Re: Can't access Vlan when connected through another switch

king06aaa · ‎05-19-2009

I have several satellite offices and each office is set up as a different subnet and each has its own Vlan.

There are two offices located in the same hospital. Those offices are connected via 1 T1. The T1 is connected to a switch on subnet 10.1.60.xx on Gi0/2. The other office is connected to that switch but it has its own subnet - 10.1.85.xx and its own vlan. It is connected from Gi0/1 on the first switch via a crossover cable to Gi0/2 on the second switch.

On the port that the T1 is connected to, I have allowed both Vlans.

I have connectivity for both switches with no problems and everything seems fine in that aspect.

Here's my problem: I cannot ping, putty, telnet or Network Assistant into the second switch from my office. However, if I telnet or putty into the first switch I can then telnet from that switch into the second switch.

Any ideas?

Jon Marshall · ‎05-19-2009

Steve

It will probably be because the switch using 10.1.85.xx does not have a route back to your source address.

Check if the switch has a default-gateway set on it.

Can you post further details ie.

1) Config of both switches

2) The source IP address from which you are trying telnet/putty

3) It's unclear as to whether there is a router involved here. Are your switches L2 or L3 switches.

If L3 can you also post "sh ip route" from each switch.

If there is a router at the remote office can you post that config as well.

Jon

king06aaa · ‎05-19-2009

I am trying to putty from 10.1.104.xx.

I am not using a router. These are 2960 Catalyst switches. The connections terminate back to a layer three switch at the main office. I don't have a route on that switch either. That switch is the server for all of the vlans.

Jon Marshall · ‎05-19-2009

Can you post config of

1) both switches at remote office

2) "sh ip route" from L3 switch

3) config of L3 switch

Jon

king06aaa · ‎05-19-2009

1) First switch config:

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

hostname Monroe_Neuro_SW1

no logging console

enable secret 5

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip domain-name tci.toledoclinic.com

ip name-server 10.1.96.30

ip name-server 10.1.96.31

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface FastEthernet0/1

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/2

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/3

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/4

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/5

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/6

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/7

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/8

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/9

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/10

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/11

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/12

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/13

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/14

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/15

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/16

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/17

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/18

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/19

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/20

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/21

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/22

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/23

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/24

switchport access vlan 60

switchport mode access

spanning-tree portfast trunk

interface GigabitEthernet0/1

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

interface GigabitEthernet0/2

description Buckeye T-Marc

switchport trunk allowed vlan 60,85

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

interface Vlan1

no ip address

no ip route-cache

interface Vlan60

ip address 10.1.60.2 255.255.255.0

no ip route-cache

ip default-gateway 10.1.60.1

ip http server

snmp-server community

control-plane

line con 0

line vty 0 4

password

login

length 0

line vty 5 15

password

login

length 0

end

JamesLuther · ‎05-19-2009

Hi,

Does the second switch have a default route pointing towards switch one for the reply packets?

Does the first switch have IP routing enabled?

Regards

king06aaa · ‎05-19-2009

Neither switch has routing enabled.

The default gateway on the second switch is 10.1.85.1 which is the vlan.

king06aaa · ‎05-19-2009

Switch 2 config:

hostname Monroe_Onco_SW1

enable secret 5

enable password

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

ip subnet-zero

ip domain-name

ip name-server 10.1.96.30

ip name-server 10.1.96.31

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

vlan internal allocation policy ascending

interface FastEthernet0/1

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/2

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/3

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/4

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/5

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/6

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/7

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/8

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/9

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/10

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/11

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/12

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/13

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/14

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/15

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/16

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/17

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/18

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/19

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/20

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/21

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/22

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/23

switchport access vlan 85

switchport mode access

spanning-tree portfast trunk

interface FastEthernet0/24

switchport access vlan 71

switchport mode access

spanning-tree portfast trunk

interface GigabitEthernet0/1

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

interface GigabitEthernet0/2

description Buckey T-Marc

switchport mode trunk

srr-queue bandwidth share 10 10 60 20

srr-queue bandwidth shape 10 0 0 0

queue-set 2

mls qos trust cos

macro description cisco-switch

auto qos voip trust

spanning-tree link-type point-to-point

interface Vlan1

ip address 10.1.97.19 255.255.224.0

no ip route-cache

interface Vlan71

ip address 10.1.71.211 255.255.255.0

no ip route-cache

interface Vlan85

ip address 10.1.85.2 255.255.255.0

no ip route-cache

ip default-gateway 10.1.85.1

ip http server

snmp-server community

control-plane

line con 0

line vty 0 4

login

length 0

line vty 5 15

login

length 0

ntp clock-period 36029174

ntp server 10.1.96.1 key 0 prefer

jeff.carr · ‎05-19-2009

Since the switches aren't doing any routing, it appears that the IP addresses 10.1.60.1 and 10.1.85.1 must be configured on a directly connected router, or routers. Are you able to successfully connect to the switches from the router? Is there a single router handling the routing between the two networks?

king06aaa · ‎05-19-2009

There are no routers in place. I have a layer 3 Cisco core switch. But there are no routes in it.

I can connect to switch 1 directly. I can then telnet to switch from switch 1.

jeff.carr · ‎05-19-2009

Okay, so the layer 3 core switch has an interface VLAN85 (10.1.85.1) and an interface VLAN60 (10.1.60.1). From the core switch you can access both of your switches on both VLANs. Since the switches are directly connected to the core switch, you won't need any static routes.

I would suggest you verify that the interfaces between the switches are both both up and are both configured as access ports on the appropriate VLAN.

Remember that even though switch1 and switch2 are connected together, in order for there to be communication between the IP addresses on the two different VLANs, the connections to the core switch must be appropriate.