Here the config for the core

jeremy-rogers · ‎01-04-2017

I have 4 vlans currently, 100,200,300,400. I have 2 offices and they both used the same numbers, but now I need to change on office because of a DR system that we are putting in. I need to change one office to VLANs 111-114. I understand that I can't just change the number. I have to create these new vlans and move the associated IP addresses. Here is what I did.

I created the new vlans

config t

int vlan 111

int vlan 112

int vlan 113

int vlan 114

remove the IP from the old vlans

int vlan 100

no ip address

int vlan 200

no ip address

int vlan 300

no ip address

int vlan 400

no ip address

add the ip to the new vlan

int vlan 111

ip address 192.168.1.1 255.255.255.0

ip helper-address 192.168.1.20

int vlan 112

ip address 192.168.2.1 255.255.255.0

ip helper-address 192.168.1.20

int vlan 113

ip address 192.168.3.1 255.255.255.0

ip helper-address 192.168.1.20

int vlan 114

ip address 192.168.4.1 255.255.255.0

ip helper-address 192.168.1.20

Then I change the DHCP server (192.168.1.20) to use the new VLAN numbers. Then I change the Port channels to the access switches to the new vlan ids. Then the access ports on those switches. I then flushed the arp cache.

Here is the problem. All routing seems to be broken now. I can pull and IP from the DHCP server on the vlan 111 only. From the DHCP server I can ping 192.168.1.1, but not 192.168.2.1 or any of the other vlan ips.

What did I do wrong? Was I suppose to flush the MAC address table? Was I suppose to shutdown the old VLAN ids?

chrihussey · ‎01-04-2017

Sounds like it should have worked on the surface. Can you provide the config of the switch with the VLAN interfaces and possibly one of the access switches? It would make it a lot easier to help figure out what is going on.

jeremy-rogers · ‎01-04-2017

Here the config for the core and one of the switches. For example, after making this change I could not ping from the DHCP server (192.168.1.90) to the default gateway on any of the other networks (not 192.168.2.254, 192.168.3.254, 192.168.3.254, 192.168.4.254), I could ping to 192.168.5.254, but this is VLAN 500 and I didn't change this vlan number. I am assuming that I didn't clear some cache somewhere.

chrihussey · ‎01-04-2017

OK, just trying to figure this out:

1- Was the DHCP server moved into the 111 VLAN when you made the change?

2- Were the VLAN 100-400 interfaces shut as part of the process? (It wouldn't hurt).

3- If you give a PC/laptop a static IP in the new VLAN will it work?

Thanks

jeremy-rogers · ‎01-05-2017

1- Was the DHCP server moved into the 111 VLAN when you made the change?

Yes

2- Were the VLAN 100-400 interfaces shut as part of the process? (It wouldn't hurt).

No, but I will do this this weekend and Clear the Mac address table

3- If you give a PC/laptop a static IP in the new VLAN will it work?

Even the DHCP server which has a static IP couldn't ping the default gateway on any other network, but it could ping the dg on its network. Weird because the reply is coming from the same physical router (we only have one router).

chrihussey · ‎01-05-2017

Yup I agree, shut the old interfaces (or remove them altogether) and clear everything (MAC, ARP, routes).

Just a thought, as a pre-check to taking your network down would it be possible to create a DHCP scope for another network (ie 192.168.10.x/24), temporarily assign it to one of the new interfaces, allow it on a trunk to an access switch and test just to make sure the VLAN is indeed operational?

andrewswanson · ‎01-05-2017

Hello

From your config changes it looks like you just created the VLAN SVIs - did you create the VLANs themselves?

Does the output of "show vlan" on core/access switches show vlans 111-114. If not post the output of "show vtp status" from both switches.

Cheers
Andy

paul driver · ‎01-04-2017

Hello
What port is your uplink to the next-hop for the default route?
Looks like youve haven't changed the vlan membership on a few ports , they still show the old vlans especially vlan 111 where your default route now resides, i am assuming this was vlan 100 prior to change?

interface Vlan111
ip address 192.168.1.254 255.255.255.0
ip helper-address 192.168.1.90

ip route 0.0.0.0 0.0.0.0 192.168.1.165

interface GigabitEthernet1/0/6
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/7
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,100
switchport mode trunk
!
interface GigabitEthernet1/0/8
switchport access vlan 300
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 100
switchport mode access

interface GigabitEthernet1/0/10
switchport access vlan 100
switchport mode access

interface GigabitEthernet1/0/12
switchport access vlan 100
switchport mode access

Did you create the L2 vlans for 111-114?
Can you ping the default next hop sourced from the L3 vlan interfaces?

res
Paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Reza Sharifi · ‎01-05-2017

So, you can ping the gateway for vlan 111 (192.168.1.1) and not any other vlan.

Can you ping the management IP address on the core (192.168.11.1) which is vlan1?

If not, I see "ip routing" is enabled on the core. Can you turn it off and than turn it back on.

no ip routing

ip routing

and test again?

HTH

Change VLAN IDs problem