Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Connecting Two Networks together with Cisco 3750/VLAN issue

Status
Not open for further replies.
AaronEvans

AaronEvans

Programmer
Oct 22, 2008
2
US
I'm trying to get two networks to talk to each other with a Cisco 3750 switch. One network has an IP range of 192.168.2.x and the other 10.100.x.x all devices need to communicate with all devices on those two networks. They are both VLANs.

The 192.168.2.x network has a Cyberoam appliance in gateway mode acting as the router, and the 10.100.x.x network has the Cisco 3750 acting as a router.

The Cisco is hooked from port 13 on itself to port 5 on a Netgear smart switch. The cyberoam and the cisco can see everything on each network, but a PC hooked into one can only see the switch/router on the other network. I've tried all kinds of IP routes to see if it would work but so far nothing has.

Any help would be much appreciated.

Here is my config file.

!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname MasterSwitch
!
enable secret 5 $1$Qvsl$W/CTbt6tiQ2fCaIW.g2Ah/
enable password comdatasolutions
!
no aaa new-model
switch 1 provision ws-c3750-24ts
system mtu routing 1500
ip subnet-zero
ip routing
!
ip multicast-routing distributed
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
bridge irb
!
!
interface FastEthernet1/0/1
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/2
switchport access vlan 10
!
interface FastEthernet1/0/3
switchport access vlan 10
!
interface FastEthernet1/0/4
switchport access vlan 10
!
interface FastEthernet1/0/5
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/6
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/7
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/8
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/9
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/11
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/13
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface FastEthernet1/0/14
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
switchport access vlan 2
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface FastEthernet1/0/22
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface FastEthernet1/0/23
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface FastEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/2
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 10.99.1.1 255.255.255.0
ip pim sparse-dense-mode
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan2
ip address 192.168.2.198 255.255.255.0
ip helper-address 192.168.2.80
no ip redirects
no ip proxy-arp
ip pim sparse-dense-mode
bridge-group 1
bridge-group 1 spanning-disabled
!
interface Vlan3
ip address 192.168.200.1 255.255.255.0
ip helper-address 192.168.2.10
ip helper-address 192.168.200.10
ip pim dense-mode
!
interface Vlan10
ip address 10.100.1.1 255.255.0.0
bridge-group 1
bridge-group 1 spanning-disabled
!
interface BVI1
no ip address
!
ip classless
ip route 10.100.0.0 255.255.0.0 192.168.2.1
ip route 192.168.2.0 255.255.255.0 192.168.2.1
ip http server
!
!
!
control-plane
!
bridge 1 route ip
!
line con 0
line vty 0 4
password blank
login
length 0
line vty 5 15
password blank
login
length 0
!
end
 
Sort by date Sort by votes
Slightly confused - I see the port 13 is a vlan trunk with vlan2 untagged - I'm assuming the router also has a trunk set in the appropriate vlans.. the confusion is because the 3750 will be routing as you have configured each vlan with an IP address.. this may be the source of the problem however it may be more to do with Default Gateways on the PC's that's usually the problem in these cases.

Make sure the DG is set to the router - as I'm not sure of this config you have try the Router but also the IP address the Cisco has on the vlan the PC has. Your DG should always be on the same vlan.

 
Upvote 0 Downvote
The first thing is this:
ip route 10.100.0.0 255.255.0.0 192.168.2.1
That can't be right - the 10.100.0.0 network is on your 3750 local ports 2, 3, 4, & VLAN 10.
Delete that line.

The second thing is this:
ip route 192.168.2.0 255.255.255.0 192.168.2.1
Shouldn't be necessary - 192.168.2.0 network is on your local ports 13 & VLAN 2.
Delete that line.

Finally, get on the router that has the 192.168.2.1 address on it and make sure it has a route for:
ip route 10.100.0.0 255.255.0.0 192.168.2.198

OK, so think about your traffic:
10.100.0.0 device on 3750 switchport 2 tries to get to 192.168.2.0 devices past your router:
1/ Device recognises destination IP is out-of-subnet and frames it with the 3750's MAC address (DG)
2/ 3750 breaks frame and recognises 192.168.2.0 is local subnet on port 13, ARP request on that VLAN...where does it go? Does the device receive the broadcast, or does your router stop it?

You may need to configure a NEW subnet to be the routed link between 3750 & your router and remove all traces of the 192.168.2.0 subnet from the 3750.
 
Upvote 0 Downvote
Oh, and fix this horribleness while you are at it:
interface FastEthernet1/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 3
switchport mode access
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

pbxcomm
  • Locked
  • Question
CISCO VG450
Replies
1
Views
361
bdk76
bdk76
Luzbel
  • Locked
  • Question
Connecting HVAC controller to network
Replies
0
Views
258
Luzbel
Luzbel
Skip Rango
  • Locked
  • Question
how to backup cisco sg500-52p switch
Replies
1
Views
350
madwok
madwok
Jared R
  • Locked
  • Question
Cisco UC320W Paging Help
Replies
0
Views
327
Jared R
Jared R
Hayden09
  • Locked
  • Question
Cisco Sg-300 Flapping?
Replies
0
Views
333
Hayden09
Hayden09

Part and Inventory Search

Sponsor

Back
Top