Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

vlan issue

Status
Not open for further replies.

maverick2689

IS-IT--Management
Nov 22, 2005
72
US
Hi. I've inherited a Cat6509 as our core, and 3560's as my closet switches from our previous network administrator.

I have configured a new vlan (vlan7) in the core, and after correcting some closet switches and trunking issues, all my closet switches can see it.

I have assigned clients to the new vlan, and they can see the core switch (15.1) and everything beyond it on vlan1. If I try to get back to the client on vlan7 (16.40) I can't ping it, even from the core.

Any thoughts on what I've missed? Do I need to put a static route in the core switch?

Any help is appreciated.

We must all hang together, or assuredly we shall all hang separately.
 
you would probably have to post your config. You should not need a static route as it is a directly attached subnet on the 6500 and it should know about it . A "show vlan" would also help along with a "show int trunk" of a link down to one of your switches that you are having trouble with . A show run interface XX of the connecting ports would also help.
 
Also this may seem trivial but make sure your clients default gateway is the vlan 7 core router address .
 
Roger that. Thank you. I'll post as soon as I can get my hands on it.

I'll have someone double-check those client addresses as well.

We must all hang together, or assuredly we shall all hang separately.
 
It may well be worth noting that from a "Remote access" perspective, vlan1 should not be used. This is the default vlan for every switch that is simply switched on. This an cause security issues.

Best to use a different vlan for remote access.
 
It may well be worth noting that from a "Remote access" perspective, vlan1 should not be used. This is the default vlan for every switch that is simply switched on. This an cause security issues.

It may also be worth noting that spanning a VLAN around the whole campus is a BAD, BAD idea.....

Follow the design guides......


Cisco publish these as a reference for you to deploy scalable, resilient & best practise networks in.......

My 2 cents....

Andy
 
Great advice from all. I have been tasked with cleaning things up, and the vlan1 issue was the 1st that popped up. The only other vlan, other than the one I built for terminal services (vlan7) is a vlan for wireless.

Everything else is on vlan1. Needless to say, we have a major, major broadcast issue.

Currently, the default gateway for my clients on vlan7 are pointed at the "standby" address. We aren't even using HSRP, so I'm going to try pointing the clients at the default address and see what happens.

I'm sure I'll be back to solicit more advice, or to pass along whatever I can to help someone else.

I'll get those "show"'s posted as well.

We must all hang together, or assuredly we shall all hang separately.
 
we have a major, major broadcast issue.

Exactly why you should deploy a hierarchical network with distinct Layer-3 boundaries. Even you wireless can be accomodated within this but requires a bit of thought and design.

Andy
 

Show vlan from core (6509)
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/1, Gi1/2, Gi1/3, Gi1/4
Gi1/5, Gi1/6, Gi1/7, Gi1/8
Gi1/9, Gi1/10, Gi1/11, Gi1/12
Gi1/13, Gi1/14, Gi1/15, Gi1/16
Gi1/17, Gi1/18, Gi1/19, Gi1/20
Gi1/21, Gi1/22, Gi1/23, Gi1/24
Gi1/25, Gi1/26, Gi1/27, Gi1/28
Gi1/29, Gi1/30, Gi1/31, Gi1/32
Gi1/33, Gi1/34, Gi1/35, Gi1/36
Gi1/38, Gi1/39, Gi1/40, Gi1/41
Gi1/42, Gi1/43, Gi1/44, Gi1/45
Gi1/46, Gi1/47, Gi1/48, Gi2/7
Gi2/8, Gi2/9, Gi2/10, Gi2/11
Gi2/12, Gi2/13, Gi2/14, Gi2/15
Gi3/3, Gi3/4, Gi3/5, Gi3/6
Gi3/7, Gi3/8, Gi3/10, Gi3/11
Gi3/12, Gi3/13, Gi3/14, Gi3/16
Gi4/2, Gi4/3, Gi4/4, Gi4/5
Gi4/6, Gi4/7, Gi4/8, Gi4/10
Gi4/11, Gi4/12, Gi4/13, Gi4/14
Gi4/15, Gi4/16, Gi5/2, Fa7/1
Fa7/2, Fa7/3, Fa7/4, Fa7/5
Fa7/6, Fa7/7, Fa7/8, Fa7/9
Fa7/10, Fa7/11, Fa7/12, Fa7/13
Fa7/14, Fa7/15, Fa7/16, Fa7/17
Fa7/18, Fa7/19, Fa7/20, Fa7/21
Fa7/22, Fa7/23, Fa7/25, Fa7/26
Fa7/27, Fa7/28, Fa7/29, Fa7/30
Fa7/31, Fa7/32, Fa7/33, Fa7/34
Fa7/37, Fa7/38, Fa7/39, Fa7/40
Fa7/41, Fa7/42, Fa7/43, Fa7/44
Fa7/45, Fa7/46, Fa7/47, Fa7/48
Gi8/6, Fa9/1, Fa9/2, Fa9/3
Fa9/4, Fa9/5, Fa9/6, Fa9/7
Fa9/8, Fa9/9, Fa9/10, Fa9/11
Fa9/12, Fa9/13, Fa9/14, Fa9/15
Fa9/16, Fa9/17, Fa9/18, Fa9/19
Fa9/20, Fa9/21, Fa9/22, Fa9/23
Fa9/24
2 PACS active Gi1/37, Gi3/2, Gi3/9, Gi3/15
Gi4/9, Fa7/35
4 DUMAC active
5 wireless_guest active
7 TERMSERV active
10 wireless active
11 AP1Hospital active
12 AP2Hospital active
13 AP3Hospital active
14 AP4Hospital active
15 AP5Hospital active
20 wireless2 active
100 management active
200 Infinity active
201 AP1Infinity active
202 AP2Infinity active
203 AP3Infinity active
204 AP4Infinity active
205 AP5Infinity active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
7 enet 100007 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
11 enet 100011 1500 - - - - - 0 0
12 enet 100012 1500 - - - - - 0 0
13 enet 100013 1500 - - - - - 0 0
14 enet 100014 1500 - - - - - 0 0
15 enet 100015 1500 - - - - - 0 0
20 enet 100020 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
201 enet 100201 1500 - - - - - 0 0
202 enet 100202 1500 - - - - - 0 0
203 enet 100203 1500 - - - - - 0 0
204 enet 100204 1500 - - - - - 0 0
205 enet 100205 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

show int trunk from core (6509)

Port Mode Encapsulation Status Native vlan
Gi2/1 desirable n-802.1q trunking 1
Gi2/2 desirable n-isl trunking 1
Gi2/3 desirable n-isl trunking 1
Gi2/4 desirable n-isl trunking 1
Gi2/5 desirable n-isl trunking 1
Gi2/6 on 802.1q trunking 1
Gi2/16 desirable n-802.1q trunking 1
Gi3/1 desirable n-isl trunking 1
Gi4/1 desirable n-isl trunking 1
Gi5/1 on 802.1q trunking 1
Fa7/24 desirable n-802.1q trunking 1
Fa7/36 desirable n-802.1q trunking 1
Gi8/1 desirable n-isl trunking 1
Gi8/2 desirable n-isl trunking 1
Gi8/3 desirable n-802.1q trunking 1
Gi8/4 desirable n-isl trunking 1
Gi8/5 desirable n-isl trunking 1
Gi8/7 desirable n-isl trunking 1
Gi8/8 desirable n-isl trunking 1
Gi8/9 desirable n-isl trunking 1
Gi8/10 desirable n-isl trunking 1
Gi8/11 desirable n-isl trunking 1
Gi8/12 desirable n-isl trunking 1
Gi8/13 desirable n-isl trunking 1
Gi8/14 on 802.1q trunking 1
Gi8/15 desirable n-isl trunking 1
Gi8/16 desirable n-isl trunking 1

Port Vlans allowed on trunk
Gi2/1 1-4094
Gi2/2 1-4094
Gi2/3 1-4094
Gi2/4 1-4094
Gi2/5 1-4094
Gi2/6 1-4094
Gi2/16 1-4094
Gi3/1 1-4094
Gi4/1 1-4094
Gi5/1 1-4094
Fa7/24 1-4094
Fa7/36 1-4094
Gi8/1 1-4094
Gi8/2 1-4094
Gi8/3 1-4094
Gi8/4 1-4094
Gi8/5 1-4094
Gi8/7 1-4094
Gi8/8 1-4094
Gi8/9 1-4094
Gi8/10 1-4094
Gi8/11 1-4094
Gi8/12 1-4094
Gi8/13 1-4094
Gi8/14 1-4094
Gi8/15 1-4094
Gi8/16 1-4094

Port Vlans allowed and active in management domain
Gi2/1 1-2,4-5,7,10-15,20,100,200-205
Gi2/2 1-2,4-5,7,10-15,20,100,200-205
Gi2/3 1-2,4-5,7,10-15,20,100,200-205
Gi2/4 1-2,4-5,7,10-15,20,100,200-205
Gi2/5 1-2,4-5,7,10-15,20,100,200-205
Gi2/6 1-2,4-5,7,10-15,20,100,200-205
Gi2/16 1-2,4-5,7,10-15,20,100,200-205
Gi3/1 1-2,4-5,7,10-15,20,100,200-205
Gi4/1 1-2,4-5,7,10-15,20,100,200-205
Gi5/1 1-2,4-5,7,10-15,20,100,200-205
Fa7/24 1-2,4-5,7,10-15,20,100,200-205
Fa7/36 1-2,4-5,7,10-15,20,100,200-205
Gi8/1 1-2,4-5,7,10-15,20,100,200-205
Gi8/2 1-2,4-5,7,10-15,20,100,200-205
Gi8/3 1-2,4-5,7,10-15,20,100,200-205
Gi8/4 1-2,4-5,7,10-15,20,100,200-205
Gi8/5 1-2,4-5,7,10-15,20,100,200-205
Gi8/7 1-2,4-5,7,10-15,20,100,200-205
Gi8/8 1-2,4-5,7,10-15,20,100,200-205
Gi8/9 1-2,4-5,7,10-15,20,100,200-205
Gi8/10 1-2,4-5,7,10-15,20,100,200-205
Gi8/11 1-2,4-5,7,10-15,20,100,200-205
Gi8/12 1-2,4-5,7,10-15,20,100,200-205
Gi8/13 1-2,4-5,7,10-15,20,100,200-205
Gi8/14 1-2,4-5,7,10-15,20,100,200-205
Gi8/15 1-2,4-5,7,10-15,20,100,200-205
Gi8/16 1-2,4-5,7,10-15,20,100,200-205

Port Vlans in spanning tree forwarding state and not pruned
Gi2/1 1
Gi2/2 1-2
Gi2/3 1-2,4-5,7,10-15,20,100,200-205
Gi2/4 1,5,7
Gi2/5 1
Gi2/6 1,7
Gi2/16 1-2
Gi3/1 1,10,100
Gi4/1 1,5,11-15,200-205
Gi5/1 1-2,4
Fa7/24 1
Fa7/36 1
Gi8/1 1-2
Gi8/2 1
Gi8/3 1
Gi8/4 1
Gi8/5 1-2
Gi8/7 1
Gi8/8 1,7
Gi8/9 1-2,4-5,7,10-15,20,100,200-205
Gi8/10 1-2
Gi8/11 1
Gi8/12 1
Gi8/13 1-2,5
Gi8/14 1,7
Gi8/15 1-2
Gi8/16 1

show run int from core from trunk feeding closet 3560
interface GigabitEthernet8/14
no ip address
switchport
switchport trunk encapsulation dot1q
switchport mode trunk
end

show int trunk from closet (3560)

Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/1 1-4094

Port Vlans allowed and active in management domain
Gi0/1 1-2,4-5,7,10-15,20,100,200-205

Port Vlans in spanning tree forwarding state and not pruned
Gi0/1 1-2,4-5,7,10-15,20,100,200-205

show run int gi0/1 from 3560
interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
end

Things looks as I would expect them, for as messed up as we are.

Sorry for the length of the post. Any help is much obliged.

kyle




We must all hang together, or assuredly we shall all hang separately.
 
Well now..

After pulling my hair out for 3 days.... I go up to find the thin clients my help desk deployed still had Windows Firewall enabled, with no exceptions!

Gave out some exceptions, and BINGO, everything works.

I'm glad I brought it here, anyways, as I've gotten some great ideas.

Thanks to all, and my apologies for a dumb mistake.

We must all hang together, or assuredly we shall all hang separately.
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top