Solved: Re: Vlan Trunking issue

Aaron Alvarado · ‎12-20-2013

Hi,

I need some help setting up L3 Cisco 3560 for my VM lab. I have setup a few vlans and at this point I am trying to test out routing and connectivity. I came across with two issues and I am trying to get good advise from the experst since I am not

The Cisco 3560 is directly connected to my home router gi0/4 192.168.10.0/24 which would be my internet connection. The home router default gateway is 192.168.10.1.

I created Vlan192 on the 3560 to interact with the home router and get me to the outside world from the core. Obviously I'm doing something wrong here and came across 2 issues.

1- I tried setting Fas0/2 as trunk port and using the vlan226 on my pc but it wont work when I set this to my computer. It wont route to all vlans and I am not able to ping this 10.23.226.9 address from the 3560. The only way this works for me is if I set the IP to the 192 range which is my native Vlan, but anything other from 192 wont route.

PC IP address

10.23.226.9

255.255.255.0

10.23.226.254

Fas0/2 configurartion

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 192,224-229

switchport mode trunk

Please see my entire config below and maybe you can help since I am not an expert on this.

zeus-sw1#sh run

Building configuration...

Current configuration : 5364 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname zeus-sw1

!

boot-start-marker

boot-end-marker

!

no logging console

enable secret 5 $1$E9/L$UAOdxa6S.6QT52G2Lgcll0

enable

!

username admin1 privilege 15 secret 5 $1$hlCW$laTgSRIXF2LnZO.wyd0k0/

!

aaa new-model

!

aaa session-id common

system mtu routing 1500

vtp mode transparent

ip routing

!

crypto pki trustpoint TP-self-signed-13407744

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-13407744

revocation-check none

rsakeypair TP-self-signed-13407744

!

crypto pki certificate chain TP-self-signed-13407744

certificate self-signed 01

3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 31333430 37373434 301E170D 39333033 30313030 31393031

5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53

2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D313334 30373734

3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100BC82

4A857145 B3984EBF ED1553C2 E23AF1CF 60B5CB00 96984A72 CEC9F4CC 09CA7B8D

7416102A E630D17C 66716B57 DF7991AB 87DE6EBD DADE5539 F0278510 70BE7391

F2EC292D DF0C707A 70083E80 D19F4D3D 31462E89 5EE310EE 4976F764 AB1592C1

2A8EE610 C3B11D76 252568A7 2AE260B7 4C9141AB C8358A4A B76B94BF 6E970203

010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104

0D300B82 097A6575 732D7377 312E301F 0603551D 23041830 16801487 8F7A7E29

112BA5CC 42E2E9E0 0A9C5ACF 6CCBD330 1D060355 1D0E0416 0414878F 7A7E2911

2BA5CC42 E2E9E00A 9C5ACF6C CBD3300D 06092A86 4886F70D 01010405 00038181

0059DAD2 5601B324 2B1E4143 9CE67677 45100C44 DC21364D 175CB8F2 178B0EBC

D39D603F 8F896ADB 4CEEA493 13D8C028 F805F67B 9C7D6BA4 D195B7F3 FEED6763

F03F4575 B768C6FB 9A783232 DCC60120 9F72B78C 9B5C1B7A FD1C78D7 A3DF7BFE

483E46E6 7CA84A6C 95F37C63 BEA804F9 E535520E 629AE46E 0752BE69 42781471 21

quit

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 192

name NativeVlan

!

vlan 224

name iSCSI

!

vlan 225

name ESX_MGMT

!

vlan 226

name VM_SERVERS

!

vlan 227

name VMOTION

!

vlan 228

name VIEWDESKTOPS

!

vlan 229

name VCLOUD

lldp run

!

interface FastEthernet0/1

!

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk native vlan 192

switchport trunk allowed vlan 192,224-229

switchport mode trunk

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

switchport trunk allowed vlan 192,224-229

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

description LINK SG200 UNTAGGED

switchport trunk encapsulation dot1q

switchport trunk native vlan 192

switchport trunk allowed vlan 192,224-229

switchport mode trunk

!

interface Vlan1

no ip address

!

interface Vlan192

ip address 192.168.10.254 255.255.255.0

!

interface Vlan224

description iSCSI

ip address 10.23.224.254 255.255.255.0

!

interface Vlan225

description ESX

ip address 10.23.225.254 255.255.255.0

!

interface Vlan226

description VM_SERVERS

ip address 10.23.226.254 255.255.255.0

ip helper-address 10.23.226.2

!

interface Vlan227

description VIEWDESKTOPS

ip address 10.23.227.254 255.255.255.0

!

interface Vlan228

description vCloudDir

ip address 10.23.228.254 255.255.255.0

!

interface Vlan229

description SERVERS

ip address 10.23.229.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 192.168.10.1

ip http server

ip http authentication local

no ip http secure-server

!

end

glen.grant · ‎12-20-2013

I would just set up the port as an access port for your pc , not a trunk . Make sure any firewalls on your pc are off before testing anything. You will need at least a single device in the other vlans active or a active trunk link with all your vlans allowed to make the SVI's active so you can ping them . Most pc nics aren't capable of trunking to an interface .

View solution in original post

glen.grant · ‎12-20-2013

I would just set up the port as an access port for your pc , not a trunk . Make sure any firewalls on your pc are off before testing anything. You will need at least a single device in the other vlans active or a active trunk link with all your vlans allowed to make the SVI's active so you can ping them . Most pc nics aren't capable of trunking to an interface .

Aaron Alvarado · ‎12-20-2013

Glen,

Thanks for your advise. After changing the port as an access port I am able ping all vlans and my gateway from my home router 192.168.10.1, However a new issues came up. I am not able to get to the internet.

It seems it works from the 3560:

zeus-sw1#ping yahoo.com

Translating "yahoo.com"...domain server (255.255.255.255) [OK]

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 206.190.36.45, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 76/94/134 ms

zeus-sw1#

It wont work from my pc:

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :

Link-local IPv6 Address . . . . . : fe80::3d53:efc0:ea00:9bd2%3

IPv4 Address. . . . . . . . . . . : 10.23.226.9

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 10.23.226.254

Tunnel adapter Teredo Tunneling Pseudo-Interface:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

Tunnel adapter isatap.{461494F6-EA41-42CC-8B0A-B5BD2D8097DA}:

Media State . . . . . . . . . . . : Media disconnected

Connection-specific DNS Suffix . :

C:\Users\user1>ping google.com

Ping request could not find host google.com. Please check the name and try agai

.C:\Users\user1>ping 14.2.2.2

Pinging 14.2.2.2 with 32 bytes of data:

Request timed out.

Ping statistics for 14.2.2.2:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

glen.grant · ‎12-20-2013

Where is your internet connection coming in from the internet, which port ? What kind of router is it ?

Aaron Alvarado · ‎12-20-2013

rom the 3560 is conming from gi0/1. This port is connected to my traditional home router(TrendNet) which is connected to my comcast cable. The trendnet router gateway is 192.168.10.1 and I added static routes to point to it, but no luck. Again I am newbie on this and I might not make sense.

interface GigabitEthernet0/1

description LINK TO ISP UNTAGGED

switchport trunk encapsulation dot1q

switchport trunk native vlan 192

switchport trunk allowed vlan 192,224-229

switchport mode trunk

Static routes:

Config connection:

glen.grant · ‎12-20-2013

Your uplink should not be a trunk , try making it an access port in vlan 192 and see what happens.

interface GigabitEthernet0/1

description LINK TO ISP UNTAGGED

no switchport trunk encapsulation dot1q

no switchport trunk native vlan 192

no switchport trunk allowed vlan 192,224-229

switchport mode access

switchport access vlan 192

Aaron Alvarado · ‎12-20-2013

I change the uplink port to acces mode and added vlan 192 as shown above and the internet works, however other vlans wont get to the internet. For instance I changed fas0/2 which is my pc connection to acces mode vlan 226 and set the static IP 10.23.226.9 with its gateway 226.254 and I still cannot get to the internet. I am able o ping everything else but internet wont work.

fas0/2 is set

switchport mode access

switchport access vlan 226

uplink is set as advised above. Tried adding vlan 226 instead of 192 but no luck.

Thanks in advance for all your help.

Aaron Alvarado · ‎12-22-2013

Ok. I have been doing some research and the issue is no longer vlan trunking. My real problem now is how to NAT all my internal vlan/subnets from my home router to the Cisco L3 3560. Is there a way to trick my home router to NAT all vlans on my 3560 and make them accessible to the internet.