ditobot
asked on
Cannot get new VLAN to work on Cisco 3560G.
I have a Cisco 3550 which has my master routing tables, with all VLANs defined there. I have four other switches which then feed off of the routing table defined on this switch.
I am trying to setup a new VLAN (VLAN 10) on the 3550 and have allowed switchport access on a 3560G but for some reason this is the only VLAN that won't communicate within its own subnet or with any other subnet. I don't know if I just can't see the forest from the trees but this is driving me crazy.
Below are my config files. If anyone can see why I can't get VLAN 10 to work across interface GigabitEthernet0/6
Cisco 3550
I am trying to setup a new VLAN (VLAN 10) on the 3550 and have allowed switchport access on a 3560G but for some reason this is the only VLAN that won't communicate within its own subnet or with any other subnet. I don't know if I just can't see the forest from the trees but this is driving me crazy.
Below are my config files. If anyone can see why I can't get VLAN 10 to work across interface GigabitEthernet0/6
Cisco 3550
version 12.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phorad-3550-mdf1
!
logging buffered 16384 debugging
enable secret 5 $1$fml5$H4/gt/vwUG1VR1B8Ncl4Z1
!
clock timezone Arizona -7
ip subnet-zero
no ip source-route
ip routing
!
no ip domain-lookup
ip domain-name rbg.local
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 1
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 11 priority 24576
!
!
!
!
!
interface FastEthernet0/1
switchport mode access
no cdp enable
!
interface FastEthernet0/2
description PHORAD-515-MDF1
switchport mode access
speed 10
duplex half
no cdp enable
!
interface FastEthernet0/3
description PHORAD-2950-MDF2
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface FastEthernet0/4
switchport mode access
no cdp enable
!
interface FastEthernet0/5
switchport mode access
no cdp enable
!
interface FastEthernet0/6
switchport mode access
no cdp enable
!
interface FastEthernet0/7
switchport mode access
no cdp enable
!
interface FastEthernet0/8
switchport mode access
no cdp enable
!
interface FastEthernet0/9
switchport mode access
no cdp enable
!
interface FastEthernet0/10
switchport mode access
no cdp enable
!
interface FastEthernet0/11
switchport mode access
no cdp enable
!
interface FastEthernet0/12
switchport mode access
no cdp enable
!
interface FastEthernet0/13
switchport mode access
no cdp enable
!
interface FastEthernet0/14
switchport mode access
no cdp enable
!
interface FastEthernet0/15
switchport mode access
no cdp enable
!
interface FastEthernet0/16
switchport mode access
no cdp enable
!
interface FastEthernet0/17
switchport mode access
speed 100
duplex full
no cdp enable
!
interface FastEthernet0/18
switchport mode access
no cdp enable
!
interface FastEthernet0/19
switchport mode access
no cdp enable
!
interface FastEthernet0/20
switchport mode access
no cdp enable
!
interface FastEthernet0/21
switchport mode access
!
interface FastEthernet0/22
switchport mode access
no cdp enable
!
interface FastEthernet0/23
description feed to Wheatstone Xpoint PC
switchport access vlan 11
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/1
description phorad-2950-mdf1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/2
description phorad-3560-mdf1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
description Business/Admin Vlan1
ip address 10.1.19.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan10
description business vlan
ip address 10.10.1.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan11
description Engineering Vlan11
ip address 10.11.19.1 255.255.255.0
ip access-group intvlan11_out out
no ip redirects
no ip mroute-cache
!
interface Vlan21
description VOIP VLAN21
ip address 10.21.19.1 255.255.255.0
ip helper-address 10.1.19.2
no ip redirects
no ip mroute-cache
!
interface Vlan31
description Wide Orbit Automation Network
ip address 10.31.19.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan41
description Raritan KVM over IP network
ip address 10.41.19.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan51
description Remote Audio VLAN
ip address 10.51.19.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan55
description Internet VLAN
ip address 10.1.254.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
interface Vlan255
description Restricted to Internet Only Traffic
ip address 10.255.29.1 255.255.255.0
no ip redirects
no ip mroute-cache
!
router eigrp 2000
network 10.0.0.0
no auto-summary
no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.19.75
ip http server
!
ip access-list extended intvlan11_in
permit tcp any host 10.11.19.7 eq 10983
permit tcp any host 10.11.19.39 eq telnet
permit tcp any host 10.11.19.21 eq 5800
permit tcp any host 10.11.19.21 eq 5900
permit tcp any host 10.11.19.49 eq telnet
ip access-list extended intvlan11_out
permit tcp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
permit udp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
permit tcp host 10.1.19.2 host 10.11.19.2 eq domain
permit udp host 10.1.19.2 host 10.11.19.2 eq domain
permit tcp host 10.11.19.7 host 64.71.153.51 eq www
permit tcp host 10.11.19.7 host 204.155.175.117 eq www
permit tcp any 10.11.19.0 0.0.0.255 established
permit tcp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
permit udp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
permit tcp any 10.1.19.0 0.0.0.7 established
permit udp host 10.1.19.2 host 10.11.19.2 eq 389
permit udp host 10.1.19.2 host 10.11.19.2 eq 88
permit icmp any any
permit tcp host 10.11.19.3 host 10.1.19.46 eq 5401
permit udp host 10.11.19.3 host 10.1.19.46 eq 5401
permit tcp any host 10.11.19.7 eq 10983
permit tcp any host 10.11.19.39 eq telnet
permit tcp any host 10.11.19.21 eq 5800
permit tcp any host 10.11.19.21 eq 5900
permit tcp any host 10.11.19.49 eq telnet
permit tcp any any
deny ip any any
ip access-list extended intvlan21_in
permit ip any any
ip access-list extended intvlan21_out
permit ip any any
ip access-list extended intvlan31_in
ip access-list extended intvlan31_out
permit tcp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
permit udp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
permit ip any any
permit tcp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
permit udp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
ip access-list extended intvlan41_in
ip access-list extended intvlan41_out
permit tcp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
permit udp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
deny ip any any
permit tcp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
permit udp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
ip access-list extended intvlan51_out
permit tcp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
permit udp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
ip access-list extended intvlan55_in
permit ip any any
ip access-list extended intvlan55_out
permit ip any any
!
no logging trap
banner motd ^C
___________________________________________
| |
| !!! If you are not an authorized user !!! |
| Leave Immediately |
|___________________________________________|
^C
!
line con 0
exec-timeout 20 0
password 7 1344071A041E052E6A
login
line vty 0 4
exec-timeout 20 0
password 7 090D5E01161716164A
login
line vty 5 15
exec-timeout 20 0
password 7 041A1B0E00334D4A48
login
!
ntp clock-period 17180516
ntp server 10.1.19.2
!
end
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname phorad-3560-mdf1
!
enable secret 5 $1$j67A$cDdUKQg0THNlJxNCa6TT6.
enable password ********
!
no aaa new-model
clock timezone Arizona -7
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/2
description SERVER PORT
switchport mode access
no cdp enable
!
interface GigabitEthernet0/3
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/4
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/5
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/6
description PHORADDC1
switchport access vlan 10
!
interface GigabitEthernet0/7
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/8
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/9
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/10
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/11
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/12
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/13
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/14
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/15
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/16
description SERVER PORT
switchport mode access
!
interface GigabitEthernet0/17
switchport mode access
!
interface GigabitEthernet0/18
switchport mode access
!
interface GigabitEthernet0/19
switchport mode access
!
interface GigabitEthernet0/20
switchport mode access
!
interface GigabitEthernet0/21
switchport mode access
!
interface GigabitEthernet0/22
description Tieline Merlin Plus 1 LAN 1
switchport access vlan 51
!
interface GigabitEthernet0/23
description Raritan Dominion 1 LAN 2 for backup
switchport access vlan 41
!
interface GigabitEthernet0/24
description Raritan Dominion 2 LAN 2 for backup
switchport access vlan 41
!
interface GigabitEthernet0/25
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/26
switchport mode access
!
interface GigabitEthernet0/27
switchport mode access
!
interface GigabitEthernet0/28
switchport mode access
!
interface GigabitEthernet0/29
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/31
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/33
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/35
switchport access vlan 21
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/36
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/37
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/38
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/39
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/40
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/41
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/42
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/43
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/44
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/45
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/46
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/47
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/48
switchport access vlan 21
switchport mode access
switchport voice vlan 21
spanning-tree portfast
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan1
ip address 10.1.19.77 255.255.255.0
!
ip default-gateway 10.1.19.1
ip classless
ip http server
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
banner login ^C
___________________________________________
| |
| !!! If you are not an authorized user !!! |
| Leave Immediately |
|___________________________________________|
^C
!
line con 0
password !mypass!
line vty 0 4
password !mypass!
login
line vty 5 15
password !mypass!
login
!
ntp server 10.1.19.2
end
What is result of show vlan, show interface trunk and show ip interface brief commands on both switches?
Is VLAN 10 added to trunk (show interface trunk - will answer that)?
Is VLAN 10 added to trunk (show interface trunk - will answer that)?
ASKER
I think you nailed my problem. Strangely enough when I added the other VLANs I never had this problem but for some reason this one didn't take. Below are the results of the show interface trunk command. However when I tried to add the VLAN to the appropriate interfaces using the following command:
switchport trunk allowed vlan add 10
It took the command but didn't add the VLAN. Is there something fishy with using VLAN 10? I know that VLAN 1 can be finicky sometimes. Or do I need to use a different command?
3560G
Port Vlans allowed on trunk
Gi0/25 1-4094
Gi0/50 1-4094
Gi0/51 1-4094
Gi0/52 1-4094
Port Vlans allowed and active in management domain
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255
Gi0/52 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Gi0/52 1,11,21,31,41,51,55,255
3550
Port Mode Encapsulation Status Native vlan
Fa0/3 on 802.1q trunking 1
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/3 1-4094
Gi0/1 1-4094
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255
phorad-3550-mdf1#
switchport trunk allowed vlan add 10
It took the command but didn't add the VLAN. Is there something fishy with using VLAN 10? I know that VLAN 1 can be finicky sometimes. Or do I need to use a different command?
3560G
Port Vlans allowed on trunk
Gi0/25 1-4094
Gi0/50 1-4094
Gi0/51 1-4094
Gi0/52 1-4094
Port Vlans allowed and active in management domain
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255
Gi0/52 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Gi0/25 1,11,21,31,41,51,55,255
Gi0/50 1,11,21,31,41,51,55,255
Gi0/51 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Gi0/52 1,11,21,31,41,51,55,255
3550
Port Mode Encapsulation Status Native vlan
Fa0/3 on 802.1q trunking 1
Gi0/1 on 802.1q trunking 1
Gi0/2 on 802.1q trunking 1
Port Vlans allowed on trunk
Fa0/3 1-4094
Gi0/1 1-4094
Gi0/2 1-4094
Port Vlans allowed and active in management domain
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255
Port Vlans in spanning tree forwarding state and not pruned
Fa0/3 1,11,21,31,41,51,55,255
Gi0/1 1,11,21,31,41,51,55,255
Gi0/2 1,11,21,31,41,51,55,255
phorad-3550-mdf1#
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thanks guys. I created the interface VLAN 10 on the switch with my routing tables but never created the actual VLAN. Everything seem to be working now.
As for the problem at hand, how are the switches connected (what ports)? When you say "won't communicate within its own subnet or with any other subnet", how are you testing this. From what device (IP address and switch port) are you transmitting from and what is the destination (IP address and switch port)?