Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

inter-vlan communication

Hey One and all;

I'm having an issue that I need to figure out and would like advice/guidance in how I can resolve it. Here goes: our company has a domain in which we have a few computers; the company has several departments and we decided to segment the network using VLANS . our core device is a catalyst 3750 switch and that is also doing the inter-vlan routing. I can ping any machine and I can access applications from our application server from any other VLAN. However if I try to \\computername to machines in another VLAN I get an error stating that the network path was not found. If I try the command between 2 machines that are in the same VLAN it works; but across VLANs it's a no go. I have checked the configuration and there is no access-list restricting traffic across the VLANs. Any ideas, guidance, information on resolving this matter would be greatly appreciated.

31 REPLIES
Blue

Re: inter-vlan communication

Can you post the config of the 3750 switch that is doing the i-v routing and provide some more architecture info?

Bronze

Re: inter-vlan communication

It sounds like ports 445 and 139 are blocked somewhere though you did mention of no ACL.

Super Bronze

Re: inter-vlan communication

Are these computers Windows systems? If I recall correctly, Windows treats DNS name resolution differently from NetBIOS name resolution (or did). I'm not current with Windows technology, but the NetBIOS name resolution used to be done by WINS servers. I think Windows has improved the integration between IP and NetBIOS, but don't know what the currrent scheme is for Windows off local subnet name resolution. (Same subnet used to be resolved by local broadcast.) Something you might want to check.

Community Member

Re: inter-vlan communication

Thanks for all the responses, yes the systems are all windows XP with one or two of them being win2k please find attached text of config and network diagram. our current network does not have any WINS servers

Bronze

Re: inter-vlan communication

Did you try to use IP address rather than FQDN?

Community Member

Re: inter-vlan communication

yes i did but i get the same error as if i used the FQDN

Super Bronze

Re: inter-vlan communication

So something like:

net use x: \\ahost\ashare

or

net use x: \\#.#.#.#\ashare

works on the same subnet but neither works across subnets, yet both ping ahost or ping #.#.#.# work?

Community Member

Re: inter-vlan communication

Yes that is correct

Super Bronze

Re: inter-vlan communication

I was afraid you were going to say that.

I didn't see anything that looked wrong in your 3750 config, but I didn't sift through it either.

Other than what another poster inquired about blocking NetBIOS ports, which doesn't seem the case, the only other thing that comes to mind is somehow your clients NetBIOS isn't running over TCP (IPv4) but uses something else that works on a local segment.

I'm too rusty at Windows client support to recall what all you might look at. You might seach Microsoft's knowledgebase.

I was afraid you were going to say that.

I didn't see anything that looked wrong in your 3750 config, but I didn't sift through it either.

Other than what another poster inquired about blocking NetBIOS ports, which doesn't seem the case, the only other thing that comes to mind is somehow your clients NetBIOS isn't running over TCP (IPv4) but uses something else that works on a local segment.

I'm too rusty at Windows client support to recall what all you might look at. You might seach Microsoft's knowledgebase.

[edit]

PS:

To help confirm its a Windows NetBIOS/client issue, you might try a "pure" IP service on your Windows hosts like HTTP, FTP, Telnet, etc. across your VLANs. (The fact that you note some other applications work, might already validate this.)

Bronze

Re: inter-vlan communication

I as Joseph did not see anything on your configuration. Could you try to telnet to port 445 and 139 across VLAN?

Community Member

Re: inter-vlan communication

thanks for the responses, even though i can't \\ to the machines i can use a remote access application that works over http for eg i can go to http://machinename:22222 and can connect to the machine and resolve user issues

Bronze

Re: inter-vlan communication

were you able to telnet to port 445 and 139 from one host on a vlan to the another host on a different vlan?

Community Member

Re: inter-vlan communication

no i was not able to i get a connection failed error: as per below

I:\>telnet 172.20.31.16 445

Connecting To 172.20.31.16...Could not open connection to the host, on port 445:

Connect failed

Community Member

Re: inter-vlan communication

first correct the port configuration. You have configured trunk and access port on same port.

you have created interfaces for different vlans have you created vlans for them.

if you are running stp and your vlan info is shown in sh vlan in 3750 then check your access layer switches they are learning about those vlans or not.

If not, configure stp on them or create vlans manually in all of the switches.

Configured trunk properly so that different vlan traffic can flow through them.

Most probably the problem is with trunk port config and vlan flow problem.

HTH

Bronze

Re: inter-vlan communication

I don't think that it is a trunk problem for he is able to ping and access the hosts using other applications sush as http. His trunk config is left as default thus allowing all VLANs across.

Community Member

Re: inter-vlan communication

Sorry for the delay in responding everyone, more work than hands. i've used a protocol analyzer to verify the requirements of the \\ command to see if maybe i was restricing the service in some way, but i don't have any ACL on the switch and all the vlans are directly connected so routing should be straight forward. thanks in advance

Community Member

Re: inter-vlan communication

Okay, so now can you put the protocol analyzer on the destination VLAN and see if the traffic is making it through the IV routing part? Just to rule out any kind of Windows FW for IPS feature blocking the connection...

Community Member

Re: inter-vlan communication

I think since you are one different subnets and have no WINS server you will have to use the LMHOSTS file to point everything to your domain.

Community Member

Re: inter-vlan communication

The LMhost file in windows??? i'd really prefer to avoid that cause i can just see it being a lot of configurations on a per machine basis and would have to do it everytime a new machine is added. unless a script would work. but that would have the same problem i'm having noow with the config not being pushed.

Community Member

Re: inter-vlan communication

I'll be out of the office tomorrow, but will try it on tuesday, thanks for the suggestion

Community Member

Re: inter-vlan communication

Windows NetBios uses UDP broadcasts for most Netbios traffic. By default the "ip helper-address" command redirects all udp broadcast traffic to the helper address. This includes NetBios broadcasts.

Try adding:

no ip forward-protocol udp netbios-ns

no ip forward-protocol udp netbios-ss

to your vlan interfaces.

http://supportwiki.cisco.com/ViewWiki/index.php/How_to_configure_the_ip_helper-address_and_no_ip_forward-protocol_commands_to_block_the_port_from_forwarding_broadcast_packets_by_the_router

Community Member

Re: inter-vlan communication

will definitely give this a try to see how it goes and thanks for the wiki, about to go read it now

Community Member

Re: inter-vlan communication

ok tried but the command is not available in the firmware of my L3 switch, thanks anyway though

Community Member

Re: inter-vlan communication

hey everyone; still working on this issue so here are the updates, i tried adding the commands from mmacddonald70 but the result is the same, still can't get to the machine using \\machinename. couple things with the commands, for our switch i can't add it in the actual VLAN interfaces, it has to be a global command and the second one the no ip forward-protocol udp netbios-ss gives me an error UDP port 139 not found to delete. i also added a machine with wireshark installed on the other VLAN and tried the \\ the wireshark logs shows that the traffic is reaching the VLAN and the traffic is coming on port 445 and 137 and verified that these ports are passing through the windows firewall as part of the file and printer sharing rule. so i'm still in the same position as before. thanks for all the help so far though, been learning a lot through it.

Community Member

Re: inter-vlan communication

Hmmm...it seems like if you are able to sniff the traffic on the other VLAN and have verified it is reaching the PC, then I would assume this is not a routing/switching problem. Keep us posted on what you find.

Community Member

Re: inter-vlan communication

OK one and all, found the culprit...... seems years ago before i got here the then System administrator altered a GPO which then restricted file and print sharing to only the local subnet. as a result all inter-vlan traffic for F&P sharing was being block by said GPO. well thanks for the help anyway. at least this is one less thing to worry about.

Community Member

Re: inter-vlan communication

Hello,

I'm sorry to fire this thread up again, but I'm having the same problem and I don't understand the solution. I can ping from every host of every VLAN to any other host in any other VLAN, I can use FTP to a NAS disk in a different VLAN, but I can't see the other VLAN computers in the network plaves, or use the printers in different VLANs. Where can I find the GPO configuration and how do I change it?

Thank you very much,

Jud

Community Member

Re: inter-vlan communication

Hi Jud,

The original poster's problem was actually beyond the scope of Cisco devices, as it was a problem with the Windows Group Policy setup, which basically told all the client computers that they may only share files and printers with devices on their local subnet (i.e., not through routers).

From what I understand, though, is that in order to have Windows File and Printer Sharing across multiple subnets, you need to have a WINS server that all machines on all subnets can communicate with.  WINS is like DNS in that it takes these Windows host names and maps them to their destinations.

In essence, if you want to communicate with another computer using its hostname, you need to send a request to find out which IP address belongs to which hostname.  If you use broadcasts, you will only be able to find those on your local subnet.  The client can not and will not have any idea of any networks and hosts residing outside of the local subnet, unless you give it a WINS server to help with queries.  The server will take the queries and process them, sending back results, therefore enabling \\hostname-here requests to work across multiple subnets.

That's what I'm understanding from all the discussion in this thread, anyways.  If anyone else knows more about WINS and SMB across subnets, now's your time to shine

Community Member

Re: inter-vlan communication

You dont need a WINS server. You can append the DNS suffix in DNS so that you dont have to use the fully qualified name. If you do an ipconfig /all, you will see the DNS suffix appended there if DNS has been configured correctly. You need to remote onto one of your domain controllers, open up group policy in the group policy management console or whatever method you use to edit group policy and change the default domain group policy to allow file and print sharing.

561
Views
10
Helpful
31
Replies
CreatePlease to create content