VLAN SETUP HELP????? 1

[captnops]

I am attempting to setup multiple vlans to seperate voice and data traffic using the following equipment:

Cisco 3560 switch
(4) Linksys SRW224P switches

Can someone provide a basic setup using the cisco as a layer 3 and the linksys as layer 2?

I have configured the cisco with IP routing enabled, created the vlans, gave the interfaces IP addresses, created a trunk port and connected to the linksys trunk port using dot1q encaps.

I cannot get traffic out of the the linksys to the 3560 to route to vlans.

Any help would be greatly appreciated.

 

[North323]

post config of your 3560

 

[captnops]

Here is the requested config:
urrent configuration : 3494 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname cisco_3560
!
enable secret 5 $1$G61J$/FJV5r7Q4foUiJnfa.jSC0
enable password C0unt3rpr0duct10n
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
description TO LINKSYS SWITCH 1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10-12
switchport mode trunk
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/2
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/3
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/4
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/5
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/6
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/7
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/8
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/9
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/10
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/11
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/12
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/13
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/14
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/15
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/16
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/17
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/18
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/19
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/20
description TO LAPTOP VLAN 10
switchport access vlan 10
switchport mode access
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/21
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/22
duplex full
speed 100
spanning-tree portfast trunk
!
interface FastEthernet0/23
description TO SERVER#1 VLAN 11
switchport access vlan 11
switchport mode access
duplex full
speed 100
spanning-tree portfast
!
interface FastEthernet0/24
description TO SERVER#2 VLAN 12
switchport access vlan 12
switchport mode access
duplex full
speed 100
spanning-tree portfast
!
interface GigabitEthernet0/1
description TO SERVER#1 VLAN 11
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
spanning-tree portfast trunk
!
interface Vlan1
ip address 10.10.9.1 255.255.255.0
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
!
interface Vlan11
ip address 10.10.11.1 255.255.255.0
!
interface Vlan12
ip address 10.10.12.1 255.255.255.0
!
ip default-gateway 10.10.10.1
ip classless
ip http server
!
!
snmp-server community ghdsi_public RO
snmp-server location Rocky Hill, Connecticut
!
control-plane
!
!
line con 0
line vty 0 4
password !admin!
no login
line vty 5 15
password !admin!
no login
!
!
end

 

[captnops]

Another interesting bit of information: The notebook that I attach to the linksys cannot ping anything from that switch, but when i plug it into the 3560, I can ping across all vlans.

What would I need (config wise)at a minimum on the linksys (layer 2) switches to make it play nice.

Thanks again

 

[North323]

no you need to make some routes on the 3560. your default gateway is vlan10; ip default-gateway 10.10.10.1

should have static routes like
ip route 0.0.0.0 0.0.0.0 x.x.x.x
where 0.0.0.0 is the source of your linksys subnet and x.x.x.x is destination

 

[vipergg]

If the 3560 is doing the routing he shouldn't need any static routes . My guess is the linksys is not setup correctly to trunk to the 3560 . the 3560 looks ok for the trunk . On the 3560 make sure the layer 2 vlan was created , use the show vlan command to see if all your vlans are created , if so concentrate on the linksys end for trunking.

 

[vipergg]

What model Linksys is the switch . Didn't know they made anything capable of trunking thought they were mostly unmanaged switches..

 

[NetworksMD]

I was thinking the same thing as Vipergg, don't think that linksys can support Dot 1q trunks or VLans. Make that port an access port on the same vlan(subnet) as the hosts on the linksys switch, and then on those hosts make your SVI for that vlan the default gateway for the hosts.

 

[unclerico]

The SRW224P does have a web management interface. You'll need to access this interface to set up the trunk from the Linksys side.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[captnops]

Thank you all for the help.

i have setup the trunking on the linksys srw224p. These are the baby cisco swtiches and I assume that is was done correctly (doesnt appear to be a lot of options). I also created the layer 2 vlans on the linksys to match those on the 3560.

I have verified that the vlans were created and I addded ports to each of them.

Any other thoughts?

Thank you all again.

 

[unclerico]

For the trunk port on the Linksys, do you have it set to Access, General, or Trunk??

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[captnops]

On the linksys, I set the trunk port to trunk, and the port that the laptop is connected to to general.

Should the packets be tagged or untagged for all vlans, or just for the trunked ports?

Thanks

 

[VinceWhirlwind]

tagged for all.

If your 3560 interface had a
"switchport trunk native vlan 123"
then that would mean VLAN 123 was untagged.

 

[unclerico]

make the port setting of the trunk to General and change all edge ports to Access. Here is Linksys' definition of a General port:

• General — Indicates the port belongs to VLANs, and each VLAN is user-defined as tagged or untagged (full 802.1Q mode)

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[unclerico]

oops, sorry, I missed the second part of your question there. As Vince says, you need to tag all of the VLAN's except for the native VLAN. I see that your g0/1 is using VLAN1 as the native VLAN. On the Linksys, if you're under VLAN Management -> Ports to VLAN screen, select a VLAN from the drop down. Now for every port EXCEPT your trunk port choose Untagged. Choose Tagged for your trunk port. Rinse and repeat for each VLAN. VLAN1 all ports should be untagged, that is if it even lets you alter the ports when VLAN1 is selected. It may not let you alter the port settings for VLAN1. You may want to create an Etherchannel (cisco)/Link Aggregation Group (linksys), but that is entirely up to you.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[captnops]

Thanks for the suggestions, I will give them a try.

unclerico--my understanding is that Etherchannel / link aggregation is for increasing uplink speed by "aggregating" ports together, is that correct? Did you mention that as something that I may want to do after the vlans are up, or as part of this solution?

Thanks

 

[unclerico]

Well it may be easiest to implement it now, but if all you want to do is get this bad boy up and running I would save it for another day. Have some planned down time and make the changes.

Another advantage of Etherchannel beyond the load sharing is that if you only have a single "core" switch it will give you an extra link to that switch. If one of the ports in an Etherchannel goes out (cable failure, port failure, etc.) you will have a redundant path to the core without spanning-tree detecting the loss and forcing a topology change. Obviously this won't protect against a total switch failure. If you were running Cisco's all the way around you could enable uplinkfast and it would allow for almost instantaneous failover, but then you'll have a link sitting idle. Anyways, now that I've babbled I will leave...

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[captnops]

Unfortunately, the changes that I made to the linksys did not help (changing the trunk port to general)

I am still not able to connect from anything on the cisco to the linksys or anything connected to it and vicsa versa.

Any other thoughts before I throw the linksys' in the garbage and buy cisco?

Thanks

 

[VinceWhirlwind]

Yes - keep trying!

First, make sure you can ping the IP addresses on the 3560.

Then make sure you have a device on the Linksys in a port with only one VLAN assigned to it (as untagged) with a continuous ping setup to its default GW on the 3560.

Configure all ports as Spanning-tree rapid/faststart but anyway every time you change something, wait at least 30s before concluding it hasn't worked.

Muck around with the "Switchport mode..." line on the 3560 downlink port, and the VLAN tagging config on the Linksys uplink port. Try every combination of config, methodically.

VLAN config in a multi-vendor environment can often take some serious trial-and-error before you figure out the exact combination of config to make it work.

 

[captnops]

VinceWhirlwind, thank you for the information and encouragement.

It was my understanding that a port in the linksys with a pc attached needed to be tagged and a member of all the vlans in order for the pc to talk to vlans outside of its address subnet. Is this not true?

I have opened a case with cisco to determine what the problem could be and hopefully they can shed some light on the problem.

I have searched google and read results until my eyes have bled and I am still no closer to the answer. Are you sure I shouldnt throw the linksys out the window....i know it wont solve the problem, but there is something to be said for peace in defeat!!!

Thanks again