asked on Cisco 3560 switch VLAN ISSUES
Hi,
I just received a brand new Cisco 3560G w/PoE switch
I configured 3 different VLANS were two of it are connected to a two different Lan ports onto a SonicWall TZ210 Firewall (same as tow different routers) .
I don´t know why but there are traffic passing from the vlans (something not desirable) and I am getting loopback message error at the router.
The PC´s located in each vlan received their Ip address from two differents DHCP Servers, but this is something that do not happen.
My problem is that the clients from VLAN 2 (e.g.) are receiving DHCP & DNS info from VLAN 1 servers.
Ideas welcome
I just received a brand new Cisco 3560G w/PoE switch
I configured 3 different VLANS were two of it are connected to a two different Lan ports onto a SonicWall TZ210 Firewall (same as tow different routers) .
I don´t know why but there are traffic passing from the vlans (something not desirable) and I am getting loopback message error at the router.
The PC´s located in each vlan received their Ip address from two differents DHCP Servers, but this is something that do not happen.
My problem is that the clients from VLAN 2 (e.g.) are receiving DHCP & DNS info from VLAN 1 servers.
Ideas welcome
Switches / HubsHardware Firewalls
Last Comment
mawueli
ASKER
Thanks for your prompt reply.
I will be testing asap
Is there a way to send commands to the switch via web instead configuration port?
Thanks
I will be testing asap
Is there a way to send commands to the switch via web instead configuration port?
Thanks
hm... I don't know, usaly the engineers like CLI, not WEB:_(
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
...the only way to do this via web is to configure http server (if its not already configured you have to do this via cli anyway...) and then you can use cisco network assistant which is a java tool by cisco with a gui.
i am not sure but dont think 3560 have a web interface by default...
But something else, if you dont need traffic between the vlans try to do a deny policy between the ports on the firewall in both directions, this should also solve your issue.
Another thing to do would be "ip helper address" but for this again you need the cli...
i am not sure but dont think 3560 have a web interface by default...
But something else, if you dont need traffic between the vlans try to do a deny policy between the ports on the firewall in both directions, this should also solve your issue.
Another thing to do would be "ip helper address" but for this again you need the cli...
ASKER
Thanks for your comments,
Finally I took the CLI Option but the command No Ip Routing it´s forbidden I checked the switch cli syntax and it does not appear.
Any other way to solve the situation via CLI commands.
Thanks
Finally I took the CLI Option but the command No Ip Routing it´s forbidden I checked the switch cli syntax and it does not appear.
Any other way to solve the situation via CLI commands.
Thanks
did you set the switch in config mode with "conf t" ?
can you post the running config of the router as of now?
...looks to me like an "easy to fix" problem...
can you post the running config of the router as of now?
...looks to me like an "easy to fix" problem...
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
your welcome
ASKER
Hi
I am enclosing the Cisco Confiuration
The problem is:
A DHCP server it`s located on vlan 1 (default)
and stations from the different vlans defined (100 / 200 / 300) take it`s Ip address from the DHCP server located on VLAN 1 also from any station attached to vlan 100, 200 or 300 I can successfully ping the dhcp server located on vlan 1
And its suppoused that this situation could not be happening.
I have reset the Switch and reprogrammed the vlans but the situation its the same
Ideas welcom
**************************
Operating System Version: 12.2
Cisco 3560G
**************************
sh run
Building configuration...
Current configuration : 2231 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface GigabitEthernet0/1
switchport access vlan 100
!
interface GigabitEthernet0/2
switchport access vlan 100
!
interface GigabitEthernet0/3
switchport access vlan 100
!
interface GigabitEthernet0/4
switchport access vlan 100
!
interface GigabitEthernet0/5
switchport access vlan 100
!
interface GigabitEthernet0/6
switchport access vlan 100
!
interface GigabitEthernet0/7
switchport access vlan 200
!
interface GigabitEthernet0/8
switchport access vlan 200
!
interface GigabitEthernet0/9
switchport access vlan 300
!
interface GigabitEthernet0/10
switchport access vlan 300
!
interface GigabitEthernet0/11
switchport access vlan 300
!
interface GigabitEthernet0/12
switchport access vlan 300
!
interface GigabitEthernet0/13
switchport access vlan 300
!
interface GigabitEthernet0/14
switchport access vlan 300
!
interface GigabitEthernet0/15
switchport access vlan 300
!
interface GigabitEthernet0/16
switchport access vlan 300
!
interface GigabitEthernet0/17
switchport access vlan 300
!
interface GigabitEthernet0/18
switchport access vlan 300
!
interface GigabitEthernet0/19
switchport access vlan 300
!
interface GigabitEthernet0/20
switchport access vlan 300
!
interface GigabitEthernet0/21
switchport access vlan 300
!
interface GigabitEthernet0/22
switchport access vlan 300
!
interface GigabitEthernet0/23
switchport access vlan 300
!
interface GigabitEthernet0/24
switchport access vlan 300
!
interface GigabitEthernet0/25
switchport access vlan 300
!
interface GigabitEthernet0/26
switchport access vlan 300
!
interface GigabitEthernet0/27
switchport access vlan 300
!
interface GigabitEthernet0/28
switchport access vlan 300
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
no ip address
!
interface Vlan200
no ip address
!
interface Vlan300
no ip address
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
I am enclosing the Cisco Confiuration
The problem is:
A DHCP server it`s located on vlan 1 (default)
and stations from the different vlans defined (100 / 200 / 300) take it`s Ip address from the DHCP server located on VLAN 1 also from any station attached to vlan 100, 200 or 300 I can successfully ping the dhcp server located on vlan 1
And its suppoused that this situation could not be happening.
I have reset the Switch and reprogrammed the vlans but the situation its the same
Ideas welcom
**************************
Operating System Version: 12.2
Cisco 3560G
**************************
sh run
Building configuration...
Current configuration : 2231 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
!
interface GigabitEthernet0/1
switchport access vlan 100
!
interface GigabitEthernet0/2
switchport access vlan 100
!
interface GigabitEthernet0/3
switchport access vlan 100
!
interface GigabitEthernet0/4
switchport access vlan 100
!
interface GigabitEthernet0/5
switchport access vlan 100
!
interface GigabitEthernet0/6
switchport access vlan 100
!
interface GigabitEthernet0/7
switchport access vlan 200
!
interface GigabitEthernet0/8
switchport access vlan 200
!
interface GigabitEthernet0/9
switchport access vlan 300
!
interface GigabitEthernet0/10
switchport access vlan 300
!
interface GigabitEthernet0/11
switchport access vlan 300
!
interface GigabitEthernet0/12
switchport access vlan 300
!
interface GigabitEthernet0/13
switchport access vlan 300
!
interface GigabitEthernet0/14
switchport access vlan 300
!
interface GigabitEthernet0/15
switchport access vlan 300
!
interface GigabitEthernet0/16
switchport access vlan 300
!
interface GigabitEthernet0/17
switchport access vlan 300
!
interface GigabitEthernet0/18
switchport access vlan 300
!
interface GigabitEthernet0/19
switchport access vlan 300
!
interface GigabitEthernet0/20
switchport access vlan 300
!
interface GigabitEthernet0/21
switchport access vlan 300
!
interface GigabitEthernet0/22
switchport access vlan 300
!
interface GigabitEthernet0/23
switchport access vlan 300
!
interface GigabitEthernet0/24
switchport access vlan 300
!
interface GigabitEthernet0/25
switchport access vlan 300
!
interface GigabitEthernet0/26
switchport access vlan 300
!
interface GigabitEthernet0/27
switchport access vlan 300
!
interface GigabitEthernet0/28
switchport access vlan 300
!
interface Vlan1
no ip address
shutdown
!
interface Vlan100
no ip address
!
interface Vlan200
no ip address
!
interface Vlan300
no ip address
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
ASKER CERTIFIED SOLUTION
Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
...just came to my mind that after that you will probably run into the next problem depending on your topology because normally the vlans with this config shouldnt be able to communicate and i dont know if you need it or not, so if something else doesnt work after this just come back ;-)
Experts Exchange has (a) saved my job multiple times, (b) saved me hours, days, and even weeks of work, and often (c) makes me look like a superhero! This place is MAGIC!
Walt Forbes
no ip routing