asked on

Cannot get new VLAN to work on Cisco 3560G.

I have a Cisco 3550 which has my master routing tables, with all VLANs defined there. I have four other switches which then feed off of the routing table defined on this switch.

I am trying to setup a new VLAN (VLAN 10) on the 3550 and have allowed switchport access on a 3560G but for some reason this is the only VLAN that won't communicate within its own subnet or with any other subnet. I don't know if I just can't see the forest from the trees but this is driving me crazy.

Below are my config files. If anyone can see why I can't get VLAN 10 to work across interface GigabitEthernet0/6

Cisco 3550

version 12.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phorad-3550-mdf1
!
logging buffered 16384 debugging
enable secret 5 $1$fml5$H4/gt/vwUG1VR1B8Ncl4Z1
!
clock timezone Arizona -7
ip subnet-zero
no ip source-route
ip routing
!
no ip domain-lookup
ip domain-name rbg.local
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 1
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 11 priority 24576
!
!
!
!
!
interface FastEthernet0/1
 switchport mode access
 no cdp enable
!
interface FastEthernet0/2
 description PHORAD-515-MDF1
 switchport mode access
 speed 10
 duplex half
 no cdp enable
!
interface FastEthernet0/3
 description PHORAD-2950-MDF2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet0/4
 switchport mode access
 no cdp enable
!
interface FastEthernet0/5
 switchport mode access
 no cdp enable
!
interface FastEthernet0/6
 switchport mode access
 no cdp enable
!
interface FastEthernet0/7
 switchport mode access
 no cdp enable
!
interface FastEthernet0/8
 switchport mode access
 no cdp enable
!
interface FastEthernet0/9
 switchport mode access
 no cdp enable
!
interface FastEthernet0/10
 switchport mode access
 no cdp enable
!
interface FastEthernet0/11
 switchport mode access
 no cdp enable
!
interface FastEthernet0/12
 switchport mode access
 no cdp enable
!
interface FastEthernet0/13
 switchport mode access
 no cdp enable
!
interface FastEthernet0/14
 switchport mode access
 no cdp enable
!
interface FastEthernet0/15
 switchport mode access
 no cdp enable
!
interface FastEthernet0/16
 switchport mode access
 no cdp enable
!
interface FastEthernet0/17
 switchport mode access
 speed 100
 duplex full
 no cdp enable
!
interface FastEthernet0/18
 switchport mode access
 no cdp enable
!
interface FastEthernet0/19
 switchport mode access
 no cdp enable
!
interface FastEthernet0/20
 switchport mode access
 no cdp enable
!
interface FastEthernet0/21
 switchport mode access
!
interface FastEthernet0/22
 switchport mode access
 no cdp enable
!
interface FastEthernet0/23
 description feed to Wheatstone Xpoint PC
 switchport access vlan 11
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/1
 description phorad-2950-mdf1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description phorad-3560-mdf1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 description Business/Admin Vlan1
 ip address 10.1.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan10
 description business vlan
 ip address 10.10.1.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan11
 description Engineering Vlan11
 ip address 10.11.19.1 255.255.255.0
 ip access-group intvlan11_out out
 no ip redirects
 no ip mroute-cache
!
interface Vlan21
 description VOIP VLAN21
 ip address 10.21.19.1 255.255.255.0
 ip helper-address 10.1.19.2
 no ip redirects
 no ip mroute-cache
!
interface Vlan31
 description Wide Orbit Automation Network
 ip address 10.31.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan41
 description Raritan KVM over IP network
 ip address 10.41.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan51
 description Remote Audio VLAN
 ip address 10.51.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan55
 description Internet VLAN
 ip address 10.1.254.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan255
 description Restricted to Internet Only Traffic
 ip address 10.255.29.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
router eigrp 2000
 network 10.0.0.0
 no auto-summary
 no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.19.75
ip http server
!
ip access-list extended intvlan11_in
 permit tcp any host 10.11.19.7 eq 10983
 permit tcp any host 10.11.19.39 eq telnet
 permit tcp any host 10.11.19.21 eq 5800
 permit tcp any host 10.11.19.21 eq 5900
 permit tcp any host 10.11.19.49 eq telnet
ip access-list extended intvlan11_out
 permit tcp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
 permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
 permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
 permit udp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
 permit tcp host 10.1.19.2 host 10.11.19.2 eq domain
 permit udp host 10.1.19.2 host 10.11.19.2 eq domain
 permit tcp host 10.11.19.7 host 64.71.153.51 eq www
 permit tcp host 10.11.19.7 host 204.155.175.117 eq www
 permit tcp any 10.11.19.0 0.0.0.255 established
 permit tcp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
 permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
 permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
 permit udp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
 permit tcp any 10.1.19.0 0.0.0.7 established
 permit udp host 10.1.19.2 host 10.11.19.2 eq 389
 permit udp host 10.1.19.2 host 10.11.19.2 eq 88
 permit icmp any any
 permit tcp host 10.11.19.3 host 10.1.19.46 eq 5401
 permit udp host 10.11.19.3 host 10.1.19.46 eq 5401
 permit tcp any host 10.11.19.7 eq 10983
 permit tcp any host 10.11.19.39 eq telnet
 permit tcp any host 10.11.19.21 eq 5800
 permit tcp any host 10.11.19.21 eq 5900
 permit tcp any host 10.11.19.49 eq telnet
 permit tcp any any
 deny   ip any any
ip access-list extended intvlan21_in
 permit ip any any
ip access-list extended intvlan21_out
 permit ip any any
ip access-list extended intvlan31_in
ip access-list extended intvlan31_out
 permit tcp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
 permit ip any any
 permit tcp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
 permit udp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
ip access-list extended intvlan41_in
ip access-list extended intvlan41_out
 permit tcp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
 deny   ip any any
 permit tcp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
 permit udp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
ip access-list extended intvlan51_out
 permit tcp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
ip access-list extended intvlan55_in
 permit ip any any
ip access-list extended intvlan55_out
 permit ip any any
!
no logging trap
banner motd ^C
 ___________________________________________
|                                           |
| !!! If you are not an authorized user !!! |
|              Leave Immediately            |
|___________________________________________|
^C
!
line con 0
 exec-timeout 20 0
 password 7 1344071A041E052E6A
 login
line vty 0 4
 exec-timeout 20 0
 password 7 090D5E01161716164A
 login
line vty 5 15
 exec-timeout 20 0
 password 7 041A1B0E00334D4A48
 login
!
ntp clock-period 17180516
ntp server 10.1.19.2
!
end


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname phorad-3560-mdf1
!
enable secret 5 $1$j67A$cDdUKQg0THNlJxNCa6TT6.
enable password ********
!
no aaa new-model
clock timezone Arizona -7
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/2
 description SERVER PORT
 switchport mode access
 no cdp enable
!
interface GigabitEthernet0/3
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/4
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/5
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/6
 description PHORADDC1
 switchport access vlan 10
!
interface GigabitEthernet0/7
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/8
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/9
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/10
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/11
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/12
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/13
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/14
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/15
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/16
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/17
 switchport mode access
!
interface GigabitEthernet0/18
 switchport mode access
!
interface GigabitEthernet0/19
 switchport mode access
!
interface GigabitEthernet0/20
 switchport mode access
!
interface GigabitEthernet0/21
 switchport mode access
!
interface GigabitEthernet0/22
 description Tieline Merlin Plus 1 LAN 1
 switchport access vlan 51
!
interface GigabitEthernet0/23
 description Raritan Dominion 1 LAN 2 for backup
 switchport access vlan 41
!
interface GigabitEthernet0/24
 description Raritan Dominion 2 LAN 2 for backup
 switchport access vlan 41
!
interface GigabitEthernet0/25
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/26
 switchport mode access
!
interface GigabitEthernet0/27
 switchport mode access
!
interface GigabitEthernet0/28
 switchport mode access
!
interface GigabitEthernet0/29
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/30
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/31
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/32
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/33
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/34
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/35
 switchport access vlan 21
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/36
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/37
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/38
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/39
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/40
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/41
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/42
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/43
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/44
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/45
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/46
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/47
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/48
 switchport access vlan 21
 switchport mode access
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/51
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/52
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 ip address 10.1.19.77 255.255.255.0
!
ip default-gateway 10.1.19.1
ip classless
ip http server
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
banner login ^C
 ___________________________________________
|                                           |
| !!! If you are not an authorized user !!! |
|              Leave Immediately            |
|___________________________________________|
^C
!
line con 0
 password !mypass!
line vty 0 4
 password !mypass!
 login
line vty 5 15
 password !mypass!
 login
!
ntp server 10.1.19.2
end

Open in new window

Don Johnston

First, do not post configs with passwords. Always delete the passwords before posting. I suggest you delete the configs, remove the passwords and repost. Also, using the "code" feature when posting makes it easier to view the information.

As for the problem at hand, how are the switches connected (what ports)? When you say "won't communicate within its own subnet or with any other subnet", how are you testing this. From what device (IP address and switch port) are you transmitting from and what is the destination (IP address and switch port)?

Predrag Jovic

What is result of show vlan, show interface trunk and show ip interface brief commands on both switches?
Is VLAN 10 added to trunk (show interface trunk - will answer that)?

ditobot

ASKER

I think you nailed my problem. Strangely enough when I added the other VLANs I never had this problem but for some reason this one didn't take. Below are the results of the show interface trunk command. However when I tried to add the VLAN to the appropriate interfaces using the following command:

switchport trunk allowed vlan add 10

It took the command but didn't add the VLAN. Is there something fishy with using VLAN 10? I know that VLAN 1 can be finicky sometimes. Or do I need to use a different command?

3560G
Port Vlans allowed on trunk
Gi0/25 1-4094
Gi0/50 1-4094
Gi0/51 1-4094
Gi0/52 1-4094

Port Vlans allowed and active in management domain
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255
Gi0/52 1,11,21,31,41,51,55,255

Port Vlans in spanning tree forwarding state and not pruned
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255

Port Vlans in spanning tree forwarding state and not pruned
Gi0/52 1,11,21,31,41,51,55,255

3550
Port Mode Encapsulation Status Native vlan
Fa0/3 on 802.1q trunking 1
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/3 1-4094
Gi0/1 1-4094
Gi0/2 1-4094

Port Vlans allowed and active in management domain
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255

Port Vlans in spanning tree forwarding state and not pruned
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255
phorad-3550-mdf1#

ASKER CERTIFIED SOLUTION

Predrag Jovic

membership

This solution is only available to members.

To access this solution, you must be a member of Experts Exchange.

Start Free Trial

SOLUTION

Otto_N