Start Free Trial

asked on 9/5/2013

Having trouble adding a new VLAN and its netwotrk address to our LAN

Dear Experts:

I need some help understanding why I can't add the new LAN IP address for VLAN 777 (example ID). It is working on the router fine I can ping the gateway address for it in the router for example 172.16.9.1 is replying fine from the my internal network address 172.16.8.88.

The devices that are in VLAN 777 using IPs of 172.16.9.100-150 are not replying.

VLAN 777 is not able to IP route at all.

The Cisco switch is a Catalyst 3560. The current configuration for it as follows:

interface FastEthernet0/1
switchport access vlan 777
spanning-tree portfast
spanning-tree guard root

interface GigabitEthernet0/1
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport trunk allowed vlan 1,all our VLANS listed....
switchport mode trunk

interface Vlan777
description video
no ip address
no ip route-cache
no ip mroute-cache

interface Vlan777
description video

ip default-gateway 172.16.10.1 <-- all switches have this gateway is for the management network

Here is a ping from the actual switch to the Router:

sw#ping 172.16.9.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.9.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

Other LAN addresses:

sw#ping 172.16.8.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.8.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/8 ms

We need to ping this devices:

sw#ping 172.16.9.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.9.100, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

For your help I thank you!

Network Operations Switches / Hubs Routers

Last Comment

9/9/2013

9/5/2013

Is ip routing enabled on the switch?
What ip address is the switch using? I see none in the config?

9/5/2013

ASKER

Yes it is enable. I can connect to the switch using IP 172.16.10.16 for VLAN 222. From Port 25 to 48 is working great for the main LAN that works with IP 172.16.8.0 VLAN 108. Everything in ports 1 to 24 that needs to work in VLAN 777 172.16.9.0 is not reachable. I think it has to do with trunking. Not sure.

9/5/2013

ASKER

That is the port config

interface FastEthernet0/2
switchport access vlan 777
switchport mode access
spanning-tree portfast

9/5/2013

ASKER

The command IP routing by the way does not help me. It stops all IP connectivity.

9/7/2013

sh spanning-tree vlan 777
sh vtp status
sh int status
sh vlans

1. Check that you have a spanning tree for vlan 777 towards the router
2. Check that you are not out of vlans.
3. Check that none of the ports are error disabled
4. check that you actually have a vlan 777 on the switch

9/7/2013

OP,

Sorry for the late response. I rarely have time to visit the site any more.
Your problem description is really confusing. Are you using this switch for layer 3 purposes or just layer 2? Could you post the complete config excluding the ip addresses and passwords of course. The router config it's connected to would help also.

9/9/2013

ASKER

Hello HalldorG:

Here is an output for the first command:

sh spanning-tree vlan 777

VLAN0777
Spanning tree enabled protocol ieee
Root ID Priority 4873
Address 001a.a25f.4080
Cost 12
Port 1 (GigabitEthernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 4873 (priority 4096 sys-id-ext 777)
Address 0023.34a6.2a80
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi0/1 Root FWD 4 128.1 P2p
Fa0/1 Desg FWD 19 128.3 P2p Edge
Fa0/2 Desg FWD 19 128.4 P2p Edge
Fa0/3 Desg FWD 19 128.5 P2p Edge
Fa0/4 Desg FWD 19 128.6 P2p Edge
Fa0/5 Desg FWD 19 128.7 P2p Edge
Fa0/6 Desg FWD 19 128.8 P2p Edge

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------

Fa0/7 Desg FWD 19 128.9 P2p Edge
Fa0/8 Desg FWD 19 128.10 P2p Edge
Fa0/9 Desg FWD 19 128.11 P2p Edge
Fa0/12 Desg FWD 19 128.14 P2p Edge
Fa0/13 Desg FWD 19 128.15 P2p Edge
Fa0/14 Desg FWD 19 128.16 P2p Edge
Fa0/16 Desg FWD 19 128.18 P2p Edge
Fa0/17 Desg FWD 19 128.19 P2p Edge
Fa0/18 Desg FWD 19 128.20 P2p Edge
Fa0/19 Desg FWD 19 128.21 P2p Edge
Fa0/20 Desg FWD 19 128.22 P2p Edge
Fa0/21 Desg FWD 19 128.23 P2p Edge

sh vtp status
VTP Version : running VTP1 (VTP2 capable)
Configuration Revision : 0
Maximum VLANs supported locally : 1005
Number of existing VLANs : 10
VTP Operating Mode : Transparent
VTP Domain Name : videosw
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x7D 0x35 0x74 0x7F 0xAD 0x4A 0x04 0xB0
Configuration last modified by 0.0.0.0 at 0-0-00 00:00:00

#sh int status <-- this is good I think I know where you are getting at.

Port Name Status Vlan Duplex Speed Type
Fa0/1 connected 777 a-full a-100 10/100BaseTX
Fa0/2 connected 777 a-full a-100 10/100BaseTX
Fa0/3 connected 777 a-full a-100 10/100BaseTX
Fa0/4 connected 777 a-full a-100 10/100BaseTX
Fa0/5 connected 777 a-full a-100 10/100BaseTX
Fa0/6 connected 777 a-full a-100 10/100BaseTX
Fa0/7 connected 777 a-full a-100 10/100BaseTX
Fa0/8 connected 777 a-full a-100 10/100BaseTX
Fa0/9 connected 777 a-full a-100 10/100BaseTX
Fa0/10 notconnect 777 auto auto 10/100BaseTX
Fa0/11 notconnect 777 auto auto 10/100BaseTX
Fa0/12 connected 777 a-full a-100 10/100BaseTX
Fa0/13 connected 777 a-full a-100 10/100BaseTX
Fa0/14 connected 777 a-full a-100 10/100BaseTX
Fa0/15 notconnect 777 auto auto 10/100BaseTX
Fa0/16 connected 777 a-full a-100 10/100BaseTX
Fa0/17 connected 777 a-full a-100 10/100BaseTX
Fa0/18 connected 777 a-full a-100 10/100BaseTX
Fa0/19 connected 777 a-full a-100 10/100BaseTX
Fa0/20 connected 777 a-full a-100 10/100BaseTX
Fa0/21 connected 777 a-full a-100 10/100BaseTX

Port Name Status Vlan Duplex Speed Type
Fa0/22 notconnect 777 auto auto 10/100BaseTX
Fa0/23 notconnect 777 auto auto 10/100BaseTX
Fa0/24 notconnect 777 auto auto 10/100BaseTX
Fa0/25 notconnect 108 auto auto 10/100BaseTX
Fa0/26 notconnect 108 auto auto 10/100BaseTX
Fa0/27 notconnect 108 auto auto 10/100BaseTX
Fa0/28 notconnect 108 auto auto 10/100BaseTX
Fa0/29 notconnect 108 auto auto 10/100BaseTX
Fa0/30 notconnect 108 auto auto 10/100BaseTX
Fa0/31 notconnect 777 auto auto 10/100BaseTX
Fa0/32 notconnect 108 auto auto 10/100BaseTX
Fa0/33 notconnect 108 auto auto 10/100BaseTX
Fa0/34 notconnect 108 auto auto 10/100BaseTX
Fa0/35 notconnect 108 auto auto 10/100BaseTX
Fa0/36 notconnect 108 auto auto 10/100BaseTX
Fa0/37 notconnect 108 auto auto 10/100BaseTX
Fa0/38 notconnect 108 auto auto 10/100BaseTX
Fa0/39 notconnect 108 auto auto 10/100BaseTX
Fa0/40 notconnect 108 auto auto 10/100BaseTX
Fa0/41 notconnect 108 auto auto 10/100BaseTX
Fa0/42 notconnect 108 auto auto 10/100BaseTX
Fa0/43 notconnect 108 auto auto 10/100BaseTX
Fa0/44 notconnect 108 auto auto 10/100BaseTX

Port Name Status Vlan Duplex Speed Type
Fa0/45 notconnect 108 auto auto 10/100BaseTX
Fa0/46 notconnect 108 auto auto 10/100BaseTX
Fa0/47 notconnect 108 auto auto 10/100BaseTX
Fa0/48 notconnect 108 auto auto 10/100BaseTX
Gi0/1 connected trunk a-full a-1000 1000BaseSX SFP
Gi0/2 notconnect 1 auto auto Not Present
Gi0/3 notconnect 1 auto auto Not Present
Gi0/4 notconnect 1 auto auto Not Present
-videosw#

sh vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2, Gi0/3, Gi0/4
108 LAN active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/32, Fa0/33
Fa0/34, Fa0/35, Fa0/36, Fa0/37
Fa0/38, Fa0/39, Fa0/40, Fa0/41
Fa0/42, Fa0/43, Fa0/44, Fa0/45
Fa0/46, Fa0/47, Fa0/48
222 Management active
600 Video_Traffic active
777 Video active Fa0/1, Fa0/2, Fa0/3, Fa0/4
Fa0/5, Fa0/6, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/15, Fa0/16
Fa0/17, Fa0/18, Fa0/19, Fa0/20
Fa0/21, Fa0/22, Fa0/23, Fa0/24
Fa0/31
900 Phone active Fa0/25, Fa0/26, Fa0/27, Fa0/28
Fa0/29, Fa0/30, Fa0/31, Fa0/32
Fa0/33, Fa0/34, Fa0/35, Fa0/36
Fa0/37, Fa0/38, Fa0/39, Fa0/40

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
Fa0/41, Fa0/42, Fa0/43, Fa0/44
Fa0/45, Fa0/46, Fa0/47, Fa0/48
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
108 enet 100108 1500 - - - - - 0 0
222 enet 100222 1500 - - - - - 0 0
600 enet 100600 1500 - - - - - 0 0
777 enet 100777 1500 - - - - - 0 0
900 enet 100900 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs
------------------------------------------------------------------------------

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

9/9/2013

ASKER

Soulja,

Let me clean up the config and I will post in a few.

I am sorry guys I didn't respond earlier.

I thank you!

9/9/2013

ASKER

Are you using this switch for layer 3 purposes or just layer 2?

Just layer 2

9/9/2013

ASKER

Here are the sanitize configs for the router and the switch.

Thank you so much again.
routervlan777
VLAN777

9/9/2013

I see you have ip nat inside on the vlan 777 subinterface on the router.

interface FastEthernet1.777 <-- this I added and I can ping no problems from the network -- everything in VLAN 777 is completely isolated.
description VLAN 777 video
encapsulation dot1Q 777
ip address 172.16.9.1 255.255.255.0
ip nat inside
ip virtual-reassembly
service-policy output LAN-OUTBOUND

Do you have an ACL to tell it what to NAT and what NOT to NAT. You don't want it to NAT when you are trying to access the other internal networks. To do a quick test of internal connectivity just remove the command.

9/9/2013

ASKER

I did remove the command and no dice. I still cannot ping the IPs configure in the 777 VLAN.

9/9/2013

post the ip configuration of one of your workstations on 777 and which port it is connected to.

SOLUTION

9/9/2013

Blurred text

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

9/9/2013

ASKER

Done! still no dice pinging 172.16.9.100

9/9/2013

from the router are you able to ping any hosts on vlan 777? Can you post that ip configuration from one of the host?

9/9/2013

ASKER

router#ping 172.16.9.100 to host in VLAN 777

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.9.100, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
router#ping 172.16.9.1 <-- to itself - same result from anywhere except anything in VLAN 777

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.9.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

9/9/2013

ASKER

I think the router is fine. There is got to be something missing in VLAN777 of that new switch. I am going to try in another switch assigning one port VLAN 777.

9/9/2013

From the switch everything looks ok.
Wander if the router is connected to Gi0/1

Does
sh mac-address-table vlan 777
or is it
sh mac address-table vlan 777

show you the mac address of the router on int Gi0/1?

also on the router
does

sh arp
give you any addresses on vlan 777

9/9/2013

Please post the ip configuration of one of your workstations in vlan 777.

9/9/2013

ASKER

sh mac-address-table vlan 777
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----
All 0100.0ccc.cccc STATIC CPU
All 0100.0ccc.cccd STATIC CPU
All 0180.c200.0000 STATIC CPU
All 0180.c200.0001 STATIC CPU
All 0180.c200.0002 STATIC CPU
All 0180.c200.0003 STATIC CPU
All 0180.c200.0004 STATIC CPU
All 0180.c200.0005 STATIC CPU
All 0180.c200.0006 STATIC CPU
All 0180.c200.0007 STATIC CPU
All 0180.c200.0008 STATIC CPU
All 0180.c200.0009 STATIC CPU
All 0180.c200.000a STATIC CPU
All 0180.c200.000b STATIC CPU
All 0180.c200.000c STATIC CPU
All 0180.c200.000d STATIC CPU
All 0180.c200.000e STATIC CPU
All 0180.c200.000f STATIC CPU
All 0180.c200.0010 STATIC CPU
All ffff.ffff.ffff STATIC CPU
777 0004.6336.678c DYNAMIC Fa0/20
777 0004.6336.6795 DYNAMIC Fa0/7
777 0004.6336.6799 DYNAMIC Fa0/3
777 0004.6336.f03e DYNAMIC Fa0/21
777 0004.6336.f03f DYNAMIC Fa0/14
777 0004.6336.f04f DYNAMIC Fa0/6
777 0004.633a.5873 DYNAMIC Fa0/13
777 0004.633a.5e92 DYNAMIC Fa0/9
777 0004.633a.5e9c DYNAMIC Fa0/8
777 0004.633a.5e9e DYNAMIC Gi0/1
777 000f.7c09.165d DYNAMIC Fa0/5
777 0023.34a6.3902 DYNAMIC Gi0/1 <-- This looks like it
777 0050.1a2b.148f DYNAMIC Fa0/16
Total Mac Addresses for this criterion: 33

From the router:

The only result from the command:

Internet 172.16.9.1 - 0007.0e41.7de9 ARPA FastEthernet1.777

9/9/2013

ASKER

They are cameras with 172.16.9.100 - 115

mask 255.255.255.0

Gtw 172.16.9.1 <-- here is the issue perhaps

9/9/2013

Hey note the mac address of 0007.0e41.7de9 is not listed on the switch

Do you have two routers as I see the other interfaces are set up in HSRP mode?

sh cdp nei

would show you what is connected to the switch

9/9/2013

ASKER

I got this in the Cisco Network assistance:

Description: Gi0/2: Vlan mismatch was found on this link.

Recommendation: Make sure that the ports on this link has same Vlan ID.

9/9/2013

Also there are two mac addresses coming via Gi0/1
0004.633a.5e9e DYNAMIC Gi0/1
and
0023.34a6.3902 DYNAMIC Gi0/1

Neither of them is the Gw 0007.0e41.7de9

So What is connected to port Gi0/1?

9/9/2013

ASKER

The laptop that I have in the VLAN777 can ping the divices no problem but not the gateway 172.16.9.1. As to from outside the VLAN you can ping the gateway 172.16.9.1 and no device.

9/9/2013

It looks like the trunk of the router is not connected to the switch you are looking at.
As the SFP module could be connected to another switch which is missing the vlan 777 on the uplink to the router.

Please verify the physical connections.

9/9/2013

ASKER

So What is connected to port Gi0/1?

GiO/1 in the switch is connected to another switch that goes to Gi0/2.

ASKER CERTIFIED SOLUTION

9/9/2013

Blurred text

THIS SOLUTION IS ONLY AVAILABLE TO MEMBERS.

View this solution by signing up for a free trial.

Members can start a 7-Day free trial and enjoy unlimited access to the platform.

See Pricing Options

Start Free Trial

9/9/2013

ASKER

Bingo! That was the entry missing, adding the 777 vlan to the switch port that the router connects to.

Thank you so very much HalldorG and Soulja.

You save the day.

9/9/2013

Which port was the router connected to?

9/9/2013

ASKER

Was connect to a switch that we have for the network devices like the ASA FW, wireless and the routers. There I needed to enter VLAN 777. That was missing all alone.

I found the port that the router connects to and sure enough all other VLANs were declared except the new 777 VLAN.

9/9/2013

Ah so a missing part of the puzzle you forgot to mention.. :) Good luck!

9/9/2013

ASKER

Thanks for your help it was a switch in between that had no idea who VLAN777 was =D

Routers

A router is a networking device that forwards data packets between computer networks. Routers perform the "traffic directing" functions on the Internet. The most familiar type of routers are home and small office cable or DSL routers that simply pass data, such as web pages, email, IM, and videos between computers and the Internet. More sophisticated routers, such as enterprise routers, connect large business or ISP networks up to the powerful core routers that forward data at high speed along the optical fiber lines of the Internet backbone. Though routers are typically dedicated hardware devices, use of software-based routers has grown increasingly common.

49K

Questions

--

Followers

--

Top Experts

Get a personalized solution from industry experts

Ask the experts

"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23
"Your help has saved me hundreds of hours of internet surfing."
@fblack61
"Just a dang good service!"
@golferski
"Worth every penny."
Steve Hougom
"It’s been a life saver."
Maria Halt
"Best support site I’ve seen!"
Bob Schneider
"I would be lost without them."
@fblack61
"Saved my job multiple times."
Walt Forbes
"I love this site."
Maria Duwe
"Friendly respectful help."
Andrew Kowtalo
"Such top-notch experts."
@magento
"The best money I have ever spent."
@rwheeler23
"Beyond any comprehensible value"
George Morris
"Invaluable tool for our organization"
Josh Regalski
"This is the best money I have ever spent."
@rwheeler23

Read over 600 more reviews

TRUSTED BY