can't get vlan1 working

[xyf]

I just took over as sys admin where I work. The other guy bolted. To make a long story short I have a Cisco 3500 that I can't seem to get the administrative interface (vlan1) working so I can tftp the configs. I've set up a couple of the 2950's in this manner so I think I know what I'm doing. At any rate this switch holds our uplink to the gateway (router) outside our building. Making up some IPs:

Network: 148.38.64.0/21
Gateway: 148.38.71.254
Internal machines on 148.38.70.0/21

I set up vlan1 with:
IP: 148.38.70.10
also tried
IP: 148.38.71.10
Default Gateway: 148.38.71.254
Netmask: 255.255.248.0

I've verified that vlan1 is default, up and contains network settings but I can't ping any address except the IP of vlan1. Can't even ping the gateway.

The first three ports on the switch are trunk ports. Ports Fa0/4 though Fa0/42 are on Vlan61. Ports Fa0/43 though Fa0/48 are on Vlan620.

I don't really understand Vlans/trunks completely yet so listed those in case it matters.

I can't see what I'm doing wrong. Any help appreciated.
Thanks,
kent

 

[svermill]

Do you have a VLAN1 interface on the router? I guess since you've configured the switch with a gateway, that kinda suggests that you have. But you didn't mention it specifically.

 

[xyf]

I set up VLAN1 with the following commands:
# conf term
# int vlan1
# ip address 148.38.70.10 255.255.248

If that is what you're referring to?

A "show run" verified the settings.
kent

 

[svermill]

If interface VLAN1 on the router has an IP of 148.38.70.10, then all of your sc0 interfaces on the switches have to have their default gateway set to that address. You mentioned earlier something about a gateway of 148.38.71.254. It wasn't clear to me what that gateway was or where it was configured. You also mentioned something about internal machines being on the 148.38.70 /21 network. You don't put live traffic on VLAN1. VLAN1 should be restricted to management information only. For instance, VTP traffic moves around the network via VLAN1. You don't want user traffic mixed in with that. So I'm not sure I understand your network correctly. But if I do, I would suggest you crack the books on VLANs or bring in some outside help. You can muck things up pretty bad if you don't have a pretty firm grasp on the basics.

 

[svermill]

I should also add that a /21 mask for VLAN1 seems suspicious. The VLAN 1 network should have enough IPs to address each sc0 inteface in the network, plus room for growth. It's just a management VLAN. The only hosts in it should be the switch sc0s and the router interface(s). I'm just wrapping up a VERY large network for a customer where we only used a /28. 126 addresses for VLAN1 is quite a lot.

This further leads me to believe that your going to mix VLAN1 with real traffic. It isn't recommended, but you can do it. So I guess I'm really not sure on what the issues are. You mentioned only being able to ping the VLAN1 router IP. So I'm guessing that you're trying to ping switch sc0 IP(s) without any luck. If so, make sure the switch(es) all have their default gatway set to the router VLAN1 IP.

 

[xyf]

The router outside the building, which is the default gatway for all our traffic, to the main backbone, is 148.38.71.254.

Switch 'A' that I'm trying to configure has 7 switches feeding into it. All 7 switches have the same basic configuration on vlan1:

IP: 148.38.71.xx
SNM: 255.255.248.0
Gateway: 148.38.71.254

It seems to me that I should be able to configure vlan1 on switch 'A' exactly as the other 7 switches, changing the host portion of the IP of course, and be able to send and receive tftp traffic. Problem is I can't. All the other switches work perfectly fine in this regard.

The internal workstations are on the 148.38.70.0/21. I have no sc0 interfaces that I can see. I'm not trying to put live traffice on vlan1. I just want to tftp from switch 'A' to a machine directly hooked into itself.
kent

 

[xyf]

We have been given a class B /21 subnet of 148.38.0.0. Which gives us 2046 hosts. It needs to be broken up but I will worry about that later. I think there is a misunderstanding.
The only think I could ping on switch 'A' was the IP I gave vlan1 on switch 'A.' In other words I couldn't ping out of the switch.
kent

 

[svermill]

OK. I *think* I understand better now. I said "sc0" interface, but I think that's only the case with CatOS switches. Yours, I believe, is IOS. So you just have a VLAN1 interface instead of sc0. This is the L2 3500 and not the L3 3550, right?

So if your workstation and your switch are in the same subnet, you shouldn't necessarily need to be able to hit your gateway to make tftp work. I've seen the lack of gateway connectivity cause unexpected problems even in situations such as yours, where everything is supposed to be taking place on the same L2 VLAN. I personally would start by looking at L2. I gather from you comments that all of those other seven switches can ping amongst themselves and to the gateway? But none of those seven switches nor the gateway can ping switch A because switch A can't ping out. Hmmm. Are there any trunks in your topology or is everything in a flat L2 VLAN1? If there are trunks, is switch A in the correct VTP domain? Are the seven switches stacked or do they connect to one another via switch A?

 

[xyf]

Thanks for your help I finally figured it out. All ports were assigned vlans other than vlan1. I switched one of the ports to vlan1, plugged my laptop into it and snagged the start-config
kent

 

[svermill]

Oops. Just goes to show that troubleshooting up from the bottom towards the upper layers of the protocol stack is always the way to go. Glad you go 'er going.