08-15-2020 04:32 PM - edited 08-15-2020 04:54 PM
Hi Everyone! I'm new in this Community.
I work for a School and we are setting up the entire network because finally I've got an office to build a DataCenter.
The problem im having its driving me crazy, and at this point I don't know if its the router or my Switches.
I can ping any device while im connected at the switches, and every device can reach the router, internet, etc.
The problem starts when im trying to ping or reach a device from router to switches. I've tried pinging and tracerouting from the cisco diagnostics tab, but host is inaccesible.
Other 2 things of the RV345 that I cant figure out is, where RTSP config is and where I can set the port mode for VLANS as TRUNK - GENERAL- ACCESS. I couldn't find any info about that.
My config is:
1 Cisco RV345 -GATEWAY, VLANS, Relay of DHCP. SNMP
1 TP LINK T2600g-28mbps Managed Switch -ROOT SWITCH - RTSP - VLANS - SNMP
6 TP LINK T2600g-28mbps Managed Switch -VLANS - RTSP - VLANS - SNMP
1 Windows Server 2016 -DHCP - DNS - SNMP
Gateway interfaces DC Switch Interfaces
10.0.101.254 10.0.101.253
10.0.110.254 10.0.110.253
10.0.120.254 10.0.120.253
10.0.130.254 10.0.130.253
10.0.140.254 10.0.140.253
Connections
ISP1 to Cisco WAN1 Port
ISP2 to Cisco WAN2 Port
DC Switch - to Cisco 16 Port - VLANS TAGGED: 101,110,120,130,140. UNTAGGED: 1
Remote Switches - to DC Switch to 18-24 Port VLANS TAGGED: 101,110,120,130,140. UNTAGGED: 1
IP Cameras - Remote Switches to 1-8 Port VLANS TAGGED: 1 UNTAGGED: 101
LAN Clientes - Remote Switches to 9-17 Port VLANS TAGGED: 1 UNTAGGED: 120
VLANS
VLAN 1 DEFAULT VLAN
VLAN 101. DHCP ENABLE - FOR IP CCTV
VLAN 110. FOR SERVERS
VLAN 120 DHCP ENABLE - FOR LAN CLIENTS
VLAN 130. DHCP ENABLE - FOR GUESTS
VLAN 140. FOR MANAGEMENT
Cisco Inter-Vlans its enabled for every vlan
Static Routing for Rv and Switches
Network Mask Next Hop Metric Interface
10.0.101.0 255.255.255.0 10.0.101.254 1 VLAN101
10.0.110.0 255.255.255.0 10.0.110.254 1 VLAN110
10.0.120.0 255.255.255.0 10.0.120.254 1 VLAN120
10.0.130.0 255.255.255.0 10.0.130.254 1 VLAN130
10.0.140.0 255.255.255.0 10.0.140.254 1 VLAN140
Well, I hope someone has a minute to take a look at my case and tell me what am I doing wrong.
Would appreciate any hint..
Thanks!
08-15-2020 10:20 PM
Took me a minute but here is the issue.
Once you untag a vlan on a port and tag another; the port becomes a 'trunk'. Then you want to untag the vlan you would like the device to use. Vlan 1 is not used. Vlan 140 should be untagged if you want that port to be a trunk and have that device accessible from the '140'. management subnet. Untagged means that's the default vlan for the trunk-interface. Tagged means it's a vlan to be passed on and interpreted elsewhere Clear as mud?
The reason you can't reach the switch's and stuff is because their on a un-used vlan1. Vlan 140 should be the untagged vlan everywhere. 10.0.140.0/24 subnet is management.
And the vlan interfaces(the sub interfaces) should only live in one place in the network. Preferably on some layer 3 switch and not the firewall. And you don't need static routes with a directly connected network. There should be no routing statements in this small network.
Just untag vlan 140 and you'll be good.
Gateway interfaces DC Switch Interfaces
10.0.101.254 10.0.101.253
10.0.110.254 10.0.110.253
10.0.120.254 10.0.120.253
10.0.130.254 10.0.130.253
10.0.140.254 10.0.140.253
Connections
ISP1 to Cisco WAN1 Port
ISP2 to Cisco WAN2 Port
DC Switch - to Cisco 16 Port - VLANS TAGGED: 101,110,120,130 UNTAGGED: 140
Remote Switches - to DC Switch to 18-24 Port VLANS TAGGED: 101,110,120,130 UNTAGGED: 140
IP Cameras - Remote Switches to 1-8 Port VLANS TAGGED: 101 UNTAGGED: 140
LAN Clientes - Remote Switches to 9-17 Port VLANS TAGGED: 120 UNTAGGED: 140
VLANS
VLAN 1 DEFAULT VLAN
VLAN 101. DHCP ENABLE - FOR IP CCTV
VLAN 110. FOR SERVERS
VLAN 120 DHCP ENABLE - FOR LAN CLIENTS
VLAN 130. DHCP ENABLE - FOR GUESTS
VLAN 140. FOR MANAGEMENT
08-16-2020 05:18 AM
It Worked! Thanks so much!! I hate when im hours dealing with this stuff and knowing that the solution should be something so simple!
These are some doubts that arose about your answer,
Ive changed all my TRUNK ports to VLAN140 untagged and only tagging the others vlans I want and now I can ping from both sides. (both RV and switches)
The only thing I didn't understand is that if I must untag with vlan140 every port of my switches and tag the ports which i want an specific vlan? cause I've tried this but when I tag a Port with vlan101 for example, the ip camera connected in that port will not work.
My Ip cameras and NVR are configured with static ip 10.0.101.X
Maybe im misunderstanding concepts
Untagged: For trunk or connected devices wich don't have vlan taggin option?
tagged: Switches or devices wich have a vlan taggin option
And the other thing, my switchtes are configured at layer3 with an interface for every vlan, should I remove in my cisc rv every interface leaving only in vlan140? The thing is I have my relays to dhcp in the router, should I relay at my switches level? and if I do that, will my devices plugged in the RV get ip from the dhcp?
Thanks Again for taking a moment to see my problem!
Cheers!
08-16-2020 05:52 AM - edited 08-16-2020 09:21 AM
I think the concept of untagged vs tagged is confusing no matter what. Cisco calls ports access or trunk. It gets me confused as heck every time I have to go back to it. You're not alone. :-)
Access port= one un-tagged vlan
Trunk = Untagged vlan(native vlan) + tagged vlan(how ever many you choose)
Here's an example; If you have a port with a wireless device and it's the only device that will be on that vlan; and you don't want to display multiple SSID's associated with vlans, then that port will be only one untagged vlan.(accessport) Otherwise make it a trunk so you can have a vlan associated with an SSID.
SSID = network subnet(if you want to run it that way) Otherwise make the port an access port on whichever Vlan is your wireless vlan.
Let me know if that makes sense.
I included a picture of the vlans on my hp to show you both Cisco and HP switches and the vlan interfaces.
On the 5520 you see a Gig0/1.200 Gi 0/1.201 and so on. Those are sub interfaces of gi 0/1 and the 5520 is doing the vlan routing and; DHCP, that interface is a trunk. The management Vlan is 200.
On the 2960 switch, Vlan 200 is the native vlan on the trunks.
( I edited this for errors)
Cisco 5520:
System IP Addresses:
Interface Name IP address Subnet mask Method
GigabitEthernet0/0 outside unassigned unassigned DHCP
GigabitEthernet0/1.108 2921 192.168.0.9 255.255.255.252 manual
GigabitEthernet0/1.200 inside 172.16.5.6 255.255.255.0 CONFIG
GigabitEthernet0/1.201 wireless 172.16.6.65 255.255.255.224 CONFIG
GigabitEthernet0/1.202 Camera 172.16.6.129 255.255.255.224 CONFIG
GigabitEthernet0/1.203 VPN-Extranet 172.16.6.193 255.255.255.224 CONFIG
GigabitEthernet0/1.204 servers 172.16.6.97 255.255.255.224 CONFIG
GigabitEthernet0/3 Centurylink-wan 255.255.255.248 CONFIG
Cisco 2960:
2960-LAB#sh vlan brief
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/26, Gi1/0/27
10 VLAN0010 active
20 VLAN0020 active
108 VLAN0108 active Gi1/0/2, Gi1/0/19
200 VLAN0200 active Gi1/0/2, Gi1/0/5, Gi1/0/8, Gi1/0/10, Gi1/0/11, Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17, Gi1/0/18, Gi1/0/19, Gi1/0/20, Gi1/0/22, Gi1/0/23
Gi1/0/24, Gi1/0/25
201 VLAN0201 active
202 VLAN0202 active Gi1/0/6, Gi1/0/7
203 VLAN0203 active Gi1/0/3, Gi1/0/23
204 VLAN0204 active Gi1/0/9
900 VLAN0900 active
901 VLAN0901 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
2960-LAB#sh int trunk
Port Mode Encapsulation Status Native vlan
Gi1/0/4 on 802.1q trunking 200
Gi1/0/21 on 802.1q trunking 200
Chad
08-20-2020 04:15 AM
Hi Meckhardt,
I'll try to help out here.
For VLAN's and trunking.... You will find that under LAN--> VLAN Settings - scroll to the bottom of the page and you will see a table you need to edit per-interface and VLAN. To make a Trunk port, set all VLAN's on that port to T (Tagged) except for one that must be set to U (Untagged) and will be used for the Native VLAN on that trunk port.
For inter-VLAN routing - Also under LAN--> VLAN Settings - there is a column marked "Inter-VLAN Routing" - make sure there is a checkmark in each box for each VLAN that you want to be able to communicate with other VLANs.
There is next to that checkbox another one labeled "Device Management" - you need to have this checked for the management VLAN _and_ any other VLAN where you have AVC/DPI/WebFiltering/Security services enabled.
Now, after having typed this up and looking again at your config a bit, you seem to have the trunk port and inter-vlan stuff set correctly.
Do you see your end devices in the ARP table?
Why do you need static routing? If the layer 3 interface is on the RV345 and inter-vlan routing is on, the RV345 should pass the traffic to the other VLAN - unless you have Firewall rules on the RV345 blocking that.
I don't know if any of what I have written here is helpful. I'll check back to see if you've replied.
08-20-2020 04:16 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide