Solved

Cannot get new VLAN to work on Cisco 3560G.

Posted on 2014-11-19
6
520 Views
Last Modified: 2014-11-20
I have a Cisco 3550 which has my master routing tables, with all VLANs defined there. I have four other switches which then feed off of the routing table defined on this switch.

I am trying to setup a new VLAN (VLAN 10) on the 3550 and have allowed switchport access on a 3560G but for some reason this is the only VLAN that won't communicate within its own subnet or with any other subnet. I don't know if I just can't see the forest from the trees but this is driving me crazy.

Below are my config files. If anyone can see why I can't get VLAN 10 to work across interface GigabitEthernet0/6

Cisco 3550
version 12.1
no service pad
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
!
hostname phorad-3550-mdf1
!
logging buffered 16384 debugging
enable secret 5 $1$fml5$H4/gt/vwUG1VR1B8Ncl4Z1
!
clock timezone Arizona -7
ip subnet-zero
no ip source-route
ip routing
!
no ip domain-lookup
ip domain-name rbg.local
ip ssh time-out 120
ip ssh authentication-retries 3
ip ssh version 1
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
spanning-tree vlan 1 priority 24576
spanning-tree vlan 11 priority 24576
!
!
!
!
!
interface FastEthernet0/1
 switchport mode access
 no cdp enable
!
interface FastEthernet0/2
 description PHORAD-515-MDF1
 switchport mode access
 speed 10
 duplex half
 no cdp enable
!
interface FastEthernet0/3
 description PHORAD-2950-MDF2
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet0/4
 switchport mode access
 no cdp enable
!
interface FastEthernet0/5
 switchport mode access
 no cdp enable
!
interface FastEthernet0/6
 switchport mode access
 no cdp enable
!
interface FastEthernet0/7
 switchport mode access
 no cdp enable
!
interface FastEthernet0/8
 switchport mode access
 no cdp enable
!
interface FastEthernet0/9
 switchport mode access
 no cdp enable
!
interface FastEthernet0/10
 switchport mode access
 no cdp enable
!
interface FastEthernet0/11
 switchport mode access
 no cdp enable
!
interface FastEthernet0/12
 switchport mode access
 no cdp enable
!
interface FastEthernet0/13
 switchport mode access
 no cdp enable
!
interface FastEthernet0/14
 switchport mode access
 no cdp enable
!
interface FastEthernet0/15
 switchport mode access
 no cdp enable
!
interface FastEthernet0/16
 switchport mode access
 no cdp enable
!
interface FastEthernet0/17
 switchport mode access
 speed 100
 duplex full
 no cdp enable
!
interface FastEthernet0/18
 switchport mode access
 no cdp enable
!
interface FastEthernet0/19
 switchport mode access
 no cdp enable
!
interface FastEthernet0/20
 switchport mode access
 no cdp enable
!
interface FastEthernet0/21
 switchport mode access
!
interface FastEthernet0/22
 switchport mode access
 no cdp enable
!
interface FastEthernet0/23
 description feed to Wheatstone Xpoint PC
 switchport access vlan 11
 switchport mode dynamic desirable
!
interface FastEthernet0/24
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/1
 description phorad-2950-mdf1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/2
 description phorad-3560-mdf1
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 description Business/Admin Vlan1
 ip address 10.1.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan10
 description business vlan
 ip address 10.10.1.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan11
 description Engineering Vlan11
 ip address 10.11.19.1 255.255.255.0
 ip access-group intvlan11_out out
 no ip redirects
 no ip mroute-cache
!
interface Vlan21
 description VOIP VLAN21
 ip address 10.21.19.1 255.255.255.0
 ip helper-address 10.1.19.2
 no ip redirects
 no ip mroute-cache
!
interface Vlan31
 description Wide Orbit Automation Network
 ip address 10.31.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan41
 description Raritan KVM over IP network
 ip address 10.41.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan51
 description Remote Audio VLAN
 ip address 10.51.19.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan55
 description Internet VLAN
 ip address 10.1.254.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
interface Vlan255
 description Restricted to Internet Only Traffic
 ip address 10.255.29.1 255.255.255.0
 no ip redirects
 no ip mroute-cache
!
router eigrp 2000
 network 10.0.0.0
 no auto-summary
 no eigrp log-neighbor-changes
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.19.75
ip http server
!
ip access-list extended intvlan11_in
 permit tcp any host 10.11.19.7 eq 10983
 permit tcp any host 10.11.19.39 eq telnet
 permit tcp any host 10.11.19.21 eq 5800
 permit tcp any host 10.11.19.21 eq 5900
 permit tcp any host 10.11.19.49 eq telnet
ip access-list extended intvlan11_out
 permit tcp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
 permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
 permit icmp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
 permit udp 10.1.19.16 0.0.0.7 10.11.19.0 0.0.0.255
 permit tcp host 10.1.19.2 host 10.11.19.2 eq domain
 permit udp host 10.1.19.2 host 10.11.19.2 eq domain
 permit tcp host 10.11.19.7 host 64.71.153.51 eq www
 permit tcp host 10.11.19.7 host 204.155.175.117 eq www
 permit tcp any 10.11.19.0 0.0.0.255 established
 permit tcp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
 permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 echo-reply
 permit icmp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255 time-exceeded
 permit udp 10.1.19.0 0.0.0.7 10.11.19.0 0.0.0.255
 permit tcp any 10.1.19.0 0.0.0.7 established
 permit udp host 10.1.19.2 host 10.11.19.2 eq 389
 permit udp host 10.1.19.2 host 10.11.19.2 eq 88
 permit icmp any any
 permit tcp host 10.11.19.3 host 10.1.19.46 eq 5401
 permit udp host 10.11.19.3 host 10.1.19.46 eq 5401
 permit tcp any host 10.11.19.7 eq 10983
 permit tcp any host 10.11.19.39 eq telnet
 permit tcp any host 10.11.19.21 eq 5800
 permit tcp any host 10.11.19.21 eq 5900
 permit tcp any host 10.11.19.49 eq telnet
 permit tcp any any
 deny   ip any any
ip access-list extended intvlan21_in
 permit ip any any
ip access-list extended intvlan21_out
 permit ip any any
ip access-list extended intvlan31_in
ip access-list extended intvlan31_out
 permit tcp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.31.19.0 0.0.0.255
 permit ip any any
 permit tcp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
 permit udp 10.41.19.0 0.0.0.255 10.31.19.0 0.0.0.255
ip access-list extended intvlan41_in
ip access-list extended intvlan41_out
 permit tcp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.41.19.0 0.0.0.255
 deny   ip any any
 permit tcp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
 permit udp 10.31.19.0 0.0.0.255 10.41.19.0 0.0.0.255
ip access-list extended intvlan51_out
 permit tcp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
 permit udp 10.1.19.0 0.0.0.31 10.51.19.0 0.0.0.255
ip access-list extended intvlan55_in
 permit ip any any
ip access-list extended intvlan55_out
 permit ip any any
!
no logging trap
banner motd ^C
 ___________________________________________
|                                           |
| !!! If you are not an authorized user !!! |
|              Leave Immediately            |
|___________________________________________|
^C
!
line con 0
 exec-timeout 20 0
 password 7 1344071A041E052E6A
 login
line vty 0 4
 exec-timeout 20 0
 password 7 090D5E01161716164A
 login
line vty 5 15
 exec-timeout 20 0
 password 7 041A1B0E00334D4A48
 login
!
ntp clock-period 17180516
ntp server 10.1.19.2
!
end


----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname phorad-3560-mdf1
!
enable secret 5 $1$j67A$cDdUKQg0THNlJxNCa6TT6.
enable password ********
!
no aaa new-model
clock timezone Arizona -7
ip subnet-zero
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/2
 description SERVER PORT
 switchport mode access
 no cdp enable
!
interface GigabitEthernet0/3
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/4
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/5
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/6
 description PHORADDC1
 switchport access vlan 10
!
interface GigabitEthernet0/7
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/8
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/9
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/10
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/11
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/12
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/13
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/14
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/15
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/16
 description SERVER PORT
 switchport mode access
!
interface GigabitEthernet0/17
 switchport mode access
!
interface GigabitEthernet0/18
 switchport mode access
!
interface GigabitEthernet0/19
 switchport mode access
!
interface GigabitEthernet0/20
 switchport mode access
!
interface GigabitEthernet0/21
 switchport mode access
!
interface GigabitEthernet0/22
 description Tieline Merlin Plus 1 LAN 1
 switchport access vlan 51
!
interface GigabitEthernet0/23
 description Raritan Dominion 1 LAN 2 for backup
 switchport access vlan 41
!
interface GigabitEthernet0/24
 description Raritan Dominion 2 LAN 2 for backup
 switchport access vlan 41
!
interface GigabitEthernet0/25
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/26
 switchport mode access
!
interface GigabitEthernet0/27
 switchport mode access
!
interface GigabitEthernet0/28
 switchport mode access
!
interface GigabitEthernet0/29
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/30
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/31
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/32
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/33
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/34
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/35
 switchport access vlan 21
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/36
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/37
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/38
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/39
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/40
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/41
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/42
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/43
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/44
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/45
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/46
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/47
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/48
 switchport access vlan 21
 switchport mode access
 switchport voice vlan 21
 spanning-tree portfast
!
interface GigabitEthernet0/49
!
interface GigabitEthernet0/50
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/51
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet0/52
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 ip address 10.1.19.77 255.255.255.0
!
ip default-gateway 10.1.19.1
ip classless
ip http server
!
snmp-server community public RO
snmp-server community private RW
!
control-plane
!
banner login ^C
 ___________________________________________
|                                           |
| !!! If you are not an authorized user !!! |
|              Leave Immediately            |
|___________________________________________|
^C
!
line con 0
 password !mypass!
line vty 0 4
 password !mypass!
 login
line vty 5 15
 password !mypass!
 login
!
ntp server 10.1.19.2
end

Open in new window

0
Comment
Question by:ditobot
6 Comments
 
LVL 50

Expert Comment

by:Don Johnston
ID: 40454066
First, do not post configs with passwords.  Always delete the passwords before posting.  I suggest you delete the configs, remove the passwords and repost. Also, using the "code" feature when posting makes it easier to view the information.

As for the problem at hand, how are the switches connected (what ports)? When you say "won't communicate within its own subnet or with any other subnet", how are you testing this. From what device (IP address and switch port) are you transmitting from and what is the destination (IP address and switch port)?
0
 
LVL 26

Expert Comment

by:Predrag Jovic
ID: 40454341
What is result of show vlan, show interface trunk and show ip interface brief commands on both switches?
Is VLAN 10 added to trunk (show interface trunk - will answer that)?
0
 

Author Comment

by:ditobot
ID: 40454464
I think you nailed my problem. Strangely enough when I added the other VLANs I never had this problem but for some reason this one didn't take. Below are the results of the show interface trunk command. However when I tried to add the VLAN to the appropriate interfaces using the following command:

switchport trunk allowed vlan add 10

It took the command but didn't add the VLAN. Is there something fishy with using VLAN 10? I know that VLAN 1 can be finicky sometimes. Or do I need to use a different command?

3560G
Port        Vlans allowed on trunk
Gi0/25      1-4094
Gi0/50      1-4094
Gi0/51      1-4094
Gi0/52      1-4094

Port        Vlans allowed and active in management domain
Gi0/25      1,11,21,31,41,51,55,255
Gi0/50      1,11,21,31,41,51,55,255
Gi0/51      1,11,21,31,41,51,55,255
Gi0/52      1,11,21,31,41,51,55,255

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/25      1,11,21,31,41,51,55,255
Gi0/50      1,11,21,31,41,51,55,255
Gi0/51      1,11,21,31,41,51,55,255

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/52      1,11,21,31,41,51,55,255






3550
Port        Mode         Encapsulation  Status        Native vlan
Fa0/3       on           802.1q         trunking      1
Gi0/1       on           802.1q         trunking      1
Gi0/2       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/3       1-4094
Gi0/1       1-4094
Gi0/2       1-4094

Port        Vlans allowed and active in management domain
Fa0/3       1,11,21,31,41,51,55,255
Gi0/1       1,11,21,31,41,51,55,255
Gi0/2       1,11,21,31,41,51,55,255

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/3       1,11,21,31,41,51,55,255
Gi0/1       1,11,21,31,41,51,55,255
Gi0/2       1,11,21,31,41,51,55,255
phorad-3550-mdf1#
0
Zoho SalesIQ

Hassle-free live chat software re-imagined for business growth. 2 users, always free.

 
LVL 26

Accepted Solution

by:
Predrag Jovic earned 250 total points
ID: 40454499
Command is OK.
All VLANs are allowed on trunks, but looks like that VLAN 10 is not created, or that you don't have active ports  (in STP forwarding state) in VLAN 10.  
Vlans in spanning tree forwarding state and not pruned
1,11,21,31,41,51,55,255
0
 
LVL 14

Assisted Solution

by:Otto_N
Otto_N earned 250 total points
ID: 40454805
I agree with Pedrac:  VLAN 10 is not created ("show vlan brief" can confirm, but I'm not seeing VLAN 10 in the "Vlans allowed and active in management domain" lists).  By default, the switch should add VLAN 10 on the 3550 the moment you create "interface Vlan10", but it could've been removed later, or the 3550 might be a VTP client, not allowing it to create VLANs.

Just add VLAN 10 to the switches.  There can be two ways to do it:
Via Global config:
conf t
vlan 10
end
Or via Vlan Database
vlan database
vlan 10
exit
If you have a problem with these commands on any of the switches, just post the error message you receive.
0
 

Author Closing Comment

by:ditobot
ID: 40455750
Thanks guys. I created the interface VLAN 10 on the switch with my routing tables but never created the actual VLAN. Everything seem to be working now.
0

Featured Post

Scale it in WD Gold

With up to ten times the workload capacity of desktop drives, WD Gold hard drives employ advanced technology to deliver among the best in reliability, capacity, power efficiency and performance.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Prevent DDOS attack 16 49
Network Config 9 59
EIGRP Full Mesh 2 37
nipper studio 2 5
Outsource Your Fax Infrastructure to the Cloud (And come out looking like an IT Hero!) Relative to the many demands on today’s IT teams, spending capital, time and resources to maintain physical fax servers and infrastructure is not a high priority.
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

743 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now