Cannot communicate with server on new vlan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 11:41 AM - edited 03-07-2019 03:41 AM
I'm trying to setup rspan and have created a vlan for the rspan session and another vlan to tag traffic in our VMWARE environment. We changed vlan tagging on a device from our primary server vlan (vlan10) to the new vlan (vlan45) and are now unable to communicate with that server.
Here is the rspan configuration
1. Create VLAN as an RSPAN VLAN
conf t
vlan 50 (for RSPAN session)
remote span
vlan 45 (for server traffic tagging)
end
2. Create an RSPAN Source Session (switch 2)
conf t
no monitor session 50
monitor session 50 source vlan 45
monitor session 50 destination remote vlan 50
end
3. Create an RSPAN Destination Session (switch 1)
conf t
monitor session 50 source remote vlan 50
monitor session 50 destination interface gigabitethernet0/1
end
!
Our servers run on vlan 10, which is 10.20.102.1 and our workstations are on vlan 104--10.20.104.1.
Thanks,
Chris
- Labels:
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 12:00 PM
Hi Chris,
Do you have Vlan 45 configured on both the switches? Please could you paste " show vlan" from the switches.
Also, did you change the Gateway settings on Vlan 45 for this new server? Where is Vlan 45 being routed, I mean on which device? You have routing defined for this Vlan if you are pinging it from any other subnet?
Cheers,
-amit singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 12:26 PM
Thanks, Amit, for the quick reply.
I have not actually set a gateway on teh vlan 45 at this point (and probably the root of this problem). The vlan is propogated between the two switches via VTP. Past adding the interface for the vlan, not sure what next steps I need to take.
Here are the show vlans:
sw00-3560-01#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/10, Gi0/11, Gi0/12, Gi0/13
Gi0/14, Gi0/16, Gi0/20, Gi0/22
Gi0/29, Gi0/32, Gi0/35, Gi0/37
Gi0/42, Gi0/49, Gi0/51
2 IDS active
3 DMZ active
4 iSCSI active
5 Backup active
6 VMotion active
10 OPS_Data active Gi0/9, Gi0/23
45 VLAN0045 active
50 VLAN0050 active
104 VLAN0104 active
172 OPS_Voice active Gi0/2, Gi0/3, Gi0/4, Gi0/5
Gi0/6, Gi0/7, Gi0/8, Gi0/9
Gi0/10, Gi0/11, Gi0/12, Gi0/13
Gi0/14, Gi0/16, Gi0/20, Gi0/22
Gi0/23, Gi0/29, Gi0/32, Gi0/35
Gi0/37, Gi0/42
1002 fddi-default act/unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
45 enet 100045 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
104 enet 100104 1500 - - - - - 0 0
172 enet 100172 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
50
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
sw00-3560-01#
sw00-3560-02#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/52
2 IDS active Gi0/11, Gi0/20, Gi0/21, Gi0/22
Gi0/33
3 DMZ active Gi0/23, Gi0/24
4 iSCSI active
5 Backup active Gi0/37
6 VMotion active
10 OPS_Data active Gi0/2, Gi0/3, Gi0/4, Gi0/6
Gi0/7, Gi0/8, Gi0/9, Gi0/10
Gi0/12, Gi0/13, Gi0/14, Gi0/15
Gi0/16, Gi0/18, Gi0/19, Gi0/26
Gi0/27, Gi0/29, Gi0/30, Gi0/34
Gi0/36, Gi0/38, Gi0/39, Gi0/40
Gi0/42, Gi0/43, Gi0/46, Gi0/47
45 VLAN0045 active
50 VLAN0050 active
104 VLAN0104 active
172 OPS_Voice active Gi0/17, Gi0/28
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
4 enet 100004 1500 - - - - - 0 0
5 enet 100005 1500 - - - - - 0 0
6 enet 100006 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
45 enet 100045 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
104 enet 100104 1500 - - - - - 0 0
172 enet 100172 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
50
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
sw00-3560-02#
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 12:43 PM
Hi Chris,
Are you running Multiple different subnets VM's on this Server which is on Vlan 45 now or you have the VM's running with the same port-group settings and same vlan. Which device is doing the IP routing within your network, is it one of the switch you are working on or somewhere else? Please paste the config.
You need to make sure that you have the correct gateway defined for all the VM's that you have running on the server. Since you are trunking your server top the network, the gateway for the VM's will reside in the network. Once you add,say an interface for your VLAN 45 on a router on a switch, make sure that all the devices in the network which wants to access the server have the route/reverse route back to Vlan 45 IP.
HTH,
-amit singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 12:54 PM
Amit,
All VMs in our network are running on the same subnet -- 10.20.102.0--and are currently configured with the same gateway -- 10.20.102.1. The switch associated with 10.255.102.1 is our layer 3 switch and handles the IP routing. I've pasted the config below. So from what I'm seeing in your response, I should:
1. Create interface for vlan 45 (already completed)
2. Assign an IP to that vlan.
3. Any servers needing to route on that vlan would need to be tagged with vlan 45.
4. The switch were the vlan is created will need to have some routing structure to route between, say vlan 10 (10.20.102.1) and vlan 45 (10.20.103.1). Correct? Would that be something like:
ip route 10.20.103.0 255.255.255.0 10.20.103.1
Config:
!
! Last configuration change at 21:35:24 EST Wed Nov 30 2011 by chall
! NVRAM config last updated at 21:29:24 EST Wed Nov 30 2011 by chall
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname sw00-3560-01
!
boot-start-marker
boot-end-marker
!
logging buffered 32000 warnings
no logging console
enable secret 5 $1$Evs8$nsd7tSGp6asz4z.Fm9jbW.
!
username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1
username wjerrell privilege 15 password 7 096C59034B554147
username twessel privilege 15 password 7 0226104C5A565879
username sready privilege 15 password 7 106E1A0B5647435C
username att privilege 15 password 7 045802150C2E
!
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
ip routing
!
!
no ip domain-lookup
ip domain-name secfedbank.com
!
mls qos map cos-dscp 0 8 16 24 32 46 48 56
mls qos srr-queue input bandwidth 90 10
mls qos srr-queue input threshold 1 8 16
mls qos srr-queue input threshold 2 34 66
mls qos srr-queue input buffers 67 33
mls qos srr-queue input cos-map queue 1 threshold 2 1
mls qos srr-queue input cos-map queue 1 threshold 3 0
mls qos srr-queue input cos-map queue 2 threshold 1 2
mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7
mls qos srr-queue input cos-map queue 2 threshold 3 3 5
mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7
mls qos srr-queue input dscp-map queue 1 threshold 3 32
mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23
mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48
mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56
mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63
mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output cos-map queue 1 threshold 3 5
mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7
mls qos srr-queue output cos-map queue 3 threshold 3 2 4
mls qos srr-queue output cos-map queue 4 threshold 2 1
mls qos srr-queue output cos-map queue 4 threshold 3 0
mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47
mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31
mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55
mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63
mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23
mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39
mls qos srr-queue output dscp-map queue 4 threshold 1 8
mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15
mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7
mls qos queue-set output 1 threshold 1 138 138 92 138
mls qos queue-set output 1 threshold 2 138 138 92 400
mls qos queue-set output 1 threshold 3 36 77 100 318
mls qos queue-set output 1 threshold 4 20 50 67 400
mls qos queue-set output 2 threshold 1 149 149 100 149
mls qos queue-set output 2 threshold 2 118 118 100 235
mls qos queue-set output 2 threshold 3 41 68 100 272
mls qos queue-set output 2 threshold 4 42 72 100 242
mls qos queue-set output 1 buffers 10 10 26 54
mls qos queue-set output 2 buffers 16 6 17 61
mls qos
!
crypto pki trustpoint TP-self-signed-3629491072
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3629491072
revocation-check none
rsakeypair TP-self-signed-3629491072
!
!
crypto pki certificate chain TP-self-signed-3629491072
certificate self-signed 01
30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33363239 34393130 3732301E 170D3933 30333031 30303031
35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323934
39313037 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100BF69 82BE978F D381C12C EE436B71 24568322 5E7049F6 7DE9FF83 545C58E8
8D1FB06E CE5915AD C53F6F63 18745958 2F5E3226 B05C40F8 FE03E510 B115EC21
30939871 C020749C 39F7B7BB C909774A B55DC7C2 A553EC2E B5EBE5C4 C364A791
DF3603B1 18D9C639 3983A8DB DFA18DBA E3C6408F 7C07D51E D7DF2604 139633EA
01850203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603
551D1104 1F301D82 1B737730 302D3335 36302D30 312E7365 63666564 62616E6B
2E636F6D 301F0603 551D2304 18301680 14F193BB B14DAE04 43346821 925588A0
D66F5E80 9F301D06 03551D0E 04160414 F193BBB1 4DAE0443 34682192 5588A0D6
6F5E809F 300D0609 2A864886 F70D0101 04050003 81810095 759B7D01 71A6D648
0348181B 4F136C6B F18DBFF5 00689425 7D8B2F4F C641A4F6 7EDDB586 9DBDA9A4
02237380 ABCD054E 2B51972F D60CBF29 0328BA8F B1B8C61A EC15510F 5143CB53
F6B48D6B 94871F37 B75B1690 E47BA522 44BAEC38 8F00CC68 1D53AA1E 0378AD0B
ADA17592 EF17506D 159B6DD5 16E59954 2226C8FB F32BE8
quit
!
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1,10,172 priority 8192
!
!
!
errdisable recovery cause psecure-violation
!
vlan internal allocation policy ascending
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
description Vendor Phone
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/2
description Shoretel T1
switchport access vlan 172
switchport mode access
mls qos trust dscp
!
interface GigabitEthernet0/3
description Shoretel 60/12
switchport access vlan 172
switchport mode access
mls qos trust dscp
!
interface GigabitEthernet0/4
description Shoretel 60/12
switchport access vlan 172
switchport mode access
switchport voice vlan 172
mls qos trust dscp
!
interface GigabitEthernet0/5
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.4907.69ff
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/7
description IPS Mgt Port
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0011.0aec.90b0
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.8041
switchport port-security mac-address 001c.c49b.14ce
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 4
switchport port-security mac-address 0010.4908.7c5d
switchport port-security mac-address 001b.78c1.f14a
switchport port-security mac-address 001c.2570.d3b2
srr-queue bandwidth share 10 10 60 20
queue-set 2
priority-queue out
mls qos trust dscp
auto qos voip trust
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/14
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.4908.92cf
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/17
description WAN Circuit
switchport trunk encapsulation dot1q
switchport mode trunk
mls qos trust dscp
!
interface GigabitEthernet0/18
description ws00it02d
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 2
switchport port-security mac-address 0010.490e.a74d
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/24
description ws00dp04c
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/25
description ws00it08
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
spanning-tree portfast
!
interface GigabitEthernet0/26
description ws00adm01
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/27
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/28
description ws00aud04
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/29
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/31
description WS00IT03C
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/33
description ws00dp01a
switchport access vlan 10
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/35
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/36
description ws00it01c
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.80c5 vlan 10
switchport port-security mac-address 001b.78c1.ab3a vlan 10
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/37
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/38
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/39
description ws00it05
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/40
description ww00it04
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/41
description ws00it02d
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.8014 vlan 10
switchport port-security mac-address 001e.0b67.4bbd vlan 10
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/42
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.7faa
switchport port-security mac-address 001c.c49b.26b4
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/43
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security mac-address 0014.3896.f6b3
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/44
description ws00it02b
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/45
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
switchport port-security maximum 3
switchport port-security mac-address 0010.4908.80c4
switchport port-security mac-address 0016.35a3.e83c
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/46
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/47
description ws00ip03
switchport trunk encapsulation dot1q
switchport trunk native vlan 104
switchport mode trunk
switchport voice vlan 172
mls qos trust dscp
spanning-tree portfast
!
interface GigabitEthernet0/48
description SW00-2960-01
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/49
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface TenGigabitEthernet0/1
!
interface TenGigabitEthernet0/2
!
interface Vlan1
description OPS_Switch_Mgmt
ip address 10.255.102.1 255.255.255.0
no ip redirects
!
interface Vlan4
description iSCSI/Replication
ip address 10.20.100.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan10
description OPS_Data_Network
ip address 10.20.102.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan104
description Workstation Network
ip address 10.20.104.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
interface Vlan172
description OPS_Voice_Network
ip address 172.20.102.1 255.255.255.0
ip helper-address 10.20.102.5
no ip redirects
!
router bgp 2388
bgp log-neighbor-changes
neighbor 10.20.102.10 remote-as 65342
!
address-family ipv4
neighbor 10.20.102.10 activate
neighbor 10.20.102.10 default-originate route-map Check-Internet
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.20.102.10 201
ip route 10.15.1.0 255.255.255.0 10.20.102.125
ip route 10.15.1.0 255.255.255.0 10.20.128.16 255
ip route 10.20.10.0 255.255.255.0 10.20.102.195
ip route 10.20.11.0 255.255.255.0 10.20.102.10
ip route 10.255.128.0 255.255.255.0 10.20.102.10
ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent
ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent
ip route 172.16.1.0 255.255.255.224 10.20.128.10
ip route 192.168.0.0 255.255.248.0 10.20.102.10
!
..........
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 01:15 PM
Hi Chris,
All the steps that you have mentioned are correct except 4. You do not need to add a route like that on the switch. You just need to define the SVI's for Vlan 10 and 45, as these are directly connected interfaces switch will do the inter-vlan routing for you as IP routing is already enabled. As far as you have the correct getways defined on your servers, you will be able to reach all the VM's across the subnets.
You need a route back to Vlan 45 from any other device like ASA if you want to reach VLan 45. Say you have a DMZ subnet behind the ASA and you want to reach this new subnet, you would need to add a route in ASA to reach this new subnet like,
ip route inside 10.20.103.0 255.255.255.0 10.20.102.1
Hope this helps.
-amit singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 01:24 PM
Not sure what SVIs are, nor how to define them.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 01:30 PM
SVI = Switched Vlan Interface i.e
Interface vlan x and an IP assigned to it. This is the same as the Step 2 in your earlier post.
Cheers,
-amit singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 01:36 PM
Gotcha;)
So, once I assign an IP to the vlan 45 (vlan 10 already has an assigned IP) and tagged the server traffic in VMWare, everything should route normally, yes?
The whole reason we're having to use tagging on VMWare is that we have multiple NICs on our VM hosts, so a Virtual machine could go out any NIC. We do this for redundancy. I mention this, to clarify that we won't have a way to actually assign a vlan id to a specifc switchport.
Chris
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-01-2011 01:48 PM
Hi Chris,
Yes for the first part of the Vlan.
Well, you actually dont need the tagging/trunking on the Server NIC, unless you are running multiple VM's on the server which resides in different vlans. For example in the case of this new server in Vlan 45, if you have some VM's running the Vlan 10 IP subnet and some of VM's with Vlan 45 subnet, then you need to enable the trunking on the server NIC to the switchport. If you have a Virtualized server with VMware and running all the VM's in the same subnet, you do not need trunking back to the switchport.
Cheers,
-amit singh
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
12-02-2011 07:06 AM
Amit,
I am still unable to ping the vm. Here's some more details on our configuration:
1. We have three VMWare hosts (servers) running muliple virtual machines (mostly windows servers).
2. We're trying to setup rspan to monitor several virtual and a couple physical servers.
3. The vlan we've setup for rspan is vlan 50. We'll setup rspan to monitor this vlan
4. The vlan we've setup for the server traffic to get tagged on is vlan 45. The IP assigned to that vlan i s10.20.103.1.
5. The server's IP is 10.20.102.15
6. We've tagged the server with vlan 45.
7. We've changed the server gateway address to 10.20.103.1. Originally, it was 10.20.102.1
8. We could not save the changes to the gateway without changing the server address, so we changed it to 10.20.103.15.
9. I was then able to successfully ping 10.20.103.15.
This solution worked, but we can't do this with all servers. do you have any other thoughts?
Regards,
Chris
