04-10-2012 07:10 AM - edited 03-07-2019 06:02 AM
I have a 3825 router that I have setup with the following:
interface GigabitEthernet0/0
no ip address
ip flow ingress
ip flow egress
duplex auto
speed auto
media-type rj45
negotiation auto
no mop enabled
service-policy output MARK-PCOM-VIDEO
end
interface GigabitEthernet0/0.1
description Baraboo, WI LAN$ETH-LAN$
encapsulation dot1Q 1 native
ip address 10.22.10.7 255.255.0.0
ip helper-address 10.22.10.241
no snmp trap link-status
end
interface GigabitEthernet0/0.172
description Baraboo VLAN 172
encapsulation dot1Q 172
ip address 172.22.1.1 255.255.255.0
no snmp trap link-status
end
Its on a trunked port to my 3750 switch. I am new to this compnay and havent changed it over to IP routing on the switch quite yet.
Both Vlans are setup on the 3750 without an SVI. All hosts on VLAN 1 can ping both interfaces without issue.
If I put a host on the 172 VLAN it cannot ping anything on the router. If I put another host on the VLAN they can ping each other. If I put an SVI on switch the 172 VLAN hosts can ping the switch, but still not the router. ONce I put the SVI on the switch, it can no longer ping the router. I am giving the SVI ip 172.22.1.5/24.
I have verfied with TAC that the trunk is allowing the vlans to the router.
I have been working with TAC. They have asked me to update the code on the switch, but I think they are just punting.
Swith is running:
c3750e-universalk9-mz.122-58.SE2
TAC wants me to go to c3750e-universalk9-tar.122-55.SE5.tar:
Router is running:
c3825-advsecurityk9-mz.124-3i.bin
thoughts?
Also this is my first time posting, so if I left out some info let me know.
Solved! Go to Solution.
04-25-2012 08:34 AM
Aaron
Thanks for posting back with the update. I am very glad that you have solved the issue and have shared the solution with us.
If anyone needs it, this is a very good reminder that in troubleshooting what might appear to be a layer 3 routing problem that we need to be very careful to verify layers 1 and 2.
Now perhaps you can mark this question as answered?
HTH
Rick
04-10-2012 07:38 AM
Hi and welcome to the forum.
From you description above, it appears that the vlan 172 has not been added to the trunk that connects the layer-2 switch (3750) to the router.
can you post "sh run" from the switch?
HTH
04-10-2012 07:44 AM
The SW and Router are on PORT 10/23
!
! Last configuration change at 16:01:16 UTC Fri Apr 6 2012 by admin
! NVRAM config last updated at 09:01:09 UTC Sat Mar 3 2012 by admin
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Cisco3750-a
!
boot-start-marker
boot-end-marker
!
!
logging buffered 200000
no logging console
enable secret 5 $1$6hZG$eouW1LK7ORf0KVsXcQC.A.
!
username admin privilege 15 password 0 2p0wer
no aaa new-model
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c3750e-24td
switch 2 provision ws-c3750e-24td
switch 3 provision ws-c3750e-48td
system mtu routing 1500
!
!
!
udld aggressive
!
mls qos map cos-dscp 0 8 16 26 32 46 46 56
!
!
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree extend system-id
!
!
!
errdisable recovery cause link-flap
errdisable recovery interval 60
!
vlan internal allocation policy ascending
!
!
!
!
!
!
macro global description cisco-global
!
interface Port-channel1
switchport mode access
!
interface Port-channel2
switchport mode access
!
interface Port-channel3
switchport mode access
!
interface Port-channel4
switchport mode access
!
interface Port-channel5
switchport mode access
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
!
interface GigabitEthernet1/0/1
description EthCh1-2960
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/2
description EthCh1-2960
switchport mode access
channel-group 1 mode on
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
description Polycom RSS
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
description Polycom CMA
!
interface GigabitEthernet1/0/7
description EthCh2-SANAB0
switchport mode access
channel-group 2 mode on
!
interface GigabitEthernet1/0/8
description EthCh3-SANAB1
switchport mode access
channel-group 3 mode on
!
interface GigabitEthernet1/0/9
description EthCh2-SANAB0
switchport mode access
channel-group 2 mode on
!
interface GigabitEthernet1/0/10
description EthCh3-SANAB1
switchport mode access
channel-group 3 mode on
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface GigabitEthernet2/0/1
!
interface GigabitEthernet2/0/2
!
interface GigabitEthernet2/0/3
!
interface GigabitEthernet2/0/4
switchport access vlan 172
!
interface GigabitEthernet2/0/5
!
interface GigabitEthernet2/0/6
!
interface GigabitEthernet2/0/7
description EthCh4-SANAB2
switchport mode access
channel-group 4 mode on
!
interface GigabitEthernet2/0/8
description EthCh5-SANAB3
switchport mode access
channel-group 5 mode on
!
interface GigabitEthernet2/0/9
description EthCh4-SANAB2
switchport mode access
channel-group 4 mode on
!
interface GigabitEthernet2/0/10
description EthCh5-SANAB3
switchport mode access
channel-group 5 mode on
!
interface GigabitEthernet2/0/11
!
interface GigabitEthernet2/0/12
!
interface GigabitEthernet2/0/13
!
interface GigabitEthernet2/0/14
!
interface GigabitEthernet2/0/15
!
interface GigabitEthernet2/0/16
!
interface GigabitEthernet2/0/17
!
interface GigabitEthernet2/0/18
!
interface GigabitEthernet2/0/19
!
interface GigabitEthernet2/0/20
!
interface GigabitEthernet2/0/21
!
interface GigabitEthernet2/0/22
!
interface GigabitEthernet2/0/23
!
interface GigabitEthernet2/0/24
!
interface GigabitEthernet2/0/25
!
interface GigabitEthernet2/0/26
!
interface GigabitEthernet2/0/27
!
interface GigabitEthernet2/0/28
!
interface TenGigabitEthernet2/0/1
!
interface TenGigabitEthernet2/0/2
!
interface GigabitEthernet3/0/1
switchport access vlan 172
switchport mode access
!
interface GigabitEthernet3/0/2
!
interface GigabitEthernet3/0/3
!
interface GigabitEthernet3/0/4
!
interface GigabitEthernet3/0/5
!
interface GigabitEthernet3/0/6
!
interface GigabitEthernet3/0/7
!
interface GigabitEthernet3/0/8
!
interface GigabitEthernet3/0/9
!
interface GigabitEthernet3/0/10
!
interface GigabitEthernet3/0/11
switchport access vlan 172
switchport mode access
!
interface GigabitEthernet3/0/12
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/13
!
interface GigabitEthernet3/0/14
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/15
!
interface GigabitEthernet3/0/16
switchport access vlan 172
!
interface GigabitEthernet3/0/17
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/18
!
interface GigabitEthernet3/0/19
switchport mode access
!
interface GigabitEthernet3/0/20
!
interface GigabitEthernet3/0/21
!
interface GigabitEthernet3/0/22
!
interface GigabitEthernet3/0/23
!
interface GigabitEthernet3/0/24
!
interface GigabitEthernet3/0/25
!
interface GigabitEthernet3/0/26
!
interface GigabitEthernet3/0/27
!
interface GigabitEthernet3/0/28
!
interface GigabitEthernet3/0/29
!
interface GigabitEthernet3/0/30
!
interface GigabitEthernet3/0/31
!
interface GigabitEthernet3/0/32
!
interface GigabitEthernet3/0/33
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet3/0/34
!
interface GigabitEthernet3/0/35
!
interface GigabitEthernet3/0/36
!
interface GigabitEthernet3/0/37
!
interface GigabitEthernet3/0/38
!
interface GigabitEthernet3/0/39
!
interface GigabitEthernet3/0/40
!
interface GigabitEthernet3/0/41
!
interface GigabitEthernet3/0/42
!
interface GigabitEthernet3/0/43
!
interface GigabitEthernet3/0/44
!
interface GigabitEthernet3/0/45
!
interface GigabitEthernet3/0/46
!
interface GigabitEthernet3/0/47
!
interface GigabitEthernet3/0/48
!
interface GigabitEthernet3/0/49
!
interface GigabitEthernet3/0/50
!
interface GigabitEthernet3/0/51
!
interface GigabitEthernet3/0/52
!
interface TenGigabitEthernet3/0/1
!
interface TenGigabitEthernet3/0/2
!
interface Vlan1
ip address 10.22.10.8 255.255.0.0
!
ip default-gateway 10.22.10.7
!
no ip http server
no ip http secure-server
!
!
logging esm config
!
snmp-server community SNMPR1 RO
snmp-server community SNMPW1 RW
snmp-server enable traps license
!
!
line con 0
login local
line vty 0 4
password 0n10n
login local
length 0
line vty 5 15
password 0n10n
login local
!
ntp server 10.22.10.7
end
VLAN Config
Cisco3750-a#sho vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/2, Gi1/0/3, Gi1/0/4
Gi1/0/5, Gi1/0/6, Gi1/0/11
Gi1/0/13, Gi1/0/14, Gi1/0/15
Gi1/0/16, Gi1/0/17, Gi1/0/18
Gi1/0/19, Gi1/0/20, Gi1/0/21
Gi1/0/22, Gi1/0/24, Te1/0/1
Te1/0/2, Gi2/0/1, Gi2/0/2
Gi2/0/3, Gi2/0/5, Gi2/0/6
Gi2/0/11, Gi2/0/12, Gi2/0/13
Gi2/0/14, Gi2/0/15, Gi2/0/16
Gi2/0/17, Gi2/0/18, Gi2/0/19
Gi2/0/20, Gi2/0/21, Gi2/0/22
Gi2/0/23, Gi2/0/24, Te2/0/1
Te2/0/2, Gi3/0/2, Gi3/0/3
Gi3/0/4, Gi3/0/5, Gi3/0/6
Gi3/0/7, Gi3/0/8, Gi3/0/9
Gi3/0/10, Gi3/0/13, Gi3/0/15
Gi3/0/18, Gi3/0/19, Gi3/0/20
Gi3/0/21, Gi3/0/22, Gi3/0/23
Gi3/0/24, Gi3/0/25, Gi3/0/26
Gi3/0/27, Gi3/0/28, Gi3/0/29
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Gi3/0/30, Gi3/0/31, Gi3/0/32
Gi3/0/33, Gi3/0/34, Gi3/0/35
Gi3/0/36, Gi3/0/37, Gi3/0/38
Gi3/0/39, Gi3/0/40, Gi3/0/41
Gi3/0/42, Gi3/0/43, Gi3/0/44
Gi3/0/45, Gi3/0/46, Gi3/0/47
Gi3/0/48, Te3/0/1, Te3/0/2, Po2
Po3, Po4, Po5
172 DMZ active Gi2/0/4, Gi3/0/1, Gi3/0/11
Gi3/0/16
04-10-2012 08:01 AM
can you also post "sh interface trunk"?
04-10-2012 08:09 AM
Cisco3750-a#sho int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/1 on 802.1q trunking 1
Gi1/0/12 on 802.1q trunking 1
Gi1/0/23 on 802.1q trunking 1
Gi3/0/12 on 802.1q trunking 1
Gi3/0/14 on 802.1q trunking 1
Gi3/0/17 on 802.1q trunking 1
Port Vlans allowed on trunk
Gi1/0/1 1-4094
Gi1/0/12 1-4094
Gi1/0/23 1-4094
Gi3/0/12 1-4094
Gi3/0/14 1-4094
Gi3/0/17 1-4094
Port Vlans allowed and active in management domain
Gi1/0/1 1,172
Gi1/0/12 1,172
Gi1/0/23 1,172
Gi3/0/12 1,172
Gi3/0/14 1,172
Gi3/0/17 1,172
Port Vlans in spanning tree forwarding state and not pruned
Gi1/0/1 1,172
Gi1/0/12 1,172
Gi1/0/23 1,172
Gi3/0/12 1,172
Gi3/0/14 1,172
Gi3/0/17 1,172
04-10-2012 10:11 AM
What is the VTP status?
sh vtp sta
can you change the mode to transparent and test again?
04-10-2012 10:53 AM
Cisco3750-a#sho vtp stat
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : MSA
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0022.bda2.b700
Configuration last modified by 10.22.10.8 at 3-21-12 18:51:37
Local updater ID is 10.22.10.8 on interface Vl1 (lowest numbered VLAN interface found)
Feature VLAN:
--------------
VTP Operating Mode : Server
Maximum VLANs supported locally : 1005
Number of existing VLANs : 6
Configuration Revision : 6
MD5 digest : 0xD4 0x42 0x9B 0xD4 0x43 0x6C 0x45 0x8D
0x30 0xBA 0xEA 0x09 0x03 0x4E 0xC4 0x5D
04-10-2012 10:53 AM
I dont think I can change to Transparent without blowing up.
04-10-2012 11:23 AM
Aaron
When you connect PCs on VLAN 172 are they getting IP addresses via DHCP or are they static addresses configured on the PC?
What is the default gateway for the PCs on VLAN 172?
HTH
Rick
04-10-2012 11:46 AM
Static assigned on the 172 vlan
GW
172.22.1.1(Router)
04-10-2012 12:12 PM
Do a show cdp neighbor detail , make sure you dont have a native vlan mismatch . Sounds like for some reason the trunk isn't working like it should . Have you tried bouncing the port ? Make sure routing is not turned on the 3750 , "no ip routing" .
04-10-2012 12:13 PM
Cisco3750-a#sho cdp neigh detail
-------------------------
Device ID: MSA3800.msa-ps.com
Entry address(es):
IP address: 10.22.10.7
Platform: Cisco 3825, Capabilities: Router Switch IGMP
Interface: GigabitEthernet1/0/23, Port ID (outgoing port): GigabitEthernet0/0.1
Holdtime : 175 sec
Version :
Cisco IOS Software, 3800 Software (C3825-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2007 by Cisco Systems, Inc.
Compiled Thu 29-Nov-07 03:50 by stshen
advertisement version: 2
VTP Management Domain: ''
Duplex: full
Management address(es):
-------------------------
Device ID: 2960g
Entry address(es):
IP address: 10.22.10.3
Platform: cisco WS-C2960G-48TC-L, Capabilities: Switch IGMP
Interface: GigabitEthernet1/0/1, Port ID (outgoing port): GigabitEthernet0/48
Holdtime : 176 sec
Version :
Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Tue 28-Sep-10 13:44 by prod_rel_team
advertisement version: 2
Protocol Hello: OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF010221FF00000000000064D9895F0E80FF0000
VTP Management Domain: 'MSA'
Native VLAN: 1
Duplex: full
Management address(es):
IP address: 10.22.10.3
04-10-2012 12:45 PM
Aaron
The output of show vlan shows that there are 4 ports configured to be access ports in VLAN 172.
172 DMZ active Gi2/0/4, Gi3/0/1, Gi3/0/11
Gi3/0/16
Is there any possibility that the PCs configured with addresses in 172.22.1 were connected to ports that are actually in vlan 1?
Is it possible that PCs set up in VLAN 172 had incorrect subnet masks configured or not the correct default gateway?
HTH
Rick
04-10-2012 12:48 PM
Checked and double checked. Also they are in the right VLAN for sure.
04-10-2012 02:16 PM
Aaron
Thanks for checking and double checking. Can test from one of the PCs in VLAN 172 attempting to ping its gateway address and then immediately do arp -a on the PC (assuming that these are Windows PCs) and post the output. Also could you post the output of ipconfig from the PC?
HTH
Rick
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: