Question

Trunk ports, VLANs, Catalyst 3750, Layer 2 problems

Asked by: theB0FH

Hi All
This is driving me mad at the moment and it should be very easy!

I've got 3 switches (Cisco Catalyst 3750 with ADVIPSERVICESK):
3750-HQ1 with 3750-HQ2 and 3750-3 connected to it via dot1q trunk ports.

On 3750-HQ1 I have an interface called VLAN99 with IP address 10.0.0.241
On 3750-HQ2 I have an interface called VLAN99 with IP address 10.0.0.242
On 3750-3 I have an interface called VLAN99 with IP address 10.0.0.243

I can ping 10.0.0.242 from 3750-HQ1 and vice versa, but we cannot get any pings from/to 3750-3 on VLAN99.

Please have a look at the three config files attached and see if there's anything blindingly obvious that I'm obviously too blind to see?

I've been banging my head against this all day!

Thanks!

This Question has been solved and asker verified All Experts Exchange premium technology solutions are available to subscription members.

Subscribe now for full access to Experts Exchange and get

Instant Access to this Solution

  • Plus...
  • 30 Day FREE access, no risk, no obligation
  • Collaborate with the world's top tech experts
  • Unlimited access to our exclusive solution database
  • Never be left without tech help again

Subscribe Now

Asked On
2009-05-01 at 10:29:13ID24373218
Tags

Trunk

,

Cisco

,

catalyst

,

3750

,

dot1q

,

vlan tagging

,

layer 2

,

LAN

Topics

Network Switches & Hubs

,

Network Design & Methodology

,

Network Operations

,

Miscellaneous Networking

,

Networking Hardware

Participating Experts
4
Points
500
Comments
31

Trusted by hundreds of thousands everyday for fast, accurate and reliable tech support.

  • "The time we save is the biggest benefit of Experts Exchange to Warner Bros. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange." Mike Kapnisakis, Warner Bros.
  • "Our team likes having a resource that is more secure than just using Google and most experts using this service really know their stuff. It's nice to look here first versus using Google." Dayna Sellner, Lockheed Martin
  • "Anytime that I've been stumped with a problem, 9 out of 10 times Experts Exchange has either the accepted solution or an open discussion of the potential solution to the problem." Kenny Red, eBay Inc.

See what Experts Exchange can do for you.

Got a question?

We've got the answer.

Experts Exchange has been collecting answers to technology questions since 1996…3 million and counting! If you have a question, chances are we already have your answer.

Screenshot of Experts Exchange Knowledgebase

Need individual assistance?

Our experts are ready to help.

If you can't find the exact answer you're looking for, ask our exclusive community of 50,000 experts. You’ll get a personalized answer from a trusted professional.

Screenshot of Experts Exchange Knowledgebase

Want to learn from the best?

Read articles from industry experts.

Thousands of free tech tips, tricks, how-to’s and tutorials are available in our peer reviewed articles section. See for yourself how smart our experts are, no login required.

Screenshot of an Article

Working on a long term project?

Store your work and research.

Save solutions to your questions, answers you’ve discovered through searching plus helpful articles in your personal knowledgebase for easy future access.

Screenshot of Experts Exchange Knowledgebase

Access the answers to your technology questions today.

Subscribe Now

30-day free trial. Register in 60 seconds.

What Makes Experts Exchange Unique?

Members of the expert community talk about why the experience at Experts Exchange is different than what you will find anywhere else.

Trusted by the world's most respected brands.

image of each brand's logo

Faithfully serving IT professionals since 1996.

Experts Exchange Logo

Try it out and discover for yourself.

Subscribe Now

30-day free trial. Register in 60 seconds.

Related Solutions

  1. Vlan and Trunk
    How to configure Trunk for VLAN, in order for VLAN talk to each other on Cisco Catalyst Multilayer 3550-48 switch, The following is the vlan diagram, Port VLAN VLAN IP Address ------ ------------- ----------------- 39-48 VLAN 1 -De...
  2. vlan-trunking
    Hi, When doing trunking between two switches how do we allocate the ips? Say if vlan 1 in one switch has x.x.x.5 and same vlan 1 on another switch should have x.x.x.6? am i correct to say that? further what is the purpose of having two same vlans in two switches with diffe...
  3. Vlan Trunking
    Hi, If I implement vlan tranking between 2 Switches, and I send data from one vlan to another do the VLAN name have to match on both switches. as I understand the trunk will carry data for all Vlans and once the data is received at the far end of the trunk it will strip th...
  4. Trunking
    Hi, I need some explanation on trunking. My setup has 6509 connected to 2 X cat 4006 switches. p01 ,p02 are enabled for trunking.And module 4/25,4/29,4/31 are enable for 802.1q trunks. Similiarly some ports modules 6,7,9 are all enabled for trunking From show trunk interf...

Free Tech Articles

  1. WARNING: 5 Reasons why you should NEVER fix a computer for free.
    It is in our nature to love the puzzle. We are obsessed. The lot of us. We love puzzles. We love the challenge. We thrive on finding the answer. We hate disarray. It bothers us deep in our soul. W...
  2. SCCM OSD Basic troubleshooting
    SCCM 2007 OSD is a fantastic way to deploy operating systems, however, like most things SCCM issues can sometimes be difficult to resolve due to the sheer volume of logs to sift through and the dispe...
  3. Migrate Small Business Server 2003 to Exchange 2010 and Windows 2008 R2
    This guide is intended to provide step by step instructions on how to migrate from Small Business Server 2003 to Windows 2008 R2 with Exchange 2010. For this migration to work you will need the fo...
  4. Create a Win7 Gadget
    This article shows you how to create a simple "Gadget" -- a sort of mini-application supported by Windows 7 and Vista. Gadgets can be dropped anywhere on the desktop to provide instant information, ...
  5. Outlook continually prompting for username and password
    There have been a lot of questions recently regarding Outlook prompting for a username and password whilst using Exchange 2007. There are a few reasons why this would happen and I will try to cover t...
  6. Backup Exchange 2010 Information Store using Windows Backup
    There seems to be quite a lot of confusion around the ability to backup Exchange 2010 using the built in Windows Backup feature. This stems from the omission of this feature prior to Exchange 2007 s...

Cloud Class Webinars

  1. Avoiding Bugs in Microsoft Access
    Alison Balter takes and in-depth look at avoiding bugs in Access. In this webinar you will learn about using the immediate window to debug your applications, invoking the debugger, using breakpoints to troubleshoot, stepping through code, setting the next statement to execute, ...
  2. Top 10 Best New Features in Visio 2010
    Scott Helmers gives live demonstrations of the top 10 new features in Visio 2010. This webinar will teach you how to create compelling diagrams by adding shapes to the page with a single click, linking the shapes in a diagram to data in Excel (or SQL Server, or SharePoint), ...
  3. IT Consultant Business Secrets Revealed
    Michael Munger, Experts Exchange tech pro and IT consultant, pulls back the curtain on his very successful businesses and answers question on every IT consultant and business owner should know about. He shares secrets on what he did to solve the 5 most common problems in IT, ...
  4. Disaster Recovery and Business Continuity
    Quest CTO, Mike Billon, gives an overview of the steps involved in building a dunamic disaster recovery plan. Through case studies and an examination of software/hardware tooles for monitoring and testing, you'll gain a better understandin of where you are, where you want ...
  5. Organize Your Visio Diagrams with Containers and Lists
    Scott Helmers uses cross functional flowcharts, wireframe diagrams, data graphic legends and seating charts to teach you: how to ustilize all three new structured diagram components in Visio 2010, the best practices for organizeing shapes in previous version of Visio, how to organize ...
  6. How to Us Objects, Properties, Events and Methods in Microsoft Access
    Alison Dalter gives an in-depbth look at objects, properties, events and methods in Microsoft Access. In this webinar you will learn about using the object browser, referring to objects, working with properties and methods, working with object variables, understanding the ...

Join the Community

Give a Little. Get a Lot.

Join the community of experts here and help other tech pros by answering question in your area of expertise. You can earn FREE access to all Experts Exchange's premium features and resources.

Join the Community

Answers

 

by: donjohnstonPosted on 2009-05-01 at 12:17:03ID: 24282595

I'm guessing that you don't have a trunk port on HQ2 going to HQ3. I can't say for sure since you don't specify which ports are used to connect HQ2 to HQ3.

 

by: JitparPosted on 2009-05-01 at 13:01:31ID: 24282930

Try logging into all the switches and check the output using

show interfaces trunk

With this output you shall know how many trunk links are formed between switches.

From the text files you attached, I observed that there wasnt any trunk link specified from hq 2  to switch 3750-3

You might have to configure a trunk .between  hq 2  and switch 3750-3.

That should take care of it.

 

by: DonbooPosted on 2009-05-01 at 16:03:21ID: 24283990

Issue "sh vlan" and check that vlan 99 is on switch 3, it will be listed as active.

if not issue

vlan 99
exit

 

by: theB0FHPosted on 2009-05-03 at 15:09:21ID: 24291466

Hi guys

Thanks for the comments. I'll be able to run a few commands on Tuesday. In the meantime, some more info. I'm also fairly certain (from memory) that VLAN 99 does exist on HQ3 - but I'll confirm on Tuesday.

I should have explained a bit better how these switches are connected. Imagine HQ1 as the "core" switch. HQ2 is hanging off port 1/0/24 and HQ3 is hanging of port 1/0/10. There is no direct link between HQ2 and HQ3.

On HQ1:  
Port 1/0/10:
 interface GigabitEthernet1/0/10
  description xxxxx connection to xxxx 90Mbps Max
  switchport trunk encapsulation dot1q
  switchport mode trunk
  speed 100
  duplex full

Port 1/0/24:
 interface GigabitEthernet1/0/24
  description Downlink to CAT-3750-HQ2
  switchport trunk encapsulation dot1q
  switchport mode trunk
  duplex full


Also what I didnt mention is that I can successfully ping on VLAN99 bwteen HQ1 and HQ2 - it's just 3 that's not working as it should.

Thanks
TB

 

by: donjohnstonPosted on 2009-05-03 at 15:24:56ID: 24291507

Please post the output of  "show int status" and "show int trunk" for HQ and Switch 3.

 

by: theB0FHPosted on 2009-05-05 at 02:27:28ID: 24302770

Hi donjohnston

Below is the output of your commands

Thanks
TB

Switch 1:
CAT-3750-HQ1#sh int status
 
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/2                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/3                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/4                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/5                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/6                      connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/7                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/8                      connected    99         a-half  a-100 10/100/1000BaseTX
Gi1/0/9                      connected    60         a-half   a-10 10/100/1000BaseTX
Gi1/0/10  PowerWAN connectio connected    trunk        full    100 10/100/1000BaseTX
Gi1/0/11                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/12                     connected    20         a-full a-1000 10/100/1000BaseTX
Gi1/0/13  Netgear 16 Port Sw connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/14                     connected    30         a-full  a-100 10/100/1000BaseTX
Gi1/0/15                     connected    30         a-full a-1000 10/100/1000BaseTX
Gi1/0/16                     connected    40         a-full a-1000 10/100/1000BaseTX
Gi1/0/17                     connected    40         a-full a-1000 10/100/1000BaseTX
Gi1/0/18                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/19                     connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/20                     connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/21                     connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/22                     connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/23                     connected    60           full     10 10/100/1000BaseTX
Gi1/0/24  Downlink to 3750-H connected    trunk        full a-1000 10/100/1000BaseTX
CAT-3750-HQ1#
CAT-3750-HQ1#sh int trunk
 
Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/10    on           802.1q         trunking      1
Gi1/0/24    on           802.1q         trunking      1
 
Port        Vlans allowed on trunk
Gi1/0/10    1-4094
Gi1/0/24    1-4094
 
Port        Vlans allowed and active in management domain
Gi1/0/10    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
Gi1/0/24    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
 
Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/10    1,73,81-83,99
Gi1/0/24    1,99
CAT-3750-HQ1#
 
Switch 3:
CAT-3750-3#sh int status
 
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/11  Fibre Pair 1       connected    81           full   1000 10/100/1000BaseTX
Gi1/0/12  Fibre Pair 2       connected    82           full   1000 10/100/1000BaseTX
Gi1/0/13  Fibre Pair 3       connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/14  Fibre Pair 4       connected    83           full   1000 10/100/1000BaseTX
Gi1/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/17  Comms room south u connected    81         a-full  a-100 10/100/1000BaseTX
Gi1/0/18                     connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/20                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/23  ASA5505            connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/24  Exponential-E VPLS connected    trunk        full    100 10/100/1000BaseTX
CAT-3750-3#
CAT-3750-3#show int trunk
 
Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/13    on           802.1q         trunking      1
Gi1/0/24    on           802.1q         trunking      1
 
Port        Vlans allowed on trunk
Gi1/0/13    1,73,99
Gi1/0/24    1-4094
 
Port        Vlans allowed and active in management domain
Gi1/0/13    1,73,99
Gi1/0/24    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
 
Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/13    1,73,99
Gi1/0/24    1,20,30,40,50,60,99
CAT-3750-3#
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:

Select allOpen in new window

 

by: donjohnstonPosted on 2009-05-05 at 04:41:34ID: 24303524

Everything looks good there. The only thing left is the VLAN interface itself. Can you post the output of a "show ip int brief".

 

by: theB0FHPosted on 2009-05-05 at 04:49:09ID: 24303587

Hi donjohnston

I've added the output below again for switch 1 and 3.

Cheers

Switch 1:
CAT-3750-HQ1#sh ip int brie
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.30.0.1      YES NVRAM  up                    up      
Vlan20                 172.30.20.1     YES NVRAM  up                    up      
Vlan30                 172.30.30.1     YES NVRAM  up                    up      
Vlan40                 172.30.40.1     YES NVRAM  up                    up      
Vlan50                 172.30.50.1     YES NVRAM  up                    up      
Vlan60                 172.30.60.1     YES NVRAM  up                    up      
Vlan99                 10.0.0.241      YES manual up                    up      
GigabitEthernet1/0/1   unassigned      YES unset  up                    up      
GigabitEthernet1/0/2   unassigned      YES unset  up                    up      
GigabitEthernet1/0/3   unassigned      YES unset  up                    up      
GigabitEthernet1/0/4   unassigned      YES unset  up                    up      
GigabitEthernet1/0/5   unassigned      YES unset  up                    up      
GigabitEthernet1/0/6   unassigned      YES unset  up                    up      
GigabitEthernet1/0/7   unassigned      YES unset  up                    up      
GigabitEthernet1/0/8   unassigned      YES unset  up                    up      
GigabitEthernet1/0/9   unassigned      YES unset  up                    up      
GigabitEthernet1/0/10  unassigned      YES unset  up                    up      
GigabitEthernet1/0/11  unassigned      YES unset  up                    up      
GigabitEthernet1/0/12  unassigned      YES unset  up                    up      
GigabitEthernet1/0/13  unassigned      YES unset  up                    up      
GigabitEthernet1/0/14  unassigned      YES unset  up                    up      
GigabitEthernet1/0/15  unassigned      YES unset  up                    up      
GigabitEthernet1/0/16  unassigned      YES unset  up                    up      
GigabitEthernet1/0/17  unassigned      YES unset  up                    up      
GigabitEthernet1/0/18  unassigned      YES unset  up                    up      
GigabitEthernet1/0/19  unassigned      YES unset  up                    up      
GigabitEthernet1/0/20  unassigned      YES unset  up                    up      
GigabitEthernet1/0/21  unassigned      YES unset  up                    up      
GigabitEthernet1/0/22  unassigned      YES unset  up                    up      
GigabitEthernet1/0/23  unassigned      YES unset  up                    up      
GigabitEthernet1/0/24  unassigned      YES unset  up                    up      
CAT-3750-HQ1#
 
 
Switch 3:
CAT-3750-3#sh ip int brie
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.30.0.3      YES NVRAM  up                    up      
Vlan71                 172.30.71.1     YES NVRAM  down                  down    
Vlan72                 172.30.72.1     YES NVRAM  down                  down    
Vlan73                 172.30.73.1     YES NVRAM  up                    up      
Vlan81                 172.30.81.1     YES NVRAM  up                    up      
Vlan82                 172.30.82.1     YES NVRAM  up                    up      
Vlan83                 172.30.83.1     YES NVRAM  up                    up      
Vlan99                 10.0.0.243      YES manual up                    up      
GigabitEthernet1/0/1   unassigned      YES unset  down                  down    
GigabitEthernet1/0/2   unassigned      YES unset  down                  down    
GigabitEthernet1/0/3   unassigned      YES unset  down                  down    
GigabitEthernet1/0/4   unassigned      YES unset  down                  down    
GigabitEthernet1/0/5   unassigned      YES unset  down                  down    
GigabitEthernet1/0/6   unassigned      YES unset  down                  down    
GigabitEthernet1/0/7   unassigned      YES unset  down                  down    
GigabitEthernet1/0/8   unassigned      YES unset  down                  down    
GigabitEthernet1/0/9   unassigned      YES unset  down                  down    
GigabitEthernet1/0/10  unassigned      YES unset  down                  down    
GigabitEthernet1/0/11  unassigned      YES unset  up                    up      
GigabitEthernet1/0/12  unassigned      YES unset  up                    up      
GigabitEthernet1/0/13  unassigned      YES unset  up                    up      
GigabitEthernet1/0/14  unassigned      YES unset  up                    up      
GigabitEthernet1/0/15  unassigned      YES unset  down                  down    
GigabitEthernet1/0/16  unassigned      YES unset  down                  down    
GigabitEthernet1/0/17  unassigned      YES unset  up                    up      
GigabitEthernet1/0/18  unassigned      YES unset  up                    up      
GigabitEthernet1/0/19  unassigned      YES unset  down                  down    
GigabitEthernet1/0/20  unassigned      YES unset  up                    up      
GigabitEthernet1/0/21  unassigned      YES unset  down                  down    
GigabitEthernet1/0/22  unassigned      YES unset  down                  down    
GigabitEthernet1/0/23  unassigned      YES unset  up                    up      
GigabitEthernet1/0/24  unassigned      YES unset  up                    up      
CAT-3750-3#
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:

Select allOpen in new window

 

by: donjohnstonPosted on 2009-05-05 at 04:54:14ID: 24303623

Once again, everything looks correct. Can you ping the VLAN 1 interface on Switch 3 from the HQ switch?

 

by: theB0FHPosted on 2009-05-05 at 06:01:23ID: 24304179

Pings on VLAN 1 are OK between all switches:

Thanks

CAT-3750-HQ1#ping 172.30.0.3 (CAT-3750-3)
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
CAT-3750-HQ1#
                                              
1:
2:
3:
4:
5:
6:
7:

Select allOpen in new window

 

by: theB0FHPosted on 2009-05-05 at 06:25:09ID: 24304377

I've also done sh vtp status...

Switch 1:
CAT-3750-HQ1#sh vtp stat
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3 
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.1 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-HQ1#
 
Switch 2:
CAT-3750-HQ2#sh vtp status
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.2 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-HQ2#
 
Switch 3:
CAT-3750-3#sh vtp status
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.3 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-3#
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:

Select allOpen in new window

 

by: donjohnstonPosted on 2009-05-05 at 06:27:34ID: 24304404

Then you've probably got a duplicate IP address (10.0.0.243) or a bad entry in the arp cache.

Once you verify there is no other 10.0.0.243 device, check the arp cache of the Switches and see if there's an entry for the other VLAN99 address and that the MAC is correct.

 

by: theB0FHPosted on 2009-05-05 at 08:14:09ID: 24305614

OK, I've change VLAN 99 interface IP address on switch 3 to 10.0.0.175 in case there was a conflict. This didn't fix it. I've then done a "clear arp" on all the switches and then did a "show arp | incl 10.0".

On Switch 1 and 2 it's all fine (I see entries from each of these on each other), but on Switch 3 there's some wierdness. Look at the mac address for 10.0.0.1 - can this point to something else that's wrong?

Thanks

Switch 1:
CAT-3750-HQ1#sh arp | incl 10.0.
Internet  10.0.0.1                0   000f.b5d6.18d8  ARPA   Vlan99
Internet  10.0.0.242             78   0016.9df2.d7c1  ARPA   Vlan99
Internet  10.0.0.241              -   0016.9df2.bfc6  ARPA   Vlan99
CAT-3750-HQ1#
 
Switch 2:
CAT-3750-HQ2#sh arp | incl 10.0
Internet  10.0.0.1                0   000f.b5d6.18d8  ARPA   Vlan99
Internet  10.0.0.76               0   0023.6c91.fa0d  ARPA   Vlan99
Internet  10.0.0.242              -   0016.9df2.d7c1  ARPA   Vlan99
Internet  10.0.0.241              0   0016.9df2.bfc6  ARPA   Vlan99
CAT-3750-HQ2#
 
Switch 3:
CAT-3750-3#sh arp | incl 10.0.
Internet  10.0.0.1                0   Incomplete      ARPA
Internet  10.0.0.175              -   001e.be77.6047  ARPA   Vlan99
CAT-3750-3#
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:

Select allOpen in new window

 

by: theB0FHPosted on 2009-05-05 at 08:19:31ID: 24305681

another note:

I've removed the "ip helper ..." line from Vlan 99 on Switch 3 - this gets rid of the "Incomplete" Arp entry, but this solves nothing - Switch 2 | Vlan 99 is configured in the same way and that works OK...

Is there some way to trace traffic or something?

Thanks

 

by: giltjrPosted on 2009-05-08 at 04:53:35ID: 24335090

If you have a free port on both switches set them up a mirror ports and run a packet capture to verify that each switch is putting VLAN 99 traffic outbound on the appropriate interface.

Oh, the incomplete on the arp entry for 10.0.0.1 just means that it sent out the arp request and it never got a response.  Which is just another indication that something weird is going on with VLAN 99.

 

by: donjohnstonPosted on 2009-05-08 at 04:58:45ID: 24335124

Just so something else hasn't happened that's adding a symptom, please post the current configs of HQ and Switch 3.

 

by: theB0FHPosted on 2009-05-08 at 05:05:18ID: 24335162

Switch CAT-3750-HQ1's config below

CAT-3750-HQ1#sh run
Building configuration...
 
Current configuration : 16380 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CAT-3750-HQ1
!
no logging console
enable secret 5 $1$yhwh$xxxxxxxxxxxxxx/
!
username admin secret 5 $1$xxxxxxxxxxxxxxxx
aaa new-model
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3750g-24t
ip subnet-zero
ip routing
ip domain-name domain.local
ip name-server 172.30.6.111
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport mode access
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport access vlan 99
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet1/0/10
 description DOWNLINK TO CAT-3750-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface GigabitEthernet1/0/11
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/13
 description Netgear 16 Port Switch
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/14
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/15
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport access vlan 40
 switchport mode access
!
interface GigabitEthernet1/0/17
 switchport access vlan 40
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport access vlan 60
 switchport mode access
 speed 10
 duplex full
!
interface GigabitEthernet1/0/24
 description Downlink to CAT-3750-HQ2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex full
!
interface Vlan1
 description SERVERS
 ip address 172.30.0.1 255.255.248.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN1
!
interface Vlan20
 description WEB_SERVERS
 ip address 172.30.20.1 255.255.252.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY
!
interface Vlan30
 description GROUN_FLOOR
 ip address 172.30.30.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN30
!
interface Vlan40
 ip address 172.30.40.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan50
 ip address 172.30.50.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN50
!
interface Vlan60
 ip address 172.30.60.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN60
!
interface Vlan99
 description WIFI Visitors Guest Access
 ip address 10.0.0.241 255.255.255.0
 ip helper-address 10.0.0.1
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router eigrp 1
 network 172.30.0.0
 no auto-summary
!
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip route 0.0.0.0 0.0.0.0 172.30.7.2
no ip http server
no ip http secure-server
!
!
ip access-list standard SSH-ALLOWED
 permit 172.30.0.0 0.0.255.255
 deny   any log
!
ip access-list extended ASA_7_11_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.30.101 any
ip access-list extended ASA_7_4_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA_7_5_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.3.9 any
 permit ip host 172.30.3.8 any
 permit ip host 172.30.6.30 host 85.90.255.205
 permit ip host 172.30.3.5 any
 permit ip host 172.30.3.100 any
 permit ip host 172.30.3.1 any
 permit ip host 172.30.3.3 any
 permit ip host 172.30.3.10 any
 permit ip host 172.30.1.6 any
 permit ip host 172.30.6.9 any
ip access-list extended ASA_7_5_VLAN20
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_11
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.20.4 any
 permit ip host 172.30.20.5 any
 permit ip host 172.30.20.6 any
 permit ip host 172.30.20.7 any
 permit ip host 172.30.20.8 any
 permit ip host 172.30.20.9 any
 permit ip host 172.30.20.10 any
 permit ip host 172.30.20.11 any
 permit ip host 172.30.20.12 any
 permit ip host 172.30.20.13 any
 permit ip host 172.30.20.14 any
 permit ip host 172.30.20.15 any
 permit ip host 172.30.20.16 any
 permit ip host 172.30.20.17 any
 permit ip host 172.30.20.18 any
 permit ip host 172.30.20.19 any
 permit ip host 172.30.20.20 any
 permit ip host 172.30.20.21 any
 permit ip host 172.30.20.22 any
 permit ip host 172.30.20.23 any
 permit ip host 172.30.20.24 any
 permit ip host 172.30.20.25 any
 permit ip host 172.30.20.26 any
 permit ip host 172.30.20.76 any
 permit ip host 172.30.20.77 any
 permit ip host 172.30.20.78 any
 permit ip host 172.30.20.86 any
 permit ip host 172.30.20.87 any
 permit ip host 172.30.20.88 any
 permit ip host 172.30.20.89 any
 permit ip host 172.30.20.90 any
 permit ip host 172.30.20.91 any
 permit ip host 172.30.20.92 any
 permit ip host 172.30.20.93 any
 permit ip host 172.30.20.94 any
 permit ip host 172.30.20.95 any
 permit ip host 172.30.20.96 any
 permit ip host 172.30.20.97 any
 permit ip host 172.30.20.98 any
 permit ip host 172.30.20.99 any
 permit ip host 172.30.20.100 any
 permit ip host 172.30.20.101 any
 permit ip host 172.30.20.105 any
 permit ip host 172.30.20.106 any
 permit ip host 172.30.20.107 any
 permit ip host 172.30.20.108 any
 permit ip host 172.30.20.109 any
 permit ip host 172.30.20.110 any
 permit ip host 172.30.20.121 any
 permit ip host 172.30.20.124 any
 permit ip host 172.30.20.131 any
 permit ip host 172.30.20.123 any
 permit ip host 172.30.20.127 any
 permit ip host 172.30.20.81 any
 permit ip host 172.30.20.102 any
 permit ip host 172.30.20.103 any
 permit ip host 172.30.20.104 any
 permit ip host 172.30.20.128 any
 permit ip host 172.30.20.129 any
ip access-list extended PIX_7_11_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.6.60 any
 permit ip host 172.30.6.61 any
 permit ip host 172.30.6.25 any
 permit ip host 172.30.6.6 any
 permit ip host 172.30.7.205 any
 permit ip host 172.30.6.5 any
 permit ip host 172.30.5.203 any
 permit ip host 172.30.6.109 any
 permit ip host 172.30.0.7 any
 permit ip host 172.30.6.62 any
 permit ip host 172.30.1.205 any
 permit ip host 172.30.6.111 any
 permit ip host 172.30.0.70 any
 permit ip host 172.30.0.250 any
 permit ip host 172.30.1.243 any
 permit ip host 172.30.1.241 any
 permit ip host 172.30.0.34 any
 permit ip host 172.30.0.56 any
 permit ip host 172.30.0.58 any
 permit ip host 172.30.0.32 any
 permit ip host 172.30.0.57 any
 permit ip host 172.30.6.63 any
 permit ip host 172.30.2.101 any
 permit ip host 172.30.6.37 any
 permit ip host 172.30.6.110 any
 permit ip host 172.30.6.39 any
 permit ip host 172.30.3.4 any
 permit ip host 172.30.7.150 any
 permit ip host 172.30.6.31 any
 permit ip host 172.30.0.90 any
 permit ip host 172.30.0.91 any
 permit ip host 172.30.0.92 any
 permit ip host 172.30.6.14 any
 permit ip host 172.30.2.31 any
 permit ip host 172.30.0.16 any
 permit ip host 172.30.6.45 any
 permit ip host 172.30.6.53 any
ip access-list extended PIX_7_11_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 host 83.244.211.99
 permit ip host 172.30.30.100 any
 permit ip host 172.30.30.28 any
ip access-list extended PIX_7_11_VLAN60
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_11_VLAN_1
 permit ip host 172.30.6.45 any
ip access-list extended PIX_7_1_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_2_VLAN50
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.50.27 any
ip access-list extended PIX_7_3_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.30.100 any
ip access-list extended SONICWALL_7_1
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.20.2 any
 permit ip host 172.30.20.3 any
 permit ip host 172.30.20.27 any
 permit ip host 172.30.20.28 any
 permit ip host 172.30.20.29 any
 permit ip host 172.30.20.30 any
 permit ip host 172.30.20.31 any
 permit ip host 172.30.20.32 any
 permit ip host 172.30.20.33 any
 permit ip host 172.30.20.34 any
 permit ip host 172.30.20.35 any
 permit ip host 172.30.20.36 any
 permit ip host 172.30.20.37 any
 permit ip host 172.30.20.38 any
 permit ip host 172.30.20.39 any
 permit ip host 172.30.20.40 any
 permit ip host 172.30.20.41 any
 permit ip host 172.30.20.42 any
 permit ip host 172.30.20.43 any
 permit ip host 172.30.20.44 any
 permit ip host 172.30.20.45 any
 permit ip host 172.30.20.46 any
 permit ip host 172.30.20.47 any
 permit ip host 172.30.20.48 any
 permit ip host 172.30.20.49 any
 permit ip host 172.30.20.50 any
 permit ip host 172.30.20.51 any
 permit ip host 172.30.20.52 any
 permit ip host 172.30.20.53 any
 permit ip host 172.30.20.54 any
 permit ip host 172.30.20.55 any
 permit ip host 172.30.20.56 any
 permit ip host 172.30.20.57 any
 permit ip host 172.30.20.58 any
 permit ip host 172.30.20.59 any
 permit ip host 172.30.20.60 any
 permit ip host 172.30.20.61 any
 permit ip host 172.30.20.62 any
 permit ip host 172.30.20.63 any
 permit ip host 172.30.20.64 any
 permit ip host 172.30.20.65 any
 permit ip host 172.30.20.66 any
 permit ip host 172.30.20.67 any
 permit ip host 172.30.20.68 any
 permit ip host 172.30.20.69 any
 permit ip host 172.30.20.70 any
 permit ip host 172.30.20.71 any
 permit ip host 172.30.20.72 any
 permit ip host 172.30.20.73 any
 permit ip host 172.30.20.74 any
 permit ip host 172.30.20.79 any
 permit ip host 172.30.20.80 any
 permit ip host 172.30.20.82 any
 permit ip host 172.30.20.83 any
 permit ip host 172.30.20.84 any
 permit ip host 172.30.20.85 any
 permit ip host 172.30.20.102 any
 permit ip host 172.30.20.103 any
 permit ip host 172.30.20.104 any
ip access-list extended SONICWALL_7_1_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.6.11 any
 permit ip host 172.30.0.245 any
 permit ip host 172.30.0.248 any
 permit ip host 172.30.0.252 any
 permit ip host 172.30.6.26 any
 permit ip host 172.30.4.10 any
 permit ip host 172.30.4.11 any
 permit ip host 172.30.4.12 any
ip access-list extended SONICWALL_7_1_VLAN60
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
!
logging trap debugging
logging facility local6
logging 172.30.30.101
route-map GATEWAY_VLAN30 permit 10
 match ip address PIX_7_1_VLAN30
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN30 permit 20
 match ip address PIX_7_11_VLAN30
 set ip next-hop 172.30.7.5
!
route-map GATEWAY_VLAN30 permit 30
 match ip address ASA_7_11_VLAN30
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN60 permit 10
 match ip address SONICWALL_7_1_VLAN60
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN60 permit 20
 match ip address PIX_7_11_VLAN60
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN50 permit 10
 match ip address PIX_7_2_VLAN50
 set ip next-hop 172.30.7.2
!
route-map GATEWAY_VLAN1 permit 10
 match ip address SONICWALL_7_1_VLAN1
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN1 permit 20
 match ip address PIX_7_11_VLAN1
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN1 permit 30
 match ip address ASA_7_5_VLAN1
 set ip next-hop 172.30.7.5
!
route-map GATEWAY permit 10
 match ip address SONICWALL_7_1
 set ip next-hop 172.30.7.1
!
route-map GATEWAY permit 20
 match ip address PIX_7_11
 set ip next-hop 172.30.7.11
!
route-map GATEWAY permit 30
 match ip address ASA_7_5_VLAN20
 set ip next-hop 172.30.7.5
!
snmp-server community d4t4Select RO
snmp-server enable traps snmp authentication linkdown linkup coldstart
radius-server source-ports 1645-1646
!
control-plane
!
banner login ^CCC Private Property - All access is logged Unauthorised entry is prohibited^C
alias exec sr sh run
alias exec ct conf t
alias exec sip sh ip protocols
alias exec sir sh ip route
alias exec sim sh ip mroute
alias exec sib sh ip int brief
alias exec sv sh vlan brief
!
line con 0
 exec-timeout 15 0
 logging synchronous
line vty 0 4
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
line vty 5 15
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
!
end
 
CAT-3750-HQ1#  

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:
413:
414:
415:
416:
417:
418:
419:
420:
421:
422:
423:
424:
425:
426:
427:
428:
429:
430:
431:
432:
433:
434:
435:
436:
437:
438:
439:
440:
441:
442:
443:
444:
445:
446:
447:
448:
449:
450:
451:
452:
453:
454:
455:
456:
457:
458:
459:
460:
461:
462:
463:
464:
465:
466:
467:
468:
469:
470:
471:
472:
473:
474:
475:
476:
477:
478:
479:
480:
481:
482:
483:
484:
485:
486:
487:
488:
489:
490:
491:
492:
493:
494:
495:
496:
497:
498:
499:
500:
501:
502:
503:
504:
505:
506:
507:
508:
509:
510:
511:
512:
513:
514:
515:
516:
517:
518:
519:
520:
521:
522:
523:
524:
525:
526:
527:
528:
529:
530:
531:
532:
533:
534:

Select allOpen in new window

 

by: theB0FHPosted on 2009-05-08 at 05:08:12ID: 24335176

Switch CAT-3750-3's config below.

CAT-3750-3#sh run
Building configuration...
 
Current configuration : 6276 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service linenumber
!
hostname CAT-3750-3
!
enable secret 5 $1$ocZl$xxxxxxxxxxxxxxxxxxxxx.
!
username admin secret 5 $1xxxxxxxxxxGsj.
aaa new-model
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3750g-24t
system mtu routing 1500
ip subnet-zero
ip routing
ip tcp synwait-time 5
no ip domain-lookup
ip domain-name domain.local
!
ip ssh version 2
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport mode access
!         
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport mode access
!
interface GigabitEthernet1/0/11
 description Fibre Pair 1
 switchport access vlan 81
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/12
 description Fibre Pair 2
 switchport access vlan 82
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/13
 description Fibre Pair 3
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,73,99
 switchport mode trunk
!
interface GigabitEthernet1/0/14
 description Fibre Pair 4
 switchport access vlan 83
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/15
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport mode access
!
interface GigabitEthernet1/0/17
 description Comms room south unmanaged
 switchport access vlan 81
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport mode access
!
interface GigabitEthernet1/0/23
 description ASA5505
 switchport mode access
!
interface GigabitEthernet1/0/24
 description UPLINK TO CAT-3750-HQ1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface Vlan1
 ip address 172.30.0.3 255.255.248.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan71
 description WIFI network for Guest Access
 ip address 172.30.71.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan72
 description WIFI network for General Domain Use
 ip address 172.30.72.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan73
 description WIFI network for Scanners
 ip address 172.30.73.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan81
 description NORTH and WEST
 ip address 172.30.81.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan82
 description EAST
 ip address 172.30.82.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan83
 description CENTRAL / Production
 ip address 172.30.83.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan99
 description WIFI Visitors Guest Access
 ip address 10.0.0.175 255.255.255.0
!
router eigrp 1
 network 172.30.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.0.1
no ip http server
no ip http secure-server
!
!
ip access-list standard SSH-ALLOWED
 permit 82.133.50.163
 permit 217.20.18.2
 permit 172.30.0.0 0.0.255.255
 permit 10.20.30.0 0.0.0.255
 deny   any log
!
ip access-list extended ASA5505_7_2_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA5505_7_3_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
ip access-list extended ASA5505_7_3_VLAN73
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA5505_7_3_VLAN81
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
ip access-list extended ASA5505_7_3_VLAN83
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
!
route-map GATEWAY_VLAN73 permit 10
 match ip address ASA5505_7_3_VLAN73
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN83 permit 10
 match ip address ASA5505_7_3_VLAN83
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN81 permit 10
 match ip address ASA5505_7_3_VLAN81
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN1 permit 10
 match ip address ASA5505_7_3_VLAN1
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN1 permit 20
 match ip address ASA5505_7_2_VLAN1
 set ip next-hop 172.30.7.2
!
snmp-server community d4t4Select RO
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps license
radius-server source-ports 1645-1646
!
control-plane
!
banner login ^CCCC Private Property - All access is logged Unauthorised entry is prohibited^C
alias exec sr sh run
alias exec ct conf t
alias exec sip sh ip protocols
alias exec sir sh ip route
alias exec sim sh ip mroute
alias exec sib sh ip int brief
alias exec sv sh vlan brief
!
line con 0
 exec-timeout 15 0
 logging synchronous
line vty 0 4
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
line vty 5 15
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
!
end
 
CAT-3750-3#     

                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:

Select allOpen in new window

 

by: giltjrPosted on 2009-05-08 at 05:25:01ID: 24335277

Real stupid question, can you ping 10.0.0.175 from CAT-3750-3?  That is, can it ping its own VLAN99 IP address?

 

by: theB0FHPosted on 2009-05-08 at 05:28:09ID: 24335298

Fair question!
Yes I can ping the VLAN99 IP address from the switch.
cheers

CAT-3750-3#ping 10.0.0.175
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.175, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
                                              
1:
2:
3:
4:
5:
6:

Select allOpen in new window

 

by: giltjrPosted on 2009-05-08 at 06:38:24ID: 24335873

Do you have any devices that are on CAT-3750-3 that are on VLAN99?

If so can CAT-3750-3 and that device ping each other?

 

by: theB0FHPosted on 2009-05-08 at 07:31:58ID: 24336396

Hi giltjr:
There is a device attached to switch 3 that has the ip address 10.0.0.176. This is the ping output as welll as sh arp.

Thx

CAT-3750-3#ping 10.0.0.176
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.176, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
CAT-3750-3#
CAT-3750-3#
CAT-3750-3#
CAT-3750-3#sh arp | incl 10.0.0
Internet  10.0.0.175              -   001e.be77.6047  ARPA   Vlan99
Internet  10.0.0.176              2   000b.0e5b.f4ef  ARPA   Vlan99
CAT-3750-3#
                                              
1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:

Select allOpen in new window

 

by: giltjrPosted on 2009-05-08 at 08:03:48ID: 24336753

Um, well we had a similar issue a couple of weeks ago with a 4507.  End the end we configured the trunk port to all all VLAN's, then changed it back to just limiting the VLANs we wanted and then all of sudden it started to work.

So on CAT-3750-3 you may want to change interface GigabitEthernet1/0/13 to that it allows all VLAN's.  Check and see if the pings start to flow, then go back and only allow the VLANs you want.
 

 

by: theB0FHPosted on 2009-05-08 at 08:19:25ID: 24336910

hi giltjr

Thanks for the comment. I'll have to try that outside office hours as that's one crucial port! I'll hopefully do it later tonight, but more like sometime over the weekend. I'll post back as soon as I have any results.

cheers and have  agood weekend
TB

 

by: theB0FHPosted on 2009-05-11 at 00:54:58ID: 24352295

I've not been able to get alone-time on the switch. I'll try soon though. Thx

 

by: theB0FHPosted on 2009-05-14 at 02:14:44ID: 24382922

Hi guys (admins included)

I need to put this on hold, but I don't want to close the issue. Problem is I cannot really modify the config of this switch (specifically port 1/0/13) at the moment as it is critical not to have any downtime at the moment.

Can we just leave this call open or should it be put "on hold" in some way? I don't want to cancel it since someone could still come up with a simple solution while waiting for me to get a window for testing.

And the points are still up for grabs.

Cheers
TB

 

by: theB0FHPosted on 2009-09-19 at 02:39:57ID: 25372239

Quick update:

We've not had time to do the suggested steps, but another thing came to mind - perhaps we should update the software on the switches all to the same level if it's not already. Will have to look at this over the next couple of weeks.

TB

 

by: donjohnstonPosted on 2009-09-19 at 05:11:16ID: 25372652

Before updating software (I've never seen a IOS version cause this particular problem), try rebooting the switch.

 

by: theB0FHPosted on 2009-09-22 at 10:36:31ID: 31576986

Unfortunately I'm going to have to just close this question as I cannot put any time aside to do anything about it anytime soon.

Sorry for the thinly spread points but since there are no clear solutions, what else could I do!

Thanks for the imput guys

20120131-EE-VQP-002

3 Ways to Join

30-Day Free Trial

The Experts

98% positive feedback on 31,087 answers since March 2000. angeliii is a Microsoft Most Valuable Professional for his work with MS SQL Server & Develoment.

He has also proven his knowledge of Visual Basic Programming, PHP Scripting and Oracle Databases.

The Experts

97% positive feedback on 10,752 answers since July 2000. lrmoore has more than 18 years experience in the networking industry.

The six-time Mircosoft MVPs specialties include firewalls, virtual private networking, and network management.

Testimonials

"...and excellent source for support... Kind of like having your very own IT dept." Electriciansnet

Testimonials

"I was apprehensive at signing up at first. However... it has already made my life as an IT administrator much easier." JaCrews

Testimonials

"WOW! You guys have great, active, and knowledgeable people on here." moore50

Business Clients

Business Clients

In the Press

"If you’ve got a question... Experts Exchange can supply an answer.”

In the Press

"...an invaluable aid for both IT professionals and those who require tech support."

In the Press

"where IT professionals provide quick answers on just about any topic"

Business Account Plans

Loading Advertisement...