Solved

Cisco 2960 ans 1310 Vlan Configuration

Posted on 2010-09-21
10
1,153 Views
Last Modified: 2012-05-10
I have two Cisco 1310's setup and configured as the example below suggests:

http://www.cisco.com/en/US/tech/tk722/tk809/technologies_configuration_example09186a008058f53e.shtml

This is my setup:

Cisco 2960 (Hastings Road)  VLAN 1 - 192.168.100.80
                    VLAN 200 = 192.168.200.80

Port F0/1 = Connected to Cisco 1310

Cisco 1310 - Root = 192.168.100.10

Cisco 1310 - Non-Root = 192.168.100.11

Port F0/1 = Connection to Cisco 1310

Cisco 2960 (Union Valley) - VLAN 1 = 192.168.100.81
                      VLAN 200 - 192.168.200.81


When logged into one of the switches.  I can ping anything in the 192.168.100.0 network.  But I can not ping anything but the local 192.168.200.0 network ip address.

What am I doing wrong?  Switch Configs are the code snippets

What I am trying to do:

At Hasting Road I have:

TW Internet Connection on VLAN 200
TW Ethernet Connection on VLAN 220


Send both types of network connection using VLANS across the wireless link and then break the VLAN out on the other wide.

Hopefully this is clear enough to understand.
HASTINGS#show running
Building configuration...

Current configuration : 4461 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname HASTINGS
!
boot-start-marker
boot-end-marker
!
enable password 7 
!
username 
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
ip subnet-zero
!
ip domain-name 
!
!
crypto pki trustpoint TP-self-signed-375544192
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-375544192
 revocation-check none
 rsakeypair TP-self-signed-375544192
!
!
crypto pki certificate chain TP-self-signed-375544192
 certificate self-signed 01
  30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33373535 34343139 32301E17 0D393330 33303130 30303035 
  345A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F 
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3337 35353434 
  31393230 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100 
  A56EACC6 8F210CF5 BE1B45C0 2D983A69 910AB15E 96A78AB5 93F0F1EB 8D0ADEB5 
  18007F55 295AE9CB 89D2734F 5CFD1ADC 199A92FA 7EE27171 D9D095C9 AC4435A7 
  FA397DC8 26E6DC16 1ED55DA8 2877C133 B5360A27 68C6C8EB 67C867B2 A956CD64 
  FDB939B2 37CD1581 3D68DD28 20CB7FBB 8B79EF31 6D594C62 F95C239E D55762F1 
  02030100 01A37C30 7A300F06 03551D13 0101FF04 05300301 01FF3027 0603551D 
  11042030 1E821C57 4E59502D 48415354 494E4753 2E524149 4C524F41 442E4C6F 
  63616C30 1F060355 1D230418 30168014 A77E4A80 420DD66B 679941C4 7EF41280 
  76343DA3 301D0603 551D0E04 160414A7 7E4A8042 0DD66B67 9941C47E F4128076 
  343DA330 0D06092A 864886F7 0D010104 05000381 810044BF 6E6E7FBD 3073EA9F 
  D601E368 C94C649A 347FB70D 20584060 8EB4BB7D 791A6DB0 72B1FAFA B26DFE2B 
  A9F7FD6D E553F64B 162B3C0C FCD9CE84 9DAFC616 6F9B6FCB 58D99FAB 017C69E1 
  8D60CD76 A232F37D 90345E13 65F20CFD 1F12C10E 1F3CF453 4184535D A13C088F 
  8527EBB8 65D940BC BC7C5F95 D57DFDBF 1BCBC5F2 7839
  quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 description WIRELESS UPLINK
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/2
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 220
 spanning-tree portfast
!
interface FastEthernet0/14
 spanning-tree portfast
!
interface FastEthernet0/15
 spanning-tree portfast
!
interface FastEthernet0/16
 spanning-tree portfast
!
interface FastEthernet0/17
 spanning-tree portfast
!
interface FastEthernet0/18
 spanning-tree portfast
!
interface FastEthernet0/19
 spanning-tree portfast
!
interface FastEthernet0/20
 spanning-tree portfast
!
interface FastEthernet0/21
 spanning-tree portfast
!
interface FastEthernet0/22
 spanning-tree portfast
!
interface FastEthernet0/23
 spanning-tree portfast
!
interface FastEthernet0/24
 spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 description WIRELESS NETWORK
 ip address 192.168.100.80 255.255.255.0
 no ip route-cache
!
interface Vlan200
 description INTERNET
 ip address 192.168.200.80 255.255.255.0
 no ip route-cache
!
interface Vlan220
 description ETHERNET
 no ip address
 no ip route-cache
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
 password 7 
 login local
 length 0
line vty 5 15
 password 7 
 login local
 length 0
!
end

HASTINGS#









UNION-VALLEY#show running
Building configuration...

Current configuration : 2787 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname UNION-VALLEY
!
boot-start-marker
boot-end-marker
!
enable password 7 
!
username 
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
ip subnet-zero
!
ip domain-name 
!
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0/1
 description WIRELESS UPLINK
 switchport mode trunk
 spanning-tree portfast
!
interface FastEthernet0/2
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 200
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 220
 spanning-tree portfast
!
interface FastEthernet0/14
 spanning-tree portfast
!
interface FastEthernet0/15
 spanning-tree portfast
!
interface FastEthernet0/16
 spanning-tree portfast
!
interface FastEthernet0/17
 spanning-tree portfast
!
interface FastEthernet0/18
 spanning-tree portfast
!
interface FastEthernet0/19
 spanning-tree portfast
!
interface FastEthernet0/20
 spanning-tree portfast
!
interface FastEthernet0/21
 spanning-tree portfast
!
interface FastEthernet0/22
 spanning-tree portfast
!
interface FastEthernet0/23
 spanning-tree portfast
!
interface FastEthernet0/24
 spanning-tree portfast
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
 description WIRELESS NETWORK
 ip address 192.168.100.81 255.255.255.0
 no ip route-cache
!
interface Vlan200
 description INTERNET
 ip address 192.168.200.81 255.255.255.0
 no ip route-cache
!
interface Vlan220
 description ETHERNET
 no ip address
 no ip route-cache
!
ip http server
ip http secure-server
!
control-plane
!
!
line con 0
line vty 0 4
 password 7 
 login local
 length 0
line vty 5 15
 password 7 
 login local
 length 0
!
end

UNION-VALLEY#

Open in new window

0
Comment
Question by:Railroad
  • 5
  • 4
10 Comments
 
LVL 34

Expert Comment

by:Istvan Kalmar
ID: 33731910
HI,

The config seems to be good, only that you need to the AP leg:

int fast 0/x
 switchport mode trunk
 swithhport trunk native vlan 100

you need to set the VLAN 100 untagged on the AP!
0
 
LVL 4

Expert Comment

by:dusanm011
ID: 33732412
It may help if you send the configuration of an AP's.

Regards
0
 
LVL 4

Expert Comment

by:dusanm011
ID: 33732639
Anyway yourproblem  has to do something wrong with routing ....

Post here or check your self how does the routing between Vlan 1 and Vlan 200 works.

It looks like you did just find configuring those switches. I think even that there is typo in ikalmar's post . There is no Vlan 100 ,as I can see, and Vlan 1 is always untaged - by defaukt. So you configuration of switches is ok.

Check the routing or oruter behind those switches, you have one dont you?
0
 

Author Comment

by:Railroad
ID: 33733616
@dusanm011  Yes I would agree, it is something with routing.  Other than the Cisco 2960's and 1310's there's nothing else involved with this network.  The only other thing I have added was a laptop, which I plugged into a VLAN 200 port.  I can ping the local switch on the 192.168.200.0 network., but not the switch on the other side of the wireless bridge.

There shouldn't be an routing between the VLANs.  It seems like the wireless bridge isn't actually passing VLAN traffic.  

I can post the AP's configs later today, they are in a remote location with no outside access at this point.
0
 
LVL 4

Expert Comment

by:dusanm011
ID: 33734165
Ok so I see you do not want these VLAN's to comunicate, if so it is ok not to have router behind.

You just go ahead and on both FastEth0/1  ports on 2960's add this

interface FastEthernet0/1
 description WIRELESS UPLINK
 switchport trunk encapsulation dot1q switchport trunk allowed vlan 1,200,220
 switchport mode trunk
 spanning-tree portfast

this will help.

Regards
0
IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 

Author Comment

by:Railroad
ID: 33734340
@dusanm011:  Correct no routing between VLANS needed or desired, so there is no layer 3 switch involved.  I'm just trying to send two different VLANs across the wireless bridge, so I can send both an Internet connection and an ethernet connection.

As for the configuration changes.

Cisco 2960's only operate with dot1q encapsulation, so there is no option to set this.

Also, by default the command "switchport mode trunk" allows all VLAN traffic to pass, so specifically allowing 1,200, and 220 is redundant.

I think the switches are configured correctly.  I'll test this, this afternoon, by directly linking the two switches without the AP's between them.

At this point I think something is amiss with the AP configurations.  I'll post them later today.  Basically I think the AP's are either stripping out the VLAN tagging or not allowing it to pass.
0
 
LVL 4

Accepted Solution

by:
dusanm011 earned 500 total points
ID: 33734731
Speaking about AP config...

Did you put sub-interfaces coresponding to VLAN ID's?

Remember:

1. Create subinterfaces on the radio and Ethernet interfaces.
2. Enable 802.1q encapsulation on the subinterfaces and assign one subinterface as the native VLAN.
3. Assign a bridge group to each VLAN.
4. (Optional) Enable WEP on the native VLAN.
5. Assign the bridge’s SSID to the native VLAN.

Tere is an example of some random conf fot Root Bridge /w VLAN's and Non-root Bridge /w VLAN's

I tried to put adequate VLAN ID's but if I missed something .... you will get the picture already.

Regarads.
hostname master-bridge-hq

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid vlan1

vlan 1

infrastructure-ssid

authentication open

!

speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

rts threshold 2312

station-role root

no cdp enable

infrastructure-client

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

!

interface Dot11Radio0.2

encapsulation dot1Q 200

no ip route-cache

no cdp enable

bridge-group 2

!

interface Dot11Radio0.3

encapsulation dot1Q 220

no ip route-cache

bridge-group 3

bridge-group 3 path-cost 500

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

!

interface FastEthernet0.2

encapsulation dot1Q 200

no ip route-cache

bridge-group 2

!

interface FastEthernet0.3

encapsulation dot1Q 220

no ip route-cache

bridge-group 3

!

interface BVI1

ip address 1.4.64.23 255.255.0.0

no ip route-cache

!

ip default-gateway 1.4.0.1

bridge 1 protocol ieee

bridge 1 route ip

bridge 1 priority 9000

bridge 2 protocol ieee

bridge 2 priority 10000

bridge 3 protocol ieee

bridge 3 priority 3100

!

line con 0

exec-timeout 0 0

line vty 5 15

!

end



###################

Non-Root Brodge

hostname client-bridge-remote

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

bridge irb

!

interface Dot11Radio0

no ip address

no ip route-cache

!

ssid vlan1

vlan 1

authentication open

infrastructure-ssid

!

speed basic-6.0 9.0 12.0 18.0 24.0 36.0 48.0 54.0

rts threshold 2312

station-role non-root

no cdp enable

!

interface Dot11Radio0.1

encapsulation dot1Q 1 native

no ip route-cache

no cdp enable

bridge-group 1

!

interface Dot11Radio0.2

encapsulation dot1Q 200

no ip route-cache

no cdp enable

bridge-group 2

!

interface Dot11Radio0.3

encapsulation dot1Q 220

no ip route-cache

no cdp enable

bridge-group 3

!

interface FastEthernet0

no ip address

no ip route-cache

duplex auto

speed auto

!

interface FastEthernet0.1

encapsulation dot1Q 1 native

no ip route-cache

bridge-group 1

!

interface FastEthernet0.2

encapsulation dot1Q 200

no ip route-cache

bridge-group 2

!

interface FastEthernet0.3

encapsulation dot1Q 220

no ip route-cache

bridge-group 3

bridge-group 3 path-cost 400

!

interface BVI1

ip address 1.4.64.24 255.255.0.0

no ip route-cache

!

bridge 1 protocol ieee

bridge 1 route ip

bridge 1 priority 10000

bridge 2 protocol ieee

bridge 2 priority 12000

bridge 3 protocol ieee

bridge 3 priority 2900

!

line con 0

line vty 5 15

!

end

Open in new window

0
 

Author Comment

by:Railroad
ID: 33735416
Actually I did some more digging on the Internet and I'm pretty sure this is exactly my issue.  Thank you for the examples.  I'll let you know how the configuration goes later today.
0
 

Author Comment

by:Railroad
ID: 33748721
Sorry, didn't get back to the site until today.  Yes it was infact the an issue with vlans not being setup on the APs.

To be consistent with my setup I changed VLAN 1 to 100.  What changes do I need to make on the switch and AP?

I believe on the switch all I need to do is "swithhport trunk native vlan 100" on int f0/1.

Do I have to setup vlan 100 on the AP's at untagged and if so, how do I do that?

Thanks!
         
0
 
LVL 4

Expert Comment

by:dusanm011
ID: 33751760
I suggest you not to complicate...

Stay on native VLAN 1 . It is for VLAN 1 is ALWAYS untagged so - native. You do nt have to explain to switches & routers this fact , they always treat it same - native & untagged.

In that manner you do not have to do any switchport commands.

Above all AP's are a bit funny and tricky about native VLAN, specially if you have to explain to them which one is which. Although not impossible.

In my AP configuration example you have native VLAN 1 and rest of yours VLAN's typed in ... Just go through this listings and you will see the logic. Namely, your root bridge has Fast Ethernet port divided in sub-interfaces and set in trunk dot1q, bridging group and with belonging VLAN IS. Same thing is with radios.

Same thing is with the Non-root bridge.

Set ports on both side 2960 switches so they pass all VLAN's

I suggested earlier

interface FastEthernet0/1
description WIRELESS UPLINK
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,200,220
switchport mode trunk
spanning-tree portfast

and stated switchport trunk allowed vlan 1,200,220 because you might have more VLANS configured in 2960 switch, but just these 200 and 220 will pass through this port.

I think you have it !

Go ahead ...

Regards.
0

Featured Post

Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

Join & Write a Comment

With the purchase of CloudCommand by Comcast customers are left in a bind as subscriptions expire and render the AP's disabled. The following will explain how to flash your Ubiquiti AP's with CloudCommand firmware back to Ubiquiti firmware. HOWTO…
This article is a step by step guide on how to create a basic PTP link using Ubiquiti airOS devices. This guide can be used on the following Ubiquiti AirMAX devices. Nanostation, Bullets, AirBridge, Nanobeam, NanoBridge to name a few. Please review …
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now