Solved: access port change blocks other port

natxo asenjo · ‎01-16-2013

hi,

This is my first post here. I recently bough for a home lab a sg300-10 switch. I have enabled layer 3 routing on it and have come across a puzzling issue. The switch is the default gw on this network, and in front of the switch there is a cable modem (

ip route 0.0.0.0 0.0.0.0 192.168.0.7).

This is my config:

config-file-header

switch5ed948

v1.2.7.76 / R750_NIK_1_2_584_002

CLI v1.0

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 10

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp relay address 192.168.0.120

ip dhcp relay enable

ip dhcp information option

no bonjour enable

hostname switch5ed948

no passwords complexity enable

username cisco password

snmp-server server

clock timezone " " 1

clock summer-time web recurring eu

sntp unicast client enable

sntp unicast client poll

sntp server 192.168.0.120

ip telnet server

!

interface vlan 1

no ip address dhcp

ip dhcp relay enable

!

interface vlan 10

name LOM

ip address 192.168.10.254 255.255.255.0

ip dhcp relay enable

!

interface gigabitethernet7

switchport mode access

!

interface gigabitethernet8

switchport mode access

switchport access vlan 10

!

ip route 0.0.0.0 0.0.0.0 192.168.0.7

Quite simple. On gi7 and gi8 I want to configure 2 LOM (lights-out-management) interfaces of 2 devices in vlan 10.

When I enable vlan 10 on gi7, I lose network connectivity to devices behind gi5 which is a trunk port vlan 1. Very strange

So I just want to use 2 ports as access ports on a not standard vlan. These ports should not be trunk/general ports, just plain access ports.

What am I doing wrong here?

TIA,

natxo

Tom Watts · ‎01-16-2013

Natxo, this is how it should work-

interface vlan 1

ip address 192.168.0.254 255.255.255.0

interface vlan 10

ip address 192.168.10.254 255.255.255.0

--------------------------

Host A resides on a port that is a member of vlan 1. Host A NIC configuration should be-

IP 192.168.0.x

Mask 255.255.255.0

Gateway 192.168.0.254

Host B resides on a port that is a member of vlan 10. Host B NIC configuration should be-

IP 192.168.10.x

Mask 255.255.255.0

Gateway 192.168.10.254

----------------------------

Now, if Host A and Host B are both able to respond to ICMP then there should be no problems to ping either direction. Also, make sure if either of those computer have wireless access to turn it off.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

View solution in original post

Tom Watts · ‎01-16-2013

Hi Natxo, you need an IP address on the vlan interfaces (SVI). Without the IP address on the vlan interfaces, it is a layer 2 vlan and won't route traffic between the vlans.

If you perform

show ip route

You will see there is no routes to route between vlan. If you add the IP address to the vlan then do another show ip route, you will observe it will dynamically build so long as there is an active connection within that vlan.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

natxo asenjo · ‎01-16-2013

hi Tom, thanks for your (very fast!) reply.

##################

# show ip route

Maximum Parallel Paths: 1 (1 after reset)

IP Forwarding: enabled

Codes: C - connected, S - static, D - DHCP

S 0.0.0.0/0 [1/1] via 192.168.0.7 2:23:11 vlan 1

C 192.168.0.0/24 is directly connected vlan 1

C 192.168.10.0/24 is directly connected vlan 10

##################

Vlan 10 has an ip and it's enabled. I can ping it from the switch or outside the switch. I can put gi8 on vlan 10, but the second I type switchport access vlan 10 for gi7, I lose connectivity to the network behind gi5 which is just a standard trunk vlan 1 port (standard config).

Losing this connectivity means I lose access to my dns server, so it impacts my internet activiity ;-)

Tom Watts · ‎01-16-2013

Can you show a correct running config? The sample output on the original post does not show an IP address on the vlan 7, nor does it show a vlan 7 is even created.

Matter of fact, vlan 1 also does not have an IP addressed assigned to it.

You need IP addresses on whatever vlan interface you want to route locally through the switch.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

natxo asenjo · ‎01-16-2013

HI,

The full config (except for the password) is on my first post ;-)

I do not have a vlan 7, I have vlan 1 and 10.

It's true vlan 1 does not show an ip address, this is apparently the way the web ui configures it. I have manually added it now.

The problem arises when configuring gigabit ethernet 7, not vlan 7.

I post the full running-config again:

========================

config-file-header

switch5ed948

v1.2.7.76 / R750_NIK_1_2_584_002

CLI v1.0

file SSD indicator encrypted

@

ssd-control-start

ssd config

ssd file passphrase control unrestricted

no ssd file integrity control

ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0

!

vlan database

vlan 10

exit

voice vlan oui-table add 0001e3 Siemens_AG_phone________

voice vlan oui-table add 00036b Cisco_phone_____________

voice vlan oui-table add 00096e Avaya___________________

voice vlan oui-table add 000fe2 H3C_Aolynk______________

voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone

voice vlan oui-table add 00d01e Pingtel_phone___________

voice vlan oui-table add 00e075 Polycom/Veritel_phone___

voice vlan oui-table add 00e0bb 3Com_phone______________

ip dhcp relay address 192.168.0.120

ip dhcp relay enable

ip dhcp information option

no bonjour enable

hostname switch5ed948

no passwords complexity enable

username cisco password encrypted

snmp-server server

clock timezone " " 1

clock summer-time web recurring eu

sntp unicast client enable

sntp unicast client poll

sntp server 192.168.0.120

ip telnet server

!

interface vlan 1

ip address 192.168.0.254 255.255.255.0

no ip address dhcp

ip dhcp relay enable

!

interface vlan 10

name LOM

ip address 192.168.10.254 255.255.255.0

ip dhcp relay enable

!

interface gigabitethernet7

switchport mode access

!

interface gigabitethernet8

switchport mode access

switchport access vlan 10

!

ip route 0.0.0.0 0.0.0.0 192.168.0.7

======================

I hope it is clear now ;-), my apologies for not being clear before.

natxo asenjo · ‎01-16-2013

to llustrate what I mean, I open a ping to 192.168.0.120. Then I change the vlan for gi7:

#configure terminal

switch5ed948(config)#interface GigabitEthernet 7

switch5ed948(config-if)#switchport access vlan 10

switch5ed948(config-if)#switchport access vlan 1

I miss some pings:

64 bytes from 192.168.0.120: icmp_seq=52 ttl=64 time=2.60 ms

64 bytes from 192.168.0.120: icmp_seq=53 ttl=64 time=2.75 ms

64 bytes from 192.168.0.120: icmp_seq=58 ttl=64 time=2.75 ms

64 bytes from 192.168.0.120: icmp_seq=59 ttl=64 time=1.29 ms

64 bytes from 192.168.0.120: icmp_seq=60 ttl=64 time=2.58 ms

64 bytes from 192.168.0.120: icmp_seq=61 ttl=64 time=2.61 ms

64 bytes from 192.168.0.120: icmp_seq=62 ttl=64 time=2.59 ms

Between icmp_seg 53 and 58 I changed the vlan setting back and forth.

Tom Watts · ‎01-16-2013

Natxo, this is how it should work-

interface vlan 1

ip address 192.168.0.254 255.255.255.0

interface vlan 10

ip address 192.168.10.254 255.255.255.0

--------------------------

Host A resides on a port that is a member of vlan 1. Host A NIC configuration should be-

IP 192.168.0.x

Mask 255.255.255.0

Gateway 192.168.0.254

Host B resides on a port that is a member of vlan 10. Host B NIC configuration should be-

IP 192.168.10.x

Mask 255.255.255.0

Gateway 192.168.10.254

----------------------------

Now, if Host A and Host B are both able to respond to ICMP then there should be no problems to ping either direction. Also, make sure if either of those computer have wireless access to turn it off.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

natxo asenjo · ‎01-17-2013

hi,

well, the problem was the cables were incorrectly labeled :-(

I found out running show arp and finding out the hardware addresses I thought were on interface 2 were in fact in 7 and the other way round.

Operator error. Thanks for your hints and excuses for wasting your time.