Solved

Setup VLANs on Cisco 3825 with HWIC-4ESW running IOS 12.4 Advanced IP Services and making it work

Posted on 2006-06-21
13
3,925 Views
Last Modified: 2008-01-09
I have been working trying to setup VLANs on a 3825 with a HWIC-4ESW Fast Ethernet 4 port card. I seem to get the VLANs setup and on the right interfaces, but I cannot get traffic back into the VLANs. I can ping out from inside the VLANs to the rest of the network, and I can ping the .1 IPs of each VLAN, Only VLAN1, which is the default VLAN on the router is the only one getting traffic in and out. VLAN2, VLAN3, and VLAN4 all can send traffic out but nothing can come back in. There are no firewalling or access lists setup on this router so I do not think it is a firewall issue. The following is the VLAN config info. Any help and direction would be apperciated.

PDX#sh vlan-switch

VLAN       Name                                         Status    Ports
----             --------------------------------             --------- -------------------------------
1                default                                      active    Fa0/0/0
2                ServerNetwork(VLAN2_Green)             active    Fa0/0/1
3                StorageNetwork(VLAN3_Blue)             active    Fa0/0/2
4                QSI_Network(VLAN4_Yellow)              active    Fa0/0/3
1002             fddi-default                                 active
1003             token-ring-default                           active
1004             fddinet-default                              active
1005             trnet-default                                active  



PDX#sh vtp status
VTP Version                     : 2
Configuration Revision          : 0
Maximum VLANs supported locally : 256
Number of existing VLANs        : 8
VTP Operating Mode              : Transparent
VTP Domain Name                 : Interdent
VTP Pruning Mode                : Disabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xDB 0x23 0x48 0x1F 0xCA 0x3D 0xFF 0x55      




PDX#sh run
.............

!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
 switchport access vlan 2
!
interface FastEthernet0/0/2
 switchport access vlan 3
!
interface FastEthernet0/0/3
 switchport access vlan 4
!



!
interface Vlan1
 ip address 10.200.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.200.10.1 255.255.255.0
!
interface Vlan3
 ip address 10.200.20.1 255.255.255.0
!
interface Vlan4
 ip address 10.200.30.1 255.255.255.0
!    


ip route 10.200.0.0 255.255.255.0 Vlan1
ip route 10.200.10.0 255.255.255.0 Vlan2
ip route 10.200.20.0 255.255.255.0 Vlan3
ip route 10.200.30.0 255.255.255.0 Vlan4

0
Comment
Question by:jasonlnlv
  • 6
  • 4
  • 2
  • +1
13 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 16953320
I'm not familar with that specific platform so pardon if this is too obvious...

Is IP routing enabled?

conf t
ip routing
end
0
 

Author Comment

by:jasonlnlv
ID: 16953480
Yes IP routing is enabled

I re entered it, and still have the same issue.

0
 
LVL 79

Expert Comment

by:lrmoore
ID: 16954053
ip route 10.200.0.0 255.255.255.0 Vlan1
ip route 10.200.10.0 255.255.255.0 Vlan2
ip route 10.200.20.0 255.255.255.0 Vlan3
ip route 10.200.30.0 255.255.255.0 Vlan4

Do NOT enter static routes to connected interfaces....
Remove all of those route statements.
Where is your default route pointing?
What is the default gateway of the host attached to VLAN 2, if there is one?
What exactly are these 4 ports connected to? Individual hosts? Individual switches? Same switch?

Any access-lists? I don't think you posted your complete config here...

Can you post result of "show ip int brief"

0
 

Author Comment

by:jasonlnlv
ID: 16954156
THe default route in the router is pointing to our Provider's gateway.

ip route 0.0.0.0 0.0.0.0 XX.XXX.XXX.X

The host attached to The VLAN(1-4) all point to the appropriate VLAN IP (10.200.XX.1)

The 4 ports are connected to a (VLAN1)Gigabit Switch, (VLAN2)Router, (VLAN3/4)Servers.

There are absolutly no access-list setup on this router.

......

FastEthernet0/0/0          unassigned      YES unset  up                    up

FastEthernet0/0/1          unassigned      YES unset  up                    up

FastEthernet0/0/2          unassigned      YES unset  up                    up

FastEthernet0/0/3          unassigned      YES unset  up                    up

......

Vlan1                      10.200.0.1      YES manual up                    up

Vlan2                      10.200.10.1     YES manual up                    up

Vlan3                      10.200.20.1     YES manual up                    up

Vlan4                      10.200.30.1     YES manual up                    up  
......



0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16954174
lrmoore is correct you never put in a static route to a connected network but I doubt that is causing the problem.  I would as well like to see a full show run and that should explain it a bit more.

Thanks
Scott
0
 

Author Comment

by:jasonlnlv
ID: 16954268
PDX#sh run
Building configuration...

Current configuration : 7749 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname PDX
!
boot-start-marker
boot-end-marker
!
card type t1 0 2
card type t1 0 3
logging buffered 4096 debugging
enable secret 5 XXXXXXXXXXXXXXXXXX.
enable password XXXXXXXX
!
no aaa new-model
!
resource policy
!
no network-clock-participate wic 2
no network-clock-participate wic 3
ip subnet-zero
ip cef
!
!
!
!
ip domain name yourdomain.com
ip ips notify SDEE
!
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-700140535
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-700140535
 revocation-check none
 rsakeypair TP-self-signed-700140535
!
!
crypto pki certificate chain TP-self-signed-700140535
 certificate self-signed 01
  <<<<<<    >>>>>>>
  quit
username XXXXXXXXXXX privilege 15 view root secret 5 XXXXXXXXXXXXXXXXX
!
!
controller T1 0/2/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
controller T1 0/2/1
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
controller T1 0/3/0
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
controller T1 0/3/1
 framing esf
 linecode b8zs
 channel-group 0 timeslots 1-24
!
crypto logging session
!
crypto isakmp policy 10
 encr 3des
 hash md5
 authentication pre-share
 group 5
 lifetime 10000
crypto isakmp key elsvpn0 address 216.xxx.xx.xx
!
crypto isakmp peer address 216.xxx.xx.xx
!
!
crypto ipsec transform-set STRONG ah-md5-hmac esp-3des
!
crypto map vpn local-address GigabitEthernet0/1
crypto map vpn 10 ipsec-isakmp
 description VPN to El Segundo
 set peer 216.xxx.xx.xx
 set transform-set STRONG
 match address 101
!
!
!
!
interface Tunnel3
 ip address 172.23.3.1 255.255.255.252
 ip mtu 1440
 tunnel source GigabitEthernet0/1
 tunnel destination 216.xxx.xx.xx
!
interface GigabitEthernet0/0
 description 30 meg link to Vancouver$ETH-LAN$$ETH-SW-LAUNCH$$INTF-INFO-GE 0/0$
 ip address 172.21.222.33 255.255.255.252
 ip virtual-reassembly
 duplex full
 speed 100
 media-type rj45
 no negotiation auto
 no cdp enable
 no mop enabled
!
interface GigabitEthernet0/1
 description internet feed from Provider
 ip address xx.xx.xxx.xxx 255.255.255.240
 duplex auto
 speed auto
 media-type rj45
 negotiation auto
 crypto map vpn
!
interface FastEthernet0/0/0
!
interface FastEthernet0/0/1
 switchport access vlan 2
!
interface FastEthernet0/0/2
 switchport access vlan 3
!
interface FastEthernet0/0/3
 switchport access vlan 4
!
interface Serial0/2/0:0
 description T1 Line to El Segundo PL.DHGL.532331..ELG
 no ip address
!
interface Serial0/2/1:0
 description Point to Point to El Segundo
 ip address 172.21.222.41 255.255.255.252
!
interface Serial0/3/0:0
 description PtP T1 to Santa Ana router PL.DHGL.532153..ELG
 ip address 172.21.222.45 255.255.255.252
!
interface Serial0/3/1:0
 description PtP T1 to Santa Ana router PL.DHGL.532349..ELG
 ip address 172.21.222.49 255.255.255.252
!
interface ATM1/0
 no ip address
 atm scrambling cell-payload
 atm framing cbitplcp
 no atm ilmi-keepalive
!
interface ATM1/0.55 point-to-point
 ip address 10.xxx.xx.xxx 255.255.255.252
 pvc 2/55
  encapsulation aal5snap
 !
!
interface IDS-Sensor2/0
 description $IDMADDR:10.1.9.201$
 no ip address
 shutdown
 hold-queue 60 out
!
interface Vlan1
 ip address 10.200.0.1 255.255.255.0
!
interface Vlan2
 ip address 10.200.10.1 255.255.255.0
!
interface Vlan3
 ip address 10.200.20.1 255.255.255.0
!
interface Vlan4
 description Yellow Network
 ip address 10.200.30.1 255.255.255.0
 ip virtual-reassembly
 vlan-id dot1q 4
  exit-vlan-config
 !
!
ip classless
ip route 0.0.0.0 0.0.0.0 xx.xx.xxx.xxx
ip route 10.0.0.0 255.0.0.0 10.xx.x.xx
ip route 10.200.0.0 255.255.255.0 Vlan1
ip route 10.200.10.0 255.255.255.0 Vlan2
ip route 10.200.20.0 255.255.255.0 Vlan3
ip route 10.200.30.0 255.255.255.0 Vlan4
ip route 170.104.9.19 255.255.255.255 172.21.222.42 name STofORviaELS
ip route 170.104.128.11 255.255.255.255 172.21.222.42 name STofORviaELS
ip route 172.16.1.0 255.255.255.0 10.xx.x.xx
ip route 172.17.254.0 255.255.255.0 10.xx.x.xx
ip route 172.22.223.0 255.255.255.0 172.21.222.42
ip route 172.25.0.0 255.255.0.0 172.21.222.42 name Earnhart_viaELS
ip route 192.168.0.0 255.255.0.0 10.xx.x.xx
ip route 192.168.1.0 255.255.255.0 172.21.222.34
ip route 192.168.2.0 255.255.255.0 172.21.222.42
ip route 192.168.2.0 255.255.255.0 Tunnel3 10
ip route 192.168.3.0 255.255.255.0 172.21.222.42 name ELS_DMZviaNetScrn
ip route 192.168.4.0 255.255.255.0 172.21.222.46
ip route 192.168.5.0 255.255.255.0 172.21.222.42 name ChrisVPNviaELS
ip route 192.168.6.0 255.255.255.0 172.21.222.42 name ELS_NetScrnVPNusers
ip route 192.168.8.0 255.255.255.0 172.21.222.34 name VAN_NetScrnVPNusers
ip route 192.168.110.0 255.255.255.0 172.21.222.50
ip route 192.168.201.0 255.255.255.0 172.21.222.34 name BonneyLK_VPNviaVAN
ip route 192.168.254.0 255.255.255.0 172.21.222.34 name VAN_Network
!
!
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 5 life 86400 requests 10000
!
access-list 101 permit gre host 69.xxx.xx.xxhost 216.xxx.xx.xx
dialer-list 1 protocol ip permit
!
!
!
!
control-plane
!
!
!
!
!
!
!
!
!
banner login ^C
-----------------------------------------------------------------------
Cisco Router and Security Device Manager (SDM) is installed on this device.
This feature requires the one-time use of the username "cisco"
with the password "cisco".

Please change these publicly known initial credentials using SDM or the IOS CLI.

Here are the Cisco IOS commands.

username <myuser>  privilege 15 secret 0 <mypassword>
no username cisco

Replace <myuser> and <mypassword> with the username and password you want to use.

For more information about SDM please follow the instructions in the QUICK START

GUIDE for your router or go to http://www.cisco.com/go/sdm
-----------------------------------------------------------------------
^C
!
line con 0
 login local
 stopbits 1
line aux 0
 stopbits 1
line 130
 no activation-character
 no exec
 transport preferred none
 transport input all
 transport output all
line vty 0 4
 exec-timeout 60 0
 privilege level 15
 password interdent1
 login local
 transport input telnet ssh
line vty 5 15
 exec-timeout 60 0
 privilege level 15
 password interdent1
 login local
 transport input telnet ssh
!
scheduler allocate 20000 1000
!
end
   
0
6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

 
LVL 79

Expert Comment

by:lrmoore
ID: 16954417
So, your problem is that the two servers on interfaces Fast 0/2 (VLAN3) and Fast 0/3 (VLAN4) can't talk to anyone else?
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16954428
Do a show IP route and remove any static routes that show up as C or connected they are not required.

Thanks
Scott
0
 

Author Comment

by:jasonlnlv
ID: 16954431
I seem to get the VLANs setup and on the right interfaces, but I cannot get traffic back into the VLANs. I can ping out from inside the VLANs to the rest of the network, and I can ping the .1 IPs of each VLANfrom the router comand line, Only VLAN1, which is the default VLAN on the router is the only one getting traffic in and out. VLAN2, VLAN3, and VLAN4 all can send traffic out but nothing can come back in.
0
 
LVL 12

Expert Comment

by:Scotty_cisco
ID: 16954475
when your talking back in what traffic is tring to come in source ---> destination (vlan 2-4)  Is this internet traffic is it traffic from other vlans on the router what is it exactly?

thanks scott
0
 

Author Comment

by:jasonlnlv
ID: 16954519
Traffic back in from a outside host on the network back into VLAN2,3,4 - this includes traffic from the WAN coning in from the t-1 links and metro ETH, as well as pinging a host in the VLANs from the Command Line of the router.

0
 

Author Comment

by:jasonlnlv
ID: 16954533
This is what a sh ip route shows:

C       10.200.0.0/24 is directly connected, Vlan1
C       10.200.10.0/24 is directly connected, Vlan2
C       10.200.20.0/24 is directly connected, Vlan3
C       10.200.30.0/24 is directly connected, Vlan4
0
 
LVL 12

Accepted Solution

by:
Scotty_cisco earned 500 total points
ID: 16954801
there is no default route and if you are going from a 10.200.x.x address to the public internet what is doing the network address translation?

Thanks
Scott
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Tired of waiting for your show or movie to load?  Are buffering issues a constant problem with your internet connection?  Check this article out to see if these simple adjustments are the solution for you.
In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

760 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now