cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
1175
Views
12
Helpful
10
Replies

Cannot communicate with server on new vlan

I'm trying to setup rspan and have created a vlan for the rspan session and another vlan to tag traffic in our VMWARE environment. We changed vlan tagging on a device from our primary server vlan (vlan10) to the new vlan (vlan45) and are now unable to communicate with that server.

Here is the rspan configuration

1. Create VLAN as an RSPAN VLAN

conf t

vlan 50 (for RSPAN session)

remote span

vlan 45 (for server traffic tagging)

end

2. Create an RSPAN Source Session (switch 2)

conf t

no monitor session 50

monitor session 50 source vlan 45

monitor session 50 destination remote vlan 50

end

3. Create an RSPAN Destination Session (switch 1)

conf t

monitor session 50 source remote vlan 50

monitor session 50 destination interface gigabitethernet0/1

end

!

Our servers run on vlan 10, which is 10.20.102.1 and our workstations are on vlan 104--10.20.104.1.

Thanks,

Chris

10 Replies 10

Amit Singh
Cisco Employee
Cisco Employee

Hi Chris,

Do you have Vlan 45 configured on both the switches? Please could you paste " show vlan" from the switches.

Also, did you change the Gateway settings on Vlan 45 for this new server? Where is Vlan 45 being routed, I mean on which device? You have routing defined for this Vlan if you are pinging it from any other subnet?

Cheers,

-amit singh

Thanks, Amit, for the quick reply.

I have not actually set a gateway on teh vlan 45 at this point (and probably the root of this problem). The vlan is propogated between the two switches via VTP. Past adding the interface for the vlan, not sure what next steps I need to take.

Here are the show vlans:

sw00-3560-01#sh vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/5, Gi0/6, Gi0/7, Gi0/8

                                                Gi0/10, Gi0/11, Gi0/12, Gi0/13

                                                Gi0/14, Gi0/16, Gi0/20, Gi0/22

                                                Gi0/29, Gi0/32, Gi0/35, Gi0/37

                                                Gi0/42, Gi0/49, Gi0/51

2    IDS                              active

3    DMZ                              active

4    iSCSI                            active

5    Backup                           active

6    VMotion                          active

10   OPS_Data                         active    Gi0/9, Gi0/23

45   VLAN0045                         active

50   VLAN0050                         active

104  VLAN0104                         active

172  OPS_Voice                        active    Gi0/2, Gi0/3, Gi0/4, Gi0/5

                                                Gi0/6, Gi0/7, Gi0/8, Gi0/9

                                                Gi0/10, Gi0/11, Gi0/12, Gi0/13

                                                Gi0/14, Gi0/16, Gi0/20, Gi0/22

                                                Gi0/23, Gi0/29, Gi0/32, Gi0/35

                                                Gi0/37, Gi0/42

1002 fddi-default                     act/unsup

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

5    enet  100005     1500  -      -      -        -    -        0      0

6    enet  100006     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

45   enet  100045     1500  -      -      -        -    -        0      0

50   enet  100050     1500  -      -      -        -    -        0      0

104  enet  100104     1500  -      -      -        -    -        0      0

172  enet  100172     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

50

Primary Secondary Type              Ports

------- --------- ----------------- ------------------------------------------

sw00-3560-01#

sw00-3560-02#sh vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/52

2    IDS                              active    Gi0/11, Gi0/20, Gi0/21, Gi0/22

                                                Gi0/33

3    DMZ                              active    Gi0/23, Gi0/24

4    iSCSI                            active

5    Backup                           active    Gi0/37

6    VMotion                          active

10   OPS_Data                         active    Gi0/2, Gi0/3, Gi0/4, Gi0/6

                                                Gi0/7, Gi0/8, Gi0/9, Gi0/10

                                                Gi0/12, Gi0/13, Gi0/14, Gi0/15

                                                Gi0/16, Gi0/18, Gi0/19, Gi0/26

                                                Gi0/27, Gi0/29, Gi0/30, Gi0/34

                                                Gi0/36, Gi0/38, Gi0/39, Gi0/40

                                                Gi0/42, Gi0/43, Gi0/46, Gi0/47

45   VLAN0045                         active

50   VLAN0050                         active

104  VLAN0104                         active

172  OPS_Voice                        active    Gi0/17, Gi0/28

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

4    enet  100004     1500  -      -      -        -    -        0      0

5    enet  100005     1500  -      -      -        -    -        0      0

6    enet  100006     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

45   enet  100045     1500  -      -      -        -    -        0      0

50   enet  100050     1500  -      -      -        -    -        0      0

104  enet  100104     1500  -      -      -        -    -        0      0

172  enet  100172     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    srb      0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

50

Primary Secondary Type              Ports

------- --------- ----------------- ------------------------------------------

sw00-3560-02#

Hi Chris,

Are you running Multiple different subnets VM's on this Server which is on Vlan 45 now or you have the VM's running with the same port-group settings and same vlan. Which device is doing the IP routing within your network, is it one of the switch you are working on or somewhere else? Please paste the config.

You need to make sure that you have the correct gateway defined for all the VM's that you have running on the server. Since you are trunking your server top the network, the gateway for the VM's will reside in the network. Once you add,say an interface for your VLAN 45 on a router on a switch, make sure that all the devices in the network which wants to access the server have the route/reverse route back to Vlan 45 IP.

HTH,

-amit singh

Amit,

All VMs in our network are running on the same subnet -- 10.20.102.0--and are currently configured with the same gateway -- 10.20.102.1. The switch associated with 10.255.102.1 is our layer 3 switch and handles the IP routing. I've pasted the config below. So from what I'm seeing in your response, I should:

1. Create interface for vlan 45 (already completed)

2. Assign an IP to that vlan.

3. Any servers needing to route on that vlan would need to be tagged with vlan 45.

4. The switch were the vlan is created will need to have some routing structure to route between, say vlan 10 (10.20.102.1) and vlan 45 (10.20.103.1). Correct? Would that be something like:

ip route 10.20.103.0 255.255.255.0 10.20.103.1

Config:

!

! Last configuration change at 21:35:24 EST Wed Nov 30 2011 by chall

! NVRAM config last updated at 21:29:24 EST Wed Nov 30 2011 by chall

!

version 12.2

no service pad

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname sw00-3560-01

!

boot-start-marker

boot-end-marker

!

logging buffered 32000 warnings

no logging console

enable secret 5 $1$Evs8$nsd7tSGp6asz4z.Fm9jbW.

!

username chall privilege 15 secret 5 $1$IEv5$nAtQe4Zgy10/QocwxoJlg1

username wjerrell privilege 15 password 7 096C59034B554147

username twessel privilege 15 password 7 0226104C5A565879

username sready privilege 15 password 7 106E1A0B5647435C

username att privilege 15 password 7 045802150C2E

!

!

no aaa new-model

clock timezone EST -5

clock summer-time EDT recurring

system mtu routing 1500

authentication mac-move permit

ip subnet-zero

ip routing

!

!

no ip domain-lookup

ip domain-name secfedbank.com

!

mls qos map cos-dscp 0 8 16 24 32 46 48 56

mls qos srr-queue input bandwidth 90 10

mls qos srr-queue input threshold 1 8 16

mls qos srr-queue input threshold 2 34 66

mls qos srr-queue input buffers 67 33

mls qos srr-queue input cos-map queue 1 threshold 2 1

mls qos srr-queue input cos-map queue 1 threshold 3 0

mls qos srr-queue input cos-map queue 2 threshold 1 2

mls qos srr-queue input cos-map queue 2 threshold 2 4 6 7

mls qos srr-queue input cos-map queue 2 threshold 3 3 5

mls qos srr-queue input dscp-map queue 1 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue input dscp-map queue 1 threshold 3 0 1 2 3 4 5 6 7

mls qos srr-queue input dscp-map queue 1 threshold 3 32

mls qos srr-queue input dscp-map queue 2 threshold 1 16 17 18 19 20 21 22 23

mls qos srr-queue input dscp-map queue 2 threshold 2 33 34 35 36 37 38 39 48

mls qos srr-queue input dscp-map queue 2 threshold 2 49 50 51 52 53 54 55 56

mls qos srr-queue input dscp-map queue 2 threshold 2 57 58 59 60 61 62 63

mls qos srr-queue input dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue input dscp-map queue 2 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output cos-map queue 1 threshold 3 5

mls qos srr-queue output cos-map queue 2 threshold 3 3 6 7

mls qos srr-queue output cos-map queue 3 threshold 3 2 4

mls qos srr-queue output cos-map queue 4 threshold 2 1

mls qos srr-queue output cos-map queue 4 threshold 3 0

mls qos srr-queue output dscp-map queue 1 threshold 3 40 41 42 43 44 45 46 47

mls qos srr-queue output dscp-map queue 2 threshold 3 24 25 26 27 28 29 30 31

mls qos srr-queue output dscp-map queue 2 threshold 3 48 49 50 51 52 53 54 55

mls qos srr-queue output dscp-map queue 2 threshold 3 56 57 58 59 60 61 62 63

mls qos srr-queue output dscp-map queue 3 threshold 3 16 17 18 19 20 21 22 23

mls qos srr-queue output dscp-map queue 3 threshold 3 32 33 34 35 36 37 38 39

mls qos srr-queue output dscp-map queue 4 threshold 1 8

mls qos srr-queue output dscp-map queue 4 threshold 2 9 10 11 12 13 14 15

mls qos srr-queue output dscp-map queue 4 threshold 3 0 1 2 3 4 5 6 7

mls qos queue-set output 1 threshold 1 138 138 92 138

mls qos queue-set output 1 threshold 2 138 138 92 400

mls qos queue-set output 1 threshold 3 36 77 100 318

mls qos queue-set output 1 threshold 4 20 50 67 400

mls qos queue-set output 2 threshold 1 149 149 100 149

mls qos queue-set output 2 threshold 2 118 118 100 235

mls qos queue-set output 2 threshold 3 41 68 100 272

mls qos queue-set output 2 threshold 4 42 72 100 242

mls qos queue-set output 1 buffers 10 10 26 54

mls qos queue-set output 2 buffers 16 6 17 61

mls qos

!

crypto pki trustpoint TP-self-signed-3629491072

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3629491072

revocation-check none

rsakeypair TP-self-signed-3629491072

!

!

crypto pki certificate chain TP-self-signed-3629491072

certificate self-signed 01

  30820253 308201BC A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 33363239 34393130 3732301E 170D3933 30333031 30303031

  35375A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649

  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 36323934

  39313037 3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

  8100BF69 82BE978F D381C12C EE436B71 24568322 5E7049F6 7DE9FF83 545C58E8

  8D1FB06E CE5915AD C53F6F63 18745958 2F5E3226 B05C40F8 FE03E510 B115EC21

  30939871 C020749C 39F7B7BB C909774A B55DC7C2 A553EC2E B5EBE5C4 C364A791

  DF3603B1 18D9C639 3983A8DB DFA18DBA E3C6408F 7C07D51E D7DF2604 139633EA

  01850203 010001A3 7B307930 0F060355 1D130101 FF040530 030101FF 30260603

  551D1104 1F301D82 1B737730 302D3335 36302D30 312E7365 63666564 62616E6B

  2E636F6D 301F0603 551D2304 18301680 14F193BB B14DAE04 43346821 925588A0

  D66F5E80 9F301D06 03551D0E 04160414 F193BBB1 4DAE0443 34682192 5588A0D6

  6F5E809F 300D0609 2A864886 F70D0101 04050003 81810095 759B7D01 71A6D648

  0348181B 4F136C6B F18DBFF5 00689425 7D8B2F4F C641A4F6 7EDDB586 9DBDA9A4

  02237380 ABCD054E 2B51972F D60CBF29 0328BA8F B1B8C61A EC15510F 5143CB53

  F6B48D6B 94871F37 B75B1690 E47BA522 44BAEC38 8F00CC68 1D53AA1E 0378AD0B

  ADA17592 EF17506D 159B6DD5 16E59954 2226C8FB F32BE8

  quit

!

spanning-tree mode rapid-pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree vlan 1,10,172 priority 8192

!

!

!

errdisable recovery cause psecure-violation

!

vlan internal allocation policy ascending

!

!

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet0/1

description Vendor Phone

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

spanning-tree portfast

!

interface GigabitEthernet0/2

description Shoretel T1

switchport access vlan 172

switchport mode access

mls qos trust dscp

!

interface GigabitEthernet0/3

description Shoretel 60/12

switchport access vlan 172

switchport mode access

mls qos trust dscp

!

interface GigabitEthernet0/4

description Shoretel 60/12

switchport access vlan 172

switchport mode access

switchport voice vlan 172

mls qos trust dscp

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.4907.69ff

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/7

description IPS Mgt Port

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/9

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0011.0aec.90b0

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/11

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.8041

switchport port-security mac-address 001c.c49b.14ce

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/12

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 4

switchport port-security mac-address 0010.4908.7c5d

switchport port-security mac-address 001b.78c1.f14a

switchport port-security mac-address 001c.2570.d3b2

srr-queue bandwidth share 10 10 60 20

queue-set 2

priority-queue out

mls qos trust dscp

auto qos voip trust

spanning-tree portfast

!

interface GigabitEthernet0/13

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/14

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.4908.92cf

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/15

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/16

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/17

description WAN Circuit

switchport trunk encapsulation dot1q

switchport mode trunk

mls qos trust dscp

!

interface GigabitEthernet0/18

description ws00it02d

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/19

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/20

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/21

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 2

switchport port-security mac-address 0010.490e.a74d

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/22

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/23

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/24

description ws00dp04c

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/25

description ws00it08

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

spanning-tree portfast

!

interface GigabitEthernet0/26

description ws00adm01

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/27

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/28

description ws00aud04

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/29

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/30

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/31

description WS00IT03C

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/32

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/33

description ws00dp01a

switchport access vlan 10

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/34

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/35

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/36

description ws00it01c

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.80c5 vlan 10

switchport port-security mac-address 001b.78c1.ab3a vlan 10

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/37

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/38

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/39

description ws00it05

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/40

description ww00it04

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/41

description ws00it02d

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.8014 vlan 10

switchport port-security mac-address 001e.0b67.4bbd vlan 10

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/42

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.7faa

switchport port-security mac-address 001c.c49b.26b4

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/43

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security mac-address 0014.3896.f6b3

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/44

description ws00it02b

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/45

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

switchport port-security maximum 3

switchport port-security mac-address 0010.4908.80c4

switchport port-security mac-address 0016.35a3.e83c

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/46

switchport trunk encapsulation dot1q

switchport trunk native vlan 10

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/47

description ws00ip03

switchport trunk encapsulation dot1q

switchport trunk native vlan 104

switchport mode trunk

switchport voice vlan 172

mls qos trust dscp

spanning-tree portfast

!

interface GigabitEthernet0/48

description SW00-2960-01

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/49

switchport trunk encapsulation dot1q

switchport mode trunk

shutdown

!

interface GigabitEthernet0/50

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/51

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/52

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface TenGigabitEthernet0/1

!

interface TenGigabitEthernet0/2

!

interface Vlan1

description OPS_Switch_Mgmt

ip address 10.255.102.1 255.255.255.0

no ip redirects

!

interface Vlan4

description iSCSI/Replication

ip address 10.20.100.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan10

description OPS_Data_Network

ip address 10.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan104

description Workstation Network

ip address 10.20.104.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

interface Vlan172

description OPS_Voice_Network

ip address 172.20.102.1 255.255.255.0

ip helper-address 10.20.102.5

no ip redirects

!

router bgp 2388

bgp log-neighbor-changes

neighbor 10.20.102.10 remote-as 65342

!

address-family ipv4

  neighbor 10.20.102.10 activate

  neighbor 10.20.102.10 default-originate route-map Check-Internet

  no auto-summary

  no synchronization

exit-address-family

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.20.102.10 201

ip route 10.15.1.0 255.255.255.0 10.20.102.125

ip route 10.15.1.0 255.255.255.0 10.20.128.16 255

ip route 10.20.10.0 255.255.255.0 10.20.102.195

ip route 10.20.11.0 255.255.255.0 10.20.102.10

ip route 10.255.128.0 255.255.255.0 10.20.102.10

ip route 170.209.0.2 255.255.255.255 10.20.102.12 permanent

ip route 170.209.0.3 255.255.255.255 10.20.102.12 permanent

ip route 172.16.1.0 255.255.255.224 10.20.128.10

ip route 192.168.0.0 255.255.248.0 10.20.102.10

!

..........

Hi Chris,

All the steps that you have mentioned are correct except 4. You do not need to add a route like that on the switch. You just need to define the SVI's for Vlan 10 and 45, as these are directly connected interfaces switch will do the inter-vlan routing for you as IP routing is already enabled. As far as you have the correct getways defined on your servers, you will be able to reach all the VM's across the subnets.

You need a route back to Vlan 45 from any other device like ASA if you want to reach VLan 45. Say you have a DMZ subnet behind the ASA and you want to reach this new subnet, you would need to add a route in ASA to reach this new subnet like,

ip route inside 10.20.103.0 255.255.255.0 10.20.102.1

Hope this helps.

-amit singh

Not sure what SVIs are, nor how to define them.

SVI = Switched Vlan Interface i.e

Interface vlan x and an IP assigned to it. This is the same as the Step 2 in your earlier post.

Cheers,

-amit singh

Gotcha;)

So, once I assign an IP to the vlan 45 (vlan 10 already has an assigned IP) and tagged the server traffic in VMWare, everything should route normally, yes?

The whole reason we're having to use tagging on VMWare is that we have multiple NICs on our VM hosts, so a Virtual machine could go out any NIC. We do this for redundancy. I mention this, to clarify that we won't have a way to actually assign a vlan id to a specifc switchport.

Chris

Hi Chris,

Yes for the first part of the Vlan.

Well, you actually dont need the tagging/trunking on the Server NIC, unless you are running multiple VM's on the server which resides in different vlans. For example in the case of this new server in Vlan 45, if you have some  VM's running the Vlan 10 IP subnet and some of VM's with Vlan 45 subnet, then you need to enable the trunking on the server NIC to the switchport. If you have a Virtualized server with VMware and running all the VM's in the same subnet, you do not need trunking back to the switchport.

Cheers,

-amit singh

Amit,

I am still unable to ping the vm. Here's some more details on our configuration:

1. We have three VMWare hosts (servers) running muliple virtual machines (mostly windows servers).

2. We're trying to setup rspan to monitor several virtual and a couple physical servers.

3. The vlan we've setup for rspan is vlan 50. We'll setup rspan to monitor this vlan

4. The vlan we've setup for the server traffic to get tagged on is vlan 45. The IP assigned to that vlan i s10.20.103.1.

5. The server's IP is 10.20.102.15

6. We've tagged the server with vlan 45.

7. We've changed the server gateway address to 10.20.103.1. Originally, it was 10.20.102.1

8. We could not save the changes to the gateway without changing the server address, so we changed it to 10.20.103.15.

9. I was then able to successfully ping 10.20.103.15.

This solution worked, but we can't do this with all servers. do you have any other thoughts?

Regards,

Chris

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: