I have created 2 VLANs on a 3560 switch. Vlan1 (Native) and Vlan172. The switch is connected on a trunk port to a 2801 , which does the intervlan routing.
I can telnet to the switch on both vlans 1 and 172. However as soon as I issue an no ip address to vlan 1, i can no longer telnet to the switch on vlan172.
Why is that so?
vlan 1 is a management vlan and if u want vlan 1 in shut miode and vlan 172 should be runnign that time u have to make valn 172 as a native vlan.
Ensure that the native VLAN for an 802.1Q trunk is the same on both ends of the trunk link.
If the native VLAN on one end of the trunk is different than the native VLAN on the other end, the traffic of the native VLANs on both sides cannot be transmitted correctly on the trunk.
This would result in the issue which can be in the problem that you are facing.
There is a switch (3560) connected to a router.(2801). Native vlans are set to 1.
Native vlan is set on the switch to vlan 1 with ip address 192.168.1.1.
vlan 172 is set to ip 172.16.0.1
I can telnet to either ip address.The issue is as soon as remove the ip address from vlan 1, I can no longer connect to ip 172.16.0.1
Is that a normal occurence? If I disable the native vlan, I can no longer connect to the other vlan??
try this command on both sides of trunk:
switchport trunk native vlan 172
This would set 172 as native vlan, then u can play with vlan 1.
A Native VLAN specifically handles all un-tagged packets, if you do not explicity configurate a PVID on a port if will be a member of the default vlan 'VLAN 1' which is the default Native VLAN if one is not specified.
Ordinarily if no Native VLAN is exists, VLAN 1 will become the default or it can be configured explicitly as Native VLAN 1 as in your case to handle all the un-tagged packets which is generally not best practice.
Incidentally have you enabled IP routing on the 3560? What address is the D/G for client from which you are telneting from.
Is it possible to post the configs of the 3560 and 2801?
You just about guessed my intentions.
The 3560 will eventually have to do the intervlan routing. At the moment it is 1841 (not 2801), which is doing the intervlan routing.
(Just to complete the picture, I have other Cisco 2960 and Catalyst 500 all connected to the 3560 on trunk ports with native vlan set to 1)
See my set up as follows:
1) only 2 vlans are used and configured. vlan1: 192.168.1.x and vlan172: 172.16.1.x
2) I know it is not best practice but at the moment all users are on vlan1 and management of switches/router done on vlan1.
3)Router IP: 192.168.1.2
4) I follow the link below of L3 Configuring:
5) As soon as I change a switchport on the 3560 to a routed port with a vlan1 ip address (192.168.1.10), i get an error saying 192.168.1.0 overlapping with vlan1.
6) I connected to the console of the switch and issued a "no ip address" to vlan1 of the switch.
7) When I do the above, the users on the other switches can no longer connect to the network.
To answer your questions:
1) Yes IP routing is enabled on the 3560.
2)Default gateway is router IP at the moment, although I understand DG should be set to IP of 3560. The 3560 forwards all traffic to the 1841. Since both are on VLAN1, it should not matter.
You would probably have to post configs for us to get a better idea . To me it sounds like the 3560 is doing the intervlan routing already if you have both address ranges on the 3560 and maybe a default static route out of the 3560 to the router . did you try shuttong down int vlan 1 before removing the ip address on vlan 1 and then making the routed port the address you want . Sounds like the clients default gateway is pointed to the 3560 address and when you delete that address it breaks them . Go to a client and see what the nic default gateway is pointed at . Also when you remove the vlan 1 address on the switch do you have a static route on the router itself pointing to the 172 net and where is it pointing ? if its pointing to the vlan1 address you removed then thats why its broke.
Is there a specific reason for configuring P2P router port on the switch?
The fact that you have other edge devices which are trunked to the 3750 on Vlan1 and you intend to do intervlan routing on this switch for this VLAN and others then you will need to create an SVI for each VLAN as shown in the L3 configuration link.
As you quite rightly mentioned the DG should be configured as the SVI. If the Client D/G is the 1841 then you need ensure that the native vlan is the same at both ends of the trunk.
As soon you remove the IP address from the SVI whilst IP Routing is enabled will result in a loss of connectivity with the 1841.
However if IP routing was not enabled, then your clients would still be able ARP for the 1841 D/G via the trunk.
For intervlan routing to work on the 3560, you will need to configure both VLANs, and and their respective SVI, enable ip routing, and configure client D/Gs with IP address assigned to VLAN1 SVI.
ip add 192.168.1.x 255.255.255.0
ip add 172.16.1.x 255.255.255.0
As these are locally connected subnets, no dynamic routing is required to route between them. Static routes or a default gateway of last resort will be required in order to route others.
I have attached a network overview of what I am aiming for. This will give you a clearer picture. At the same time, I have attempted to answer all your questions in your posts.
Also in the second picture "ip routing is enabled"
Just from the sounds of your previous post it sounds like you are already at scenario 2 with the 3560 doing the routing.As far as your vlan 1 problem , you don't really need a routed port on g1/0 , just make the port a switched port in vlan 1 and connect it to the router . If you feel you need to have the routed port and the SVI then take a small chunk out of that vlan 1 space say a /30 and put it in a different vlan and use that as the uplink and the router won't bitch about it . When you try to add the address to the G1/0 you are overlapping addresses because you are putting that address range on a routed port which is no longer associated with vlan 1 and a vlan 1 SVI which you cannot do . The answer to your previous question is when you remove the vlan 1 address then you have removed the return path address in your static route on the 1800 router so it has nowhere to send the data thus it breaks the network and my guess is that the client pc nics default gateway are pointed at the vlan 1 address also so it breaks users in vlan 1 also . Really the simplest way out of this is leave your vlan 1 SVI address in place and just connect a switched access port in vlan 1 and connect it to your router , you don't need 2 addresses in vlan 1 on the 3560.
I agree with neally all your statements except the one regarding the client PC gateway which is set to the router IP address.
The only thing I can think of is that I wrongly configured it at the start. I will also give the gigabit port the same ip address as the vlan1 and see what it does.
I will give it another shot and see if it does better this time
The clients should be pointed at the 3560 vlan 1 address , if you use the 1800 address then to have packets routed from someone in vlan 1 it will go up to the router and back down to someone in vlan 172 where as if you point it at the vlan 1 3560 address it will get routed right at the 3560 and not take the extra couple of hops and put the load on the router. The client pc would have been pointed at the router in your first scenario if the router was truly doing the intervlan routing but it doesn't sound like it really was if you had addresses on the 3560 for both vlans . Also as stated before you don't need a routed port just connect a vlan 1 acces port to the 1800.
1) You say there is no requirement for a routed port on the 3560.
Then how will the router 1841 know where to send traffic destined for vlan172?
While with a routed port, I can configure a static route on the 1841 to forward traffic for vlan172 to that routed port. Isn't that correct?
Once you have configured both your VLAN SVIs on the 3560 for VLAN1 and VLAN172, then 3560 will route between these two locally connected subnets.
There will be no requirement to route traffic the additional hops to the 1841 gateway and back to the 3560.
For example if you are sending a packet with a destination address of 172.16.1.x, then when the client D/G is set to the SVI for VLAN1 192.168.1.X then the 3650 will be able route the packet as the subnet is locally connect and in its local routing table.
Ok. You are assuming the vlans will not go beyond the cisco switch.
But as you see other networks are also connected to the 1841 and will need to access servers on vlan172.
So the only way to make the 1841 aware of vlan172 is to make a routed port on the 3560
Apologies I did not see the diagram in a previous post, and your quite right that I did assume that the VLANs did not extend beyond the router, and that you were simply routing on stick.
In order for to these other networks to access servers hosted on VLAN172, then simplest approach is to reconfigure the trunk link between the 1841 and 3650 as P2P as you mentioned on a /30 network address.
For example the 3560 gig 0/1 would have IP address 192.168.2.1/30 and 192.168.2.2/30 on the 1841.
Then configure static routes on the 1841 router to reach networks 192.168.1.X/24 and 172.16.1.X/24 via 192.168.2.1. Similarly configure a default route on the 3560 as 0.0.0.0 0.0.0.0 192.168.2.2.
Configure both VLAN1 and VLAN172 SVIs as previously mentioned, and ensure that the D/G for these clients is the appropriate SVI ip address.