[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

vlan not working

Posted on 2006-03-23
13
Medium Priority
?
549 Views
Last Modified: 2008-02-20
I have 2 dell switches a slightly older 3348 and a newer 3448 which I have configured a separate vlan on both switches for one port only that will be connected to a dmz port on our router.  (The router and the computer we need to use on the dmz are in different buildings.)  When connected directly to the DMZ port of the router, it properly gives out a dhcp address (testing with my laptop) and is pingable which is how I know its working. But when I do the same through the vlans it doesn't work.

The setup is
Laptop -> Dell 3348  (port  44) -> Dell3448 -> (port44)  -> DMZ
which doesn't work

Laptop -> DMZ
works

All other computers and devices are on VLAN 5 (none are on the default of 1) and these two ports are on VLAN 10 on both switches and are in "T" mode which should be trunking.
The other options on the port are "U" and "F".
Any ideas?
0
Comment
Question by:thefumbler
  • 8
  • 5
13 Comments
 
LVL 50

Accepted Solution

by:
Don Johnston earned 1600 total points
ID: 16274307
Is the port on the 3448 that connects to "DMZ" a trunk? Or is it an access port and if so what VLAN is it in?

What is "DMZ"? It sounds like a port on a router. If so does the router have any other ports that are connected to the LAN?

-Don
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16274660
Both ports on both switches are configured the same...as trunk ports.  DMZ is a DMZ port on the main /only internet router and it has a different interface than the gigabit 0/0 interface on that same router that is plugged into the switch in a different port.  
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16274967
Just to make sure we're on the same page...

Your topology looks like this?

                                              |------------ DMZ router port
Dell 3348 -----trunk----- Dell3448        
                                              |----------- Inside router port

The 3448 port going to the DMZ router port is in VLAN 10, and the 3448 port going to the inside router port is in VLAN 5?

When you connect your PC to a VLAN 10 port on the 3348 you're unable to ping the DMZ IP address?

What happens if you connect your PC to a VLAN 10 port on the 3448?

-Don
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:thefumbler
ID: 16275117
Thanks for you replies Don....

Topology is absolutely correct, and its correct that I am unable to ping the DMZ ip address from the 3348.  
But since I only configured one port (port44) on each router as a trunk port, I would need to add another port to VLAN10, which I'll do in a bit if I can't get it working.

But in checking the switch vlan configuration again, I see that the 3348 didn't get port 44 into the correct mode....I chose vlan 10 first to place the port 44 in vlan 10 THEN configured the port in trunk mode, but in the log it generated an error.  So now I just configured the port FIRST and then placed the port in the VLAN and there were no errors.  I'll test this in a minute but this looks more promising.


0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16275201
"But since I only configured one port (port44) on each router as a trunk port, I would need to add another port to VLAN10, which I'll do in a bit if I can't get it working."

Huh? I thought you only had one router.

And yes, if you don't have a working trunk between the two swiches, this isn't going to work.

What happens if you connect your PC to a VLAN 10 port on the 3448? Can you ping the DMZ then?

-Don
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16275591
you are correct , 'router' should be 'switches' in my last post

But since I only configured one port (port44) on each SWITCH as a trunk port, I would need to add another port to VLAN10, which I'll do in a bit if I can't get it working."

I'll try adding a port on the 3448 to vlan10 and seeing if pinging the DMZ works.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16275940
Nope , after adding port 18 to the vlan 10 the interface still is not pingable.  I have a feeling its something simple I am doing wrong. Here's the config of the switch 3348:

interface ethernet e18
switchport mode general
exit
interface ethernet e48
switchport mode trunk
exit
vlan database
vlan 5,10
exit
interface ethernet e18
switchport general pvid 10
exit
interface ethernet e18
switchport general allowed vlan add 5 untagged
exit
interface range ethernet e(1-17,19-47),g(1-4)
switchport access vlan 5
exit
interface ethernet e18
switchport general allowed vlan add 10 untagged
exit
interface ethernet e48
switchport trunk allowed vlan add 10
exit
interface vlan 5
name SGAll
exit
interface vlan 10
name SGWireless
exit
interface vlan 5
ip address 192.168.5.3 255.255.255.0
exit
ip default-gateway 192.168.5.1
username admin password xxxxxxxxxxxxxxxxx level 15 encrypted
snmp-server community Dell_Network_Manager rw view DefaultSuper






Default settings:
Service tag: 184Y281
 
SW version 1.0.0.112 (date  20-Jun-2005 time  22:04:47)
 
Fast Ethernet Ports
==========================
no shutdown
speed 100
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
 
Gigabit Ethernet Ports
=============================
no shutdown
speed 1000
duplex full
negotiation
flow-control off
mdix auto
no back-pressure
 
interface vlan 1
interface port-channel 1 - 8
 
spanning-tree
spanning-tree mode STP
 
qos basic
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16275974
correction that was the config of the 3448.  Port 18 and 48 are the VLAN 10 ports.
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16276436
You plugged your PC into port 18 of the 3448, right? I don't know the Dell OS, but what's switchport mode "general"? Looking at the other ports (1-17), they don't have that command but they do have "switchport access vlan 5". You may want to try using that command (with VLAN 10) on port 18.

Which port on the 3448 is connected to the DMZ router port and which one is connected to the inside router port?
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16276605
By changing both ports to Access mode I was finally able to ping the DMZ by using another VLAN10 ports on the 3448.

I think I need to configure trunking on all traffic BETWEEN switches and not just on those specific ports.  

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16276633
If your talking about the ports that connect the two switches together, then I would guess a

"switchport mode trunk"

would be the first place to start.

But you're making progress. :-)

0
 
LVL 1

Author Comment

by:thefumbler
ID: 16370436
Status update: I'm working with Dell tech support on this and got the very strange results below before and after they requested I do a firmware upgrade:

Ports 48 on each router in VLAN10
ALL ports on each router (other than #48 and #1) on VLAN5 in access mode
Ports 1 on each router in Trunk mode

So that traffic from port 48 in building #2 would go through the trunk
to port 48 in building #1 to the DMZ port.

When this configuration was used, ports 48 worked correctly , BUT a
majority of devices on the network had severe problems connecting to
Windows RPC shares or using any RPC traffic.  However, pings , DHCP, and
DNS traffic was successful,.

A machine could only boot with the network cable unplugged because of
the problems in getting to the traffic on the server in building#1.   This
was not the case on all machines - those machines that had static ip
addresses and were on for a longer period of time did not have this
problem, but the vast majority of machines receive DHCP addresses were
affected.  When rebooting the machine would hang.

Immediately on moving those first ports back to access mode everything
worked fine.
0
 
LVL 1

Author Comment

by:thefumbler
ID: 16416479
Turns out what I thought was simply a media access converter between the fiber /copper connections from building one to building two is actually a 2 port switch...a switch that doesn't support 802.1Q for VLAN tagging!  So that's the reason the vlan trunking wasn't working.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It happens many times that access list (ACL) have to be applied to outgoing router interface in order to limit some traffic.This article is about how to test ACL from the router which is not very intuitive for everyone. Below scenario shows simple s…
Hello , This is a short article on how would you go about enabling traceoptions on a Juniper router . Traceoptions are similar to Cisco debug commands but these traceoptions are implemented in Juniper networks router . The following demonstr…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

873 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question