Cisco 3845 vlan and routing

[lexar]

Hi,

I have 2 cisco 3845 with vlans. I have setup a vlan2 which spans across both cisco's using an 802.1q trunk. When I plug 2 pc's into vlan2 on either switch I can ping but I cannot ping the vlan L3 interface on either switch. Also when I connect to the console I can ping the L3 address and also another L3 address on my switch but then cannot access my PC ip.

e.g.
Switch1
vlan2
ip 10.0.1.8 255.255.255.0

int fast1/0
ip address 10.0.0.8 255.255.255.0

Switch2
vlan2
ip 10.0.l.16 255.255.255.0



Pc 10.0.1.10 255.255.255.0

 

[vipergg]

Never seen it trunked router to router , normally you would trunk down to a access layer switch . It may be getting confused on what gateway to use . Not sure about your design , if you are looking for redundancy I would run a link from the switch to each router and setup hsrp and use one virtual gateway address

 

[vipergg]

One other thing you could try is get rid of the address on one side of the router for the vlan it doesn't need to be there then make sure your pc gateway is pointed at the lone existing router interface .

 

[lexar]

Thanks...

This is actually a test lab where I am similating two core sites. I need the trunk because I did not have a hub to connect my gateway box to both cisco's

I need both IP address on the vlan because I want to be able to manage them by telneting to the vlan ip.
Otherwise how can I manage the cisco through the vlan??

 

[chipk]

How did you set these vlans up? On some models if you use the "interface vlan xxx" command, you also have to issue the "vlan xxx" command from global config. Otherwise, that vlan does not become active. That would explain why you can't ping.

 

[lexar]

on the 3845 there is a command vlan database

And I have that setup
VLAN ISL Id: 2
Name: mgmt
Media Type: Ethernet
VLAN 802.10 Id: 100002
State: Operational
MTU: 1500

VLAN ISL Id: 3
Name: ems_pool
Media Type: Ethernet
VLAN 802.10 Id: 100003
State: Operational
MTU: 1500

VLAN ISL Id: 4
Name: ems_ext
Media Type: Ethernet
VLAN 802.10 Id: 100004
State: Operational
MTU: 1500

 

[chipk]

What's the output from "show ip interfaces brief"?

 

[lexar]

CiscoA#show ip interface brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 10.10.10.1 YES NVRAM down down
GigabitEthernet0/1 unassigned YES NVRAM administratively down down
FastEthernet1/0 unassigned YES unset up up
FastEthernet1/1 unassigned YES unset up down
FastEthernet1/2 unassigned YES unset up down
FastEthernet1/3 unassigned YES unset up down
FastEthernet1/4 unassigned YES unset up down
FastEthernet1/5 unassigned YES unset up down
FastEthernet1/6 unassigned YES unset up down
FastEthernet1/7 unassigned YES unset up down
FastEthernet1/8 unassigned YES unset up down
FastEthernet1/9 unassigned YES unset up down
FastEthernet1/10 unassigned YES unset up down
FastEthernet1/11 unassigned YES unset up down
FastEthernet1/12 unassigned YES unset up down
FastEthernet1/13 unassigned YES unset up down
FastEthernet1/14 unassigned YES unset up down
FastEthernet1/15 unassigned YES unset up down
FastEthernet4/0 unassigned YES unset up down
FastEthernet4/1 unassigned YES unset up down
FastEthernet4/2 unassigned YES unset up down
FastEthernet4/3 unassigned YES unset up down
FastEthernet4/4 unassigned YES unset up down
FastEthernet4/5 unassigned YES unset up down
FastEthernet4/6 unassigned YES unset up down
FastEthernet4/7 unassigned YES unset up down
FastEthernet4/8 unassigned YES unset up down
FastEthernet4/9 unassigned YES unset up down
FastEthernet4/10 unassigned YES unset up up
FastEthernet4/11 unassigned YES unset down down
FastEthernet4/12 unassigned YES unset down down
FastEthernet4/13 unassigned YES unset up down
FastEthernet4/14 unassigned YES unset up up
FastEthernet4/15 unassigned YES unset up down
FastEthernet4/16 unassigned YES unset up up
FastEthernet4/17 unassigned YES unset up down
FastEthernet4/18 unassigned YES unset up up
FastEthernet4/19 unassigned YES unset down down
FastEthernet4/20 unassigned YES unset up up
FastEthernet4/21 unassigned YES unset up down
FastEthernet4/22 unassigned YES unset up down
FastEthernet4/23 unassigned YES unset up down
FastEthernet4/24 unassigned YES unset up up
FastEthernet4/25 unassigned YES unset up down
FastEthernet4/26 unassigned YES unset up down
FastEthernet4/27 unassigned YES unset up down
FastEthernet4/28 unassigned YES unset up down
FastEthernet4/29 unassigned YES unset up down
FastEthernet4/30 unassigned YES unset up down
FastEthernet4/31 unassigned YES unset up down
FastEthernet4/32 unassigned YES unset up down
FastEthernet4/33 unassigned YES unset up down
FastEthernet4/34 unassigned YES unset up down
FastEthernet4/35 unassigned YES unset up down
GigabitEthernet4/0 unassigned YES unset up up
GigabitEthernet4/1 unassigned YES unset up down
Vlan1 unassigned YES manual up up
Vlan2 10.0.0.8 YES manual up up
Vlan3 unassigned YES unset up up
Vlan4 172.168.0.8 YES manual up up


I just noticed another problem.. my vlan2 that I setup on f1/0 does not seem to work. Everything on vlan2 f4/x works but not vlan2 f1/0

 

[chipk]

Do you have the "switchport access vlan" command set on all those fastethernet ports? A status of UP/DOWN means there is physical connectivity, but layer 2 is not up.

 

[lexar]

no there is nothing plugged in and they are not being used.

All the ports that I created on f4/* and have something plugged in are working fine. What I noticed is that f1/0 which is suppose to be on vlan2 as well is not able to connect to other PC's on vlan2. And of course none of them can ping the L3 vlan address.

 

[rainman]

You should be creating your VLAN's with:

config term
!
vlan 10
name MYVLAN10
!
end

The VLAN database is on it's way out. The vlan database used to store your vlan info in a vlan.dat file which is separate from your startup-config file. When you make a VLAN as I showed above it will be added to your startup-config file, hence only 1 config file to worry about maintaining.

Can you post the whole configs of both 3845's including the output of "show vlan" ?


-Rainman

 

[lexar]

Hi Rainman,

Your config does not work.. it does not seem to like it.

Here is my config for one of the 3845's

version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CiscoA
!
boot-start-marker
boot-end-marker
!
logging buffered 51200 warnings
!
no aaa new-model
!
resource policy
!
ip subnet-zero
ip cef
!
!
!
!
no ip domain lookup
ip domain name yourdomain.com
!
username cisco privilege 15 secret 5 $1$TeDu$t8BxesvdcJNL9n0GKwbO00
username admin privilege 15 secret 5 $1$AMag$r4uuOFTnnXs38XAnH/o6/0
!
!
!
interface GigabitEthernet0/0
description $ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
ip address 10.10.10.1 255.255.255.248
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
no ip address
shutdown
duplex auto
speed auto
media-type rj45
negotiation auto
!
interface FastEthernet1/0
description Gateway Server (Alice)
switchport access vlan 2
!
interface FastEthernet1/1
!
interface FastEthernet1/2
!
interface FastEthernet1/3
!
interface FastEthernet1/4
!
interface FastEthernet1/5
!
interface FastEthernet1/6
!
interface FastEthernet1/7
!
interface FastEthernet1/8
!
interface FastEthernet1/9
!
interface FastEthernet1/10
!
interface FastEthernet1/11
!
interface FastEthernet1/12
!
interface FastEthernet1/13
!
interface FastEthernet1/14
!
interface FastEthernet1/15
!
interface FastEthernet4/0
!
interface FastEthernet4/1
!
interface FastEthernet4/2
!
interface FastEthernet4/3
!
interface FastEthernet4/4
!
interface FastEthernet4/5
!
interface FastEthernet4/6
!
interface FastEthernet4/7
!
interface FastEthernet4/8
!
interface FastEthernet4/9
!
interface FastEthernet4/10
description EMS A
switchport access vlan 2
!
interface FastEthernet4/11
description Cisco A
switchport access vlan 2
!
interface FastEthernet4/12
description EMS A Disk U
switchport access vlan 2
!
interface FastEthernet4/13
description EMS A Disk L
switchport access vlan 2
!
interface FastEthernet4/14
description LTM 1 Side A
switchport access vlan 2
!
interface FastEthernet4/15
description LTM 2 Side A
switchport access vlan 2
!
interface FastEthernet4/16
description GTM 1 Side A
switchport access vlan 2
!
interface FastEthernet4/17
!
interface FastEthernet4/18
description EMS A
switchport access vlan 3
!
interface FastEthernet4/19
!
interface FastEthernet4/20
description LTM 1 Side A
switchport access vlan 3
!
interface FastEthernet4/21
description LTM 2 Side A
switchport access vlan 3
!
interface FastEthernet4/22
!
interface FastEthernet4/23
!
interface FastEthernet4/24
description LTM 1 Side A
switchport access vlan 4
!
interface FastEthernet4/25
description LTM 2 Side A
switchport access vlan 4
!
interface FastEthernet4/26
vlan-id dot1q 2
exit-vlan-config
!
!
interface FastEthernet4/27
!
interface FastEthernet4/28
!
interface FastEthernet4/29
!
interface FastEthernet4/30
!
interface FastEthernet4/31
!
interface FastEthernet4/32
!
interface FastEthernet4/33
!
interface FastEthernet4/34
!
interface FastEthernet4/35
!
interface GigabitEthernet4/0
description Vlan bridge from Cisco A-B
switchport access vlan 2
switchport trunk native vlan 2
switchport mode trunk
!
interface GigabitEthernet4/1
!
interface Vlan1
no ip address
!
interface Vlan2
description mgmt
ip address 10.0.0.8 255.255.255.0
!
interface Vlan3
description ems_pool
no ip address
!
interface Vlan4
description ems_ext
ip address 172.168.0.8 255.255.255.0

 

[vipergg]

Do a "show vlan" and make sure all your vlans show active and the ports you are supposed to be in vlan 2 . Also do a "show interface status" and look at your switchports and see if they look ok . Also you are correct on the routers with switchport cards installed they still only use the vlan database and not global config mode to create layer 2 vlans .Cisco seems to be behind in deprecating the vlan database on the switchcards . Try typing in "switchport" on all your vlan 2 ports and see if that helps... Still sounds like a layer vlan definition problem , maybe you can post "show vlan" and show interface status".

 

[vipergg]

You appear to have multiple hwic switch cards in the router , in order for this to work correct you have to go thru the stacking procedure , they are now 2 indivdual switches . I think the stacking involves a cable from one hwic switchcard to the other and set it up as a trunk but the info on this is somewhat sketchy on cco. So if you have vlan 2 on one hwic then you have to stack if you vlan2 to be the same on the 2nd hwic. I found this on cco

Stacking: Example

The following example shows how to stack two HWICs.

Router(config)#interface FastEthernet 0/1/8

Router(config-if)#no shutdown

Router(config-if)#switchport stacking-partner interface FastEthernet 0/3/8

Router(config-if)#interface FastEthernet 0/3/8

Router(config-if)#no shutdown

 

[lexar]

CiscoA#sh vlan-switch

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa1/1, Fa1/2, Fa1/3, Fa1/4
Fa1/5, Fa1/6, Fa1/7, Fa1/8
Fa1/9, Fa1/10, Fa1/11, Fa1/12
Fa1/13, Fa1/14, Fa1/15, Fa4/0
Fa4/1, Fa4/2, Fa4/3, Fa4/4
Fa4/5, Fa4/6, Fa4/7, Fa4/8
Fa4/9, Fa4/17, Fa4/19, Fa4/22
Fa4/23, Fa4/26, Fa4/27, Fa4/28
Fa4/29, Fa4/30, Fa4/31, Fa4/32
Fa4/33, Fa4/34, Fa4/35, Gi4/1
2 mgmt active Fa1/0, Fa4/10, Fa4/11, Fa4/12
Fa4/13, Fa4/14, Fa4/15, Fa4/16
3 ems_pool active Fa4/18, Fa4/20, Fa4/21
4 ems_ext active Fa4/24, Fa4/25
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active


CiscoA#sh int status

Port Name Status Vlan Duplex Speed Type
Fa1/0 Gateway Server (Al notconnect 2 auto auto 10/100BaseTX
Fa1/1 notconnect 1 auto auto 10/100BaseTX
Fa1/2 notconnect 1 auto auto 10/100BaseTX
Fa1/3 notconnect 1 auto auto 10/100BaseTX
Fa1/4 notconnect 1 auto auto 10/100BaseTX
Fa1/5 notconnect 1 auto auto 10/100BaseTX
Fa1/6 notconnect 1 auto auto 10/100BaseTX
Fa1/7 notconnect 1 auto auto 10/100BaseTX
Fa1/8 notconnect 1 auto auto 10/100BaseTX
Fa1/9 notconnect 1 auto auto 10/100BaseTX
Fa1/10 notconnect 1 auto auto 10/100BaseTX
Fa1/11 notconnect 1 auto auto 10/100BaseTX
Fa1/12 notconnect 1 auto auto 10/100BaseTX
Fa1/13 notconnect 1 auto auto 10/100BaseTX
Fa1/14 notconnect 1 auto auto 10/100BaseTX
Fa1/15 notconnect 1 auto auto 10/100BaseTX
Fa4/0 notconnect 1 auto auto 10/100BaseTX
Fa4/1 notconnect 1 auto auto 10/100BaseTX
Fa4/2 notconnect 1 auto auto 10/100BaseTX
Fa4/3 notconnect 1 auto auto 10/100BaseTX
Fa4/4 notconnect 1 auto auto 10/100BaseTX

Port Name Status Vlan Duplex Speed Type
Fa4/5 notconnect 1 auto auto 10/100BaseTX
Fa4/6 notconnect 1 auto auto 10/100BaseTX
Fa4/7 notconnect 1 auto auto 10/100BaseTX
Fa4/8 notconnect 1 auto auto 10/100BaseTX
Fa4/9 notconnect 1 auto auto 10/100BaseTX
Fa4/10 EMS A connected 2 a-full a-100 10/100BaseTX
Fa4/11 Cisco A connected 2 a-full a-100 10/100BaseTX
Fa4/12 EMS A Disk U notconnect 2 auto auto 10/100BaseTX
Fa4/13 EMS A Disk L notconnect 2 auto auto 10/100BaseTX
Fa4/14 LTM 1 Side A connected 2 a-full a-100 10/100BaseTX
Fa4/15 LTM 2 Side A notconnect 2 auto auto 10/100BaseTX
Fa4/16 GTM 1 Side A connected 2 a-full a-100 10/100BaseTX
Fa4/17 notconnect 1 auto auto 10/100BaseTX
Fa4/18 EMS A connected 3 a-full a-100 10/100BaseTX
Fa4/19 notconnect 1 auto auto 10/100BaseTX
Fa4/20 LTM 1 Side A connected 3 a-full a-100 10/100BaseTX
Fa4/21 LTM 2 Side A notconnect 3 auto auto 10/100BaseTX
Fa4/22 notconnect 1 auto auto 10/100BaseTX
Fa4/23 notconnect 1 auto auto 10/100BaseTX
Fa4/24 LTM 1 Side A connected 4 a-full a-100 10/100BaseTX
Fa4/25 LTM 2 Side A notconnect 4 auto auto 10/100BaseTX
Fa4/26 notconnect 1 auto auto 10/100BaseTX
Fa4/27 notconnect 1 auto auto 10/100BaseTX

Port Name Status Vlan Duplex Speed Type
Fa4/28 notconnect 1 auto auto 10/100BaseTX
Fa4/29 notconnect 1 auto auto 10/100BaseTX
Fa4/30 notconnect 1 auto auto 10/100BaseTX
Fa4/31 notconnect 1 auto auto 10/100BaseTX
Fa4/32 notconnect 1 auto auto 10/100BaseTX
Fa4/33 notconnect 1 auto auto 10/100BaseTX
Fa4/34 notconnect 1 auto auto 10/100BaseTX
Fa4/35 notconnect 1 auto auto 10/100BaseTX
Gi4/0 Vlan bridge from C connected trunk a-full a-1000 10/100BaseTX/1000BaseT
Gi4/1 notconnect 1 auto auto 10/100BaseTX/1000BaseT



Everything looks fine... So I am not sure what to look at next.

Also regarding the 2 switch modules that it crazy !! It cannot be that you have to run a trunk from the two onboard modules. There must be a better way?!?!??!

 

[vipergg]

I think that is what is going on .

http://www.cisco.com/en/US/products/ps5855/products_qanda_item0900aecd802a9470.shtml

 

[lexar]

Thanks vipergg..

aghhhh ! You are right about the switch modules.

But that still does not answer my L3 vlan problem.

Any ideas?