VLAN doesn't work after upgrade

[60089]

We hired a consultant to replace PIX (default gateway) with ASA and 3650 switch (core) with 3750. The VLAN 1/private network works fine. However, all VLANs such as vlan 100, 200, and 300 and 400 dont work. Then the consultant tried many hours to make another switches to work. He said he didn't make any changes on the working switch. So he suggested us to reboot other switches. We have tried to reboot the other switches, but that doesn't fix the problem. The consultant is out of ideas.

For a test, I configure a port in working switch to use vlan 300, my laptop get good IP from the DHCP server that is located in the VLAN 200. If I use the same port configuration in the non-work switch, my laptop doesn't receive IP from the DHCP server. From the problematic switch, I can ping the DHCP server. The show vlan displays all VLAN in the problematic switch.

If I assign static, DG and DNS to the laptop connecting to non-work switch, I can ping any thing including DHCP server and access the Internet.

Core 3750 switch 10.0.0.2
| |
non-work switch work switch
10.0.20.12 10.0.20.13
int G1/0/13 int G3/0/11

Both ports are configured as shown below.
switchport access vlan 300
switchport mode access
no ip address
no mdix auto
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable

10.0.20.13 port int G3/0/11works and 10.0.20.12 port int G1/0/13 doesn't. I also attached both running-config files.

 

[jeter]

I only see vlan 1 on your switches...

You mention that he installed a new switch?
VTP comes to mind. Verify vtp status on the switches.
Also look at sh vlans and post....

Note if you want a clean script type (term lenght 0) then type show run. Just remember to set it back to 30 when your done.

Go Army!
Tek-TIP Member 19,650
CCNA, CCNA Voice, CCNP, CCVP
Avaya IP Office 500, CS1000

 

[60089]

Here are the show vlan and sh vtp status

ADM_TELE_BASE_3750#sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/4, Gi1/0/5, Gi1/0/6
Gi1/0/7, Gi1/0/8, Gi1/0/9
Gi1/0/10, Gi1/0/11, Gi1/0/12
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/21, Gi1/0/24, Gi2/0/1
Gi2/0/2, Gi2/0/3, Gi2/0/4
Gi2/0/5, Gi2/0/6, Gi2/0/7
Gi2/0/8, Gi2/0/9, Gi2/0/10
Gi2/0/11, Gi2/0/12, Gi2/0/13
Gi2/0/14, Gi2/0/15, Gi2/0/16
Gi2/0/17, Gi2/0/18, Gi2/0/19
Gi2/0/20, Gi2/0/22, Gi2/0/23
Gi2/0/24, Gi3/0/1, Gi3/0/2
Gi3/0/3, Gi3/0/4, Gi3/0/5
Gi3/0/6, Gi3/0/7, Gi3/0/8
Gi3/0/9, Gi3/0/10, Gi3/0/11
Gi3/0/12, Gi3/0/13, Gi3/0/14
Gi3/0/15, Gi3/0/16, Gi3/0/17
Gi3/0/18, Gi3/0/19, Gi3/0/20
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Gi3/0/23, Gi3/0/24, Gi4/0/1
Gi4/0/2, Gi4/0/3, Gi4/0/4
Gi4/0/5, Gi4/0/6, Gi4/0/7
Gi4/0/8, Gi4/0/9, Gi4/0/10
Gi4/0/11, Gi4/0/12, Gi4/0/13
Gi4/0/14, Gi4/0/15, Gi4/0/16
Gi4/0/17, Gi4/0/18, Gi4/0/19
Gi4/0/20, Gi4/0/21, Gi4/0/22
Gi4/0/23, Gi4/0/24, Gi5/0/1
Gi5/0/2, Gi5/0/3, Gi5/0/4
Gi5/0/5, Gi5/0/6, Gi5/0/7
Gi5/0/8, Gi5/0/9, Gi5/0/10
Gi5/0/11, Gi5/0/12, Gi5/0/13
Gi5/0/14, Gi5/0/15, Gi5/0/16
Gi5/0/17, Gi5/0/18, Gi5/0/19
Gi5/0/20, Gi5/0/21, Gi5/0/23
Gi5/0/24
4 CAFE_PUPLIC_WIRELESS active
100 TEACHER active
200 STUDENT active
254 ICN_OUTSIDE active
255 Ccast_55.254 active Gi1/0/17
256 Ccast_56.94 active Gi1/0/19
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
300 PUBLIC active Gi1/0/13
400 VPNDMZ active
500 DMZ2 active
600 WIRELESSTRUNK active
700 WLC_TRUNK_NATIVE active
800 SAN active Gi1/0/18, Gi1/0/23
900 VENDOR active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
254 enet 100254 1500 - - - - - 0 0
255 enet 100255 1500 - - - - - 0 0
256 enet 100256 1500 - - - - - 0 0
300 enet 100300 1500 - - - - - 0 0
400 enet 100400 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
500 enet 100500 1500 - - - - - 0 0
600 enet 100600 1500 - - - - - 0 0
700 enet 100700 1500 - - - - - 0 0
800 enet 100800 1500 - - - - - 0 0
900 enet 100900 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

ADM_TELE_BASE_3750#sh vtp status
VTP Version : 2
Configuration Revision : 32
Maximum VLANs supported locally : 1005
Number of existing VLANs : 18
VTP Operating Mode : Client
VTP Domain Name : CBGvtp
VTP Pruning Mode : Enabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0xB7 0x98 0x86 0x06 0x58 0xD4 0x0C 0x6F
Configuration last modified by 10.0.20.56 at 12-17-09 16:51:08

 

[VinceWhirlwind]

sh interfaces" on both switches please.

 

[jeter]

Try this go into global and insert these statements

Vlan 100
Vlan 200
etc etc

make sure (switchport mode access vlan XXX)
is applied to the corect switchport.


Go Army!
Tek-TIP Member 19,650
CCNA, CCNA Voice, CCNP, CCVP
Avaya IP Office 500, CS1000

 

[VinceWhirlwind]

according to his "show vlan", both those are already active.

 

[VinceWhirlwind]

The only real difference between the switch configs I can see is that dot1x is enabled globally on the switch you say is fine, but it's not configured on any ports, so it should be irrelevant.

As he says above, he is using the ports:
bad switch: int G1/0/13
good switch:int G3/0/11

interface GigabitEthernet3/0/11
switchport access vlan 300
switchport mode access
no ip address
no mdix auto
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!
!
interface GigabitEthernet1/0/13
switchport access vlan 300
switchport mode access
no ip address
no mdix auto
spanning-tree portfast
spanning-tree bpdufilter enable
spanning-tree bpduguard enable
!

Please identify for us the switchports in your configs which are the *uplink* ports to the "core 3750".

He has 3 kinds of ports on these two switches:
- Access in VLAN 1 or 254, 255, 256, 300 or 800
- Trunk, VLAN 1 Native
- Trunk, VLAN 600 Native