[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 785
  • Last Modified:

Cisco 3750 communication to a remote device on a separate vlan

Hello

I have a cisco 3750 stack (3 switches - 2 gigabit and one fast ethernet), configured for 3 VLANS and eigrp.

At the other end I have a cisco IE3000 switch. The 3750 is connected to the ie3000 via gigabit ports configured as trunk ports.

Here is the config on the 3750 stack for the VLAn's and eigrp:

interface Vlan1
 ip address 10.100.20.4 255.255.255.0
 standby 1 ip 10.100.20.2
 standby 1 preempt
!
interface Vlan100
 ip address 10.100.2.4 255.255.255.0
 standby 100 ip 10.100.2.2
 standby 100 preempt
interface Vlan103
 ip address 10.100.24.4 255.255.255.0
 standby 103 ip 10.100.24.2
 standby 103 preempt
router eigrp 100
 redistribute connected
 redistribute static
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.2.253


I am connecting a computer using an IP address for VLAN100 on a 3750 fast ethernet port. I can't ping a device connected to the ie3000 switch. If I connect this PC locally on the ie3000 switch using a VLAN103 ip, I can ping the device.

Why can't a ping the remote device on VLan103?


0
adimit
Asked:
adimit
  • 11
  • 5
  • 2
  • +1
8 Solutions
 
djcaponeCommented:
Can you post the configurations of your trunk ports on either en dof your connections?

Is the 3750 stack acting as your layer 3 routing device?  I see a static route to 10.100.2.253, what type of deevice is this?

What are you using EIGRP for, are their more routers in your network topology?
0
 
adimitAuthor Commented:
eigrp is used for intervlan rounting. The concept being any device connected to the stack should communicate to any device on any vlan,

I am not sure why I have the static route there. Everything on the 10.100.2.xxx network are windows servers and PC's.

Trunk ports on the stack are all the same:
interface GigabitEthernet1/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk


Trunk ports on the remote switch are:
interface GigabitEthernet1/1
 switchport mode trunk
0
 
adimitAuthor Commented:
note: configuration of vlans on remote switch:

interface Vlan1
 ip address 10.100.20.24 255.255.255.0
 no ip route-cache
!
interface Vlan103
 ip address 10.100.24.24 255.255.255.0
 no ip route-cache
0
Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

 
adimitAuthor Commented:
note:  I discovered that within the switch concole I can ping devices on separate vlans.

However I can not ping from a PC connected to the switch. Is there any way to configure the switch so that I do not have to add static routes to each computer?
0
 
djcaponeCommented:
first off, for inter vlan routing you do not need eigrp, you actually do not need any type of routing protocol at al.

By default unless an access-list blocks traffic the 3750s will route traffic between the vlans without any additional work.

I would start by removing EIGRP from the router.

Additionally, it would help help immensely if you posted your complete configurations with your public IP  addresses and passwords removed.

Also, if you can indicate which port the remote systems are connected to on each switch.
0
 
adimitAuthor Commented:
I have the eigrp for a firewall that will be connected to the switch.

At this point my issue is that I can ping any device from within a switch, but not from a PC. All PC's run windows OS like XP, Windows 2008 server. Is there a setting I need on my PC's so they can ping devices on the Lan?
0
 
adimitAuthor Commented:
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
vlan internal allocation policy ascending
!
!
!
!
interface Port-channel1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/9
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/10
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/11
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet2/0/12
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface FastEthernet3/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/3
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/4
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/5
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/6
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/7
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/8
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet3/0/9
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/10
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/11
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/12
 switchport access vlan 100
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/13
 speed 100
 duplex full
!
interface FastEthernet3/0/14
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/15
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/16
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/17
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/18
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/19
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/20
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/21
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/22
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/23
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet3/0/24
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet3/0/1
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface GigabitEthernet3/0/2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 channel-protocol lacp
 channel-group 1 mode active
!
interface Vlan1
 ip address 10.100.20.4 255.255.255.0
 standby 1 ip 10.100.20.2
 standby 1 preempt
!
interface Vlan100
 ip address 10.100.2.4 255.255.255.0
 standby 100 ip 10.100.2.2
 standby 100 preempt
!
interface Vlan101
 ip address 10.100.22.4 255.255.255.0
 standby 101 ip 10.100.22.2
 standby 101 preempt
!
interface Vlan102
 ip address 10.100.23.4 255.255.255.0
 standby 102 ip 10.100.23.2
 standby 102 preempt
!
interface Vlan103
 ip address 10.100.24.4 255.255.255.0
 standby 103 ip 10.100.24.2
 standby 103 preempt
!
interface Vlan104
 ip address 10.100.25.4 255.255.255.0
 standby 104 ip 10.100.25.2
 standby 104 preempt
!
interface Vlan105
 ip address 10.100.26.4 255.255.255.0
 standby 105 ip 10.100.26.2
 standby 105 preempt
!
interface Vlan106
 ip address 10.100.27.4 255.255.255.0
 standby 106 ip 10.100.27.2
 standby 106 preempt
!
interface Vlan107
 ip address 10.100.28.4 255.255.255.0
 standby 107 ip 10.100.28.2
 standby 107 preempt
!
!
router eigrp 100
 redistribute connected
 redistribute static
 network 10.0.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.2.253
ip http server
ip http secure-server
0
 
adimitAuthor Commented:
removing eigrp had no effect
0
 
adimitAuthor Commented:
config for remote switches:

spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
!
alarm profile defaultPort
 alarm 3
 syslog 3
 notifies 3
!
!
vlan internal allocation policy ascending
lldp run
!
!
!
interface FastEthernet1/1
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/2
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/3
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/4
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/5
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/6
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/7
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface FastEthernet1/8
 switchport access vlan 103
 speed 100
 duplex full
 spanning-tree portfast
!
interface GigabitEthernet1/1
 switchport mode trunk
!
interface GigabitEthernet1/2
 switchport mode trunk
!
interface Vlan1
 ip address 10.100.20.24 255.255.255.0
 no ip route-cache
!
interface Vlan103
 ip address 10.100.24.24 255.255.255.0
 no ip route-cache
0
 
djcaponeCommented:
Ok assuming the following:

1. you have connected your PC to the 3750 on ports F3/0/9, 10, 11, or 12.
2. you have configured your pc with IP address 10.100.2.X, subnet mask 255.255.255.0, and a gateway IP of 10.100.2.4
3. Can successfully ping 10.100.2.4 from the PC (you should if the above are true).

You should be able to ping PCs/servers connected to IE3000 ports F1/5, 6, 7, or 8, provided that the PCs/servers connected to those ports are configured as follows:

1. you have configured your pc with IP address 10.100.24.X, subnet mask 255.255.255.0, and a gateway IP of 10.100.24.24
2. Can successfully ping 10.100.24.24 from the PCs/servers connected to the IE3000 (you should if the above are true).

If you cannot, try trying the trunk encapsulation on the IE3000 G1/1 and G1/2 interfaces:

swi trunk encapsul dot1q

However, since you indicated that you could ping across VLANs from the switch command lines, I do not think this is an issue, but it is moreso related to the configuration of the connected devices and their IPs and gateways.
0
 
adimitAuthor Commented:
Hello

In the end i removed the ip address for vlan 103 on the ie3000.

My gateways then became 10.100.24.2 AND 10.100.2.2

thanks.

all works well
0
 
adimitAuthor Commented:
I have one other item not working.

If I plug a computer to a port on the ie3000, i should be able to ping every vlan configured on the cisco 3750 stack. However I can only oing vlan1, vlan 100 and vlan 103. Why can I not ping the other vlans?
0
 
djcaponeCommented:
Well, I am unsure exactly what your network topology is, however, your configurations are extremely confusing.

Normally trunk ports are only used for connections to other switches as in order for the switch to know what VLAN the traffic on a trunk port belongs to, the packets needs to be tagged.  Most servers, PCs, etc do not tag packets.  So you if are plugging a PC/server into a trunk port and giving the system an IP one of the other VLANs (106, etc), it will not work with your current configuration as you do not have any access ports configured in the 106 VLAN.

If you posted a network diagram of how you have things laid out, I could better advise.  Based on the information I have seen so far, you should probably only have 2 of the ports on your switches configured as trunk ports and the rest configured as access ports.
0
 
cdowdyCommented:
I don't disagree with djcapone, but I will add one thing. Some of the behavior you have described makes it sound like you have an ip routing capable ios on the ie3000. IF you do, from what I see here you should probably turn off routing in the ie3000's: #no ip routing  and see if that eliminates some confusion.
0
 
adimitAuthor Commented:
i am not plugging PC's into trunk ports. I assume that I should not expect to be able to do any intervlan routing when plugged into the ie3000
0
 
cdowdyCommented:
I would not assume that. If routing is turned on in the ie3000 and you apply an IP address to an SVI within a particular vlan, and if that svi does not have proxy arp turned off, it may be handling your packets and attempting to route them. If you have a routing ios on the ie3000 and you don't intend to inter-vlan route, I would apply the no ip routing command. Removing the IP address from vlan 103 should have had no effect otherwise.
0
 
djcaponeCommented:
Hi,

You have posted the interface configs for your 3750 stack and your IE3000.  You then indicated that you are only able to ping into VLANs 1, 100, and 103.

My point was/is that your interface configs only show that you have devices in VLANs 1, 100, and 103, so why would you expect to be able to ping outside of those VLANs?  If there are other switches involved in the process, we would need to see where they comes into play and the configurations on those devices to provide further insight into why you are unable to ping other VLANs.

CDowdys point is that you seem to want to configure ALL of your switches for Layer3 routing which could be the primary cause of the problems you are having.  Unless your network is across several sites and/or you are routing traffic out of several ISPs, you really should only have 1 device (or pair of devices for redundancy) handling the routing for your network.  Outside of this "main" device, the rest of your switches should only be enabled for layer3 connectivity in the management VLAN.  Essentially, there is no reason for your IE3000 switches to have IP addresses in VLAN100 and VLAN103 if VLAN1 is the management VLAN.  All traffic on those VLANs should be forwarded at Layer2 via the trunk ports back to "main" switch/router.  If you have assigned all of your switches IP addresses in all of the VLANs they serve and given the PCs attached to those switches the "local" switch IP as the default gateway, the "local" switch may be routing your packets and not be able to find the existence of the other VLANs because the devices you are attempting to ping may not be connected to the local switch.
0
 
arasmyCommented:
Dear adimit:
Could you please send post the show cdp neighbor from both 3750 and IE3000??
0
 
adimitAuthor Commented:
all works well. I realize that i need the behaviour that the ie3000 exhibits
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

  • 11
  • 5
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now