04-01-2008 01:03 PM - edited 03-05-2019 10:07 PM
Hi all
I've been trying to configure this network module with not much luck. It is in a 2620XM and all I am trying to do is to have devices in three separate VLANs (e.g. servers) attached on the switching side and then being routed onto another subnet.
Currently my vlan output is as follows:
R0#sh vlan-switch
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active
10 POD active Fa1/0, Fa1/1, Fa1/2, Fa1/3, Fa1/4, Fa1/5
20 SERVICE active Fa1/6, Fa1/7, Fa1/8, Fa1/9, Fa1/10
30 MISC active Fa1/11, Fa1/12, Fa1/13, Fa1/14, Fa1/15
1002 fddi-default active
A snip from the running config
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.224
duplex auto
speed auto
!
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.33 255.255.255.224
!
interface Vlan20
ip address 192.168.1.65 255.255.255.224
!
interface Vlan30
ip address 192.168.1.97 255.255.255.224
!
Routing table as follows:
Gateway of last resort is not set
* 192.168.1.0/27 is subnetted, 4 subnets
C 192.168.1.96 is directly connected, Vlan30
C 192.168.1.64 is directly connected, Vlan20
C 192.168.1.32 is directly connected, Vlan10
C* 192.168.1.0 is directly connected, FastEthernet0/0
I thought that by setting up Layer 3 VLANs using SVIs, I would have at least inter-vlan communication, but I haven't :) All the ports in the module have been configured with "switchport mode access".
I'm clearly missing something, but now can't see the forest for the trees.
The first step for me would be to get the inter-vlan communication working between the networks of 192.168.1.32/27, 192.168.1.64/27, and 192.168.1.96/27 and then to allow those subnets access to the 192.168.1.0/27 subnet.
Any pointers in the right direction would be great. I'm not asking for a definitive answer, but just a prod in the general area as I'd like to figure this out.
Mike
04-01-2008 01:24 PM
Hey Mike, try configuring the ports on the NM-16ESW as "switchport mode trunk" instead of as access ports. This should resolve your issue.
04-01-2008 01:33 PM
Hi Kenneth
Thanks for the input.
Wouldn't putting them into "mode trunk" make them layer 3 routed ports? I still want to maintain the layer 2 functionality of the ports but with layer 3 routing on the VLANs.
My understanding of the NM-ESW-16 is that by adding it to a router, you are effectively creating a layer 3 capable switch?
Maybe I'm in over my head, but I am just tinkering :)
Mike
04-01-2008 01:43 PM
Not quite. I believe that putting an IP address on the ports would make them layer 3 routed ports. And also I believe the the NM-16ESW just adds layer 2 switch functionality to the router as opposed to having to buy separate layer 2 switch such as a 2950.
Also, putting a port in trunk mode allows it to pass traffic for multiple vlans.
04-01-2008 01:46 PM
Can you ping all interfaces from within the router ?
Can a device connected on the following ports
(POD active Fa1/0, Fa1/1, Fa1/2, Fa1/3, Fa1/4, Fa1/5) able to ping 192.168.1.33?
What the subnet mask on those devices?
What devices are you trying to ping to and from?
__
Edison.
04-01-2008 01:57 PM
You may want to check your default gateway of your pcs. Your default gateway needs to be the interface vlan ip of each respective vlan.
04-01-2008 02:46 PM
Hi all
Thanks for all your replies.
@Kenneth
Thanks for the info. I tried what you said and I was then unable to ping within the same VLAN (I assume because the ports in that VLAN would not have any IP's bound to them?).
@Edison (& mattcalderon)
"Can you ping all interfaces from within the router ?"
No, I am unable to.
"Can a device connected on the following ports
(POD active Fa1/0, Fa1/1, Fa1/2, Fa1/3, Fa1/4, Fa1/5) able to ping 192.168.1.33?"
Yes. I am connected to VLAN 30 with an OpenBSD laptop configured with the following in its hostname.fxp0 config:
inet 192.168.1.100 255.255.255.224 192.168.1.127
What that means (if you are not familiar with OpenBSD) is that the first field denotes that the address family is inet (as opposed to inet6 for example), the second field is the assigned static IP, the third field is the broadcast IP. The gateway address is set in a file called /etc/mygate and that contains the address of VLAN 30's assigned IP, 192.168.1.97
I can't however ping outside of VLAN 30, say to VLAN 10.
"What the subnet mask on those devices?"
The subnet is /27 on a class C address, laid out as follows:
192.168.1.0 <1-30> 192.168.1.31 VLAN 1
192.168.1.32 <33-62> 192.168.1.63 VLAN 10
192.168.1.64 <65-94> 192.168.1.95 VLAN 20
192.168.1.96 <97-126> 192.168.1.127 VLAN 30
192.168.1.128 <129-158> 192.168.1.159
192.168.1.160 <161-190> 192.168.1.191
192.168.1.192 <193-222> 192.168.1.223
192.168.1.224 <225-254> 192.168.1.255
"What devices are you trying to ping to and from?"
Pinging from the OpenBSD box to the VLAN assigned IP's.
Mike
04-01-2008 02:49 PM
do a sh ip int brief and verify that your interface vlans are up up.
If they are not up, then this is the reason that you can not ping between vlans. If they are admin down just issue a no shut.
04-01-2008 02:53 PM
Hi Matt
Yeah, I already checked this, but for clarity:
R0#sh ip int brie
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 192.168.1.2 YES manual up up
Serial0/0 unassigned YES NVRAM administratively down down
BRI0/0 unassigned YES NVRAM administratively down down
BRI0/0:1 unassigned YES unset administratively down down
BRI0/0:2 unassigned YES unset administratively down down
Serial0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up down
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up up
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up up
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up down
Vlan1 unassigned YES manual up down
Vlan10 192.168.1.33 YES manual up down
Vlan20 192.168.1.65 YES manual up up
Vlan30 192.168.1.97 YES manual up up
R0#
The line protocol is down on VLAN 10 as I switched off a box as it was getting too warm in here :)
Mike
04-01-2008 02:54 PM
For clarity, here is my running config:
R0#sh run
Building configuration...
Current configuration : 1958 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R0
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
no ip domain lookup
!
!
!
!
username mlott privilege 15 secret xxx
!
!
!
!
!
interface FastEthernet0/0
ip address 192.168.1.2 255.255.255.224
duplex auto
speed auto
!
interface Serial0/0
no ip address
shutdown
!
interface BRI0/0
no ip address
encapsulation hdlc
shutdown
!
interface Serial0/1
no ip address
shutdown
!
interface FastEthernet1/0
switchport access vlan 10
!
interface FastEthernet1/1
switchport access vlan 10
!
interface FastEthernet1/2
switchport access vlan 10
!
interface FastEthernet1/3
switchport access vlan 10
!
interface FastEthernet1/4
switchport access vlan 10
!
interface FastEthernet1/5
switchport access vlan 10
!
interface FastEthernet1/6
switchport access vlan 20
!
interface FastEthernet1/7
switchport access vlan 20
!
interface FastEthernet1/8
switchport access vlan 20
!
interface FastEthernet1/9
switchport access vlan 20
!
interface FastEthernet1/10
switchport access vlan 20
!
interface FastEthernet1/11
switchport access vlan 30
!
interface FastEthernet1/12
switchport access vlan 30
!
interface FastEthernet1/13
switchport access vlan 30
!
interface FastEthernet1/14
switchport access vlan 30
!
interface FastEthernet1/15
switchport access vlan 30
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.1.33 255.255.255.224
!
interface Vlan20
ip address 192.168.1.65 255.255.255.224
!
interface Vlan30
ip address 192.168.1.97 255.255.255.224
!
!
ip http server
no ip http secure-server
!
!
!
control-plane
!
!
!
!
line con 0
exec-timeout 30 0
logging synchronous
login local
line aux 0
line vty 0 4
exec-timeout 30 0
logging synchronous
login local
!
!
end
R0#
Mike
04-01-2008 02:59 PM
There looks to be absolutely not reason that you can't ping your interface vlans from the router itself.
Config itself looks fine. You are saying you can not ping any of the vlan interfaces from the router?
And you have created your vlan correct? You shouldn't be able to even add interfaces to vlans if they were not created.
04-01-2008 03:11 PM
Hi Matt
Well, it looks like I'm tired (it's getting late here). When I replied to you earlier, I tried with the interface I had just unplugged...
Both VLAN's 20 and 30 respond to ping requests.
My apologies.
Mike
04-01-2008 03:16 PM
For clearness here, you have added your vlans correct?
vlan 3
name test
above as an example from config mode
04-01-2008 03:22 PM
I had to add them using "vlan database" from priv EXEC mode as follows:
R0#vlan database
R0(vlan)#vlan 3 name test
VLAN 3 added:
Name: test
R0(vlan)#apply
APPLY completed.
R0(vlan)#exit
APPLY completed.
Exiting....
R0#
In global config mode, I only have the following option when issuing the "vlan" command:
R0(config)#vlan ?
accounting VLAN accounting configuration
R0(config)#vlan
Mike
04-01-2008 03:32 PM
Ok i guess they are using vlan database vs the vlan config mode. Not sure what to tell you. You have a very basic config and your switchports are in the right vlans and you are able to ping your SVIs so, I would maybe look at your boxes. From your servers can you ping your default gateways?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide