I am having one subnet of many not showing up in the Windows Browse list. I just moved this subnet from being directly on my 6509 switch to being connected through a fiber port on the Sup 1A module to some brand new switches. I can not see where my issue is and I am hoping someone can tell me where I am going wrong.
6509 - Fiber channel going to 3560 switch. Primary data vlan on the 3560 is vlan8.
At first I thought it could be that VLAN8 does not have a server on it, but one of our other vlans does not and that one works fine, though that one is going through a router to connect back.
Unfortunately it has been a couple of years since I had to set something like this up so I am pretty rusty. I have included the configs for the 6509 switch and the 3560 to see if that will help.
What do I need to enable to allow browsing across subnets?
in the absence of any other replies, I'll have a go at trying to help.
could you clarify what you mean by 'windows browse list'? If you mean what I think you mean, ie, browsing computers in my network places, then I think this is usually a feature of WINS/DNS. eg, they are domains. are you saying that a domain is missing? Perhaps when I understand more what you mean, I might have a better idea of what to suggest (if anything)
You got it correctly. The computers do not show up when I lok at them in my network places. They do show up in WINS and DNS so that made me confused. We are all part of the same domain so the domain is there, just not the machines on this subnet. Even when you are logged into a machine on the subnet and browse the network through my network places, you see the entire network except for yourself and the machines right next to you. That one was weird to me.
Hope this helps some. Thanks for the help
This sounds a lot to me like the windows browser service is playing up. I had problems like this at my last job - we resolved the issue by placing a BDC on each subnet to be a permanent master browser for that subnet (this was an NT4 domain so not sure if its still applicable to win2k/AD).
I trust you can ping to and from the problem subnet?
DNS and WINS name resolution works as expected on both sides?
You have no ACLs in place that might filter LAN traffic?
No desktop firewalls?
I know most of those questions will be silly ones, but sometimes its worth asking.
I am hoping not to have to put a BDC in each subnet. Microsft has that as a solution but only on the NT4 domains. If anything, I'll probably look to modify the subnets to see if I can squeeze everything into one.
To answer the questions, I can unfortunately ping the other subnet. I can even remote control and do anything else to the machines either by ip or by DNS name. DNS and WINS are working as I would expect. No desktop firewalls or ACLs are in place that I can see.
I have another subnet on VLAN 4 that works and it is subnet 172.16.4.x. It is going through the same type of switch so to make life easy I just copied that config with only the subnet modifications. Go figure that things decide not to work.
i am inclined to agree about the BDC/NT4 thing not being applicable.
ok, as a test, what if you move one of your workstations that is exhibiting the problem into a known good VLAN. does the problem carry over or does it go away?
as a further test, if you plug in the problem workstation to a port on the 6509, what happens if you assign that port to vlan 8. does the problem stay or go?
what happens if you assign the same port on the 6509 to vlan 4?
back to the 3560, what happens if you assign the workstations port to vlan 4?
Thought about that yesterday. I configured ports on the 6509 to VLAN8 and the machine I put on there was browsable. It was my laptop that I can browse to normally so hopefully that was a valid test of VLAN8.
I did the samething on our warehouse switch (which is currently VLAN4) and I was able to still browse the machine I put on VLAN8 in the warehouse. Once again, this was my machine so hopefully a valid test.
I then went to the new building and moved a port/machine currently on VLAN8 to VLAN3. That machine has become browsable. So, it appears to be an issue with VLAN8 either on those switches or domain wide that I just need to narrow down.
This is going to get fun now. Thanks for all the help and ideas!
After the weekend and letting Windows catch up, it looks like VLAN8 is not browsable anywhere. The machines I had on that subnet were in other ones previously, so it must have taken Windows time to catch up.
With this being universal it sounds like something on the Windows side. Now to try to figure this out.
so you can ping devices to and from vlan8, but can you open a UNC path to and from vlan8?
are there any errors in the event logs of windows machines on vlan8, particularly the system log, that weren't present on the previous vlan?
The unfortunate answer is yes, I can get to the machines on vlan8 by UNC name. I can map to a drive by both ip and machine name. I have removed the machines from WINS and DNS and they readd themselves upon restart.
Every aspect seems to work except for the machines on vlan8 being added to the browse list. Since the machines are showing up in WINS I thought they would show up in the browse list. This is the reason why I thought this was a Cisco issue since I figured Windows would be happy about this.
Oh, and there are absolutely no errors in the event viewer on either workstation or on server. All systems think they are 100% good. Another reason I was thinking Cisco and switch configuration issue. Now I am thinking Microsoft issue.
For now I am going to move these machines to VLAN4 and let them become browsable. I need to update their virus scanner and McAfee will only update the scan engine version if the machine is browsable. Go figure.
forgive me if I am passing on too basic info, but perhaps this link will help with how the browser works:
and this link might help you locate any browser related issues:
hope this helps, and let me know how you get on!
- Is the 3560 used to connect end-users and/or servers?
- Why are there two SVI for VLAN 8 (both 3560 and 6509)
- Why is VLAN 8 the native VLAN on the 3560 while the 6509 has VLAN 1 as the native VLAN?
All ports on the 3560 are both trunks and IP Phone ports.
Please verify your configuration on the 3560.
Here are some answers and probably more confusion :)
1. The 3560 is strictly used for end users. No servers are on the 3560, all servers are on the 6509. The end users has an IP phone powered by the switch and a desktop system. Desktop systems are Windows 2000, Windows XP, or MAc OS 9/OS X
2. I looked up what SVI is because it has been to long. I still am not too clear on it. VLAN 1 used to be shutdiwn and probably in one of my attempts to resolve this issue I probably removed it. The worst thing is I copied most of the config from a different 3560 on VLAN4 that is doing the browsing. This switch was set up by the consulting company that put in our VOIP system, though, so things could be a little wrong(though they work)
3. VLAN 8 is the native VLAN because I did copy the config and the consultants told us this was necessary. My guess it is if I shutdown VLAN1, but not too certain.
Since there will be no servers on the 3560 or anywhere on VLAN 8, if I should get rid of the native VLAN or anything else I am game. VLAN4 which is working does not have servers on it either, but it does have NT 4 workstations on it which may help that one work.
Thanks much for the help
Which is the trunk on the Hansen switch; is it G0/1?
Try going to your Hansen switch and do a show spanning-tree vlan 8. You you see both the trunk and the access port? Do you see the correct root for that VLAN?
BTW, I see that your Hansen switch has trunk native VLAN 8 on every port, which looks unnecessary. In fact, if you are going to use VLAN 8 as an access VLAN, then it is quite dangerous to risk using it as a trunk native VLAN. As a precaution, the native VLAN of your trunks should not have any access ports anywhere.