Why isn't my network passing a certain vlan.

huntson
huntson used Ask the Experts™
on
I have a network that appears not to be passing one vlan.  This is quite an odd situation.  I have a stack of switches that are made up of Cisco SGE 2000 24 and 48 port units.  My router and where all the vlans are being created is a Netgear FVS318N.

I have the standard vlan 1 plus 3,4,5, and 6.  All appear to work properly and communicate with each other as required except vlan 3.  For the simplicity of the installation and explaining it to other people - each vlan has it's own cable to the switch stack.  Obviously I have done something correctly as I'm able to ping IP addresses from one vlan to the other except for vlan 3.  Specifically vlan 3 is a 192.168.103.x subnet with a /32 subnet.  On the Cisco side I have the port coming in from the Netgear set as PVID 3 and only working with that vlan.  On the Netgear side I have it set the same.  On the Cisco side, devices on different ports that are set to vlan 3 are able to communicate with each other; same on the Netgear side.  Only issue seems to be when connecting the two.  Anyone have any idea of where to start?
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Distinguished Expert 2018

Commented:
Is there anything done differently with VLAN 3 versus the others?

Author

Commented:
That would be my first thought although I can see nothing that sets vlan 3 apart in any way.  Settings and topology are the same.
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter

Commented:
> Specifically vlan 3 is a 192.168.103.x subnet with a /32 subnet.

Confirm /32 please.  My eyes say that is a particularly tiny subnet to the point of non-existance(?).
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Distinguished Expert 2018

Commented:
Rich is right. /32 can be typed into SOME systems to represent a single IP address. However,it can't be done for subnetting purposes. Unless you meant /24, but you might want to check the settings :)

Author

Commented:
I meant /24.  Here I was trying to be fancy and I messed it all up!!!
Distinguished Expert 2018

Commented:
Any way to see configurations of both switches, especially at the ports linking the two?

Author

Commented:
Sure.  I have tried both port 2 and 3 on the Netgear.  They are connected to port 17 of the Cisco switch.  Note I did incorrectly post at the beginning about the subnet range completely.  It is 192.168.102.x /24
Screen-Shot-2017-04-11-at-11.14.26-A.png
Screen-Shot-2017-04-11-at-11.15.16-A.png
IMG_7417.JPG
Distinguished Expert 2018

Commented:
Why does the column for port 17 on the Cisco say Disable?
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter

Commented:
Port g17 on the Cisco appears to be disabled...
Distinguished Expert 2018

Commented:
Looks like Rich and I are on the same wavelength! Enable port 17, and that should resolve your issue. Everything else appears to be configured right.

Author

Commented:
Sorry about that.  Playing around with setting sto see if anything makes a difference.  It's normalized now and still no dice.  That was referring to Ingress filtering
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter

Commented:
I assume there is no command line interface in the Cisco SGE 2000.  :-(  Can you get an equivalent screen shot on the Cisco side, like you did for the Netgear?  Confirm port status, speed/duplex, etc?

Author

Commented:
There is a command line interface but I can't say I'm any good at it.
image1.JPG
Distinguished Expert 2018

Commented:
Would it be possible to see more detail on port 17, solely in the context of VLANs? You might have to go through the VLAN settings to be able to show us. (There is a chance that changing that port to either Access or Trunk mode may do the trick) What mode are the ports that are being used to connect to the other VLANs in?

Author

Commented:
Currently it is in access mode.  All the vlans that are being connected to the switch and the router are configured exactly the asme way.  Port 16 is one of them and port 17 is another.
Rich WeisslerProfessional Troublemaker^h^h^h^h^hshooter

Commented:
Are there logs available on the switches and router?  I can't help wondering if something like spanning tree is preventing traffic from passing on the port you expect.  Seems like stp would be an unlikely cause, but I keep wondering if something else would be logging an error on one of the devices.

Any chance of seeing the filters applied on the ports?

Author

Commented:
Very impressive Rich.  Turned off Spanning Tree on the Cisco stack and it magically worked.  Can you do your best and explain why you think that is please?
Distinguished Expert 2018

Commented:
One possibility would be that you may have inadvertently created a loop somewhere, and STP blocked port 17 to prevent further issues.

Author

Commented:
I see.  I doubt that considering how simple my setup is.

Author

Commented:
I just wouldn't want problems to come up in the future.
Professional Troublemaker^h^h^h^h^hshooter
Commented:
I can't think of any reason it'd be STP except a loop which turns off the interfaces you expect to be using with filters/ACL on the ports which are selected to pass traffic.  Anything else I could think of would impact the other vlans too.  I'd want to turn on debug for STP on the cisco switch stack, then reenable STP -- to figure out what's happening.  (But I'm definitely the junior tech on this issue, I'd defer to Masnrock...)

Author

Commented:
Would STP actually shut the port down? I was seeing link lights the entire time.
Distinguished Expert 2018
Commented:
STP when it's enabled can block traffic flow for a port if it detects a loop. Ideally, it would at least show in some logs on your Cisco.

Check the configurations of the switches, along with the cables going between the two. If you wanted to simplify and reduce the potential issues, I'd actually advice that rather than having one cable per VLAN, to actually have a trunk that's passing all of the VLANs between the switches. (That should let you eliminate a few cables in the process)

Rich - Don't think of this as a junior/senior matter. And besides, you thought of the STP idea before anyone else, right?

Author

Commented:
Good call again guys:  after using one cable to trunk all the Vlans I was able to reenable spanning tree with no problems.

THANKS!!!

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial