I'm implementing campus network for a CALL Center that consists of 2 Cisco 6509 core switch & seventeen 2950 switches for access. I have 3 2950 access switches from different floors are terminated on Core. These 3 switches are cascaded to another l2 access switches on floors for access-point of data. I have made 6 vlans for users & all are occupied with DHCP servers. I have enabled intervlan-routing for all. Now the problem is.. All users are getting IP address from DHCP, They are able to ping & access all the servers but servers are not able to ping any Users PC & also users are not pinging together. Pinging is just going in one way. I manually defined 100mbps duplex on all 2950 access ports. now If I change the duplex setting on client from Auto to 100 mbpsfull, Pinging comes in both way but after 20-30 minutes, it drops. Again I change it to auto, the same thing happens. It's very much required for me as it solves my purpose to access all the users pc remotely.
a couple of thoughts: make sure your 6509 core switches are the root switches for your VLANs, in order to optimize the traffic load.
Also, as a rule of thumb, user ports should be left to the default speed and duplex settings (that is, autonegotiate), while servers should be set to fixed speed and duplex. Make sure that not only the ports to which the servers are connected to are set to fixed speed and duplex, but also the server NICs.
And last but not least, user ports should be configured with 'switchport mode access' and 'spanning-tree portfast'...which you might have already done.
I'll make a assumption here that your l3 definitions are on the 6509, that being the case I would start looking at all your trunks and make sure that all your vlans are allowed on the trunks . If you are running transparent you will also have to make sure you have a L2 vlan definition on each of your access layer switches for vlans you want on that switch . Keep in mind on the 2950 just because you put a switchport access vlan XX command on a port does not mean the L2 vlan is created . You verify each switch with the "show vlan" command . All the vlans that you need on the switch and allowed on the trunks must show up here as "active" . To me it sounds like you don't have your trunking setup correctly.
If I understsand your issue correctly, you are saying that users in the same VLAN cannot ping each other, but they can ping the server?
If they are on the same layer 2 domain, then there isn't any filtering (although some is possible for port level security, ie MAC Address filters).
So.. you have users in the same VLAN that cannot ping each other. I would suspect that you either do not have your VLANs extended to all switches, or more likely you have a loop.
When you have a loop, you will see the network going up and down. The best bet at this point is to map out your network. You will need to draw a diagram showing connections between each of the switches.
Anywhere that a loop could form (ie a switch with more than one connection to it), you need to ensure that one of the links is blocking. Check this on each switch and update your diagram to show which links are open and which are blocking.
If you have a loop though, you will be seeing high CPU, so you'd want to watch out for that too.
If the one-way pinging is occuring through a layer 3 device (router), then you could have an access list causing this issue.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.