans configured. One port is configured as a trunk to a Juniper router with what I believe to be the correct configuration. I can ping the VLAN address 10.50.50.1 from the router, but cannot ping systems in VLAN 50 on the switch. Any ideas as to what the problem is?
I'm assuming, and could be wrong, that this model is L2. If that's the case, vlan 50 would be your management address. Do you have the hosts that are connected to this switch configured as access ports to vlan 50? With that in mind, if you're crossing vlans, you'll need a router (your Juniper) that can route between the vlans (encapsulating traffic correctly) etc.
You'll need to add the users to vlan 50 as an access port.
Trunk vlan 1 (or whatever your native is) and 50 to the Juniper router.
Configure the Juniper to have vlans subnet 1 and 50 (I can't help you with the Juniper router unfortunately).
If the router can ping the switch address of 10.10.50.1 that is a good start and establishes that there is IP connectivity between the switch and the router over the trunk. There are a couple of things that I would suggest that you try that may lead to identification of the problem:
- can you verify that the user ports show as connected (show ip interface brief is a good way to do this) and can you verify that these user ports are assigned to VLAN 50 (show vlan is a good way to do this).
- can you verify what IP address, what mask, and what gateway are configured on the user PCs.
- can you look in the ARP table of the router and see if there are ARP entries for any of these PCs.
Check to make sure the layer 2 vlan for 50 was created and the ports are listed as active in that vlan . Router should not even be involved if the devices are also in vlan 50 . Also make sure the devices you are trying to ping do not have a software FW running.
Thanks for the suggestions. As we've been digging deeper into this issue, there are things that don't seem right about the Juniper M7i router running 8.1R2.4. We created 4 subinterfaces for our "router on a stick", but things get weird as we add additional subinterfaces. I'm not a Juniper guy, but this router is acting like there's a limitation to the number of subinterfaces...but 4 on an Ethernet interface? That can't be right! I need to research this further, unless someone has some knowledge on the subject. Here is a display for some of the config, i.e., VLANs 1050 and 1051 won't set up as interfaces.
root@M7i> show interfaces fe-0/3/1 Physical interface: fe-0/3/1, Enabled, Physical link is Up Interface index: 133, SNMP ifIndex: 54 Link-level type: Ethernet, MTU: 1518, Speed: 100mbps, Loopback: Disabled, Source filtering: Disabled, Flow control: Enabled Device flags : Present Running Interface flags: SNMP-Traps Internal: 0x4000 CoS queues : 4 supported, 4 maximum usable queues Current address: 00:17:cb:b6:1c:5e, Hardware address: 00:17:cb:b6:1c:5e Last flapped : 2010-06-09 23:08:18 UTC (2w6d 16:29 ago) Input rate : 6224 bps (3 pps) Output rate : 3648 bps (0 pps) Active alarms : None Active defects : None
root@M7i# show | display set | no-more set version 8.1R2.4
set interfaces fe-0/3/0 unit 0 family inet address 192.168.10.2/24 set interfaces fe-0/3/1 vlan-tagging set interfaces fe-0/3/1 unit 0 description ProjectA set interfaces fe-0/3/1 unit 0 vlan-id 1011 set interfaces fe-0/3/1 unit 0 family inet address 10.11.0.1/16 set interfaces fe-0/3/1 unit 1 description ProjectB set interfaces fe-0/3/1 unit 1 vlan-id 1012 set interfaces fe-0/3/1 unit 1 family inet address 10.12.0.1/16 set interfaces fe-0/3/1 unit 2 description ProjectC set interfaces fe-0/3/1 unit 2 vlan-id 1013 set interfaces fe-0/3/1 unit 2 family inet address 10.13.0.1/16 set interfaces fe-0/3/1 unit 3 description ProjectD set interfaces fe-0/3/1 unit 3 vlan-id 1014 set interfaces fe-0/3/1 unit 3 family inet address 10.14.0.1/16 set interfaces fe-0/3/1 unit 4 description mgmt set interfaces fe-0/3/1 unit 4 vlan-id 1000 set interfaces fe-0/3/1 unit 4 family inet address 10.10.0.1/16 set interfaces fe-0/3/1 unit 5 description vIMS_OAM_A1 set interfaces fe-0/3/1 unit 5 vlan-id 1050 set interfaces fe-0/3/1 unit 5 family inet address 10.50.50.1/28 set interfaces fe-0/3/1 unit 6 description vIMS_TRF_A1 set interfaces fe-0/3/1 unit 6 vlan-id 1051 set interfaces fe-0/3/1 unit 6 family inet address 10.50.50.17/28 set interfaces fe-0/3/3 unit 0 family inet address 192.168.1.2/24 set routing-options static route 0.0.0.0/0 next-hop 192.168.10.1 set routing-options static route 10.42.0.0/16 next-hop 10.13.0.2 set routing-options static route 172.30.83.0/24 next-hop 10.14.0.3 set routing-options static route 172.30.30.0/24 next-hop 192.168.10.1 set routing-options static route 10.140.105.128/28 next-hop 10.14.0.3
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts The ProblemOn traditional
switches whenever we have a trunk interface we use the VLAN tag to
demultiplex the VLANs. The switch needs to determine which MAC ...
The ProblemEnter EVCsHow It Works (Ingress)How It Works
(Egress)Step-by-Step ExampleFinal Thoughts Introduction: Netdr is a tool
available on a RSP720, Sup720 or Sup32 that allows one to capture
packets on the RP or SP inband. The netdr command can be use...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...