Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

Trunk ports, VLANs, Catalyst 3750, Layer 2 problems

Posted on 2009-05-01
31
Medium Priority
?
2,885 Views
Last Modified: 2012-05-06
Hi All
This is driving me mad at the moment and it should be very easy!

I've got 3 switches (Cisco Catalyst 3750 with ADVIPSERVICESK):
3750-HQ1 with 3750-HQ2 and 3750-3 connected to it via dot1q trunk ports.

On 3750-HQ1 I have an interface called VLAN99 with IP address 10.0.0.241
On 3750-HQ2 I have an interface called VLAN99 with IP address 10.0.0.242
On 3750-3 I have an interface called VLAN99 with IP address 10.0.0.243

I can ping 10.0.0.242 from 3750-HQ1 and vice versa, but we cannot get any pings from/to 3750-3 on VLAN99.

Please have a look at the three config files attached and see if there's anything blindingly obvious that I'm obviously too blind to see?

I've been banging my head against this all day!

Thanks!
CAT-3750-3.txt
CAT-3750-HQ2.txt
CAT-3750-HQ1.txt
0
Comment
Question by:theB0FH
  • 16
  • 7
  • 4
  • +2
29 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24282595
I'm guessing that you don't have a trunk port on HQ2 going to HQ3. I can't say for sure since you don't specify which ports are used to connect HQ2 to HQ3.
0
 
LVL 2

Expert Comment

by:Jitpar
ID: 24282930
Try logging into all the switches and check the output using
show interfaces trunk
With this output you shall know how many trunk links are formed between switches.
From the text files you attached, I observed that there wasnt any trunk link specified from hq 2  to switch 3750-3
You might have to configure a trunk .between  hq 2  and switch 3750-3.
That should take care of it.
 
0
 
LVL 9

Expert Comment

by:Donboo
ID: 24283990
Issue "sh vlan" and check that vlan 99 is on switch 3, it will be listed as active.

if not issue

vlan 99
exit
0
The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

 

Author Comment

by:theB0FH
ID: 24291466
Hi guys

Thanks for the comments. I'll be able to run a few commands on Tuesday. In the meantime, some more info. I'm also fairly certain (from memory) that VLAN 99 does exist on HQ3 - but I'll confirm on Tuesday.

I should have explained a bit better how these switches are connected. Imagine HQ1 as the "core" switch. HQ2 is hanging off port 1/0/24 and HQ3 is hanging of port 1/0/10. There is no direct link between HQ2 and HQ3.

On HQ1:  
Port 1/0/10:
 interface GigabitEthernet1/0/10
  description xxxxx connection to xxxx 90Mbps Max
  switchport trunk encapsulation dot1q
  switchport mode trunk
  speed 100
  duplex full

Port 1/0/24:
 interface GigabitEthernet1/0/24
  description Downlink to CAT-3750-HQ2
  switchport trunk encapsulation dot1q
  switchport mode trunk
  duplex full


Also what I didnt mention is that I can successfully ping on VLAN99 bwteen HQ1 and HQ2 - it's just 3 that's not working as it should.

Thanks
TB
0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24291507
Please post the output of  "show int status" and "show int trunk" for HQ and Switch 3.
0
 

Author Comment

by:theB0FH
ID: 24302770
Hi donjohnston

Below is the output of your commands

Thanks
TB

Switch 1:
CAT-3750-HQ1#sh int status
 
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/2                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/3                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/4                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/5                      connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/6                      connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/7                      connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/8                      connected    99         a-half  a-100 10/100/1000BaseTX
Gi1/0/9                      connected    60         a-half   a-10 10/100/1000BaseTX
Gi1/0/10  PowerWAN connectio connected    trunk        full    100 10/100/1000BaseTX
Gi1/0/11                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/12                     connected    20         a-full a-1000 10/100/1000BaseTX
Gi1/0/13  Netgear 16 Port Sw connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/14                     connected    30         a-full  a-100 10/100/1000BaseTX
Gi1/0/15                     connected    30         a-full a-1000 10/100/1000BaseTX
Gi1/0/16                     connected    40         a-full a-1000 10/100/1000BaseTX
Gi1/0/17                     connected    40         a-full a-1000 10/100/1000BaseTX
Gi1/0/18                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/19                     connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/20                     connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/21                     connected    50         a-full a-1000 10/100/1000BaseTX
Gi1/0/22                     connected    50         a-full  a-100 10/100/1000BaseTX
Gi1/0/23                     connected    60           full     10 10/100/1000BaseTX
Gi1/0/24  Downlink to 3750-H connected    trunk        full a-1000 10/100/1000BaseTX
CAT-3750-HQ1#
CAT-3750-HQ1#sh int trunk
 
Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/10    on           802.1q         trunking      1
Gi1/0/24    on           802.1q         trunking      1
 
Port        Vlans allowed on trunk
Gi1/0/10    1-4094
Gi1/0/24    1-4094
 
Port        Vlans allowed and active in management domain
Gi1/0/10    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
Gi1/0/24    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
 
Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/10    1,73,81-83,99
Gi1/0/24    1,99
CAT-3750-HQ1#
 
Switch 3:
CAT-3750-3#sh int status
 
Port      Name               Status       Vlan       Duplex  Speed Type
Gi1/0/1                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/2                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/3                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/4                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/5                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/6                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/7                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/8                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/9                      notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/10                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/11  Fibre Pair 1       connected    81           full   1000 10/100/1000BaseTX
Gi1/0/12  Fibre Pair 2       connected    82           full   1000 10/100/1000BaseTX
Gi1/0/13  Fibre Pair 3       connected    trunk      a-full a-1000 10/100/1000BaseTX
Gi1/0/14  Fibre Pair 4       connected    83           full   1000 10/100/1000BaseTX
Gi1/0/15                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/16                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/17  Comms room south u connected    81         a-full  a-100 10/100/1000BaseTX
Gi1/0/18                     connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/19                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/20                     connected    1          a-full a-1000 10/100/1000BaseTX
Gi1/0/21                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/22                     notconnect   1            auto   auto 10/100/1000BaseTX
Gi1/0/23  ASA5505            connected    1          a-full  a-100 10/100/1000BaseTX
Gi1/0/24  Exponential-E VPLS connected    trunk        full    100 10/100/1000BaseTX
CAT-3750-3#
CAT-3750-3#show int trunk
 
Port        Mode         Encapsulation  Status        Native vlan
Gi1/0/13    on           802.1q         trunking      1
Gi1/0/24    on           802.1q         trunking      1
 
Port        Vlans allowed on trunk
Gi1/0/13    1,73,99
Gi1/0/24    1-4094
 
Port        Vlans allowed and active in management domain
Gi1/0/13    1,73,99
Gi1/0/24    1,9,20,30,40,50,60,70,73,80-83,90,99-100,110,120,130
 
Port        Vlans in spanning tree forwarding state and not pruned
Gi1/0/13    1,73,99
Gi1/0/24    1,20,30,40,50,60,99
CAT-3750-3#

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24303524
Everything looks good there. The only thing left is the VLAN interface itself. Can you post the output of a "show ip int brief".

0
 

Author Comment

by:theB0FH
ID: 24303587
Hi donjohnston

I've added the output below again for switch 1 and 3.

Cheers

Switch 1:
CAT-3750-HQ1#sh ip int brie
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.30.0.1      YES NVRAM  up                    up      
Vlan20                 172.30.20.1     YES NVRAM  up                    up      
Vlan30                 172.30.30.1     YES NVRAM  up                    up      
Vlan40                 172.30.40.1     YES NVRAM  up                    up      
Vlan50                 172.30.50.1     YES NVRAM  up                    up      
Vlan60                 172.30.60.1     YES NVRAM  up                    up      
Vlan99                 10.0.0.241      YES manual up                    up      
GigabitEthernet1/0/1   unassigned      YES unset  up                    up      
GigabitEthernet1/0/2   unassigned      YES unset  up                    up      
GigabitEthernet1/0/3   unassigned      YES unset  up                    up      
GigabitEthernet1/0/4   unassigned      YES unset  up                    up      
GigabitEthernet1/0/5   unassigned      YES unset  up                    up      
GigabitEthernet1/0/6   unassigned      YES unset  up                    up      
GigabitEthernet1/0/7   unassigned      YES unset  up                    up      
GigabitEthernet1/0/8   unassigned      YES unset  up                    up      
GigabitEthernet1/0/9   unassigned      YES unset  up                    up      
GigabitEthernet1/0/10  unassigned      YES unset  up                    up      
GigabitEthernet1/0/11  unassigned      YES unset  up                    up      
GigabitEthernet1/0/12  unassigned      YES unset  up                    up      
GigabitEthernet1/0/13  unassigned      YES unset  up                    up      
GigabitEthernet1/0/14  unassigned      YES unset  up                    up      
GigabitEthernet1/0/15  unassigned      YES unset  up                    up      
GigabitEthernet1/0/16  unassigned      YES unset  up                    up      
GigabitEthernet1/0/17  unassigned      YES unset  up                    up      
GigabitEthernet1/0/18  unassigned      YES unset  up                    up      
GigabitEthernet1/0/19  unassigned      YES unset  up                    up      
GigabitEthernet1/0/20  unassigned      YES unset  up                    up      
GigabitEthernet1/0/21  unassigned      YES unset  up                    up      
GigabitEthernet1/0/22  unassigned      YES unset  up                    up      
GigabitEthernet1/0/23  unassigned      YES unset  up                    up      
GigabitEthernet1/0/24  unassigned      YES unset  up                    up      
CAT-3750-HQ1#
 
 
Switch 3:
CAT-3750-3#sh ip int brie
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  172.30.0.3      YES NVRAM  up                    up      
Vlan71                 172.30.71.1     YES NVRAM  down                  down    
Vlan72                 172.30.72.1     YES NVRAM  down                  down    
Vlan73                 172.30.73.1     YES NVRAM  up                    up      
Vlan81                 172.30.81.1     YES NVRAM  up                    up      
Vlan82                 172.30.82.1     YES NVRAM  up                    up      
Vlan83                 172.30.83.1     YES NVRAM  up                    up      
Vlan99                 10.0.0.243      YES manual up                    up      
GigabitEthernet1/0/1   unassigned      YES unset  down                  down    
GigabitEthernet1/0/2   unassigned      YES unset  down                  down    
GigabitEthernet1/0/3   unassigned      YES unset  down                  down    
GigabitEthernet1/0/4   unassigned      YES unset  down                  down    
GigabitEthernet1/0/5   unassigned      YES unset  down                  down    
GigabitEthernet1/0/6   unassigned      YES unset  down                  down    
GigabitEthernet1/0/7   unassigned      YES unset  down                  down    
GigabitEthernet1/0/8   unassigned      YES unset  down                  down    
GigabitEthernet1/0/9   unassigned      YES unset  down                  down    
GigabitEthernet1/0/10  unassigned      YES unset  down                  down    
GigabitEthernet1/0/11  unassigned      YES unset  up                    up      
GigabitEthernet1/0/12  unassigned      YES unset  up                    up      
GigabitEthernet1/0/13  unassigned      YES unset  up                    up      
GigabitEthernet1/0/14  unassigned      YES unset  up                    up      
GigabitEthernet1/0/15  unassigned      YES unset  down                  down    
GigabitEthernet1/0/16  unassigned      YES unset  down                  down    
GigabitEthernet1/0/17  unassigned      YES unset  up                    up      
GigabitEthernet1/0/18  unassigned      YES unset  up                    up      
GigabitEthernet1/0/19  unassigned      YES unset  down                  down    
GigabitEthernet1/0/20  unassigned      YES unset  up                    up      
GigabitEthernet1/0/21  unassigned      YES unset  down                  down    
GigabitEthernet1/0/22  unassigned      YES unset  down                  down    
GigabitEthernet1/0/23  unassigned      YES unset  up                    up      
GigabitEthernet1/0/24  unassigned      YES unset  up                    up      
CAT-3750-3#

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24303623
Once again, everything looks correct. Can you ping the VLAN 1 interface on Switch 3 from the HQ switch?
0
 

Author Comment

by:theB0FH
ID: 24304179
Pings on VLAN 1 are OK between all switches:

Thanks


CAT-3750-HQ1#ping 172.30.0.3 (CAT-3750-3)
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.30.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
CAT-3750-HQ1#

Open in new window

0
 

Author Comment

by:theB0FH
ID: 24304377
I've also done sh vtp status...
Switch 1:
CAT-3750-HQ1#sh vtp stat
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3 
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.1 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-HQ1#
 
Switch 2:
CAT-3750-HQ2#sh vtp status
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.2 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-HQ2#
 
Switch 3:
CAT-3750-3#sh vtp status
VTP Version                     : 2
Configuration Revision          : 25
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 23
VTP Operating Mode              : Server
VTP Domain Name                 : marlow
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Disabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0xB3 0xF4 0x4A 0x21 0x47 0x55 0x50 0xD3
Configuration last modified by 172.30.0.1 at 10-18-93 20:46:33
Local updater ID is 172.30.0.3 on interface Vl1 (lowest numbered VLAN interface found)
CAT-3750-3#

Open in new window

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24304404
Then you've probably got a duplicate IP address (10.0.0.243) or a bad entry in the arp cache.

Once you verify there is no other 10.0.0.243 device, check the arp cache of the Switches and see if there's an entry for the other VLAN99 address and that the MAC is correct.
0
 

Author Comment

by:theB0FH
ID: 24305614
OK, I've change VLAN 99 interface IP address on switch 3 to 10.0.0.175 in case there was a conflict. This didn't fix it. I've then done a "clear arp" on all the switches and then did a "show arp | incl 10.0".

On Switch 1 and 2 it's all fine (I see entries from each of these on each other), but on Switch 3 there's some wierdness. Look at the mac address for 10.0.0.1 - can this point to something else that's wrong?

Thanks


Switch 1:
CAT-3750-HQ1#sh arp | incl 10.0.
Internet  10.0.0.1                0   000f.b5d6.18d8  ARPA   Vlan99
Internet  10.0.0.242             78   0016.9df2.d7c1  ARPA   Vlan99
Internet  10.0.0.241              -   0016.9df2.bfc6  ARPA   Vlan99
CAT-3750-HQ1#
 
Switch 2:
CAT-3750-HQ2#sh arp | incl 10.0
Internet  10.0.0.1                0   000f.b5d6.18d8  ARPA   Vlan99
Internet  10.0.0.76               0   0023.6c91.fa0d  ARPA   Vlan99
Internet  10.0.0.242              -   0016.9df2.d7c1  ARPA   Vlan99
Internet  10.0.0.241              0   0016.9df2.bfc6  ARPA   Vlan99
CAT-3750-HQ2#
 
Switch 3:
CAT-3750-3#sh arp | incl 10.0.
Internet  10.0.0.1                0   Incomplete      ARPA
Internet  10.0.0.175              -   001e.be77.6047  ARPA   Vlan99
CAT-3750-3#

Open in new window

0
 

Author Comment

by:theB0FH
ID: 24305681
another note:

I've removed the "ip helper ..." line from Vlan 99 on Switch 3 - this gets rid of the "Incomplete" Arp entry, but this solves nothing - Switch 2 | Vlan 99 is configured in the same way and that works OK...

Is there some way to trace traffic or something?

Thanks
0
 
LVL 57

Assisted Solution

by:giltjr
giltjr earned 999 total points
ID: 24335090
If you have a free port on both switches set them up a mirror ports and run a packet capture to verify that each switch is putting VLAN 99 traffic outbound on the appropriate interface.

Oh, the incomplete on the arp entry for 10.0.0.1 just means that it sent out the arp request and it never got a response.  Which is just another indication that something weird is going on with VLAN 99.

0
 
LVL 50

Expert Comment

by:Don Johnston
ID: 24335124
Just so something else hasn't happened that's adding a symptom, please post the current configs of HQ and Switch 3.
0
 

Author Comment

by:theB0FH
ID: 24335162
Switch CAT-3750-HQ1's config below
CAT-3750-HQ1#sh run
Building configuration...
 
Current configuration : 16380 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CAT-3750-HQ1
!
no logging console
enable secret 5 $1$yhwh$xxxxxxxxxxxxxx/
!
username admin secret 5 $1$xxxxxxxxxxxxxxxx
aaa new-model
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3750g-24t
ip subnet-zero
ip routing
ip domain-name domain.local
ip name-server 172.30.6.111
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport mode access
!
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport access vlan 99
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport access vlan 60
 switchport mode access
!
interface GigabitEthernet1/0/10
 description DOWNLINK TO CAT-3750-3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface GigabitEthernet1/0/11
 switchport mode access
!
interface GigabitEthernet1/0/12
 switchport access vlan 20
 switchport mode access
!
interface GigabitEthernet1/0/13
 description Netgear 16 Port Switch
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/14
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/15
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport access vlan 40
 switchport mode access
!
interface GigabitEthernet1/0/17
 switchport access vlan 40
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport access vlan 50
 switchport mode access
!
interface GigabitEthernet1/0/23
 switchport access vlan 60
 switchport mode access
 speed 10
 duplex full
!
interface GigabitEthernet1/0/24
 description Downlink to CAT-3750-HQ2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 duplex full
!
interface Vlan1
 description SERVERS
 ip address 172.30.0.1 255.255.248.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN1
!
interface Vlan20
 description WEB_SERVERS
 ip address 172.30.20.1 255.255.252.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY
!
interface Vlan30
 description GROUN_FLOOR
 ip address 172.30.30.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN30
!
interface Vlan40
 ip address 172.30.40.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan50
 ip address 172.30.50.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN50
!
interface Vlan60
 ip address 172.30.60.1 255.255.255.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip policy route-map GATEWAY_VLAN60
!
interface Vlan99
 description WIFI Visitors Guest Access
 ip address 10.0.0.241 255.255.255.0
 ip helper-address 10.0.0.1
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
router eigrp 1
 network 172.30.0.0
 no auto-summary
!
ip classless
no ip forward-protocol udp netbios-ns
no ip forward-protocol udp netbios-dgm
ip route 0.0.0.0 0.0.0.0 172.30.7.2
no ip http server
no ip http secure-server
!
!
ip access-list standard SSH-ALLOWED
 permit 172.30.0.0 0.0.255.255
 deny   any log
!
ip access-list extended ASA_7_11_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.30.101 any
ip access-list extended ASA_7_4_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA_7_5_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.3.9 any
 permit ip host 172.30.3.8 any
 permit ip host 172.30.6.30 host 85.90.255.205
 permit ip host 172.30.3.5 any
 permit ip host 172.30.3.100 any
 permit ip host 172.30.3.1 any
 permit ip host 172.30.3.3 any
 permit ip host 172.30.3.10 any
 permit ip host 172.30.1.6 any
 permit ip host 172.30.6.9 any
ip access-list extended ASA_7_5_VLAN20
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_11
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.20.4 any
 permit ip host 172.30.20.5 any
 permit ip host 172.30.20.6 any
 permit ip host 172.30.20.7 any
 permit ip host 172.30.20.8 any
 permit ip host 172.30.20.9 any
 permit ip host 172.30.20.10 any
 permit ip host 172.30.20.11 any
 permit ip host 172.30.20.12 any
 permit ip host 172.30.20.13 any
 permit ip host 172.30.20.14 any
 permit ip host 172.30.20.15 any
 permit ip host 172.30.20.16 any
 permit ip host 172.30.20.17 any
 permit ip host 172.30.20.18 any
 permit ip host 172.30.20.19 any
 permit ip host 172.30.20.20 any
 permit ip host 172.30.20.21 any
 permit ip host 172.30.20.22 any
 permit ip host 172.30.20.23 any
 permit ip host 172.30.20.24 any
 permit ip host 172.30.20.25 any
 permit ip host 172.30.20.26 any
 permit ip host 172.30.20.76 any
 permit ip host 172.30.20.77 any
 permit ip host 172.30.20.78 any
 permit ip host 172.30.20.86 any
 permit ip host 172.30.20.87 any
 permit ip host 172.30.20.88 any
 permit ip host 172.30.20.89 any
 permit ip host 172.30.20.90 any
 permit ip host 172.30.20.91 any
 permit ip host 172.30.20.92 any
 permit ip host 172.30.20.93 any
 permit ip host 172.30.20.94 any
 permit ip host 172.30.20.95 any
 permit ip host 172.30.20.96 any
 permit ip host 172.30.20.97 any
 permit ip host 172.30.20.98 any
 permit ip host 172.30.20.99 any
 permit ip host 172.30.20.100 any
 permit ip host 172.30.20.101 any
 permit ip host 172.30.20.105 any
 permit ip host 172.30.20.106 any
 permit ip host 172.30.20.107 any
 permit ip host 172.30.20.108 any
 permit ip host 172.30.20.109 any
 permit ip host 172.30.20.110 any
 permit ip host 172.30.20.121 any
 permit ip host 172.30.20.124 any
 permit ip host 172.30.20.131 any
 permit ip host 172.30.20.123 any
 permit ip host 172.30.20.127 any
 permit ip host 172.30.20.81 any
 permit ip host 172.30.20.102 any
 permit ip host 172.30.20.103 any
 permit ip host 172.30.20.104 any
 permit ip host 172.30.20.128 any
 permit ip host 172.30.20.129 any
ip access-list extended PIX_7_11_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.6.60 any
 permit ip host 172.30.6.61 any
 permit ip host 172.30.6.25 any
 permit ip host 172.30.6.6 any
 permit ip host 172.30.7.205 any
 permit ip host 172.30.6.5 any
 permit ip host 172.30.5.203 any
 permit ip host 172.30.6.109 any
 permit ip host 172.30.0.7 any
 permit ip host 172.30.6.62 any
 permit ip host 172.30.1.205 any
 permit ip host 172.30.6.111 any
 permit ip host 172.30.0.70 any
 permit ip host 172.30.0.250 any
 permit ip host 172.30.1.243 any
 permit ip host 172.30.1.241 any
 permit ip host 172.30.0.34 any
 permit ip host 172.30.0.56 any
 permit ip host 172.30.0.58 any
 permit ip host 172.30.0.32 any
 permit ip host 172.30.0.57 any
 permit ip host 172.30.6.63 any
 permit ip host 172.30.2.101 any
 permit ip host 172.30.6.37 any
 permit ip host 172.30.6.110 any
 permit ip host 172.30.6.39 any
 permit ip host 172.30.3.4 any
 permit ip host 172.30.7.150 any
 permit ip host 172.30.6.31 any
 permit ip host 172.30.0.90 any
 permit ip host 172.30.0.91 any
 permit ip host 172.30.0.92 any
 permit ip host 172.30.6.14 any
 permit ip host 172.30.2.31 any
 permit ip host 172.30.0.16 any
 permit ip host 172.30.6.45 any
 permit ip host 172.30.6.53 any
ip access-list extended PIX_7_11_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 host 83.244.211.99
 permit ip host 172.30.30.100 any
 permit ip host 172.30.30.28 any
ip access-list extended PIX_7_11_VLAN60
 deny   ip 172.30.0.0 0.0.255.255 192.168.144.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_11_VLAN_1
 permit ip host 172.30.6.45 any
ip access-list extended PIX_7_1_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended PIX_7_2_VLAN50
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.50.27 any
ip access-list extended PIX_7_3_VLAN30
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.30.100 any
ip access-list extended SONICWALL_7_1
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.20.2 any
 permit ip host 172.30.20.3 any
 permit ip host 172.30.20.27 any
 permit ip host 172.30.20.28 any
 permit ip host 172.30.20.29 any
 permit ip host 172.30.20.30 any
 permit ip host 172.30.20.31 any
 permit ip host 172.30.20.32 any
 permit ip host 172.30.20.33 any
 permit ip host 172.30.20.34 any
 permit ip host 172.30.20.35 any
 permit ip host 172.30.20.36 any
 permit ip host 172.30.20.37 any
 permit ip host 172.30.20.38 any
 permit ip host 172.30.20.39 any
 permit ip host 172.30.20.40 any
 permit ip host 172.30.20.41 any
 permit ip host 172.30.20.42 any
 permit ip host 172.30.20.43 any
 permit ip host 172.30.20.44 any
 permit ip host 172.30.20.45 any
 permit ip host 172.30.20.46 any
 permit ip host 172.30.20.47 any
 permit ip host 172.30.20.48 any
 permit ip host 172.30.20.49 any
 permit ip host 172.30.20.50 any
 permit ip host 172.30.20.51 any
 permit ip host 172.30.20.52 any
 permit ip host 172.30.20.53 any
 permit ip host 172.30.20.54 any
 permit ip host 172.30.20.55 any
 permit ip host 172.30.20.56 any
 permit ip host 172.30.20.57 any
 permit ip host 172.30.20.58 any
 permit ip host 172.30.20.59 any
 permit ip host 172.30.20.60 any
 permit ip host 172.30.20.61 any
 permit ip host 172.30.20.62 any
 permit ip host 172.30.20.63 any
 permit ip host 172.30.20.64 any
 permit ip host 172.30.20.65 any
 permit ip host 172.30.20.66 any
 permit ip host 172.30.20.67 any
 permit ip host 172.30.20.68 any
 permit ip host 172.30.20.69 any
 permit ip host 172.30.20.70 any
 permit ip host 172.30.20.71 any
 permit ip host 172.30.20.72 any
 permit ip host 172.30.20.73 any
 permit ip host 172.30.20.74 any
 permit ip host 172.30.20.79 any
 permit ip host 172.30.20.80 any
 permit ip host 172.30.20.82 any
 permit ip host 172.30.20.83 any
 permit ip host 172.30.20.84 any
 permit ip host 172.30.20.85 any
 permit ip host 172.30.20.102 any
 permit ip host 172.30.20.103 any
 permit ip host 172.30.20.104 any
ip access-list extended SONICWALL_7_1_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.20.30.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip host 172.30.6.11 any
 permit ip host 172.30.0.245 any
 permit ip host 172.30.0.248 any
 permit ip host 172.30.0.252 any
 permit ip host 172.30.6.26 any
 permit ip host 172.30.4.10 any
 permit ip host 172.30.4.11 any
 permit ip host 172.30.4.12 any
ip access-list extended SONICWALL_7_1_VLAN60
 deny   ip 172.30.0.0 0.0.255.255 10.11.12.0 0.0.0.255
 deny   ip 172.30.0.0 0.0.255.255 10.30.50.0 0.0.0.255
 permit ip 172.30.0.0 0.0.255.255 172.30.8.0 0.0.7.255
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
!
logging trap debugging
logging facility local6
logging 172.30.30.101
route-map GATEWAY_VLAN30 permit 10
 match ip address PIX_7_1_VLAN30
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN30 permit 20
 match ip address PIX_7_11_VLAN30
 set ip next-hop 172.30.7.5
!
route-map GATEWAY_VLAN30 permit 30
 match ip address ASA_7_11_VLAN30
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN60 permit 10
 match ip address SONICWALL_7_1_VLAN60
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN60 permit 20
 match ip address PIX_7_11_VLAN60
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN50 permit 10
 match ip address PIX_7_2_VLAN50
 set ip next-hop 172.30.7.2
!
route-map GATEWAY_VLAN1 permit 10
 match ip address SONICWALL_7_1_VLAN1
 set ip next-hop 172.30.7.1
!
route-map GATEWAY_VLAN1 permit 20
 match ip address PIX_7_11_VLAN1
 set ip next-hop 172.30.7.11
!
route-map GATEWAY_VLAN1 permit 30
 match ip address ASA_7_5_VLAN1
 set ip next-hop 172.30.7.5
!
route-map GATEWAY permit 10
 match ip address SONICWALL_7_1
 set ip next-hop 172.30.7.1
!
route-map GATEWAY permit 20
 match ip address PIX_7_11
 set ip next-hop 172.30.7.11
!
route-map GATEWAY permit 30
 match ip address ASA_7_5_VLAN20
 set ip next-hop 172.30.7.5
!
snmp-server community d4t4Select RO
snmp-server enable traps snmp authentication linkdown linkup coldstart
radius-server source-ports 1645-1646
!
control-plane
!
banner login ^CCC Private Property - All access is logged Unauthorised entry is prohibited^C
alias exec sr sh run
alias exec ct conf t
alias exec sip sh ip protocols
alias exec sir sh ip route
alias exec sim sh ip mroute
alias exec sib sh ip int brief
alias exec sv sh vlan brief
!
line con 0
 exec-timeout 15 0
 logging synchronous
line vty 0 4
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
line vty 5 15
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
!
end
 
CAT-3750-HQ1#  

Open in new window

0
 

Author Comment

by:theB0FH
ID: 24335176
Switch CAT-3750-3's config below.
CAT-3750-3#sh run
Building configuration...
 
Current configuration : 6276 bytes
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug uptime
service timestamps log uptime
service password-encryption
service linenumber
!
hostname CAT-3750-3
!
enable secret 5 $1$ocZl$xxxxxxxxxxxxxxxxxxxxx.
!
username admin secret 5 $1xxxxxxxxxxGsj.
aaa new-model
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3750g-24t
system mtu routing 1500
ip subnet-zero
ip routing
ip tcp synwait-time 5
no ip domain-lookup
ip domain-name domain.local
!
ip ssh version 2
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface GigabitEthernet1/0/1
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport mode access
!         
interface GigabitEthernet1/0/3
 switchport mode access
!
interface GigabitEthernet1/0/4
 switchport mode access
!
interface GigabitEthernet1/0/5
 switchport mode access
!
interface GigabitEthernet1/0/6
 switchport mode access
!
interface GigabitEthernet1/0/7
 switchport mode access
!
interface GigabitEthernet1/0/8
 switchport mode access
!
interface GigabitEthernet1/0/9
 switchport mode access
!
interface GigabitEthernet1/0/10
 switchport mode access
!
interface GigabitEthernet1/0/11
 description Fibre Pair 1
 switchport access vlan 81
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/12
 description Fibre Pair 2
 switchport access vlan 82
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/13
 description Fibre Pair 3
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 1,73,99
 switchport mode trunk
!
interface GigabitEthernet1/0/14
 description Fibre Pair 4
 switchport access vlan 83
 switchport mode access
 speed 1000
 duplex full
!
interface GigabitEthernet1/0/15
 switchport mode access
!
interface GigabitEthernet1/0/16
 switchport mode access
!
interface GigabitEthernet1/0/17
 description Comms room south unmanaged
 switchport access vlan 81
 switchport mode access
!
interface GigabitEthernet1/0/18
 switchport mode access
!
interface GigabitEthernet1/0/19
 switchport mode access
!
interface GigabitEthernet1/0/20
 switchport mode access
!
interface GigabitEthernet1/0/21
 switchport mode access
!
interface GigabitEthernet1/0/22
 switchport mode access
!
interface GigabitEthernet1/0/23
 description ASA5505
 switchport mode access
!
interface GigabitEthernet1/0/24
 description UPLINK TO CAT-3750-HQ1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface Vlan1
 ip address 172.30.0.3 255.255.248.0
 ip helper-address 172.30.6.111
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan71
 description WIFI network for Guest Access
 ip address 172.30.71.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan72
 description WIFI network for General Domain Use
 ip address 172.30.72.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan73
 description WIFI network for Scanners
 ip address 172.30.73.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan81
 description NORTH and WEST
 ip address 172.30.81.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan82
 description EAST
 ip address 172.30.82.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan83
 description CENTRAL / Production
 ip address 172.30.83.1 255.255.255.0
 ip helper-address 172.30.6.200
 no ip redirects
 no ip unreachables
 no ip proxy-arp
!
interface Vlan99
 description WIFI Visitors Guest Access
 ip address 10.0.0.175 255.255.255.0
!
router eigrp 1
 network 172.30.0.0
 no auto-summary
!
ip classless
ip route 0.0.0.0 0.0.0.0 172.30.0.1
no ip http server
no ip http secure-server
!
!
ip access-list standard SSH-ALLOWED
 permit 82.133.50.163
 permit 217.20.18.2
 permit 172.30.0.0 0.0.255.255
 permit 10.20.30.0 0.0.0.255
 deny   any log
!
ip access-list extended ASA5505_7_2_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA5505_7_3_VLAN1
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
ip access-list extended ASA5505_7_3_VLAN73
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
ip access-list extended ASA5505_7_3_VLAN81
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
ip access-list extended ASA5505_7_3_VLAN83
 deny   ip 172.30.0.0 0.0.255.255 172.30.0.0 0.0.255.255
 permit ip 172.30.0.0 0.0.255.255 any
!
route-map GATEWAY_VLAN73 permit 10
 match ip address ASA5505_7_3_VLAN73
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN83 permit 10
 match ip address ASA5505_7_3_VLAN83
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN81 permit 10
 match ip address ASA5505_7_3_VLAN81
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN1 permit 10
 match ip address ASA5505_7_3_VLAN1
 set ip next-hop 172.30.7.3
!
route-map GATEWAY_VLAN1 permit 20
 match ip address ASA5505_7_2_VLAN1
 set ip next-hop 172.30.7.2
!
snmp-server community d4t4Select RO
snmp-server enable traps snmp authentication linkdown linkup coldstart
snmp-server enable traps license
radius-server source-ports 1645-1646
!
control-plane
!
banner login ^CCCC Private Property - All access is logged Unauthorised entry is prohibited^C
alias exec sr sh run
alias exec ct conf t
alias exec sip sh ip protocols
alias exec sir sh ip route
alias exec sim sh ip mroute
alias exec sib sh ip int brief
alias exec sv sh vlan brief
!
line con 0
 exec-timeout 15 0
 logging synchronous
line vty 0 4
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
line vty 5 15
 access-class SSH-ALLOWED in
 exec-timeout 15 0
 logging synchronous
 transport input ssh
!
end
 
CAT-3750-3#     

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 24335277
Real stupid question, can you ping 10.0.0.175 from CAT-3750-3?  That is, can it ping its own VLAN99 IP address?
0
 

Author Comment

by:theB0FH
ID: 24335298
Fair question!
Yes I can ping the VLAN99 IP address from the switch.
cheers

CAT-3750-3#ping 10.0.0.175
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.175, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Open in new window

0
 
LVL 57

Expert Comment

by:giltjr
ID: 24335873
Do you have any devices that are on CAT-3750-3 that are on VLAN99?

If so can CAT-3750-3 and that device ping each other?
0
 

Author Comment

by:theB0FH
ID: 24336396
Hi giltjr:
There is a device attached to switch 3 that has the ip address 10.0.0.176. This is the ping output as welll as sh arp.

Thx
CAT-3750-3#ping 10.0.0.176
 
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.176, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
CAT-3750-3#
CAT-3750-3#
CAT-3750-3#
CAT-3750-3#sh arp | incl 10.0.0
Internet  10.0.0.175              -   001e.be77.6047  ARPA   Vlan99
Internet  10.0.0.176              2   000b.0e5b.f4ef  ARPA   Vlan99
CAT-3750-3#

Open in new window

0
 
LVL 57

Accepted Solution

by:
giltjr earned 999 total points
ID: 24336753
Um, well we had a similar issue a couple of weeks ago with a 4507.  End the end we configured the trunk port to all all VLAN's, then changed it back to just limiting the VLANs we wanted and then all of sudden it started to work.

So on CAT-3750-3 you may want to change interface GigabitEthernet1/0/13 to that it allows all VLAN's.  Check and see if the pings start to flow, then go back and only allow the VLANs you want.
 
0
 

Author Comment

by:theB0FH
ID: 24336910
hi giltjr

Thanks for the comment. I'll have to try that outside office hours as that's one crucial port! I'll hopefully do it later tonight, but more like sometime over the weekend. I'll post back as soon as I have any results.

cheers and have  agood weekend
TB
0
 

Author Comment

by:theB0FH
ID: 24352295
I've not been able to get alone-time on the switch. I'll try soon though. Thx
0
 

Author Comment

by:theB0FH
ID: 24382922
Hi guys (admins included)

I need to put this on hold, but I don't want to close the issue. Problem is I cannot really modify the config of this switch (specifically port 1/0/13) at the moment as it is critical not to have any downtime at the moment.

Can we just leave this call open or should it be put "on hold" in some way? I don't want to cancel it since someone could still come up with a simple solution while waiting for me to get a window for testing.

And the points are still up for grabs.

Cheers
TB

0
 

Author Comment

by:theB0FH
ID: 25372239
Quick update:

We've not had time to do the suggested steps, but another thing came to mind - perhaps we should update the software on the switches all to the same level if it's not already. Will have to look at this over the next couple of weeks.

TB
0
 
LVL 50

Assisted Solution

by:Don Johnston
Don Johnston earned 501 total points
ID: 25372652
Before updating software (I've never seen a IOS version cause this particular problem), try rebooting the switch.
0
 

Author Closing Comment

by:theB0FH
ID: 31576986
Unfortunately I'm going to have to just close this question as I cannot put any time aside to do anything about it anytime soon.

Sorry for the thinly spread points but since there are no clear solutions, what else could I do!

Thanks for the imput guys
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Make the most of your online learning experience.
How to fix a SonicWall Gateway Anti-Virus firewall blocking automatic updates to apps like Windows, Adobe, Symantec, etc.
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question