vburshteyn
asked on
network routing, Cisco catalyst, 4507, VLAN
Hi folks,
I connected two networks by running a a cable from one layer 3 switch to the router on the other network.
added the needed routing rules and set up the correct vlans.
From the catalyst 4507 i can hit every IP on the other network with no problems. From some reason the computers connected to the 4507 i cant hit anything.
Any ideas?
I connected two networks by running a a cable from one layer 3 switch to the router on the other network.
added the needed routing rules and set up the correct vlans.
From the catalyst 4507 i can hit every IP on the other network with no problems. From some reason the computers connected to the 4507 i cant hit anything.
Any ideas?
Ernie Beek
Is there a route on the computers to the other network through the ip of the 4507?
vburshteyn,
You need to create a gateway for your computers access VLAN.
int vlan x
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no shut
Then you need to configure your computers to not only use an IP and subnet mask, but also the default-gateway you just created, so that your computers know where to send information bound for a remote subnet.
As long as your 4500 has a route for a remote subnet, any computer that can reach their default gateway will be able to also reach the remote subnets.
You need to create a gateway for your computers access VLAN.
int vlan x
ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx
no shut
Then you need to configure your computers to not only use an IP and subnet mask, but also the default-gateway you just created, so that your computers know where to send information bound for a remote subnet.
As long as your 4500 has a route for a remote subnet, any computer that can reach their default gateway will be able to also reach the remote subnets.
ASKER
hmmm i tried adding the second gateway and such but cant get it to work, any chance you can point me in the right direction?
We need your configuration to see what's going on.
ASKER
sorry, i mean to say my vlan is configured on the 4507
interface Vlan40
ip address 10.60.1.1 255.255.255.0
sho ip int brief
Vlan40 10.60.1.1 YES manual up up
sho ip route:
172.17.0.0/24 is subnetted, 2 subnets
C 172.17.30.0 is directly connected, Vlan2
C 172.17.20.0 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 3 subnets
S 10.59.1.0 is directly connected, Vlan40
C 10.60.1.0 is directly connected, Vlan40
S 10.234.1.0 is directly connected, Vlan40
S* 0.0.0.0/0 [1/0] via 172.17.20.1
so 10.60.1.1 is the 4507 side ip, and 10.60.1.10 is the router side. From the 4507 i can ping everything. From my desktop i can ping the 10.60.1.1 but not the router side 10.60.1.10.
interface Vlan40
ip address 10.60.1.1 255.255.255.0
sho ip int brief
Vlan40 10.60.1.1 YES manual up up
sho ip route:
172.17.0.0/24 is subnetted, 2 subnets
C 172.17.30.0 is directly connected, Vlan2
C 172.17.20.0 is directly connected, Vlan1
10.0.0.0/24 is subnetted, 3 subnets
S 10.59.1.0 is directly connected, Vlan40
C 10.60.1.0 is directly connected, Vlan40
S 10.234.1.0 is directly connected, Vlan40
S* 0.0.0.0/0 [1/0] via 172.17.20.1
so 10.60.1.1 is the 4507 side ip, and 10.60.1.10 is the router side. From the 4507 i can ping everything. From my desktop i can ping the 10.60.1.1 but not the router side 10.60.1.10.
You need to change your default route to:
ip route 0.0.0.0 0.0.0.0 10.60.1.10
ip route 0.0.0.0 0.0.0.0 10.60.1.10
Alright my friend,
Please paste your entire configuration so we can get this solved for you.
please give us the command output for "show run" as well, thanks.
Please paste your entire configuration so we can get this solved for you.
please give us the command output for "show run" as well, thanks.
ASKER
here is all the relevant info.
Current configuration : 114152 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service compress-config
service sequence-numbers
!
hostname BW4507
!
boot-start-marker
boot-end-marker
!
logging event link-status global
logging event trunk-status global
enable secret 5 $1$..TJ$eVZs7a9JgfF2SAJgEQ
!
no aaa new-model
qos
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 3 to dscp 26
qos map cos 5 to dscp 46
ip subnet-zero
!
vtp domain cisco
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
redundancy
mode sso
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name VoiceVLAN
!
vlan 40
!
interface GigabitEthernet7/21
!
interface GigabitEthernet7/22
!
interface GigabitEthernet7/23
switchport access vlan 40
switchport mode dynamic desirable
!
interface GigabitEthernet7/24
!
interface GigabitEthernet7/36
!
interface GigabitEthernet7/37
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate
qos trust dscp
macro description cisco-router | cisco-router
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree portfast
spanning-tree bpduguard enable
service-policy output autoqos-voip-policy
!
interface Vlan1
ip address 172.17.20.2 255.255.255.0
!
interface Vlan2
ip address 172.17.30.2 255.255.255.0
!
interface Vlan10
description baa
no ip address
!
!
interface Vlan40
ip address 10.60.1.1 255.255.255.0
!
interface Vlan50
no ip address
shutdown
!
ip route profile
ip route 0.0.0.0 0.0.0.0 172.17.20.1 permanent
ip route 10.59.1.0 255.255.255.0 Vlan40
ip route 10.60.1.0 255.255.255.0 Vlan40
ip route 10.234.1.0 255.255.255.0 Vlan40
ip http server
!
!
!
snmp-server community Br0adway1 RO
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
password
login
length 0
!
end
BW4507#
Current configuration : 114152 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service compress-config
service sequence-numbers
!
hostname BW4507
!
boot-start-marker
boot-end-marker
!
logging event link-status global
logging event trunk-status global
enable secret 5 $1$..TJ$eVZs7a9JgfF2SAJgEQ
!
no aaa new-model
qos
qos dbl
qos map dscp 24 25 26 27 28 29 30 31 to tx-queue 4
qos map dscp 32 33 34 35 36 37 38 39 to tx-queue 4
qos map cos 3 to dscp 26
qos map cos 5 to dscp 46
ip subnet-zero
!
vtp domain cisco
vtp mode transparent
!
!
!
power redundancy-mode redundant
!
redundancy
mode sso
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 2
name VoiceVLAN
!
vlan 40
!
interface GigabitEthernet7/21
!
interface GigabitEthernet7/22
!
interface GigabitEthernet7/23
switchport access vlan 40
switchport mode dynamic desirable
!
interface GigabitEthernet7/24
!
interface GigabitEthernet7/36
!
interface GigabitEthernet7/37
switchport trunk encapsulation dot1q
switchport trunk native vlan 2
switchport mode trunk
switchport nonegotiate
qos trust dscp
macro description cisco-router | cisco-router
auto qos voip trust
tx-queue 3
bandwidth percent 33
priority high
shape percent 33
spanning-tree portfast
spanning-tree bpduguard enable
service-policy output autoqos-voip-policy
!
interface Vlan1
ip address 172.17.20.2 255.255.255.0
!
interface Vlan2
ip address 172.17.30.2 255.255.255.0
!
interface Vlan10
description baa
no ip address
!
!
interface Vlan40
ip address 10.60.1.1 255.255.255.0
!
interface Vlan50
no ip address
shutdown
!
ip route profile
ip route 0.0.0.0 0.0.0.0 172.17.20.1 permanent
ip route 10.59.1.0 255.255.255.0 Vlan40
ip route 10.60.1.0 255.255.255.0 Vlan40
ip route 10.234.1.0 255.255.255.0 Vlan40
ip http server
!
!
!
snmp-server community Br0adway1 RO
!
control-plane
!
!
line con 0
stopbits 1
line vty 0 4
password
login
length 0
!
end
BW4507#
This configure looks wrong and confusing .
1. You didn't tell us exactly what subnet on the other side you are trying to ping.
2. You didn't tell us what subnet or vlan are these computers (you referred to in your question) conencted to.
3. I don't see how several subnet 10.59.1.0, 10.60.1.0 and 10.234.1.0 would be in vlan 40 and be able to communicate with the SVI of vlan 40 on subnet 10.60.1.1. The only computers in vlan 40 able to speak with SVI 10.60.1.1 is the computers on subnet 10.60.1.0 using 10.60.1.1 as its gateway and therefore has any chance of talking to any other side. Computers in 10.59.1.0 and 10.234.1.0 can talk to 10.60.1.1 within same vlan.
So please clarify;
what subnet on other side
what subnet and vlan is your computer on the 4507
1. You didn't tell us exactly what subnet on the other side you are trying to ping.
2. You didn't tell us what subnet or vlan are these computers (you referred to in your question) conencted to.
3. I don't see how several subnet 10.59.1.0, 10.60.1.0 and 10.234.1.0 would be in vlan 40 and be able to communicate with the SVI of vlan 40 on subnet 10.60.1.1. The only computers in vlan 40 able to speak with SVI 10.60.1.1 is the computers on subnet 10.60.1.0 using 10.60.1.1 as its gateway and therefore has any chance of talking to any other side. Computers in 10.59.1.0 and 10.234.1.0 can talk to 10.60.1.1 within same vlan.
So please clarify;
what subnet on other side
what subnet and vlan is your computer on the 4507
ASKER
ok sorry about that.
on 4507
vlan 1 (172.17.20.0) is general vlan and goes out via 172.17.20.1 -- this is where the computer in question is in.
vlan 2 (172.17.30.0) is voice and goes out via 172.17.20.1
subnets 10.59.1.0 and 10.60.1.0 will go to the router via vlan 40.
on 4507
vlan 1 (172.17.20.0) is general vlan and goes out via 172.17.20.1 -- this is where the computer in question is in.
vlan 2 (172.17.30.0) is voice and goes out via 172.17.20.1
subnets 10.59.1.0 and 10.60.1.0 will go to the router via vlan 40.
from your submission above, the computer would have an ip address in subnet 172.17.20.0 with a gateway
of 172.17.20.1. You are trying to ping an device 10.60.1.10. Now please confirm the follow;
1. The computer must be plugged into a port in vlan 1.
2. Default gateway on the computer must be 172.17.20.1
3. Device 10.60.1.10 must be plugged into a port in vlan 40
4. Device 10.60.1.10 must be configured with a default gateway 10.60.1.1 or if it is a network device , it must have a static route point to 172.17.20.0 using 10.60.1.1 as the gateway.
of 172.17.20.1. You are trying to ping an device 10.60.1.10. Now please confirm the follow;
1. The computer must be plugged into a port in vlan 1.
2. Default gateway on the computer must be 172.17.20.1
3. Device 10.60.1.10 must be plugged into a port in vlan 40
4. Device 10.60.1.10 must be configured with a default gateway 10.60.1.1 or if it is a network device , it must have a static route point to 172.17.20.0 using 10.60.1.1 as the gateway.
ASKER
1. yes
2. no its 172.17.20.2 which is the ip of the 4507.
3. 10.60.1.10 is the ip on the eth0/1 interface on the router of the second network i am conectecting too.
10.
4. yes
here is the thing. when i am in the 4507 i can ping all the subnets and devices connected to them. Yet, the pc on 4507 with the ip of 172.17.20.125 cant ping the 10.x.x.x subnets.
2. no its 172.17.20.2 which is the ip of the 4507.
3. 10.60.1.10 is the ip on the eth0/1 interface on the router of the second network i am conectecting too.
10.
4. yes
here is the thing. when i am in the 4507 i can ping all the subnets and devices connected to them. Yet, the pc on 4507 with the ip of 172.17.20.125 cant ping the 10.x.x.x subnets.
Hi, Haven gone through your config now, this is a layer 3 switch and it looks like you have not enable routing on the switch. On the global config, can you add the command ;
ip routing
ip routing
ASKER
its enabled.
Can i see the config on this router where you have the 10.60.1.10 and pls specify what the connection between the 4507 and the router is . trunk ?
Sir, if you would please post ALL of your configuration
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Arasmy, where were you a week ago :)
You could have saved me lots of trouble. I inherited that. Wound up doing is wiping out the whole thing and going from scratch, using the same approach.
You could have saved me lots of trouble. I inherited that. Wound up doing is wiping out the whole thing and going from scratch, using the same approach.
vburshteyn,
:)
You don't have to wipe out the whole thing just the routes
Regards,
:)
You don't have to wipe out the whole thing just the routes
Regards,
ASKER
ya i know. Problem is there was so much crap in there, and i was starting over it with no knowledge transfer of any kind.
Easiest way to do it that way.
Easiest way to do it that way.
vburshteyn,
By the way you are going to make a sub interface on the router with dot1q encapsulation to vlan 40 and the same IP address you are using now on the main interface
Regards
By the way you are going to make a sub interface on the router with dot1q encapsulation to vlan 40 and the same IP address you are using now on the main interface
Regards