• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 739
  • Last Modified:

Inter Vlan issue

Hi Experts,

Greetings !! To cut the long story short, am facing an inter vlan issue with my design, which basically involves 4500 at core and 3750 at edge. DHCP pools have been assigned on core switch, on core switch inter vlan is fine, though on edge it's giving me some headache. There is a trunk between core and the edge with all vlans allowed. native vlan is deafult at vlan 1 on either side. when i dock 2 pcs(in diff vlan) to edge switch, they get an IP but cannt ping each other, also they cannt ping the wireless controllers connected to core. Now if i keep this pcs in same vlan as management vlan( contrller ips are in mngt range), they are able to ping anything.

Note 1: from 3750 command line, i can ping anything too, it's management ip too is in same range as all other devices.
Note 2: ip default-gateway command has been used on edge.
Note 3:VTP used for distributing vlans.
Note 4:VTP version and domain name are consistent.


Plz advise ! 500 Points for grab.
0
pnpking
Asked:
pnpking
  • 10
  • 5
  • 2
  • +1
1 Solution
 
jjmartineziiiCommented:
can you post both configs removing the passwords and any public ip address?
0
 
ricks_vCommented:
I would suspect the ACL on the 4500 core. Make sure there are no access list stopping different vlans to communicated with each other.
I don't use vtp, to troubleshoot you can try disabling vtp just to make sure all vlans are configured properly.

anyway, please check : sh access-list on the core, and try pinging different  subinterfaces/ vlan from pc connected to the core (e.g from native vlan)
0
 
pnpkingAuthor Commented:
There are no ACLs on core. From core i can ping all the SVIs. as i said even from edge switch i can ping everything, problem pops up when i try t ping from the PC docked to edge switch.
0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
pnpkingAuthor Commented:
I checked the vlan on edge switch, they are there, trunk is also up and running. my native vlan is default that is vlan 1, but same is not being used for management or any other purpose.
0
 
ricks_vCommented:
Ok, next thing to check is the uplink configuration between switches.

interface FastEthernet0/24 (whichever used for the uplnk)
 switchport trunk allowed vlan 1,2,3,1001-1005 (whatever vlan required)
 switchport mode trunk

This will need to be applied on both all uplink ports on the switches

0
 
pnpkingAuthor Commented:
Hi Ricks,

That is already done, have allowed all the vlans. can confrom it in show output.
0
 
pnpkingAuthor Commented:
Edge switch can ping the all other ips, but not the pcs docked to edge. pcs do get ips in any vlan, that suggests trunk is fine i guess.
0
 
ricks_vCommented:
ok i think the best way to post the config..

i suspect at this stage that you have a wrong dhcp setting.
keep in mind your gateway for all the pcs will be the core not the switches..

0
 
pnpkingAuthor Commented:
DHCP has been configured for all the subnets on core switch. gateway is indeed SVI on core. shall post the configs soon.
0
 
bluepetCommented:
At the cat 4500
did you configure an interface for each of the VLAN and assign IP address to it?

(Assuming vlan999 subnet = 10.1.1.0/24)

Interface vlan999
ip address 10.1.1.254 255.255.255.0

At the edge - is all the PC connected to vlan999 get the IP with gateway pointing to 10.1.1.254?


0
 
pnpkingAuthor Commented:
Yes, it's done, for all VLANs.
0
 
pnpkingAuthor Commented:
Plz check the core config.
0
 
ricks_vCommented:
i cant see config yet..

btw 3750s are L3 switches, make sure you dont create any vlan under those edge switches.
 vlan or subinterface should only be configured on the core. the 3750 should be only passing those vlan.
0
 
pnpkingAuthor Commented:
Here is the config.
0
 
pnpkingAuthor Commented:

Current configuration : 6082 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
service compress-config
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$d8ra$oqwIqdRcyJ/wqyUHgeDnV0
!
no aaa new-model
ip subnet-zero
ip dhcp excluded-address 10.206.1.1
ip dhcp excluded-address 10.206.5.1
ip dhcp excluded-address 10.206.6.1
ip dhcp excluded-address 10.206.7.1
ip dhcp excluded-address 10.206.8.1
ip dhcp excluded-address 10.206.9.1
ip dhcp excluded-address 10.206.10.1
ip dhcp excluded-address 10.206.11.1
ip dhcp excluded-address 10.206.12.1
ip dhcp excluded-address 10.206.13.1
ip dhcp excluded-address 10.206.14.1
ip dhcp excluded-address 10.206.15.1
ip dhcp excluded-address 10.206.1.2 10.206.1.20
!
ip dhcp pool server
   network 10.206.1.0 255.255.255.0
   default-router 10.206.1.1
   option 43 ip 10.206.1.2
!
ip dhcp pool w5building
   network 10.206.15.0 255.255.255.0
   default-router 10.206.15.1
   option 43 ip 10.206.1.2
!
ip dhcp pool admin1/2
   network 10.206.5.0 255.255.255.0
   default-router 10.206.5.1
   option 43 ip 10.206.1.2
!!
cluster run
!
!
!
power redundancy-mode redundant
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode rpr
!
vlan internal allocation policy ascending
!
interface Port-channel1
 switchport
 switchport mode trunk
!
interface Port-channel2
 switchport
 switchport mode trunk
!
interface GigabitEthernet1/1
 switchport mode trunk
!
interface GigabitEthernet1/2
 switchport mode trunk
!
interface GigabitEthernet1/3
 switchport mode trunk
!
interface GigabitEthernet1/4
 switchport mode trunk
!
interface GigabitEthernet1/5
 switchport mode trunk
!
interface GigabitEthernet1/6
 switchport mode trunk
!
interface GigabitEthernet2/1
 switchport mode trunk
!
interface GigabitEthernet2/2
 switchport mode trunk
!
interface GigabitEthernet2/3
 switchport mode trunk
!
interface GigabitEthernet2/4
 switchport mode trunk
!
interface GigabitEthernet2/5
 switchport mode trunk
!
interface GigabitEthernet2/6
 switchport mode trunk
!
interface GigabitEthernet3/1
 switchport mode trunk
!
interface GigabitEthernet3/2
 switchport mode trunk
!
interface GigabitEthernet3/3
 switchport mode trunk
!
interface GigabitEthernet3/4
 switchport mode trunk
!
interface GigabitEthernet3/5
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet3/6
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet4/1
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet4/2
 switchport mode trunk
 channel-group 1 mode on
!
interface GigabitEthernet4/3
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet4/4
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet4/5
 switchport mode trunk
 channel-group 2 mode on
!
interface GigabitEthernet4/6
 switchport mode trunk
 channel-group 2 mode on
!
interface TenGigabitEthernet5/1
!
interface TenGigabitEthernet5/2
!
interface GigabitEthernet5/3
!
interface GigabitEthernet5/4
!
interface GigabitEthernet5/5
!
interface GigabitEthernet5/6
!
interface GigabitEthernet7/1
 switchport access vlan 2
 switchport mode access
!
interface GigabitEthernet7/2
!
interface GigabitEthernet7/3
!
interface GigabitEthernet7/4
!
interface GigabitEthernet7/5
!
interface GigabitEthernet7/6
!
interface GigabitEthernet7/7
!
interface GigabitEthernet7/8
!
interface GigabitEthernet7/9
!
interface GigabitEthernet7/10
!
interface GigabitEthernet7/11
!
interface GigabitEthernet7/12
!
interface GigabitEthernet7/13
!
interface GigabitEthernet7/14
!
interface GigabitEthernet7/15
!
interface GigabitEthernet7/16
!
interface GigabitEthernet7/17
!
interface GigabitEthernet7/18
!
interface GigabitEthernet7/19
!
interface GigabitEthernet7/20
!
interface GigabitEthernet7/21
!
interface GigabitEthernet7/22
!
interface GigabitEthernet7/23
 switchport access vlan 15
 switchport mode access
!
interface GigabitEthernet7/24
 switchport access vlan 2
!
interface GigabitEthernet7/25
!
interface GigabitEthernet7/26
!
interface GigabitEthernet7/27
!
interface GigabitEthernet7/28
!
interface GigabitEthernet7/29
!
interface GigabitEthernet7/30
 switchport access vlan 5
 switchport mode access
!
interface GigabitEthernet7/31
 switchport access vlan 5
 switchport mode access
!
interface GigabitEthernet7/32
!
interface GigabitEthernet7/33
!
interface GigabitEthernet7/34
!
interface GigabitEthernet7/35
!
interface GigabitEthernet7/36
!
interface GigabitEthernet7/37
!
interface GigabitEthernet7/38
!
interface GigabitEthernet7/39
!
interface GigabitEthernet7/40
!
interface GigabitEthernet7/41
!
interface GigabitEthernet7/42
!
interface GigabitEthernet7/43
!
interface GigabitEthernet7/44
!
interface GigabitEthernet7/45
!
interface GigabitEthernet7/46
!
interface GigabitEthernet7/47
!
interface GigabitEthernet7/48
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan2
 description "server vlan"
 ip address 10.206.1.1 255.255.255.0
!
interface Vlan4
 no ip address
 shutdown
!
interface Vlan5
 description "wireless admin 1/2"
 ip address 10.206.5.1 255.255.255.0
!
interface Vlan6
 description "staff wired"
 ip address 10.206.6.1 255.255.255.0
!
interface Vlan7
 description "restaurant"
 ip address 10.206.7.1 255.255.255.0
!
interface Vlan8
 description "computer lab"
 ip address 10.206.8.1 255.255.255.0
!
interface Vlan9
 description "Star 1 building"
 ip address 10.206.9.1 255.255.255.0
!
interface Vlan10
 description "Star 2 Building"
 ip address 10.206.10.1 255.255.255.0
!
interface Vlan11
 description "W1 building"
 ip address 10.206.11.1 255.255.255.0
!
interface Vlan12
 description "W2 Building"
 ip address 10.206.12.1 255.255.255.0
!
interface Vlan13
 description "W 3 building"
 ip address 10.206.13.1 255.255.255.0
!
interface Vlan14
 description "W 4 building"
 ip address 10.206.14.1 255.255.255.0
!
interface Vlan15
 description "W 5 building"
 ip address 10.206.15.1 255.255.255.0
!
ip http server
no ip http secure-server
!
!
!
line con 0
 stopbits 1
line vty 0 4
 password cisco
 login
!
end
0
 
jjmartineziiiCommented:
You have no routing enabled. What's doing the routing between vlans?
0
 
ricks_vCommented:
you will need the command:
ip default-gateway 10.206.1.x (ip of the core)

and make sure you configure all the port as access if you going to connect them to pcs / phone or non network devices.

Example:
interface GigabitEthernet7/24
 switchport mode access

0
 
pnpkingAuthor Commented:
Routing was enabled on core, had to disable the routing on edge switch. It worked.

Thanks.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 10
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now