Solved

Cisco 3750 communication to a remote device on a separate vlan

Posted on 2011-03-04
19
774 Views
Last Modified: 2012-08-14
Hello

I have a cisco 3750 stack (3 switches - 2 gigabit and one fast ethernet), configured for 3 VLANS and eigrp.

At the other end I have a cisco IE3000 switch. The 3750 is connected to the ie3000 via gigabit ports configured as trunk ports.

Here is the config on the 3750 stack for the VLAn's and eigrp:

interface Vlan1
 ip address 10.100.20.4 255.255.255.0
 standby 1 ip 10.100.20.2
 standby 1 preempt
!
interface Vlan100
 ip address 10.100.2.4 255.255.255.0
 standby 100 ip 10.100.2.2
 standby 100 preempt
interface Vlan103
 ip address 10.100.24.4 255.255.255.0
 standby 103 ip 10.100.24.2
 standby 103 preempt
router eigrp 100
 redistribute connected
 redistribute static
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.2.253


I am connecting a computer using an IP address for VLAN100 on a 3750 fast ethernet port. I can't ping a device connected to the ie3000 switch. If I connect this PC locally on the ie3000 switch using a VLAN103 ip, I can ping the device.

Why can't a ping the remote device on VLan103?


0
Comment
Question by:adimit
  • 11
  • 5
  • 2
  • +1
19 Comments
 
LVL 6

Accepted Solution

by:
djcapone earned 314 total points
ID: 35038700
Can you post the configurations of your trunk ports on either en dof your connections?

Is the 3750 stack acting as your layer 3 routing device?  I see a static route to 10.100.2.253, what type of deevice is this?

What are you using EIGRP for, are their more routers in your network topology?
0
 

Author Comment

by:adimit
ID: 35038747
eigrp is used for intervlan rounting. The concept being any device connected to the stack should communicate to any device on any vlan,

I am not sure why I have the static route there. Everything on the 10.100.2.xxx network are windows servers and PC's.

Trunk ports on the stack are all the same:
interface GigabitEthernet1/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk


Trunk ports on the remote switch are:
interface GigabitEthernet1/1
 switchport mode trunk
0
 

Author Comment

by:adimit
ID: 35038768
note: configuration of vlans on remote switch:

interface Vlan1
 ip address 10.100.20.24 255.255.255.0
 no ip route-cache
!
interface Vlan103
 ip address 10.100.24.24 255.255.255.0
 no ip route-cache
0
 

Author Comment

by:adimit
ID: 35038898
note:  I discovered that within the switch concole I can ping devices on separate vlans.

However I can not ping from a PC connected to the switch. Is there any way to configure the switch so that I do not have to add static routes to each computer?
0
 
LVL 6

Assisted Solution

by:djcapone
djcapone earned 314 total points
ID: 35038995
first off, for inter vlan routing you do not need eigrp, you actually do not need any type of routing protocol at al.

By default unless an access-list blocks traffic the 3750s will route traffic between the vlans without any additional work.

I would start by removing EIGRP from the router.

Additionally, it would help help immensely if you posted your complete configurations with your public IP  addresses and passwords removed.

Also, if you can indicate which port the remote systems are connected to on each switch.
0
 

Author Comment

by:adimit
ID: 35039079
I have the eigrp for a firewall that will be connected to the switch.

At this point my issue is that I can ping any device from within a switch, but not from a PC. All PC's run windows OS like XP, Windows 2008 server. Is there a setting I need on my PC's so they can ping devices on the Lan?
0
 

Author Comment

by:adimit
ID: 35039103
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet3/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/9
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/10
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/11
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/12
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/13
 speed 100
 duplex full
!
interface FastEthernet3/0/14
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/15
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/16
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/17
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/18
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/19
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/20
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/21
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/22
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/23
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/24
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet3/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet3/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface Vlan1
 ip address 10.100.20.4 255.255.255.0
 standby 1 ip 10.100.20.2
 standby 1 preempt
!
interface Vlan100
 ip address 10.100.2.4 255.255.255.0
 standby 100 ip 10.100.2.2
 standby 100 preempt
!
interface Vlan101
 ip address 10.100.22.4 255.255.255.0
 standby 101 ip 10.100.22.2
 standby 101 preempt
!
interface Vlan102
 ip address 10.100.23.4 255.255.255.0
 standby 102 ip 10.100.23.2
 standby 102 preempt
!
interface Vlan103
 ip address 10.100.24.4 255.255.255.0
 standby 103 ip 10.100.24.2
 standby 103 preempt
!
interface Vlan104
 ip address 10.100.25.4 255.255.255.0
 standby 104 ip 10.100.25.2
 standby 104 preempt
!
interface Vlan105
 ip address 10.100.26.4 255.255.255.0
 standby 105 ip 10.100.26.2
 standby 105 preempt
!
interface Vlan106
 ip address 10.100.27.4 255.255.255.0
 standby 106 ip 10.100.27.2
 standby 106 preempt
!
interface Vlan107
 ip address 10.100.28.4 255.255.255.0
 standby 107 ip 10.100.28.2
 standby 107 preempt
!
!
router eigrp 100
 redistribute connected
 redistribute static
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.2.253
ip http server
ip http secure-server
0
 

Author Comment

by:adimit
ID: 35039207
removing eigrp had no effect
0
 

Author Comment

by:adimit
ID: 35039221
config for remote switches:

spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
alarm profile defaultPort
 alarm 3
 syslog 3
 notifies 3
!
!
vlan internal allocation policy ascending
lldp run
!
!
!
interface FastEthernet1/1
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/2
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/3
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/4
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/5
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/6
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/7
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/8
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet1/1
 switchport mode trunk
!
interface GigabitEthernet1/2
 switchport mode trunk
!
interface Vlan1
 ip address 10.100.20.24 255.255.255.0
 no ip route-cache
!
interface Vlan103
 ip address 10.100.24.24 255.255.255.0
 no ip route-cache
0
Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

 
LVL 6

Assisted Solution

by:djcapone
djcapone earned 314 total points
ID: 35039418
Ok assuming the following:

1. you have connected your PC to the 3750 on ports F3/0/9, 10, 11, or 12.
2. you have configured your pc with IP address 10.100.2.X, subnet mask 255.255.255.0, and a gateway IP of 10.100.2.4
3. Can successfully ping 10.100.2.4 from the PC (you should if the above are true).

You should be able to ping PCs/servers connected to IE3000 ports F1/5, 6, 7, or 8, provided that the PCs/servers connected to those ports are configured as follows:

1. you have configured your pc with IP address 10.100.24.X, subnet mask 255.255.255.0, and a gateway IP of 10.100.24.24
2. Can successfully ping 10.100.24.24 from the PCs/servers connected to the IE3000 (you should if the above are true).

If you cannot, try trying the trunk encapsulation on the IE3000 G1/1 and G1/2 interfaces:

swi trunk encapsul dot1q

However, since you indicated that you could ping across VLANs from the switch command lines, I do not think this is an issue, but it is moreso related to the configuration of the connected devices and their IPs and gateways.
0
 

Author Comment

by:adimit
ID: 35039799
Hello

In the end i removed the ip address for vlan 103 on the ie3000.

My gateways then became 10.100.24.2 AND 10.100.2.2

thanks.

all works well
0
 

Author Comment

by:adimit
ID: 35039815
I have one other item not working.

If I plug a computer to a port on the ie3000, i should be able to ping every vlan configured on the cisco 3750 stack. However I can only oing vlan1, vlan 100 and vlan 103. Why can I not ping the other vlans?
0
 
LVL 6

Assisted Solution

by:djcapone
djcapone earned 314 total points
ID: 35039950
Well, I am unsure exactly what your network topology is, however, your configurations are extremely confusing.

Normally trunk ports are only used for connections to other switches as in order for the switch to know what VLAN the traffic on a trunk port belongs to, the packets needs to be tagged.  Most servers, PCs, etc do not tag packets.  So you if are plugging a PC/server into a trunk port and giving the system an IP one of the other VLANs (106, etc), it will not work with your current configuration as you do not have any access ports configured in the 106 VLAN.

If you posted a network diagram of how you have things laid out, I could better advise.  Based on the information I have seen so far, you should probably only have 2 of the ports on your switches configured as trunk ports and the rest configured as access ports.
0
 
LVL 4

Assisted Solution

by:cdowdy
cdowdy earned 124 total points
ID: 35043281
I don't disagree with djcapone, but I will add one thing. Some of the behavior you have described makes it sound like you have an ip routing capable ios on the ie3000. IF you do, from what I see here you should probably turn off routing in the ie3000's: #no ip routing  and see if that eliminates some confusion.
0
 

Author Comment

by:adimit
ID: 35045153
i am not plugging PC's into trunk ports. I assume that I should not expect to be able to do any intervlan routing when plugged into the ie3000
0
 
LVL 4

Assisted Solution

by:cdowdy
cdowdy earned 124 total points
ID: 35046266
I would not assume that. If routing is turned on in the ie3000 and you apply an IP address to an SVI within a particular vlan, and if that svi does not have proxy arp turned off, it may be handling your packets and attempting to route them. If you have a routing ios on the ie3000 and you don't intend to inter-vlan route, I would apply the no ip routing command. Removing the IP address from vlan 103 should have had no effect otherwise.
0
 
LVL 6

Assisted Solution

by:djcapone
djcapone earned 314 total points
ID: 35047190
Hi,

You have posted the interface configs for your 3750 stack and your IE3000.  You then indicated that you are only able to ping into VLANs 1, 100, and 103.

My point was/is that your interface configs only show that you have devices in VLANs 1, 100, and 103, so why would you expect to be able to ping outside of those VLANs?  If there are other switches involved in the process, we would need to see where they comes into play and the configurations on those devices to provide further insight into why you are unable to ping other VLANs.

CDowdys point is that you seem to want to configure ALL of your switches for Layer3 routing which could be the primary cause of the problems you are having.  Unless your network is across several sites and/or you are routing traffic out of several ISPs, you really should only have 1 device (or pair of devices for redundancy) handling the routing for your network.  Outside of this "main" device, the rest of your switches should only be enabled for layer3 connectivity in the management VLAN.  Essentially, there is no reason for your IE3000 switches to have IP addresses in VLAN100 and VLAN103 if VLAN1 is the management VLAN.  All traffic on those VLANs should be forwarded at Layer2 via the trunk ports back to "main" switch/router.  If you have assigned all of your switches IP addresses in all of the VLANs they serve and given the PCs attached to those switches the "local" switch IP as the default gateway, the "local" switch may be routing your packets and not be able to find the existence of the other VLANs because the devices you are attempting to ping may not be connected to the local switch.
0
 
LVL 1

Assisted Solution

by:arasmy
arasmy earned 62 total points
ID: 35058930
Dear adimit:
Could you please send post the show cdp neighbor from both 3750 and IE3000??
0
 

Author Comment

by:adimit
ID: 35060108
all works well. I realize that i need the behaviour that the ie3000 exhibits
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Cisco IOU High CPU Usuage 6 75
Routing multiple VLAN's on a LAN 4 50
Cisco switch SVI 17 40
Best sims for HP switches 4 30
The worst thing when starting a new job is when the previous Network Administrator left behind no documentation. How do you get into the devices? If you've been in this situation or just accidently mistyped your password, this article will hopefully…
This tutorial will go through the steps required to write a script that will back up the configuration settings of a HP-ProCurve switch. You will need to get the following things to follow this tutorial: Telnet Scripting Tool e.g. TST10.exe …
It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now