Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

VLAN doesn't work after replacing core switch and route

We hired a consultant to replace PIX (default gateway) with ASA and 3650 switch (core) with 3570. The VLAN 1/private network works fine. However, all VLANs such as vlan 100, 200, and 300 and 400 don't work. Then the consultant tried many hours to make another switches to work. He said he didn't make any changes on the working switch. So he suggested us to reboot all switches.  We have tried to reboot the other switches, but that doesn't fix the problem. The consultant is out of ideas.

For a test, I configure a port in working switch to use vlan 300, my laptop get a good IP from the DHCP server that is located in the VLAN 200. If I use the same port configuration in the problematic switch, my laptop doesn't receive IP from the DHCP server. From the problematic switch, I can ping the DHCP server. The show vlan displays all VLAN in the problematic switch. What could be the problem?

11 REPLIES
New Member

Re: VLAN doesn't work after replacing core switch and route

Try putting a static address on a computer on the problem switch for let's say vlan200 first instead of a pulling a DHCP address. Without looking at the configurations you may need the IP helper address to get the DHCP addresses for the host.

New Member

Re: VLAN doesn't work after replacing core switch and route

What does the configuration of the ASA firewall look like? Because you are using the ASA as your default gateway, the ASA is going to need a subinterface configured for every one of your VLAN's. Also, what model of ASA do you have and your license? That dictates how many VLAN's you are allowed.

example configuration:

http://www.networkfoo.org/cisco-articles/configuring-cisco-asa-8021q-vlan-trunk-extreme-summit-400-48t-network-switches

New Member

Re: VLAN doesn't work after replacing core switch and route

Forgot to mention. If I setup the two computers in VLAN 200 or 300, I can ping each other, but not DHCP and default gaeway.

Also, the default gateway is the core switch 10.0.0.2 (same Ip address of removed PIX) and core switch points to ASA (IP is 10.0.20.1 - old core siwtch IP address).

New Member

Re: VLAN doesn't work after replacing core switch and route

Ok so it sounds like you have a Cisco ASA firewall which connects into a Cisco 3560 which is your core switch which then connects to other switches in your environment. Is the Cisco 3560 series the switch that has all the VLAN's assigned and the default gateways or is it your ASA firewall?

New Member

Re: VLAN doesn't work after replacing core switch and route

Sorry, I gave incoroect information. The core switch and most new switches are 3750. Other are 3500 and 3600 switches. Also, when I do more tests. I found teh static settings works. If I assign static IP, DG and DNS, the VLAN 200/300 clients can access the Internet.

The most swicthes' DG is 10.0.0.2 - core switch. Some switches don't setup DG. Even the switches with correct DG 10.0.0.2, they don't work or VLAN 200/300 clients can't get IP.

New Member

Re: VLAN doesn't work after replacing core switch and route

OK, let's keep simple and focus on two switches only. Core 3750 switch 10.0.0.2 |                                      | non-work switch        work switch 10.0.20.12                  10.0.20.13 int G1/0/13                  int G3/0/11 Both ports are configured as same as shown below. switchport access vlan 300 switchport mode access no ip address no mdix auto spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable 10.0.20.13 port int G3/0/11works and 10.0.20.12 port int G1/0/13 doesn't. I also attached both running-config files.

Hall of Fame Super Blue

Re: VLAN doesn't work after replacing core switch and route

blin@chicagobotanic.org

OK, let's keep simple and focus on two switches only. Core 3750 switch 10.0.0.2 |                                      | non-work switch        work switch 10.0.20.12                  10.0.20.13 int G1/0/13                  int G3/0/11 Both ports are configured as same as shown below. switchport access vlan 300 switchport mode access no ip address no mdix auto spanning-tree portfast spanning-tree bpdufilter enable spanning-tree bpduguard enable 10.0.20.13 port int G3/0/11works and 10.0.20.12 port int G1/0/13 doesn't. I also attached both running-config files.

Can we clarify setup ?

You have 3750 switch as core switch which is routing for all vlans ie. vlan 1, 200, 300 - is this correct ?

You have other switches which are a mixture of 3550, 3560 3750s which are connected to 3750 via L2 trunks ?

You have an ASA firewall which is connected to the 3750 ?. On the 3750 you have a default-route pointing to the ASA inside interface.

You can access the internet from vlan 200/300 if you statically assign IPs instead of relying on DHCP ?

If the above is all correct can you

1) confirm what is the DHCP server and what it's IP address is

2) post the running config of the 3750 which is responsible for routing vlans 1,200,300

3) post the running config of one of the other switches where you are connecting a client in vlan 200 or 300 (you may already have attached this in your last post -   just let me know)

4) Can you post output of "sh vlan" from the both the above switches

5) post the output of "sh ip route" from the 3750 doing the inter-vlan routing

Apologies for asking for so much but it is needed.

Jon

New Member

Re: VLAN doesn't work after replacing core switch and route

Hello,

As per my understanding, you need to enable routing on L3 Switch by command

conf t

ip routing

this enables reachability between vlans defined on the L3 switch

so try enabling routing on all new switches.

I am sure that you have already enable ip routing command in all old switches.

Best Regards,

Jigar Dave

New Member

Re: VLAN doesn't work after replacing core switch and route

Hi,

Try with the "show interface trunk"
command to see if the vlan's are transported over the trunks.

Also look at spanning-tree for blocked vlans.

hth

Michel

New Member

Re: VLAN doesn't work after replacing core switch and route

I opened a case with Cisco. It seems to work now. I will post back with more details. Thank you for all help.

New Member

Re: VLAN doesn't work after replacing core switch and route

Solved: I found the problem is VTP password doesn't match. the similar case can be found here: New created VLAN doesn't work on some of switches - http://www.chicagotech.net/netforums/viewtopic.php?f=5&t=14236

1030
Views
0
Helpful
11
Replies
CreatePlease login to create content