Cisco 300G Vlans cant talk

I have a layer 3 switch. I have it setup.


Vlan 1 can talk to vlan 1
Vlan 2 can talk to vlan 2 and 1 but vlan1 cannot talk to vlan 2. I have my routes setup in my ASA and my SG300.
desiredforsomeAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ElvorfinCommented:
I assume that you have uplinks from ports on the 300G on vlan1 and vlan2  to ports on the ASA (which model is it BTW?) I would suspect, without seeing the configuration of the ASA, that vlan2 can see vlan1 because the vlan2 port on the ASA is a higher security level than the port that VLAN1 is connected to.

Basically though traffic through the ASA is not based purely on routing, you need to configure object groups for vlan1 and vlan2 networks and then create  access lists to control the traffic between the two. Once you have done that you should be good.
desiredforsomeAuthor Commented:
I have the base license on the ASA 5505. I have internal and outside VLANS(internal,internet).

My internal is set as 192.168.0.201


My switch is SG300-20

I have a route set in the system as

ip route 192.168.9.0 255.255.255.0 192.168.0.200(address of VLAN1 in switch)

switch37984b#sh run
config-file-header
switch37984b
v1.3.5.58 / R750_NIK_1_35_647_358
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 2
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
bonjour interface range vlan 1
hostname switch37984b
username cisco password encrypted 255e5447374ce7310d6656f42240cbc67c9c42c7 privi                                                                             lege 15
ip ssh server
!
interface vlan 1
 ip address 192.168.0.200 255.255.255.0
 no ip address dhcp
!
interface vlan 2
 name Phones
 ip address 192.168.9.1 255.255.255.0
!
interface gigabitethernet2
 switchport mode access
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 2
!
interface gigabitethernet16
 switchport trunk native vlan 2
!
interface gigabitethernet17
 switchport trunk native vlan 2
!
exit
ip default-gateway 192.168.0.201

Open in new window


The above code is my switch

I have my PC on VLAN2 with the IP of 192.168.9.9 with gateway of 192.168.9.1
desiredforsomeAuthor Commented:
When I run a traceroute it looks like it is getting stuck on 192.168.0.200 that its not routing.

Thanks,
IT Degree with Certifications Included

Aspire to become a network administrator, network security analyst, or computer and information systems manager? Make the most of your experience as an IT professional by earning your B.S. in Network Operations and Security.

ElvorfinCommented:
OK I assume that from your PC you can ping 192.168.9.1 (300G VLAN2 GW) and can ping 192.168.0.200 (300G VLAN1 GW) but not 192.168.0.201 which is your ASA inside interface. Can you see any other hosts on the VLAN1 network?

The ASA will not respond to ICMP requests unless it has been specifically setup in the access list for the inside interface, if ICMP isn't configured then traceroute will fail as it uses ICMP traffic.
unrealized92Commented:
Have you tried inputting a default route to your gateway?  You shouldn't be routing to your interface, you should be routing to your gateway. Also be sure you've got ICMP enabled
desiredforsomeAuthor Commented:
From my 192.168.9.9 machine I can ping the following.

192.168.0.201(ASA)
192.168.0.200(VLAN1)
192.168.9.1(VLAN2)
192.168.9.9(itself)
192.168.0.60(VLAN1 Machine)
Internet

From my 192.168.0.60 Machine

Ping all of 192.168.0.0/24 (including ASA)
Ping 192.168.9.1
Ping 192.168.0.200

Cannot ping or access 192.168.9.9
unrealized92Commented:
Try:

ip route 0.0.0.0 0.0.0.0 192.168.0.201

This will route everything by default to your ASA Gateway.
desiredforsomeAuthor Commented:
I put in the route.


S   0.0.0.0/0 [1/1] via 192.168.0.201, 00:01:45, vlan 1
C   192.168.0.0/24 is directly connected, vlan 1
C   192.168.9.0/24 is directly connected, vlan 2


Still cannot ping 9.9 (However, I can ping 9.9 from the switch itself.)
desiredforsomeAuthor Commented:
This is on my ASA

route inside 192.168.9.0 255.255.255.0 192.168.0.200 1
unrealized92Commented:
problem is likely on your ASA side, since it's not routing through.  Can you paste your config?
ElvorfinCommented:
Which switch port do you have the 192.168..9.9 connected to? you only have  a single port associated with VLAN2
unrealized92Commented:
on your ASA - Try removing the "inside" portion on your route.

route 192.168.9.0 255.255.255.0 192.168.0.200 1
desiredforsomeAuthor Commented:
I have switchport 1 connected to ASA which is VLAN1 (Default). I then have port 2 for VLAN1 plugged into 1 computer.

Then I have switch port 16 plugged into vlan 2 another computer. (9.9)



Ciscoasa# sh run
: Saved
:
ASA Version 8.0(5)
!
hostname Ciscoasa
domain-name oci.local
enable password K1x4V7dQP9ENBixs encrypted
passwd K1x4V7dQP9ENBixs encrypted
names
!
interface Vlan1
 mac-address 8843.e13f.dfaf
 nameif inside
 security-level 100
 ip address 192.168.0.201 255.255.255.0
!
interface Vlan2
 nameif outside
 security-level 0
 ip address 1.2.3.4 255.255.255.240
!
interface Vlan3
 no forward interface Vlan1
 nameif dmz
 security-level 50
 no ip address
!
interface Ethernet0/0
 speed 100
 duplex full
!
interface Ethernet0/1
 speed 100
 duplex full
!
interface Ethernet0/2
 speed 100
 duplex full
!
interface Ethernet0/3
 switchport access vlan 2
 speed 100
 duplex full
!
interface Ethernet0/4
!
interface Ethernet0/5
!
interface Ethernet0/6
!
interface Ethernet0/7
!
boot system disk0:/asa805-k8.bin
ftp mode passive
clock timezone EST -5
clock summer-time EDT recurring
dns server-group DefaultDNS
 domain-name oci.local
same-security-traffic permit intra-interface
object-group network Elastix
object-group network Internal_Web_server
object-group service 5060
 service-object udp source eq sip
object-group service sip
object-group network Internal_Web_Server
object-group protocol TCPUDP
 protocol-object udp
 protocol-object tcp
object-group network elastix-192.168.0.6
object-group network obj-192.168.0.6
 network-object host 192.168.0.6
object-group network elastix
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list 100 extended permit ip 192.168.1.0 255.255.255.0 192.168.0.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 100 extended permit ip 192.168.3.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 100 extended permit ip 192.168.4.0 255.255.255.0 10.1.1.0 255.255.255.0
access-list 100 extended permit ip 192.168.0.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list 100 extended permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 101 extended permit ip 192.168.0.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 101 extended permit ip 192.168.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 101 extended permit ip 10.1.1.0 255.255.255.0 192.168.4.0 255.255.255.0
access-list 102 extended permit ip 192.168.0.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 extended permit ip 192.168.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 102 extended permit ip 10.1.1.0 255.255.255.0 192.168.2.0 255.255.255.0
access-list 103 extended permit ip 192.168.0.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 192.168.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list 103 extended permit ip 10.1.1.0 255.255.255.0 192.168.3.0 255.255.255.0
access-list cap extended permit ip any host 1.2.3.4
access-list cap extended permit icmp any any
access-list cap extended permit icmp any any echo-reply
access-list cap extended permit icmp any any source-quench
access-list cap extended permit icmp any any unreachable
access-list cap extended permit icmp any any time-exceeded
access-list cap extended permit ip any host 1.2.3.4
access-list cap extended permit tcp any host 1.2.3.4 eq ftp
access-list cap extended permit tcp any host 1.2.3.4 eq ftp-data
access-list cap extended permit tcp any host 1.2.3.4 eq www
access-list cap extended permit ip any host 1.2.3.4
access-list cap extended permit udp any host 1.2.3.4 eq sip
access-list 104 extended permit ip 192.168.0.0 255.255.255.0 192.168.5.0 255.255.255.0
access-list 105 extended permit ip 192.168.0.0 255.255.255.0 192.168.1.0 255.255.255.0
access-list capin extended permit ip host 192.168.0.75 host 192.168.1.111
access-list capin extended permit ip host 192.168.1.111 host 192.168.0.75
access-list no-nat extended permit ip 192.168.0.0 255.255.255.0 10.0.20.0 255.255.255.0
access-list NAT-EXEMPT extended permit ip 192.168.0.0 255.255.255.0 10.1.2.0 255.255.255.0
access-list OCIVPNACL standard permit 192.168.0.0 255.255.255.0
access-list cry_asa extended permit ip 192.168.0.0 255.255.255.0 192.168.6.0 255.255.255.0
access-list capout extended permit ip host 50.243.236.9 host 1.2.3.4
access-list capout extended permit ip host 1.2.3.4 host 50.243.236.9
access-list vlans extended permit ip 192.168.9.0 255.255.255.0 any
pager lines 24
logging enable
logging buffered debugging
logging asdm informational
mtu inside 1500
mtu outside 1500
mtu dmz 1500
ip local pool OCIPOOL 10.1.1.1-10.1.1.254 mask 255.255.255.255
ip local pool OCIPOOLAC 10.1.2.1-10.1.2.254 mask 255.255.255.255
icmp unreachable rate-limit 10 burst-size 5
icmp permit any inside
asdm image disk0:/asdm-711-52.bin
no asdm history enable
arp timeout 14400
nat-control
global (outside) 1 interface
nat (inside) 0 access-list 100
nat (inside) 1 0.0.0.0 0.0.0.0
static (inside,outside) tcp 71.46.229.99 www 192.168.0.111 www netmask 255.255.255.255
static (inside,outside) tcp 71.46.229.99 https 192.168.0.111 https netmask 255.255.255.255
static (inside,outside) tcp 71.46.229.99 ftp 192.168.0.111 ftp netmask 255.255.255.255
static (inside,outside) udp 71.46.229.99 21 192.168.0.111 21 netmask 255.255.255.255
static (inside,outside) udp 71.46.229.99 sip 192.168.0.6 sip netmask 255.255.255.255
static (inside,outside) 71.46.229.105 192.168.0.140 netmask 255.255.255.255
static (inside,outside) 71.46.229.106 192.168.0.141 netmask 255.255.255.255
access-group cap in interface outside
route outside 0.0.0.0 0.0.0.0 71.46.229.97 1
route inside 192.168.9.0 255.255.255.0 192.168.0.200 1
timeout xlate 3:00:00
timeout conn 1:00:00 half-closed 0:10:00 udp 0:02:00 icmp 0:00:02
timeout sunrpc 0:10:00 h323 0:05:00 h225 1:00:00 mgcp 0:05:00 mgcp-pat 0:05:00
timeout sip 0:30:00 sip_media 0:02:00 sip-invite 0:03:00 sip-disconnect 0:02:00
timeout sip-provisional-media 0:02:00 uauth 0:05:00 absolute
timeout tcp-proxy-reassembly 0:01:00
dynamic-access-policy-record DfltAccessPolicy
aaa authentication ssh console LOCAL
aaa authentication http console LOCAL
http server enable
http 192.168.0.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact
snmp-server enable traps snmp authentication linkup linkdown coldstart
crypto ipsec transform-set OCISET esp-des esp-md5-hmac
crypto ipsec transform-set OCISET-iOS esp-3des esp-sha-hmac
crypto ipsec security-association lifetime seconds 28800
crypto ipsec security-association lifetime kilobytes 4608000
crypto ipsec df-bit clear-df inside
crypto ipsec df-bit clear-df outside
crypto dynamic-map dynmap 65000 set transform-set OCISET OCISET-iOS
crypto map OCIMAP 20 match address 101
crypto map OCIMAP 20 set peer 67.78.196.90
crypto map OCIMAP 20 set transform-set OCISET
crypto map OCIMAP 30 match address 102
crypto map OCIMAP 30 set peer 50.192.181.113
crypto map OCIMAP 30 set transform-set OCISET-iOS
crypto map OCIMAP 40 match address 103
crypto map OCIMAP 40 set peer 50.243.236.9
crypto map OCIMAP 40 set transform-set OCISET
crypto map OCIMAP 50 match address 104
crypto map OCIMAP 50 set peer 98.172.18.201
crypto map OCIMAP 50 set transform-set OCISET
crypto map OCIMAP 60 match address 105
crypto map OCIMAP 60 set peer 173.14.86.249
crypto map OCIMAP 60 set transform-set OCISET-iOS
crypto map OCIMAP 70 match address cry_asa
crypto map OCIMAP 70 set peer 98.190.216.230
crypto map OCIMAP 70 set transform-set OCISET OCISET-iOS
crypto map OCIMAP 6500 ipsec-isakmp dynamic dynmap
crypto map OCIMAP interface outside
crypto ca trustpoint ASDM_TrustPoint0
 enrollment self
 subject-name CN=vpn.ociassociates.com
 keypair OCIVPN
 crl configure
crypto ca certificate chain ASDM_TrustPoint0
 certificate 1b84ea50
    308201fd 30820166 a0030201 0202041b 84ea5030 0d06092a 864886f7 0d010104
    05003043 311e301c 06035504 03131576 706e2e6f 63696173 736f6369 61746573
    2e636f6d 3121301f 06092a86 4886f70d 01090216 12636973 636f6173 612e6f63
    692e6c6f 63616c30 1e170d31 33303130 37303831 3532335a 170d3233 30313035
    30383135 32335a30 43311e30 1c060355 04031315 76706e2e 6f636961 73736f63
    69617465 732e636f 6d312130 1f06092a 864886f7 0d010902 16126369 73636f61
    73612e6f 63692e6c 6f63616c 30819f30 0d06092a 864886f7 0d010101 05000381
    8d003081 89028181 00b6f62f b15129c6 0229a8f2 793bc383 227586a4 0421a0ac
    fc8b42a4 f44a2277 91e32212 061fed9b d80a2808 eb589136 28200dab b676eae1
    eb3e711e 0e2b7f7c db49c06e 14163b7c 9a94a3d6 ab2ee204 a846f539 3a3524a9
    4d81e53e ff890ffe 91d3aa5c 75b9846c e268587d 5c67c0a6 776cfac8 6021d491
    f5273138 37f5fa8a 65020301 0001300d 06092a86 4886f70d 01010405 00038181
    00a915ea 1e89af44 130fa740 0e642011 5bbbeee2 07ed1caa 556ebc7b 1c513d4b
    2e2c00ae c811e302 970f8fcd 30423cd4 310c4690 80f08804 44f3ea4f c240105f
    6f2cdee6 c1bd5f6d 6816642d 2518aa0d 06e97d8d d2df85eb 3c5abb0e 56e1bcc5
    b21859ea 4355c0f0 5db42cb8 4f5a50cb ebaca4a1 f2a552cb 0c69bf99 eda310b3 46
  quit
crypto isakmp identity address
crypto isakmp enable inside
crypto isakmp enable outside
crypto isakmp policy 10
 authentication pre-share
 encryption des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 20
 authentication pre-share
 encryption 3des
 hash md5
 group 2
 lifetime 86400
crypto isakmp policy 30
 authentication pre-share
 encryption 3des
 hash sha
 group 2
 lifetime 86400
crypto isakmp nat-traversal 33
telnet 192.168.0.0 255.255.255.0 inside
telnet timeout 5
ssh 0.0.0.0 0.0.0.0 inside
ssh 0.0.0.0 0.0.0.0 outside
ssh timeout 60
console timeout 0
management-access inside
dhcpd auto_config outside
!
dhcpd address 192.168.0.202-192.168.0.254 inside
!

threat-detection basic-threat
threat-detection statistics
threat-detection statistics host number-of-rate 2
threat-detection statistics tcp-intercept rate-interval 30 burst-rate 400 average-rate 200
ntp server 129.6.15.28 source outside
tftp-server inside 192.168.0.82 /backup.cfg
ssl trust-point ASDM_TrustPoint0 outside
webvpn
 enable outside
 svc image disk0:/anyconnect-macosx-i386-3.1.02026-k9.pkg 1
 svc image disk0:/anyconnect-win-3.1.02026-k9.pkg 2
 svc enable
 tunnel-group-list enable
group-policy OCIVPN internal
group-policy OCIVPN attributes
 dns-server value 192.168.0.103
 vpn-idle-timeout 30
 vpn-tunnel-protocol IPSec l2tp-ipsec
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value OCIVPNACL
 default-domain value oci.local
group-policy OCIVPNAC internal
group-policy OCIVPNAC attributes
 vpn-tunnel-protocol svc webvpn
 split-tunnel-policy tunnelspecified
 split-tunnel-network-list value OCIVPNACL
 webvpn
  url-list none
  svc ask enable
username test password P4ttSyrm33SV8TYp encrypted
username iphone password vthl5/.Dyy.tzpqG encrypted
username ocipix password 4ApZWRUpgbwAtqWO encrypted privilege 15
username ocivpnuser password afT1sdhM0JWAGBA9 encrypted privilege 0
username ocivpnuser attributes
 vpn-group-policy OCIVPNAC
tunnel-group 67.78.196.90 type ipsec-l2l
tunnel-group 67.78.196.90 ipsec-attributes
 pre-shared-key *
tunnel-group 207.59.209.217 type ipsec-l2l
tunnel-group 207.59.209.217 ipsec-attributes
 pre-shared-key *
tunnel-group 173.14.86.249 type ipsec-l2l
tunnel-group 173.14.86.249 ipsec-attributes
 pre-shared-key *
tunnel-group 98.172.18.201 type ipsec-l2l
tunnel-group 98.172.18.201 ipsec-attributes
 pre-shared-key *
tunnel-group 50.192.181.113 type ipsec-l2l
tunnel-group 50.192.181.113 ipsec-attributes
 pre-shared-key *
tunnel-group OCIVPN type remote-access
tunnel-group OCIVPN general-attributes
 address-pool OCIPOOL
 default-group-policy OCIVPN
tunnel-group OCIVPN ipsec-attributes
 pre-shared-key *
 isakmp ikev1-user-authentication none
tunnel-group OCIVPNAC type remote-access
tunnel-group OCIVPNAC general-attributes
 address-pool OCIPOOLAC
 default-group-policy OCIVPNAC
tunnel-group OCIVPNAC webvpn-attributes
 group-alias SSL enable
tunnel-group iphone-vpn type remote-access
tunnel-group iphone-vpn general-attributes
 address-pool OCIPOOL
 default-group-policy OCIVPN
tunnel-group iphone-vpn ipsec-attributes
 pre-shared-key *
tunnel-group 98.190.216.230 type ipsec-l2l
tunnel-group 98.190.216.230 ipsec-attributes
 pre-shared-key *
tunnel-group 50.243.236.9 type ipsec-l2l
tunnel-group 50.243.236.9 ipsec-attributes
 pre-shared-key *
!
class-map inspection_default
 match default-inspection-traffic
!
!
policy-map type inspect dns preset_dns_map
 parameters
  message-length maximum 512
policy-map global_policy
 class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp
  inspect esmtp
  inspect sqlnet
  inspect skinny
  inspect sunrpc
  inspect xdmcp
  inspect sip
  inspect netbios
  inspect tftp
  inspect icmp
  inspect icmp error
 class class-default
  set connection decrement-ttl
!
service-policy global_policy global
prompt hostname context
Cryptochecksum:cd4157533660b9603de1b99f0eeeda83
: end

Open in new window

desiredforsomeAuthor Commented:
If i remove the route that is in my ASA I can no longer ping from ASA to my 192.168.9.1
desiredforsomeAuthor Commented:
Ciscoasa# traceroute 192.168.9.9

Type escape sequence to abort.
Tracing the route to 192.168.9.9

 1  192.168.0.200 0 msec 10 msec 0 msec
 2   *  !H  *

Open in new window


So its getting stuck at 0.200 it looks like. Something with the switch is incorrect
ElvorfinCommented:
I would say that's your problem, your computer being plugged into switchport 16. The "switchport trunk native vlan 2" command on that port is designed for interswitch trunks so that VLAN2 traffic is untagged. If you remove that command and replace it with "switchport access vlan 2" like you have for port 15 it should work.

The second command will add that physical port to the VLAN2 database.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
desiredforsomeAuthor Commented:
I will try it at work tommorow. I did plug the computer into the port 15 today with no luck as well. so I will see what happens.
desiredforsomeAuthor Commented:
also, if thi works. will this still serpeate traffic? so items on VLAN 2 that are destined for VLAN2 will be segreated from VLAN1?
ElvorfinCommented:
In theory yes items on VLAN1 will be segregated from VLAN2, although if you use the switch VLAN IP addresses as a GW, then the switch will route between the 2 VLANs
desiredforsomeAuthor Commented:
I updated it and still nod ice.
Here is what my interface reflects

!
interface vlan 1
 ip address 192.168.0.200 255.255.255.0
 no ip address dhcp
!
interface vlan 2
 name Phones
 ip address 192.168.9.1 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
!
interface gigabitethernet15
 switchport mode access
 switchport access vlan 2
!
interface gigabitethernet16
 switchport mode access
 switchport access vlan 2
!
interface gigabitethernet17
 switchport trunk native vlan 2
!
exit
ip default-gateway 192.168.0.201

Open in new window

desiredforsomeAuthor Commented:
Gonna Laugh, McAfee Firewall!!!!!! ARG
ElvorfinCommented:
I wouldn't worry about it, we've all been there! Out of interest did you try the PC on port 16 with McAfee off? Thinking about it more the switch will probably assume untagged packets are on vlan2
desiredforsomeAuthor Commented:
Yes your solution was part of the problem. McAfee ultimately fixed it. I will aware you the solutino as you did catch on to the error.
desiredforsomeAuthor Commented:
This in combination with turning McAfee firewall off.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Cisco

From novice to tech pro — start learning today.