08-16-2011 05:43 AM - edited 03-04-2019 01:17 PM
I am into creating a new VLAN and need advice on what I have missed in the setup / configuration. I have multiple Cisco switches, the VLAN is configured on a 3750. My attempt was to place the VLAN on one port (as concept) and work from there - - so it is on 2-02 of my main Cisco stack. The new VLAN is 220 - Printer. My present IP scope is 192.168.200.x - running out of addresses - trying to add 192.168.220.x. on VLAN 220 to relieve some pressure - - - - Most I can do is ping the VLAN IP - 192.168.220.1 and that resolves - - but if I attach a networked device with a 192.168.220.x address - - cannot get there...thank you...
Here is the switch info...
version 12.2
parser config cache interface
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec localtime
service timestamps log datetime localtime
service password-encryption
!
hostname Company-370-c3750-1
!
boot-start-marker
boot-end-marker
!
logging buffered 65000 informational
logging rate-limit 1 except notifications
enable secret
username admin privilege 15
!
!
aaa new-model
!
!
aaa authentication login localauth local
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-24ts-1u
switch 2 provision ws-c3750g-24ts-1u
stack-mac persistent timer 4
system mtu routing 1500
vtp domain plexus
vtp mode transparent
authentication mac-move permit
udld aggressive
ip subnet-zero
no ip source-route
ip routing
ip icmp rate-limit unreachable 1000
no ip domain-lookup
ip domain-name plexusmg.com
!
!
no ip dhcp snooping information option
!
!
crypto pki trustpoint TP-self-signed-2443709824
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2443709824
revocation-check none
rsakeypair TP-self-signed-2443709824
!
!
crypto pki certificate chain TP-self-signed-2443709824
certificate self-signed 01
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
quit
!
!
!
errdisable recovery cause udld
errdisable recovery cause bpduguard
errdisable recovery cause security-violation
errdisable recovery cause channel-misconfig (STP)
errdisable recovery cause pagp-flap
errdisable recovery cause dtp-flap
errdisable recovery cause link-flap
errdisable recovery cause sfp-config-mismatch
errdisable recovery cause gbic-invalid
errdisable recovery cause l2ptguard
errdisable recovery cause psecure-violation
errdisable recovery cause port-mode-failure
errdisable recovery cause dhcp-rate-limit
errdisable recovery cause pppoe-ia-rate-limit
errdisable recovery cause mac-limit
errdisable recovery cause vmps
errdisable recovery cause storm-control
errdisable recovery cause inline-power
errdisable recovery cause arp-inspection
errdisable recovery cause loopback
errdisable recovery cause small-frame
errdisable recovery interval 400
archive
log config
logging enable
logging size 500
notify syslog contenttype plaintext
hidekeys
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree portfast bpduguard default
spanning-tree portfast bpdufilter default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 220
name Printer
!
vlan 254
name Management
!
ip tcp synwait-time 5
ip ssh time-out 30
ip ssh version 2
!
!
!
interface Null0
no ip unreachables
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
logging event bundle-status
load-interval 30
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface Port-channel11
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface Port-channel12
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet1/0/1
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/2
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/3
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/4
switchport mode access
switchport nonegotiate
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/5
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/6
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/8
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/9
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/10
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/12
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/13
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/14
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/15
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/16
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/18
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/19
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/21
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/22
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/23
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/24
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
channel-group 11 mode active
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet1/0/26
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
channel-group 12 mode active
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet1/0/28
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet2/0/1
switchport access vlan 220
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/2
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/3
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/4
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/5
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/6
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/7
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/8
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/9
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/10
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/11
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/12
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/13
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/14
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/15
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/16
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/17
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/18
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/19
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/20
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/21
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/22
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/23
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security aging type inactivity
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/24
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security violation restrict
switchport port-security aging type inactivity
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet2/0/25
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
channel-group 11 mode active
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet2/0/26
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet2/0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
channel-group 12 mode active
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface GigabitEthernet2/0/28
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
switchport nonegotiate
logging event trunk-status
load-interval 30
srr-queue bandwidth share 1 70 25 5
srr-queue bandwidth shape 3 0 0 0
priority-queue out
mls qos trust dscp
storm-control broadcast level 20.00
spanning-tree link-type point-to-point
ip dhcp snooping trust
!
interface Vlan1
ip address 192.168.200.233 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan220
ip address 192.168.220.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface Vlan254
ip address 192.168.254.1 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.200.150
ip route 192.168.220.0 255.255.255.0 192.168.200.150
ip http server
ip http secure-server
!
!
ip sla enable reaction-alerts
!
snmp-server community PlexusMG RW
!
!
line con 0
line vty 0 4
exec-timeout 120 0
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
line vty 5 15
exec-timeout 5 0
privilege level 15
logging synchronous
transport preferred ssh
transport input ssh
transport output ssh
!
end
Solved! Go to Solution.
08-16-2011 06:06 AM
Bruce,
From your config it shows that vlan 220 is on port gi2/0/1, not 2/0/2 as stated.
For the rest, you must have the correct default gateway set on the printer. This is the ip address of int vlan 220.
Please try first to ping from the switch with no options. This will verify if the layer 1 and 2 are correct.
If the ping succeeds from here but not from other subnets, check the def-gw setting on the printer.
regards,
Leo
08-16-2011 06:06 AM
Bruce,
From your config it shows that vlan 220 is on port gi2/0/1, not 2/0/2 as stated.
For the rest, you must have the correct default gateway set on the printer. This is the ip address of int vlan 220.
Please try first to ping from the switch with no options. This will verify if the layer 1 and 2 are correct.
If the ping succeeds from here but not from other subnets, check the def-gw setting on the printer.
regards,
Leo
08-16-2011 06:33 AM
Hello - - yes - - 2/0/1 - typo - - I did not think about the gw - - - going to try that out now - -
08-16-2011 07:09 AM
GW - - that was it - wrong gateway! So - thanks very much - - my first one - and I appreciate the excellent assist...
Bruce
08-16-2011 12:42 PM
Please let me know if I should start a new thread...
My next steps to make VLAN 220 available on my existing network would be to look into some additional router work - ?? I am now thinking about making it more than just printers...
Thanks,
Bruce
08-16-2011 01:11 PM
Bruce
Not sure what you are asking. The new vlan will route on the existing switch however if you have other L3 devices that you want to know about the new vlan you will need to add routes on them as well.
If this hasn't answered your question then please clarify.
Jon
08-17-2011 05:13 AM
OK - I was figuring things worked differently from my reading the way the VLAN communicates with other switches. I have the new VLAN that I wish to support 192.168.220.x on my main Cisco stack. That is the config above - 3750's. I also have four 2960 switches in other parts of the building supporting the network. My FW is a 5510... I put an inside route on that - "route inside 192.168.220.0 255.255.255.0.192.168.200.233 1" - which I thought would take care of things. The FW is 192.168.200.150 - the 3750 switch is 192.168.200.233.
My thoughts were that I would add the 192.168.220.x to the existing 192.168.200.x to increase my addresses - since I am running out.
From what you are saying - I need to add something to my other switches. I did notice when I attached a laptop to that port configured for the 192.168.220.x subnet - that I could not map a drive back to my 192.168.200.x based servers - figured it was routing I needed - just unsure of how to finish the work...
Thank you for your time - - I do appreciate this.
Bruce
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide