	[x] Posted via EE Mobile
	Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.

Question

	[x] Attachment Details

[x]

The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

The Grade of the Solution
The Zone Rank of the Expert Providing the Solution
The Number of Author and Expert Comments
The Number of Experts Contributing
The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!

5.0

VLAN problem with remote site on Metro Ethernet

Asked by CityofKerrville in Network Design & Methodology, Network Routers

Tags: VLAN, Cisco, Metro Ethernet

Hello EE,

Many of you have been following my posts pertaining to a major upgrade to Metro Ethernet. Last Thursday evening, we moved forward with 4 of our sites. Everything went very smoothly until we got to SITE D. This is when we ran across what we believe to be a VLAN tag related issue. Here is the rundown of what we did.

SITE A:
We installed a Cisco 2821 router in our main data center. This new router is touching the metro cloud and we assigned the metro port the address 10.10.10.1. Another port on this device is connected back to our existing network infrastructure. Remote sites are to be migrated from the existing network to the fiber one at a time. All routes are good and tested. The Router is up and routing traffic right now.

SITE B:
We installed a Cisco 2811 router in the data center at our Police Station. This router is touching the metro cloud and has an address of 10.10.10.2. The other port on this device is connected to the switches that contain all the users and server on the 192.168.111.0 subnet. Addresses are statically assigned. All routes are good and tested. The Router is up and routing traffic right now.

SITE C:
We installed a Cisco 3560 switch on this site. L2 routing capabilities are enabled. The switch is touching the metro cloud and has an address of 10.10.10.3. There is a VLAN20 interface with the address 192.168.109.1. All the users connected to this switch are assigned to VLAN20, and address are assigned through DHCP. All routes are good and tested.

SITE D:
We installed a Cisco 3560 switch on this site. The switch and the configuration is identical to the switch at SITE C, with the exception of the hostname and the IP addresses. The switch is touching the metro cloud and has an address of 10.10.10.4.

Here is where the problem begins. When I plugged it in and did a few housekeeping procedures (i.e. removed erroneous routes) interface VLAN20 would not come up no matter what I tried. From the switch console i could ping everything on the network, but nobody else could see past the metro port at site D. Here is some of the the step I took to resolve the issue.

blew away the vlan20 interface and started over - NO CHANGE
created a new vlan interface (VLAN220) and assigned the network ip address to that - NO CHANGE
reloaded the config from our TFTP server - NO CHANGE
reloaded the config from the switch at SITE C and changed hostname, ip's, etc - NO CHANGE
replaced with a whole different switch - NO CHANGE

Nothing I did would bring that vlan interface up. Finally our desperation and pure exhaustion, at 11:45, I decided to assigned the network ip to the vlan1 interface and what do you know, all the ports on the switch that were lit up amber all turned green and all the pc's at SITE D started grabbing DHCP. We desided to leave it alone for now and research what went wrong. so my question is this.

Why would the VLAN20 interface not come online?
Did it have something to do with an active VLAN20 running at site C?

An earlier post here suggests that the switches are oblivious to the VLANS on other switches in a setup like this.

What more should I be looking at?
What are the dangers of running traffic on VLAN1?

The hard part is done. Now we need to work out the kinks before we move the other 7 sites over. I have attached a diagram and the configs I want to use for reference.

Get your answer NOW

         
           
             1:
2:
3:
4:
5:
6:
7:
8:
9:
10:
11:
12:
13:
14:
15:
16:
17:
18:
19:
20:
21:
22:
23:
24:
25:
26:
27:
28:
29:
30:
31:
32:
33:
34:
35:
36:
37:
38:
39:
40:
41:
42:
43:
44:
45:
46:
47:
48:
49:
50:
51:
52:
53:
54:
55:
56:
57:
58:
59:
60:
61:
62:
63:
64:
65:
66:
67:
68:
69:
70:
71:
72:
73:
74:
75:
76:
77:
78:
79:
80:
81:
82:
83:
84:
85:
86:
87:
88:
89:
90:
91:
92:
93:
94:
95:
96:
97:
98:
99:
100:
101:
102:
103:
104:
105:
106:
107:
108:
109:
110:
111:
112:
113:
114:
115:
116:
117:
118:
119:
120:
121:
122:
123:
124:
125:
126:
127:
128:
129:
130:
131:
132:
133:
134:
135:
136:
137:
138:
139:
140:
141:
142:
143:
144:
145:
146:
147:
148:
149:
150:
151:
152:
153:
154:
155:
156:
157:
158:
159:
160:
161:
162:
163:
164:
165:
166:
167:
168:
169:
170:
171:
172:
173:
174:
175:
176:
177:
178:
179:
180:
181:
182:
183:
184:
185:
186:
187:
188:
189:
190:
191:
192:
193:
194:
195:
196:
197:
198:
199:
200:
201:
202:
203:
204:
205:
206:
207:
208:
209:
210:
211:
212:
213:
214:
215:
216:
217:
218:
219:
220:
221:
222:
223:
224:
225:
226:
227:
228:
229:
230:
231:
232:
233:
234:
235:
236:
237:
238:
239:
240:
241:
242:
243:
244:
245:
246:
247:
248:
249:
250:
251:
252:
253:
254:
255:
256:
257:
258:
259:
260:
261:
262:
263:
264:
265:
266:
267:
268:
269:
270:
271:
272:
273:
274:
275:
276:
277:
278:
279:
280:
281:
282:
283:
284:
285:
286:
287:
288:
289:
290:
291:
292:
293:
294:
295:
296:
297:
298:
299:
300:
301:
302:
303:
304:
305:
306:
307:
308:
309:
310:
311:
312:
313:
314:
315:
316:
317:
318:
319:
320:
321:
322:
323:
324:
325:
326:
327:
328:
329:
330:
331:
332:
333:
334:
335:
336:
337:
338:
339:
340:
341:
342:
343:
344:
345:
346:
347:
348:
349:
350:
351:
352:
353:
354:
355:
356:
357:
358:
359:
360:
361:
362:
363:
364:
365:
366:
367:
368:
369:
370:
371:
372:
373:
374:
375:
376:
377:
378:
379:
380:
381:
382:
383:
384:
385:
386:
387:
388:
389:
390:
391:
392:
393:
394:
395:
396:
397:
398:
399:
400:
401:
402:
403:
404:
405:
406:
407:
408:
409:
410:
411:
412:

           
           
             ~~~~~~~~~~~~~~~~~~~~~SITE A~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CHR1
!
boot-start-marker
boot system flash:c2800nm-adventerprisek9-mz.124-20.T1.bin
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
enable secret 5 *****
enable password 1*****
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
no ip cef
!
!
no ipv6 cef
!
multilink bundle-name authenticated
!
!
voice-card 0
 no dspfarm
!
!
username netmaster privilege 15 secret 5 *****
archive
 log config
  hidekeys
!
!
interface GigabitEthernet0/0
 description VLAN30 SERVERS
 shutdown
 duplex auto
 speed auto
!
interface GigabitEthernet0/1
 description METRO ETHERNET
 ip address 10.10.10.1 255.255.255.240
 ip helper-address 192.168.101.215
 duplex auto
 speed auto
!
interface FastEthernet0/0/0
 description VLAN10 MGMT-IT
 switchport access vlan 10
!
interface FastEthernet0/0/1
 description ASA 5510 FIREWALL
!
interface FastEthernet0/0/2
 description VLAN20 CITY HALL
 switchport access vlan 20
!
interface Serial0/1/0
 description T1 DIRECT LINK AIRPORT
 ip address 192.168.1.25 255.255.255.248
!
interface FastEthernet0/2/0
 description LINK TO OLD NETWORK
 ip address 192.168.101.5 255.255.255.0
 duplex auto
 speed auto
!
interface Vlan1
 no ip address
!
interface Vlan10
 description MGMT DEVICES CONNECTED TO FE0/0/0
 ip address 192.168.96.1 255.255.255.0
!
interface Vlan20
 description CITY HALL DEVICES CONNECTED TO FE0/0/2
 ip address 192.168.100.1 255.255.255.0
!
router eigrp 1
 network 192.168.96.0
 network 192.168.100.0
 network 192.168.101.0
 network 192.168.1.0
 network 10.10.10.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 FastEthernet0/2/0
ip route 192.168.96.0 255.255.255.0 FastEthernet0/0/0
ip route 192.168.100.0 255.255.255.0 FastEthernet0/0/2
ip route 192.168.101.0 255.255.255.0 GigabitEthernet0/0
ip route 192.168.102.0 255.255.255.0 192.168.101.9
ip route 192.168.103.0 255.255.255.0 192.168.101.9
ip route 192.168.114.0 255.255.255.0 192.168.101.9
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 Serial0/1/0
ip route 192.168.109.0 255.255.255.0 10.10.10.3
ip route 192.168.110.0 255.255.255.0 10.10.10.4
ip route 192.168.111.0 255.255.255.0 10.10.10.2
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.8
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
 login local
line aux 0
line vty 0 4
 access-class 23 in
 privilege level 15
 password *****
 login local
 transport input telnet
line vty 5 15
 access-class 23 in
 privilege level 15
 password *****
 login local
 transport input telnet
!
scheduler allocate 20000 1000
end
 
~~~~~~~~~~~~~~~~~~~~~SITE B~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PDR1
!
boot-start-marker
boot-end-marker
!
enable secret 5 *****
enable password *****
!
no aaa new-model
!
resource policy
!
ip subnet-zero
!
!
no ip cef
!
!
!
!
!
interface FastEthernet0/0
 description VLAN100 traffic from CHR1
 ip address 10.10.10.2 255.255.255.240
 duplex auto
 speed auto
!
interface FastEthernet0/1
 description KPD SWITCH
 ip address 192.168.111.1 255.255.255.0
 duplex half
 speed auto
 no mop enabled
!
router eigrp 1
 network 10.10.10.0
 network 192.168.111.0
 auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.96.0 255.255.255.0 10.10.10.1
ip route 192.168.100.0 255.255.255.0 10.10.10.1
ip route 192.168.101.0 255.255.255.0 10.10.10.1
ip route 192.168.102.0 255.255.255.0 10.10.10.1
ip route 192.168.103.0 255.255.255.0 10.10.10.1
ip route 192.168.114.0 255.255.255.0 10.10.10.1
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 10.10.10.1
ip route 192.168.109.0 255.255.255.0 10.10.10.3
ip route 192.168.110.0 255.255.255.0 10.10.10.4
ip route 192.168.111.0 255.255.255.0 FastEthernet0/1
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.8
no ip http server
no ip http secure-server
!
!
control-plane
!
!
line con 0
line aux 0
line vty 0 4
 password *****
 login
!
scheduler allocate 20000 1000
!
end
 
~~~~~~~~~~~~~~~~~~~~~SITE C~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname COURT
!
enable secret 5 *****
enable password *****
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing 
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
~~~~~~~~INTERFACES TRUNCATED
!
interface FastEthernet0/24
 description VLAN20 traffic from CHR1
 no switchport
 ip address 10.10.10.3 255.255.255.240
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.51 255.255.255.0
!
interface Vlan20
 description COURT
 ip address 192.168.109.1 255.255.255.224
 ip helper-address 192.168.101.215
!
router eigrp 1
 network 10.10.10.0
 network 192.168.96.0
 network 192.168.109.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.96.0 255.255.255.0 10.10.10.1
ip route 192.168.100.0 255.255.255.0 10.10.10.1
ip route 192.168.101.0 255.255.255.0 10.10.10.1
ip route 192.168.102.0 255.255.255.0 10.10.10.1
ip route 192.168.103.0 255.255.255.0 10.10.10.1
ip route 192.168.114.0 255.255.255.0 10.10.10.1
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 10.10.10.1
ip route 192.168.110.0 255.255.255.0 10.10.10.4
ip route 192.168.111.0 255.255.255.0 10.10.10.2
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.8
no ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password *****
 login
line vty 5 15
 password *****
 login
!
end
 
~~~~~~~~~~~~~~~~~~~~~SITE D~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname KSP
!
enable secret 5 *****
enable password *****
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
 switchport mode access
 switchport access vlan 20
 spanning-tree portfast
!
~~~~~~~~~~~~~INTERFACES TRUNCATED
!
interface FastEthernet0/24
 description METRO ETHERNET PORT
 no switchport
 ip address 10.10.10.4 255.255.255.240
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MGMT ACCESS
 ip address 192.168.96.54 255.255.255.0
!
!
interface Vlan20
 description KSP
 ip address 192.168.110.1 255.255.255.224
 ip helper-address 192.168.101.215
!
router eigrp 1
 network 10.10.10.0
 network 192.168.96.0
 network 192.168.110.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
ip route 192.168.96.0 255.255.255.0 10.10.10.1
ip route 192.168.100.0 255.255.255.0 10.10.10.1
ip route 192.168.101.0 255.255.255.0 10.10.10.1
ip route 192.168.102.0 255.255.255.0 10.10.10.1
ip route 192.168.103.0 255.255.255.0 10.10.10.1
ip route 192.168.114.0 255.255.255.0 10.10.10.1
ip route 192.168.104.0 255.255.255.0 10.10.10.5
ip route 192.168.105.0 255.255.255.0 10.10.10.6
ip route 192.168.106.0 255.255.255.0 10.10.10.7
ip route 192.168.107.0 255.255.255.0 10.10.10.9
ip route 192.168.108.0 255.255.255.0 10.10.10.1
ip route 192.168.109.0 255.255.255.0 10.10.10.3
ip route 192.168.111.0 255.255.255.0 10.10.10.2
ip route 192.168.112.0 255.255.255.0 10.10.10.10
ip route 192.168.113.0 255.255.255.0 10.10.10.8
no ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
 password *****
 login
line vty 5 15
 password *****
 login
!
end

           
         

Attachments:

VLAN-Problem.jpg (46 KB) (File Type Details)

SITE D PROBLEM

20091111-EE-VQP-89 - Hierarchy / EE_QW_3_20080625

Hall of Fame

1. donjohnston104,501
2. Quori56,050
3. JFrederic...52,926
4. ikalmar45,125
5. mikebernh...40,058
6. kenboonejr39,945
7. harbor23536,350
8. lrmoore33,111
9. from_exp29,100
10. pwindell25,500
11. giltjr25,258
12. that1guy1523,900
13. uetian170723,428
14. bsohn41721,209
15. jodylemoine20,501
16. RobWill18,364
17. MikeKane18,100
18. Sniper98G16,500
19. leew16,450
20. Magim_IT16,400
21. KevinCov...16,325
22. rochey2...15,730
23. ksims112915,500
24. marmata7514,018
25. asavener13,450

1. donjohnston182,599
2. lrmoore173,115
3. JFrederic...114,776
4. mikebernh...97,598
5. from_exp88,852
6. Quori77,650
7. harbor23576,970
8. that1guy1562,202
9. kdearing57,561
10. RobWill56,114
11. giltjr49,632
12. ikalmar45,125
13. uetian170743,847
14. kenboonejr39,945
15. DevilWAH33,098
16. _jesper_32,925
17. leew31,718
18. bkepford27,700
19. pseudocy...26,059
20. pwindell25,500
21. tigermatt22,950
22. Chris-Dent22,485
23. MikeKane21,900
24. ebjers21,750
25. keith_ala...21,539

VLAN problem with remote site on Metro Ethernet

Asked by CityofKerrville in Network Design & Methodology, Network Routers

Tags: VLAN, Cisco, Metro Ethernet

About this solution