Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1244
Views
5
Helpful
8
Replies

3550 Protected Port

cnuvo
Level 1
Level 1

‎06-24-2007 06:07 AM - edited ‎03-05-2019 04:56 PM

I have two servers connected to a 3550 and I want separate these two servers at L2 and make them communicate at L3. So I configured both ports with ?switchport protected?, and I connected the switch to a 2800 router, where I have interface VLAN configured. Since I put the two ports in protected mode they can not ping each other even though I have the L3 router between them, I can ping both servers from the router and I can ping the router from both, but they do not ping each other ,Am I missing anything here? Thanks in advance.

Labels:
0 Helpful
8 Replies 8

Edison Ortiz
Hall of Fame
Hall of Fame

‎06-24-2007 06:19 AM

Did you enable Proxy-Arp in the LAN interface at the router ?

0 Helpful

cnuvo
Level 1
Level 1
In response to Edison Ortiz

‎06-24-2007 06:23 AM

It's VLAN interface and yes I did, in fact it's enabled by default but I added the command again just in case..

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to cnuvo

‎06-24-2007 06:33 AM

Can you post the config from each of the interfaces in question ?

The router (2800) is the one serving as L3 device, correct ? So, that's the device that needs to have proxy-arp enabled, not the SVI on the 3560 switch.

0 Helpful

cnuvo
Level 1
Level 1
In response to Edison Ortiz

‎06-24-2007 06:47 AM

on the 3550,

interfast 0/1 (connected to server1)

switchport mode access

switchport access vlan 200

switchport protected

!

Same config on interface 0/2 (connected to server2)

!

Interface fast0/4 (to the 2800)

switchport trunk encapsulation dot1q

switchport mode trunk

!

2800

interface fast 1/4 (to the 3550)

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface vlan 200

ip address 10.1.1.1 255.255.255.0

!

Once I remove the protected from one interface I can ping between the two servers (via L2 of course)

Thanks in adavnce..

0 Helpful

Edison Ortiz
Hall of Fame
Hall of Fame
In response to cnuvo

‎06-24-2007 10:18 AM

Understood, the router is running one of those switch modules. Not very familiar with those. Are you able to use the regular fast-ethernet modules on the router - configure the port on the 3550 as access mode for vlan 200 and assign a corresponding IP ?

Note.- this is troubleshooting purposes, I don't have a lab to duplicate your environment at the moment.

0 Helpful

o_albegov
Level 1
Level 1

‎06-24-2007 10:51 AM

I think the better way to communicate 2 server with ecah other at L3 is to place them in seperate vlans. Is it possible in IP configuration?

0 Helpful

cnuvo
Level 1
Level 1
In response to o_albegov

‎06-24-2007 10:43 PM

We can not change the IP's on the servers. We are not allowed to do that.

The question I have, in the protected vlan's setup, why should the router answer the arp request from server1 on behalf of server2, even though the router has no idea about the protected vlan setup? Is there ant configuration needs to be added to the router?

0 Helpful

Ahmede
Level 1
Level 1
In response to cnuvo

‎06-24-2007 11:52 PM

There's an easy solution for that,

On server1 add a static ARP entry for server2 IP address and associate it to the router MAC address, and do the same on server2. This way Server1 and 2 won't arp the IP's of each other, and they will send the traffic to the router.

HTH..

Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card