I am attempting to modify two VLANs so that they can communicate with each other (per request). VLAN1 and VLAN2 are created fine but they cannot communicate. I have two cisco 3750s back planed together with all the odd port numbers assigned VLAN1 (10.1.1.1 255.255.0.0) and the even ports assigned VLAN2(10.2.1.1 255.255.0.0)
All computers from vlan 1 should be able to communicate with all computers in vlan2 and vice versa.
I noticed that there are not any switchport commands for the odd numbered ports... Is that all that is needed to make this work? what is the best way to make this work? (If i have to, I can redo a config entirely)
here is the running config
! version 12.2 no service pad service timestamps debug uptime service timestamps log uptime no service password-encryption ! hostname abcswitchtsvr1 ! enable secret 5 *********************. ! no aaa new-model clock timezone UTC -5 clock summer-time UTC recurring switch 1 provision ws-c3750-48ts switch 2 provision ws-c3750-48ts system mtu routing 1500 vtp domain cisco vtp mode transparent ip subnet-zero ip routing ! ! ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! vlan internal allocation policy ascending ! vlan 2 name BACKUP ! vlan 3 name None ! interface FastEthernet1/0/1 ! interface FastEthernet1/0/2 switchport access vlan 2 switchport trunk native vlan 2 ! interface FastEthernet1/0/3 ! interface FastEthernet1/0/4 switchport access vlan 2 switchport trunk native vlan 2 ! interface FastEthernet1/0/5 ..... ..... .....
! interface GigabitEthernet2/0/3 ! interface GigabitEthernet2/0/4 switchport access vlan 2 switchport trunk native vlan 2 ! interface Vlan1 ip address 10.1.1.1 255.255.0.0 ! interface Vlan2 ip address 10.2.1.1 255.255.0.0 ! ip classless ip http server ! snmp-server community public RO snmp-server enable traps license ! control-plane ! ! line con 0 line vty 0 4 password ******* login length 0 line vty 5 15 password ****** login length 0 ! end
That is what i thought... but assuming all the odd ports were assigned to VLAN1 (as they should be), would that configuration with the config:
interface FastEthernet1/0/1 switchport access vlan 1 switchport trunk native vlan 1
still allow both VLAN1 and VLAN2 to access each other without any interference?
That should work.
Just curious why they are all trunk ports? Typically would see trunk ports on an access switch in a VMWare environment.
With the native VLAN 1 in there it should be fine.
This was a setup done by someone else... I am helping out. I am open to redo the entire config the proper way... I am just not sure what the proper way should be
So if the setup should be different than it is, please recommend what each port should look like.
Thanks for the help!
If it is not a VM environment then the config example by Jon below is right (his posts are all very good).
But, if it is a VM environment where you have VM servers at the other end of these ports, then consider keeping the trunking as putting a port into a trunk will usually take it offline for a second.
If it is basic config with just some workstations or non-VM servers, then make them all access ports:
switch(config)#int range g1/0/1 - 48
switch(config-int)# switchport mode access
switch(config-int)# switchport access vlan 1
You will have to do the "NO" command of the trunk commands on each port to remove the old config.
There may be a case where they need a trunk to work... There is a 24 port switch physically seperated from this switch only connected by a single pair of fiber that needs to have both VLANs on it. In that case, do we need to keep trunking on (or just on for that port)?
Yes, keep the trunking up on that port. Any time you want multiple VLANs to leave a switch you must either trunk them or have them layer 3 routed. Keep the trunking in place.
Can you post "sh ip route" from the switch.
Also your switchports should be configured as follows -
For vlan 1
switchport mode access
switchport access vlan 1
For vlan 2
switchport mode access
switchport access vlan 2
A PC in vlan 1 should have an IP from sunbet 10.1.0.0/16 with a default-gateway of 10.1.1.1
A PC in vlan 2 should have an IP from subnet 10.2.0.0/16 with a default-gateway of 10.2.1.1
I cannot get the sh ip route at the moment (maybe later tonight), but will try your suggestions and post back asap.
This switch will not have a default route to another hop (it will not be connected to anything else as it is a closed network).
Last time I left it, computers in VLAN 2 could communicate fine with all other nodes in VLAN2 and likewise with VLAN1 .... a computer in VLAN2 could ping VLAN1's gateway 10.1.1.1..... and computers in VLAN1 could ping VLAN2's gateway 10.2.1.1.... but a computer in VLAN1 could not ping a computer in VLAN2.