?
Solved

Cisco switch with 2 different vlans, but 2nd is not working

Posted on 2017-09-20
10
High Priority
?
66 Views
Last Modified: 2017-10-14
So, here is my scenario

Currently with 192.168.60.0/24 network set as VLAN200 on a switch, my router is 192.168.60.2.

Got a cisco 2960 switch as 192.168.60.1, and set with default GW 192.168.60.2

However, I need to set a new vlan for a vpn (mikrotik)

Mikrotik ip is 8.20.15.251/24

Ive created a VLAN400, as 8.20.15.0/24 and indicated the ip helper as the mikrotik. After assigning ports to that VLAN, it doesnt acquire IP, neither reach the GW (if I assign static IP to the computer). From the switch, if I try to ping the mikrotik ip, it does not respond (if I connect a computer directly on the mikrotik, I do get an IP, I can access it and even access the VPN services without problems)

Am I missing something?

thank you
0
Comment
Question by:Allan Martins
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
10 Comments
 
LVL 2

Expert Comment

by:13L@CK_H3@RT
ID: 42302540
can you draw a brief diagram?
0
 
LVL 2

Author Comment

by:Allan Martins
ID: 42302559
A just made this simple drawing. Let me know if this helps to make it clear.
0
 
LVL 2

Assisted Solution

by:13L@CK_H3@RT
13L@CK_H3@RT earned 498 total points
ID: 42302786
can you show us the results of these commands on Cisco switch:
show ip int b
show vlan
show ip route
show cdp nei
show int trunk

Open in new window

0
Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

 

Assisted Solution

by:Mitul Prajapati
Mitul Prajapati earned 498 total points
ID: 42302899
Hi,

Have you tried to configure Router on a stick for both of the VLANs 200 & 400 (If you are using 1 Network cable between Cisco switch and router). It seems like your switch doesn't know where to forward 8.20.15.0/24 traffic. And do not forget to make switch port as a trunk those are connected to router and mikrotik.

Hopefully this will work for you.
0
 
LVL 2

Author Comment

by:Allan Martins
ID: 42303081
** show ip int b **
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  unassigned      YES NVRAM  administratively down down
Vlan102                unassigned      YES unset  up                    up
Vlan103                unassigned      YES unset  up                    down
Vlan200                192.168.60.1    YES NVRAM  up                    up
Vlan400                8.20.15.1       YES manual up                    up
FastEthernet0          unassigned      YES NVRAM  administratively down down
GigabitEthernet1/0/1   unassigned      YES unset  up                    up
GigabitEthernet1/0/2   unassigned      YES unset  up                    up
GigabitEthernet1/0/3   unassigned      YES unset  up                    up
GigabitEthernet1/0/4   unassigned      YES unset  up                    up
GigabitEthernet1/0/5   unassigned      YES unset  up                    up
GigabitEthernet1/0/6   unassigned      YES unset  up                    up
GigabitEthernet1/0/7   unassigned      YES unset  down                  down
...

Open in new window

(all other repeats the same)

** show vlan **
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
400  ALPHAVILLE                       active    Gi1/0/13
200  network                          active    Gi1/0/1, Gi1/0/2, Gi1/0/3
                                                Gi1/0/4, Gi1/0/5, Gi1/0/6
                                                Gi1/0/7, Gi1/0/8, Gi1/0/9
                                                Gi1/0/10, Gi1/0/11, Gi1/0/12

Open in new window


                                                                        
                                                                        

** show ip route **                                                                        
Default gateway is 192.168.60.2

Host               Gateway           Last Use    Total Uses  Interface
ICMP redirect cache is empty

Open in new window




** show cdp nei **
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
                  D - Remote, C - CVTA, M - Two-port Mac Relay

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
ESX1.smartservices.com
                 Gig 1/0/3         163               S    VMware ES vmnic0
ESX3.smartservices.com
                 Gig 1/0/2         126               S    VMware ES vmnic0
ESX2.smartservices.com
                 Gig 1/0/1         126               S    VMware ES vmnic0

Open in new window

                       

                         
** show int trunk **
simply shows nothing...
0
 
LVL 2

Assisted Solution

by:13L@CK_H3@RT
13L@CK_H3@RT earned 498 total points
ID: 42304460
Do you have the route from Switch to Microtik? Since the default gateway of Switch is 192.168.60.2, the traffic will go to Router first, but I am not sure it can reach the Microtik, can you confirm more information?

From switch:
ping 192.168.60.1 
traceroute 192.168.60.1 
ping 8.20.15.251
traceroute 8.20.15.251

Open in new window


From Router
ping 8.20.15.251
traceroute 8.20.15.251

Open in new window



From Microtik:
ping 192.168.60.2
traceroute 192.168.60.2 
ping 8.20.15.1
traceroute 8.20.15.1

Open in new window

0
 
LVL 3

Accepted Solution

by:
Yuri Spirin earned 1506 total points
ID: 42306048
Hi!
First of all, Cisco 2960 is L2 switch so it can't do inter-vlan routing between VLANs 200 and 400. To have packets flowing between those VLANs you have to setup trunk link from switch to router. Trunk must include VLANs 200 and 400. Then you have to setup IP subinterfaces on the router for subnets 192.168.60.0/24 and 8.20.15.0/24. After that is done the router will be routing packets between those subnets so the computers in VLANs 200 will be able to reach Microtic (assuming the default gateway on computers is set to 192.168.60.2).

Second, if you want some computers to be on same subnet with Microtic (as shown on the right in your diagram), you have to assign some ports on the switch to vlan 400. Currently you have only one port assigned to it.
0
 
LVL 6

Assisted Solution

by:Wissam
Wissam earned 498 total points
ID: 42309116
Hi,

if the switch is a 2960X, you can set it for inter-vlan routing, would it be possible to share the switch output of the command : show version
0
 
LVL 2

Author Closing Comment

by:Allan Martins
Thank you all, we managed to set static routes on the computers until we changed the entire network subnet (this weekend), everything is working fine now. thanks!
0

Featured Post

Understanding Web Applications

Without even knowing it, most of us are using web applications on a daily basis. Gmail and Yahoo email, Twitter, Facebook, and eBay are used by most of us daily—and they are web applications. We often confuse these web applications tools for websites.  So, what is the difference?

Join & Write a Comment

Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
This month, Experts Exchange’s free Course of the Month is focused on CompTIA IT Fundamentals.
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question