• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1238
  • Last Modified:

Cisco 3560G routing/VLAN problem

Dear Experts

Background:
I have a Cisco 3560G 24PS-S in my network (attached is the config file).
It is connected to a Cisco 1841 router (172.22.99.2) for internet access. This router is connected on port 0/11 of the switch. The router is the end-point for a VPN tunnel to 172.20.0.0/16. The router has a route for 172.22.0.0/16 to 172.22.99.1.

I have a Cisco Voice Gateway (2821) connected to the switch on port 0/12. The voice gateway is going to connect back to my CallManager 172.20.27.16/24 over the VPN.

I also have two Cisco wireless access points (switch port 0/17 and 0/18).

Lastly, I have a printer connected on port 0/14 (172.22.2.10/24)

Issue:
When I connected and configured everything, I noticed I could not connect/ping the printer from any of the client computers (172.22.1.0/24). I could however ping the printer from the switch using source 172.22.1.1. I could also connect to the printer from my server (172.22.2.3).

I changed the IP address of the printer to 172.22.1.8/24 and changed the switch port to vlan 2. Now I was able to connect/ping the printer from all client computers. But I was no longer able to connect/ping it from the server.

My voice gateway is having similar problems
From the voice gateway, I am able to ping all local addresses, but if I do a trace route to an internet address, it doesn't even reach my internet router.
Trace or ping to the call manager (172.20.27.16) over the VPN also fails. Doing a trace doesn't even reach my internet router. Doing a trace to the local server (172.22.2.3) also fails and it only reaches 172.22.3.1.

Default gateway for all devices are the respective IP addresses for each VLAN on the switch.

What is wrong with my configuration?

Some help would be greatly appreciated.

3750G-config.txt
0
ogexperts
Asked:
ogexperts
  • 4
  • 3
  • 2
  • +1
3 Solutions
 
rfc1180Commented:
switch config looks good!

Are you able to ping other servers in vlan 3 from other clients from vlan2; I would like to establish that routing is working. recheck all your gateways is it sounds either like a gateway issue, or maybe even an incorrect subnet mask on your router and/or hosts where you might have 255.255.0.0.

Billy
0
 
itubafCommented:
i think you have two issues,

1) inter VLAN routing

for inter vlan routing please check this

http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml

2) router configration
please add static route of all VLAN in router, and permit traffic of respected vlans in router ACL
0
 
ogexpertsAuthor Commented:
Thank you both for your feedback and recommendations.

itubaf
As for inter VLAN routing, does this means I have to configure the switch port that connects to my internet router as a trunk?

Do I also have to do the same for the port that connects to my Cisco 2821 voice gateway?

0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
itubafCommented:
1)switch port that is connected to your router (Gatway) should be "no switchport"
2)make sure you configure proper routes in switch as well as ROUTER
3) all clinets gateway should be switch vlan

fix your data issue than your voice. once you solve inetrvlan routing, inernal and externmal communication will be fine.
0
 
itubafCommented:
please keep into considration, to save current configration into your laptop/pc and than modify any configration.
after sucessful L3 configration you should be able to
----------------> ping your router
----------------> ping isp DNS
----------------> ping host to host, host to external
----------------> browse

trunk mode for switch to switch configration. please try to visit below link before you perform any steps. http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a008015f17a.shtml 
0
 
ogexpertsAuthor Commented:
itubaf

Many thanks for your reply.
I will give this a try tomorrow and we'll see how it goes.
0
 
itubafCommented:
you are welcome.

i should work. if you face internet issue, try to ping from router to switch and switch to router. dont forget routes on both.

voice will work 100% when you solve L3 issues
0
 
602650528Commented:
Hi ogexperts,

I agree with rfc1180 that you switch config is ok.

Your switch 3560G is a layer3 switch with roting capability so your external router config has nothing absolutely to do with your subnets not being able to ping each other on that switch so having "no switchport" configured on interface g0/11 as itubaf suggested is no solution. Infact with nothing plugged into g0/11 , your subnets should be able to ping each other on that switch.
If they can't ping each other, i strongly suspect a routing issue on the switch and i could see that routing is enabled already in your switch config.

So we need to check routing is working properly and cef is enabled. Can you send your routing table on the switch and the cef table

show ip route
show ip cef

cheers
0
 
602650528Commented:
To add to my submission above, Also could you get the MTU on the physical interface and the SVI  for two different subnets that are not communicating for exampe both the voice and printer subnets;

show interface GigabitEthernet0/13
show interface vlan 3
show interface GigabitEthernet0/9
show interface vlan 2
0
 
rfc1180Commented:
yup, as 602... has kindly stated, the switch is a multilayer switch with IP routing enabled (you have a statement in the config 'ip routing'); Additionally, you do not need to add static routes for all vlans as the SVIs that you have configured are directly connected networks and will show it in the routing table. Furthermore, I do not see a statement in the config that you have CEF enabled; this will however, not cause routing issues but is a good idea to have it enabled. You did not answer my question:

"Are you able to ping other servers in vlan 3 from other clients from vlan2; I would like to establish that routing is working."

And I agree with 602... that providing the information that he is asking will give us an insight of what is going on.

Billy
0
 
ogexpertsAuthor Commented:
All

Seemed to be some routing issues on my switch. Not sure exactly what it was in the end. I reconfigured it from scratch and it is now working fine.

Thanks a lot for all your help.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 4
  • 3
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now