[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

Vlan on CISCO switch 2960 not connecting

Posted on 2014-08-11
20
Medium Priority
?
747 Views
Last Modified: 2014-08-19
When we removed one of our firewalls at a remote branch and pointed the switch to the HQ the vlan was not available.
Location A HQ
Location B remote site connected by Comcast 100mbps
Location C (new site new switches) remote site connected by Comcast 100mbps
We had a vlan 4 (Location B) (192.168.20.2 255.255.255.0) on the switch which pointed to the old firewall at the branch location, I created vlan 2 (192.168.10.2 255.255.255.0) which is on network at the HQ location.  When I set the port on the switch to the vlan 2 it does not access it.  
I also have a new branch (C) with new switches that is working fine pointing to the HQ location.
What settings would there be on the switches at location "B" that would be preventing it from seeing vlan2?
0
Comment
Question by:beefwilliams
  • 11
  • 7
  • 2
20 Comments
 
LVL 18

Expert Comment

by:Akinsd
ID: 40253737
Are you running VTP?

Where is the gateway for the vlan?

What Vlans are allowed through the trunk ports

Are there any ACLs configured

Is there an appropriate route created that includes the vlan.

As you may already be aware, there could be a couple of things. Start by posting a topology sketch of your environment. Moving a vlan from 1 switch to another does not automatically carry along with it all necessary parts. It's like moving an office from a Suite in one building to a suite in another building - Other logistics procedures must follow.

Please post your topology.
0
 
LVL 6

Expert Comment

by:Matt
ID: 40254183
Can you post "show vlan" output?
0
 

Author Comment

by:beefwilliams
ID: 40254268
Akinsd

Are you running VTP? yes

 Where is the gateway for the vlan? At HQ

 What Vlans are allowed through the trunk ports: all

 Are there any ACLs configured: yes

 Is there an appropriate route created that includes the vlan. Yes

We run a star network HQ is the hub and all traffic comes in then out to the branches via Comcast 100 mbps




Matt
Output from Show Vlan
hpswitchpatron1>show vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/2, Fa0/3, Fa0/4
                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23, Fa0/24
                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28
                                                Fa0/29, Fa0/30, Fa0/31, Fa0/32
                                                Fa0/33, Fa0/34, Fa0/35, Fa0/36
                                                Fa0/37, Fa0/38, Fa0/39, Fa0/41
                                                Fa0/42, Fa0/43, Fa0/44, Fa0/45
                                                Fa0/46, Fa0/47
2    patron                           active    Fa0/40
3    VLAN0003                         suspended
4    VLAN0004                         suspended Fa0/48
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0
2    enet  100002     1500  -      -      -        -    -        0      0
3    enet  100003     1500  -      -      -        -    -        0      0
4    enet  100004     1500  -      -      -        -    -        0      0
1002 fddi  101002     1500  -      -      -        -    -        0      0
1003 tr    101003     1500  -      -      -        -    srb      0      0
1004 fdnet 101004     1500  -      -      -        ieee -        0      0
1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
0
Upgrade your Question Security!

Add Premium security features to your question to ensure its privacy or anonymity. Learn more about your ability to control Question Security today.

 

Author Comment

by:beefwilliams
ID: 40254294
Since I think it is a switch configuration isse I am post the output from the switch I removed a bunch of the port interface FastEthernet0/46 lists to save space.

!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname hpswitchstaff1
!
boot-start-marker
boot-end-marker
!
enable secret 5 /
enable password
!
username *******
username *******
no aaa new-model
clock timezone EST -5
system mtu routing 1500
ip subnet-zero
!
!
!
spanning-tree mode pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
!
interface FastEthernet0/19
!
interface FastEthernet0/20
 switchport trunk allowed vlan 1
 switchport mode trunk
 switchport nonegotiate
!
interface FastEthernet0/21
!
!
interface FastEthernet0/48
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
 switchport mode trunk
 switchport nonegotiate
!
interface Vlan1
 ip address 10.1.10.81 255.255.0.0
 no ip route-cache
!
interface Vlan2
 ip address 192.168.10.2 255.255.255.0
 no ip route-cache
!
interface Vlan4
 ip address 192.168.20.2 255.255.255.0
 no ip route-cache
!
ip http server
ip http authentication local
ip http secure-server
!
control-plane
!
!
line con 0
 password ******
 login
line vty 0 4
 password *****
 login
line vty 5 15
 password *****
 login
!
end
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40254360
Please start with the topology first. We can then narrow it down to a switch or router.
There's no information that can be deciphered yet on the configurations you posted without knowing how they are connected to each other.
Please post your topology sketch to proceed
0
 

Author Comment

by:beefwilliams
ID: 40254781
Vlan2 works fine on switches attached to CU/HQ/SF site and PR site, it does not work on HP site.
See attached file let me know if that is what you need.
0
 

Author Comment

by:beefwilliams
ID: 40254863
The VTP  mode at HP (the switches not connecting to vlan2) are set to "server" should this be to "transparent", will changing this setting affect my other switches?
0
 

Author Comment

by:beefwilliams
ID: 40254876
The port connecting HP (location 2 to location A) port is not configured correctly it is not a Trunk Port and is set to 1 not "all"
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40254964
I don't see the file you attached.

And yes,... the port should be a trunk port and the proper vlans allowed.

VTP Server is okay, if set to transparent, no updates will be sent or received
Caution though
Best practice is to set the main switch to server and others to client especially if more than 1 person manages the switches
0
 
LVL 6

Expert Comment

by:Matt
ID: 40255005
Why do you have IP defined on all VLAN-s on CISCO switch? Is this core switch or Access?

If this is Access switch, you should define only management IP.

A suspended VLAN won't pass traffic - a suspended is essentially a "shutdown" vlan (at layer-2)..
0
 

Author Comment

by:beefwilliams
ID: 40255700
See attached jpeg
scan0026.jpg
0
 

Author Comment

by:beefwilliams
ID: 40255714
When I changed the port to trunk port all it changed the vlan3 on a switch at CU from active to suspened so my vlan went down
What do these VTP settings do?
Switch      VTP version      Conf Rev      Max Vlan      Existing VLANs      last mod      VTP V2 Mode      VTP Mode Control      VTP Prunning      domain name
HPSwitchstaff1      Running 1 (2 cap)      20      255      8      1994      disabled      server      disabled      forsyth
HPSwitchPatron1      Running 1 (2 cap)      20      255      8      1994      disabled      server      disabled      forsyth
HPSwitchPatron2      Running 1 (2 cap)      20      255      8      1994      disabled      server      disabled      forsyth
HPSwitchPatron3      Running 1 (2 cap)      20      255      8      1994      disabled      server      disabled      forsyth
                                                      
Testswitch CUFiber      Running 1 (2 cap)      21      255      8      1993      disabled      server      disabled      forsyth
CUSwitch1      Running 1 (2 cap)      0      255      5      none      disabled      server      disabled      blank
CUSwitch2      Running 1 (2 cap)      0      255      5      none      disabled      server      disabled      blank
CUSwitch3      Running 1 (2 cap)      0      255      5      none      disabled      server      disabled      blank
CUSwitch4      Running 1 (2 cap)      0      255      5      none      disabled      server      disabled      blank
CUSwitchPatron      Running 1 (2 cap)      0      255      6      none      disabled      Transparent      disabled      blank
0
 

Author Comment

by:beefwilliams
ID: 40255725
Matt

As to Why do you have IP defined on all VLAN-s on CISCO switch? Is this core switch or Access?

I inherited this network so I am not sure why it was configured this way.
The HP switches are access switches
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40255738
The domain names for the CUSwitches are not configured.
They didn't sync with the rest hence have 0 revisions.
0
 

Author Comment

by:beefwilliams
ID: 40256497
The HP switches made a change to a switch at CU I do not want these switches to update other switches.  If I change the "VTP Mode Control" to transparent will this do what I need?  Any concerns?
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40256908
Yes

Transparent mode isolates the switch. It won't send and will not receive updates.
Pretty much standalone.
0
 

Author Comment

by:beefwilliams
ID: 40258319
Thank you for your help I will make the changes over the weekend.

Any suggestions on were I can get some free online training for cisco switches?
0
 
LVL 18

Expert Comment

by:Akinsd
ID: 40259288
0
 

Author Comment

by:beefwilliams
ID: 40268159
Question I sent to Cisco Forum
Currently our cisco 2960 switches at location "B" have a VTP Mode set to “server” I want to change this to “Transparent”

They have VLAN1-default (active) 10.1.10.81; VLAN2-patron(active) 192.168.10.2; VLAN3-vlan0003(suspended) no ipaddress; VLAN4-vlan0004(suspended) 192.168.20.2

I want to delete VLAN3 and VLAN4

The connection between loc "A" and "B" is set to “Static Access VLAN1” I need to change it to “Trunk Nonnegotiate Vlan all” for our vlan2 at loc "B" to work.

Reason for this change, when I added these switches to our network about 6 months ago it brought my network down, Knowing what I know now I think they wrote their settings to all the other switches that were vtp server switches on our network, VLAN3 and 4 were set to active at that time.

Response from Cisco forum:
Switching from server to transparent vtp mode will not disrupt your network, the existing vlans will still be available, modifications however will need to be executed manually on the transparent mode switches.

If the interfaces between location A and B are configured as access ports, VTP will not work as it is only in effect on trunk links.

Before adding switches to an existing VTP domain, best practise is to configure transparent mode to set the revision number to 0. This way the VLAN database of existing switches will not be altered when connecting the switch.

HTH,
0
 
LVL 18

Accepted Solution

by:
Akinsd earned 2000 total points
ID: 40269121
Yes, those answers are accurate.
You may have experienced the annihilation if your switch ports were set to Auto (which is the default setting)

Currently our cisco 2960 switches at location "B" have a VTP Mode set to “server” I want to change this to “Transparent”
Switch(Config)# VTP mode Transparent

I want to delete VLAN3 and VLAN4
Switch(Config)#no vlan 3
Switch(Config)#exit
Switch(Config)#no vlan 4
Switch(Config)#exit


The connection between loc "A" and "B" is set to “Static Access VLAN1” I need to change it to “Trunk Nonnegotiate Vlan all” for our vlan2 at loc "B" to work.

Depending on your switch (if layer 3), you may have to hard code the encapsulation first if multiple exist otherwise, you won't need the 2nd command (Switch(config-if)#switchport trunk encapsulation dot1q )

eg
Switch-locA(config)#int fa0/1
Switch-locA(config-if)#switchport trunk encapsulation dot1q
Switch-locA(config-if)#switchport mode trunk
Switch-locA(config-if)#switchport nonegotiate

Perform the same for loc B if it's not already configured

Switch-locB(config)#int fa0/1
Switch-locB(config-if)#switchport trunk encapsulation dot1q
Switch-locB(config-if)#switchport mode trunk
Switch-locB(config-if)#switchport nonegotiate
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I eventually solved a perplexing problem setting up telnet for a new switch.  I installed a new Cisco WS-03560X-24P switch connected to an existing Cisco 4506 running a WS-X4013-10GE Sup II-Plus. After configuring vlans and trunking,  I could no…
Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
We’ve all felt that sense of false security before—locking down external access to a database or component and feeling like we’ve done all we need to do to secure company data. But that feeling is fleeting. Attacks these days can happen in many w…
Despite its rising prevalence in the business world, "the cloud" is still misunderstood. Some companies still believe common misconceptions about lack of security in cloud solutions and many misuses of cloud storage options still occur every day. …

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question