inter vlan issues and clients connected to SG300-10 cannot acces

dkapadiya · ‎04-22-2013

Below is my router config and SG300-10 config.

Clients connected to wireless AP (connected to int gi0/1) can access internet, can ping the server but cannot access the files on the server connected on SG300-10

Clients connected to Sg300-10 can ping the server but cannot access the files on it.

VOIP adapter connected to Vlan 4 (gi4) able to work ok, (phones connected to voip adapter can dial out and receive calls)

native vlan 10 trunk (gi10) connected to router int Gi0/2

router#sh run
Building configuration...

Current configuration : 2626 bytes
!
! Last configuration change at 00:44:47 UTC Tue Apr 23 2013
! NVRAM config last updated at 03:11:27 UTC Mon Apr 22 2013
! NVRAM config last updated at 03:11:27 UTC Mon Apr 22 2013
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname router
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
enable secret 5 ************************.
!
no aaa new-model
!
!
no ipv6 cef
!
!
!
ip multicast-routing
no ip dhcp use vrf connected
ip dhcp excluded-address 10.0.0.1 10.0.0.5
ip dhcp excluded-address 20.0.0.1 20.0.0.5
!
ip dhcp pool WIRELESS
import all
network 20.0.0.0 255.255.255.0
dns-server 8.8.8.8
default-router 20.0.0.1
lease 0 2
!
ip dhcp pool SWITCH
import all
network 10.0.0.0 255.255.255.0
default-router 10.0.0.1
dns-server 10.0.0.1 8.8.4.4
lease infinite
!
!
no ip domain lookup
ip cef
!
multilink bundle-name authenticated
!
!
crypto pki token default removal timeout 0
!
!
license udi pid CISCO2911/K9 sn FHK1433F0DF
hw-module pvdm 0/0
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
description isp
no ip dhcp client request tftp-server-address
ip address dhcp client-id GigabitEthernet0/0
ip nat outside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/1
description WIRELESS LAN
ip address 20.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
duplex auto
speed auto
!
interface GigabitEthernet0/2
description SWITCH
ip address 10.0.0.1 255.255.255.0
ip nat inside
ip virtual-reassembly in
ip tcp adjust-mss 1452
duplex auto
speed auto
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
ip nat inside source list 1 interface GigabitEthernet0/0 overload
ip route 0.0.0.0 0.0.0.0 isp ip
ip route 10.1.2.0 255.255.255.0 10.0.0.2
ip route 10.1.3.0 255.255.255.0 10.0.0.2
ip route 10.1.4.0 255.255.255.0 10.0.0.2
ip route 10.1.5.0 255.255.255.0 10.0.0.2
!
access-list 1 permit 10.0.0.0 0.0.255.255
access-list 1 permit 20.0.0.0 0.0.255.255
access-list 1 permit 10.1.0.0 0.0.255.255

!
!
!
!
!
!
control-plane
!
!
!
line con 0
password 7 **********
login
line aux 0
line 2
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
line vty 0 4
password 7 ***************
login
transport input all
!
scheduler allocate 20000 1000
end

*********************************************************************************************

SG300-10 config

v1.3.0.59 / R750_NIK_1_3_647_260
CLI v1.0
set system mode router

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
vlan 2-5,10
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
ip dhcp server
ip dhcp excluded-address 10.1.2.1 10.1.2.1
ip dhcp excluded-address 10.1.3.1 10.1.3.1
ip dhcp excluded-address 10.1.4.1 10.1.4.1
ip dhcp excluded-address 10.1.5.1 10.1.5.1
ip dhcp pool network D1
address low 10.1.3.1 high 10.1.3.254 255.255.255.0
default-router 10.1.3.1
exit
ip dhcp pool network D5
address low 10.1.2.1 high 10.1.2.254 255.255.255.0
default-router 10.1.2.1
exit
ip dhcp pool network SERVER
address low 10.1.5.1 high 10.1.5.254 255.255.255.0
default-router 10.1.5.1
exit
ip dhcp pool network VOIP
address low 10.1.4.1 high 10.1.4.254 255.255.255.0
default-router 10.1.4.1
exit
bonjour interface range vlan 1
hostname SWITCH
username cisco password encrypted **********

prevelege 15
no ip domain lookup
ip telnet server
!
interface vlan 1
no ip address dhcp
no ipv6 address autoconfig
no ipv6 enable
no ipv6 dhcp client stateless
!
interface vlan 2
ip address 10.1.2.1 255.255.255.0
!
interface vlan 3
ip address 10.1.3.1 255.255.255.0
!
interface vlan 4
ip address 10.1.4.1 255.255.255.0
!
interface vlan 5
ip address 10.1.5.1 255.255.255.0
!
interface vlan 10
ip address 10.0.0.2 255.255.255.0
!
interface gigabitethernet1
switchport mode access
switchport access vlan 2
!
interface gigabitethernet2
spanning-tree portfast
switchport mode access
switchport access vlan 2
!
interface gigabitethernet3
spanning-tree portfast
switchport mode access
switchport access vlan 3
!
interface gigabitethernet4
spanning-tree portfast
switchport mode access
switchport access vlan 4
!
interface gigabitethernet5
spanning-tree portfast
switchport mode access
switchport access vlan 5
!
interface gigabitethernet6
spanning-tree portfast
switchport mode access
switchport access vlan 5
!
interface gigabitethernet7
spanning-tree portfast
switchport mode access
switchport access vlan 5
!
interface gigabitethernet8
spanning-tree portfast
switchport mode access
switchport access vlan 5
!
interface gigabitethernet10
spanning-tree portfast
switchport trunk native vlan 10
!
exit
ip default-gateway 10.0.0.1

Tom Watts · ‎04-23-2013

Hi DKA, can you make a diagram with port labels where everything is connected?

Can you also run the command on the Sg300 - show spanning-tree

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

dkapadiya · ‎04-23-2013

Router

int Gi0/0 connected to ISP modem

Int Gi0/1 conneted to Wireless Access point

int Gi0/2 connected to Sg300-10 (int gi10)

SG300-10 Switch

gi10 to cisco router int gi0/2

gi6 to gi8 to pc's

gi5 to server

gi2 to gi3 pc

gi4 to Voip adapter (spa2100)

Spanning tree enabled mode RSTP

Default port cost method: long

Root ID Priority 32768

Address 84:78:ac:a5:e9:0e

This switch is the root

Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Number of topology changes 0 last change occurred 00:08:23 ago

Times: hold 1, topology change 35, notification 2

hello 2, max age 20, forward delay 15

Interfaces

Name State Prio.Nbr Cost Sts Role PortFast Type

--------- -------- --------- -------- ------ ---- -------- -----------------

gi1 enabled 128.49 2000000 Dsbl Dsbl No -

gi2 enabled 128.50 20000 Frw Desg Yes P2P (RSTP)

gi3 enabled 128.51 2000000 Dsbl Dsbl No -

gi4 enabled 128.52 2000000 Frw Desg Yes Shared (RSTP)

gi5 enabled 128.53 20000 Frw Desg Yes P2P (RSTP)

gi6 enabled 128.54 2000000 Dsbl Dsbl No -

gi7 enabled 128.55 2000000 Dsbl Dsbl No -

gi8 enabled 128.56 2000000 Dsbl Dsbl No -

gi9 enabled 128.57 2000000 Dsbl Dsbl No -

gi10 enabled 128.58 20000 Frw Desg Yes P2P (RSTP)

Po1 enabled 128.1000 20000 Dsbl Dsbl No -

Po2 enabled 128.1001 20000 Dsbl Dsbl No -

Po3 enabled 128.1002 20000 Dsbl Dsbl No -

Po4 enabled 128.1003 20000 Dsbl Dsbl No -

Po5 enabled 128.1004 20000 Dsbl Dsbl No -

Po6 enabled 128.1005 20000 Dsbl Dsbl No -

Po7 enabled 128.1006 20000 Dsbl Dsbl No -

Po8 enabled 128.1007 20000 Dsbl Dsbl No -

Tom Watts · ‎04-23-2013

The sg300 is in layer 3, are the default gateways of all connecting devices the gateway of the SVI?

Example a server connecting to vlan 5 default gateway of the server should be 10.1.5.1

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

dkapadiya · ‎04-24-2013

Yes the respective have thier own default router

10.1.2.1 Vlan 2

10.1.3.1 Vlan 3

10.1.4.1 Vlan 4

10.1.5.1 Vlan 5

ip dhcp pool network D1

address low 10.1.3.1 high 10.1.3.254 255.255.255.0

default-router 10.1.3.1

exit

ip dhcp pool network D5

address low 10.1.2.1 high 10.1.2.254 255.255.255.0

default-router 10.1.2.1

exit

ip dhcp pool network SERVER

address low 10.1.5.1 high 10.1.5.254 255.255.255.0

default-router 10.1.5.1

exit

ip dhcp pool network VOIP

address low 10.1.4.1 high 10.1.4.254 255.255.255.0

default-router 10.1.4.1

Tom Watts · ‎04-24-2013

interface gigabitethernet10

spanning-tree portfast

switchport trunk native vlan 10

Part of this problem is, port fast should not be enabled on a port connecting to other device, this can make a network loop.

I don't see a dot1q encapsulation on the router config which also means I don't see an ip route pointing back to the switch SVI.

-Tom
Please mark answered for helpful posts

-Tom Please mark answered for helpful posts http://blogs.cisco.com/smallbusiness/

dkapadiya · ‎05-01-2013

Hello Tom this my basic setup

SG300-10 I want to use it in Layer 3.

Vlans 2, 3 and 4 do not need to communicate to the server.

All pc in Vlan 5 must be able to access the server also the PC's connected via wireless access must be able to access the server.

I would be using DHCP pool for wireless access point

I would be using DHCP pool on the switch for respective vlans.

Do I need to config the interface on router pointing to switch interface as router on stick, even though I am using the switch in layer 3 mode.

Please help me in config for the set up.

Thanks

inter vlan issues and clients connected to SG300-10 cannot access internet and server localy