Re: VLAN 2960 and 3640 can't pass traffic

paarlberg · ‎03-15-2007

I am trying to setup a VLAN between a 2860 switch and a 3640 router.

Attached are samples of my config. I am unable to pass traffic across the VLANs. I think I am missing a command, but I haven't found my problem yet.. I have been staring at the config for hours and need a new set of eyes on it..

I have backed out most of my changes to the 2960. I am thinking the issue is with the 3640 side..

The 3640 is running 12.2(13a)

The 2960 is running 12.2(25r)FX

Any help would be appreciated.. Thanks

ankbhasi · ‎03-15-2007

Hi Friend,

Are the machines in respective vlans able to ping their gateway?

Also can you paste the output of "sh ip route" from your router?

Regards,

Ankur

paarlberg · ‎03-16-2007

The output of sh ip route shows that the IP addresses of the different VLANs are directly connected, as it should.

The machines can't ping their gateways.

glen.grant · ‎03-16-2007

On the router try this .

interface FastEthernet1/0.11

description Switch Management VLAN

encapsulation dot1Q 11 native

ip address 10.40.1.1 255.255.255.0

Also not sure what you are doing with this entry , router can be managed with any active address on the box.

interface FastEthernet1/0.10

description Router Management VLAN

encapsulation dot1Q 10

ip address 10.40.0.1 255.255.255.0

-----------------------------------------------

On the switch side get rid of "all" the layer 3 SVI's you have in there , they are not needed except one . "no interface vlan 12, no interface vlan 10 etc.... You won't be able to get rid of interface vlan 1 , just make sure it is shutdown. . Leave interface vlan 11 .do not get rid of the layer 2 vlan definitions .

Put the switch in vlan 11 as this appears to be your management vlan .

interface Vlan11

ip address 10.x.x.17 255.255.255.0

no ip route-cache

no shut

on the uplink add

switchport trunk native vlan 11

paarlberg · ‎03-16-2007

Thanks, I will try that. I created a few management VLANs and wanted to use Private IP addresses and only allow connections to the routers, switches and power strips via the internal network only.

paarlberg · ‎03-16-2007

That didn't work..

Here is what I am trying to do.. maybe this will make it easier..

I will have the following VLANs

VLAN <99 internal and management VLANs

VLAN 100 windows shared hosting VLAN

VLAN 300 linux shared hosting VLAN

VLAN 500-699 windows dedicated hosting VLAN 1 vlan per client

VLAN 700-899 linux dedicated hosting VLAN 1 vlan per client

Each VLAN will most likely have more than 1 port on the switch assigned to it. Currently it looks like this..

Fa0/1 no vlan at the moment (mail firewall)

Fa0/2 - Fa0/7 VLAN 300

Fa0/9 - Fa0/14 VLAN 100

Int Gi0/1 is the uplink to router 1 on Fa1/0, Gi0/2 will go to router 2 at a later time for redundancy.

Temporarily, on the switch Fa0/21 has a feed to our upstream provider in the colo, and Fa0/22 goes to Router 1 on Fa0/0. This will be removed once the switch is up with VLANs configured.

paarlberg · ‎03-16-2007

I think I just figured out why it wasn't working..

I moved the IP on the router to Fa0/0 as a secondary IP. I removed the VLAN from the switch port and now I can get thru. It appears that the cable from Fa1/0 isn't correct, it shows a link but no traffic crosses it. It was a shot in the dark test, but removes the cable from the equation. Time to go to the DC with some new cables.