sbender99
asked on
IRB and VLANS on Cisco 3600 router and 3550 Switch
Communications between VLANS is not working correctly... Please look at this config and tell me if there is anything wrong? Here is a diagram of the network.. http://www.aclod.com/ourlab2.doc
Router config:
no service config
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname LAB_Router_1
!
boot system flash c3620-is-mz.122-5d.bin
no logging console
enable secret 5
!
ip subnet-zero
!
!
!
call rsvp-sync
!
interface FastEthernet0/0
no ip address
shutdown
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet0/1
no ip address
speed auto
full-duplex
!
!
interface FastEthernet0/1.2
encapsulation isl 2
ip address 192.168.90.2 255.255.255.128
no ip redirects
!
interface FastEthernet0/1.3
encapsulation isl 3
ip address 192.168.90.129 255.255.255.224
no ip redirects
!
interface FastEthernet0/1.4
encapsulation isl 4
ip address 192.168.90.193 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.5
encapsulation isl 5
ip address 192.168.90.209 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.6
encapsulation isl 6
ip address 192.168.90.225 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.7
encapsulation isl 7
ip address 192.168.90.241 255.255.255.240
no ip redirects
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet1/1
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.90.1
ip http server
ip pim bidir-enable
!
snmp-server community Secomp RO
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
end
Switch Config:
Lab_Switch_1#show config
Using 2592 out of 393216 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab_Switch_1
!
no logging console
enable secret
enable password
!
!
vlan 2
!
vlan 3
!
vlan 4
!
vlan 5
!
vlan 6
!
vlan 7
ip subnet-zero
!
vtp mode transparent
!
spanning-tree portfast default
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 2
no ip address
!
interface FastEthernet0/2
switchport access vlan 2
no ip address
!
interface FastEthernet0/3
switchport access vlan 2
no ip address
!
interface FastEthernet0/4
switchport access vlan 2
no ip address
!
interface FastEthernet0/5
switchport access vlan 2
no ip address
!
interface FastEthernet0/6
switchport access vlan 2
no ip address
!
interface FastEthernet0/7
switchport access vlan 2
no ip address
!
interface FastEthernet0/8
switchport access vlan 2
no ip address
!
interface FastEthernet0/9
switchport access vlan 2
no ip address
!
interface FastEthernet0/10
switchport access vlan 2
no ip address
!
interface FastEthernet0/11
switchport access vlan 2
no ip address
!
interface FastEthernet0/12
switchport access vlan 4
no ip address
!
interface FastEthernet0/13
switchport access vlan 4
no ip address
!
interface FastEthernet0/14
switchport access vlan 4
no ip address
!
interface FastEthernet0/15
switchport access vlan 5
no ip address
!
interface FastEthernet0/16
switchport access vlan 5
no ip address
!
interface FastEthernet0/17
switchport access vlan 5
no ip address
!
interface FastEthernet0/18
switchport access vlan 6
no ip address
!
interface FastEthernet0/19
switchport access vlan 6
no ip address
!
interface FastEthernet0/20
switchport access vlan 6
no ip address
!
interface FastEthernet0/21
switchport access vlan 7
no ip address
!
interface FastEthernet0/22
switchport access vlan 7
no ip address
!
interface FastEthernet0/23
switchport access vlan 7
no ip address
!
interface FastEthernet0/24
switchport trunk encapsulation isl
switchport mode trunk
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.90.3 255.255.255.128
!
ip default-gateway 192.168.90.1
ip classless
ip http server
!
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
!
monitor session 1 source interface Fa0/9
monitor session 1 destination interface Fa0/16
end
Some example of problems are?: 90.243 PC cannot ping switch 90.3 but can ping 90.1 and 90.2.
Router config:
no service config
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname LAB_Router_1
!
boot system flash c3620-is-mz.122-5d.bin
no logging console
enable secret 5
!
ip subnet-zero
!
!
!
call rsvp-sync
!
interface FastEthernet0/0
no ip address
shutdown
!
interface Serial0/0
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet0/1
no ip address
speed auto
full-duplex
!
!
interface FastEthernet0/1.2
encapsulation isl 2
ip address 192.168.90.2 255.255.255.128
no ip redirects
!
interface FastEthernet0/1.3
encapsulation isl 3
ip address 192.168.90.129 255.255.255.224
no ip redirects
!
interface FastEthernet0/1.4
encapsulation isl 4
ip address 192.168.90.193 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.5
encapsulation isl 5
ip address 192.168.90.209 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.6
encapsulation isl 6
ip address 192.168.90.225 255.255.255.240
no ip redirects
!
interface FastEthernet0/1.7
encapsulation isl 7
ip address 192.168.90.241 255.255.255.240
no ip redirects
!
interface Serial0/1
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet1/0
no ip address
shutdown
!
interface Serial1/0
no ip address
shutdown
clockrate 2000000
!
interface FastEthernet1/1
no ip address
shutdown
!
interface Serial1/1
no ip address
shutdown
clockrate 2000000
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.90.1
ip http server
ip pim bidir-enable
!
snmp-server community Secomp RO
!
dial-peer cor custom
!
!
!
!
line con 0
line aux 0
line vty 0 4
password
login
!
end
Switch Config:
Lab_Switch_1#show config
Using 2592 out of 393216 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Lab_Switch_1
!
no logging console
enable secret
enable password
!
!
vlan 2
!
vlan 3
!
vlan 4
!
vlan 5
!
vlan 6
!
vlan 7
ip subnet-zero
!
vtp mode transparent
!
spanning-tree portfast default
spanning-tree extend system-id
!
!
!
interface FastEthernet0/1
switchport access vlan 2
no ip address
!
interface FastEthernet0/2
switchport access vlan 2
no ip address
!
interface FastEthernet0/3
switchport access vlan 2
no ip address
!
interface FastEthernet0/4
switchport access vlan 2
no ip address
!
interface FastEthernet0/5
switchport access vlan 2
no ip address
!
interface FastEthernet0/6
switchport access vlan 2
no ip address
!
interface FastEthernet0/7
switchport access vlan 2
no ip address
!
interface FastEthernet0/8
switchport access vlan 2
no ip address
!
interface FastEthernet0/9
switchport access vlan 2
no ip address
!
interface FastEthernet0/10
switchport access vlan 2
no ip address
!
interface FastEthernet0/11
switchport access vlan 2
no ip address
!
interface FastEthernet0/12
switchport access vlan 4
no ip address
!
interface FastEthernet0/13
switchport access vlan 4
no ip address
!
interface FastEthernet0/14
switchport access vlan 4
no ip address
!
interface FastEthernet0/15
switchport access vlan 5
no ip address
!
interface FastEthernet0/16
switchport access vlan 5
no ip address
!
interface FastEthernet0/17
switchport access vlan 5
no ip address
!
interface FastEthernet0/18
switchport access vlan 6
no ip address
!
interface FastEthernet0/19
switchport access vlan 6
no ip address
!
interface FastEthernet0/20
switchport access vlan 6
no ip address
!
interface FastEthernet0/21
switchport access vlan 7
no ip address
!
interface FastEthernet0/22
switchport access vlan 7
no ip address
!
interface FastEthernet0/23
switchport access vlan 7
no ip address
!
interface FastEthernet0/24
switchport trunk encapsulation isl
switchport mode trunk
no ip address
!
interface GigabitEthernet0/1
no ip address
!
interface GigabitEthernet0/2
no ip address
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.90.3 255.255.255.128
!
ip default-gateway 192.168.90.1
ip classless
ip http server
!
!
!
line con 0
line vty 0 4
password
login
line vty 5 15
password
login
!
!
monitor session 1 source interface Fa0/9
monitor session 1 destination interface Fa0/16
end
Some example of problems are?: 90.243 PC cannot ping switch 90.3 but can ping 90.1 and 90.2.
What exactly isn't working? 2 things I see though...
1. no switch ports are configured for vlan 3
2. Maybe the trunk isn't configured correctly- type "sho interface trunk" and make sure that all vlans are allowed on the trunk port of the 2950.
3. Just for cleanup, type "no full duplex" on router interface f0/1 so that it will properly auto-negotiate with the switch.
1. no switch ports are configured for vlan 3
2. Maybe the trunk isn't configured correctly- type "sho interface trunk" and make sure that all vlans are allowed on the trunk port of the 2950.
3. Just for cleanup, type "no full duplex" on router interface f0/1 so that it will properly auto-negotiate with the switch.
ASKER
90.194 cannot ping 90.210 and vice versa...
90.3 cannot be pinged from any vlan other than its own...
P.s. no ports are alotted to vlan 3 on purpose...no use for it yet...
Results from Show Interface Trunk command:
Lab_Switch_1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on isl trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1-7
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1-7
Lab_Switch_1#
90.3 cannot be pinged from any vlan other than its own...
P.s. no ports are alotted to vlan 3 on purpose...no use for it yet...
Results from Show Interface Trunk command:
Lab_Switch_1#show interface trunk
Port Mode Encapsulation Status Native vlan
Fa0/24 on isl trunking 1
Port Vlans allowed on trunk
Fa0/24 1-4094
Port Vlans allowed and active in management domain
Fa0/24 1-7
Port Vlans in spanning tree forwarding state and not pruned
Fa0/24 1-7
Lab_Switch_1#
Dumb question, but are the subnet masks of the hosts set correctly?
Oh- you will need to set the default gateway of the switch to 192.168.90.2 if you want to ping it from other subnets. The router will forward traffic out of your lab from the switch.
ASKER
set correctly where so I can verify? As far as I know they are set correctly..but if you can think of somewhere I need to check I will...
And... you're not using port 16 on the switch for a host, are you? It's set to monitor port 5
On the hosts you are pinging from, check the IP configuration for correct subnet mask and default gateway. where depends on the operating system. You can use ipconfig on windows or ifconfig -a on unix to look at the current configuration. If the subnet mask is too big then they may not leave their subnet when you expect them to.
ASKER
the first vlan has their default gateway as 90.1
ASKER
or second in this case i guess
All hosts need to be set with default gateway as the router interface they connect to. Then the router can route the traffic between them. Nobody but the router and the switch knows where 90.1 is. And 90.1 doesn't know where anyone but the router and switch and the outside world are.
If you want hosts to be able to talk to the outside world, set a route on the firewall pointing to the router:
192.168.90.0 255.255.255.0 192.168.90.2
And make sure the world outside the firewall has a route to 192.168.9.0/24 pointing to the firewall's outside interface.
If you want hosts to be able to talk to the outside world, set a route on the firewall pointing to the router:
192.168.90.0 255.255.255.0 192.168.90.2
And make sure the world outside the firewall has a route to 192.168.9.0/24 pointing to the firewall's outside interface.
ASKER
so i should have all hosts on the VLAN2 network change their dfeault gateway to 90.2
and switch defualt gateway set to 90.2
and router default gateway set to 90.1
and switch defualt gateway set to 90.2
and router default gateway set to 90.1
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
you da MAN!
You're welcome!
ASKER