02-10-2021 08:55 AM
I have a cisco 3750g series POE and I am trying to set up SVIs.
I created VLANs 2 and 3
VLAN 2 192.168.1.1 255.255.255.0
VLAN 3 192.168.2.1 255.255.255.0
After creating the SVIs, VLAN 1 is now up/down.
Can someone tell me why VLAN is now up/down?
I have two workstations set up, one for vlan 2 and the other for vlan 3
the default gateway IP for the computer in vlan 2 is 192.168.1.1 255.255.255.0
the default gateway IP for the computer in vlan 3 is 192.168.2.1 255.255.255.0
Cant ping between them.
Solved! Go to Solution.
02-10-2021 11:19 AM
Hello,
the config looks good. Make sure the Vlans actually exist on the switch (sh vlan). Also, check if the PCs don't block ICMP in their firewalls.
Vlan 1 is down because there is no active port (trunk or access) for Vlan 1.
02-10-2021 08:57 AM
can you post the configruation as below :
show run
show verion
you need to enable ip routing. (this can only confirmed once we see the config.
02-10-2021 09:46 AM
SW1#sh ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICESK9-M), Version 15.0(2)SE11, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Sat 19-Aug-17 09:28 by prod_rel_team
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
SW1 uptime is 44 minutes
System returned to ROM by power-on
System image file is "flash:/c3750-ipservicesk9-mz.150-2.SE11/c3750-ipservicesk9-mz.150-2.SE11.bin"
This product contains cryptographic features and is subject to United
States and local country laws governing import, export, transfer and
use. Delivery of Cisco cryptographic products does not imply
third-party authority to import, export, distribute or use encryption.
Importers, exporters, distributors and users are responsible for
compliance with U.S. and local country laws. By using this product you
agree to comply with applicable laws and regulations. If you are unable
to comply with U.S. and local laws, return this product immediately.
A summary of U.S. laws governing Cisco cryptographic products may be found at:
http://www.cisco.com/wwl/export/crypto/tool/stqrg.html
If you require further assistance please contact us by sending email to
export@cisco.com.
cisco WS-C3750G-48PS (PowerPC405) processor (revision C0) with 131072K bytes of memory.
Processor board ID FOC0916U14W
Last reset from power-on
3 Virtual Ethernet interfaces
52 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : 00:15:62:55:33:00
Motherboard assembly number : 73-9365-08
Power supply part number : 341-0108-02
Motherboard serial number : FOC09343S9H
Power supply serial number : DCA09260MDP
Model revision number : C0
Motherboard revision number : A0
Model number : WS-C3750G-48PS-E
System serial number : FOC0916U14W
SFP Module assembly part number : 73-7757-03
SFP Module revision Number : A0
SFP Module serial number : CAT093108DF
Top Assembly Part Number : 800-26344-02
Top Assembly Revision Number : A0
Version ID : 02
CLEI Code Number : CNMWM00ARB
Hardware Board Revision Number : 0x05
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 52 WS-C3750G-48PS 15.0(2)SE11 C3750-IPSERVICESK9-M
SW1#sh int des
Interface Status Protocol Description
Vl1 up down
Vl2 up up
Vl3 up up
SW1#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan2
L 192.168.1.1/32 is directly connected, Vlan2
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Vlan3
L 192.168.2.1/32 is directly connected, Vlan3
sh run
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
!
interface Vlan3
ip address 192.168.2.1 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
!
!
vstack
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
02-10-2021 09:55 AM
If you are not using VLAN 1 interface shutdown.
config t
!
interface Vlan1
shutdown
!
post full config of show run
02-10-2021 10:13 AM
SW1#sh run
Building configuration...
Current configuration : 5404 bytes
!
! Last configuration change at 00:40:43 UTC Mon Mar 1 1993
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
switch 1 provision ws-c3750g-48ps
system mtu routing 1500
ip routing
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1649750784
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1649750784
revocation-check none
rsakeypair TP-self-signed-1649750784
!
!
crypto pki certificate chain TP-self-signed-1649750784
certificate self-signed 01
3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31363439 37353037 3834301E 170D3933 30333031 30303034
33345A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 36343937
35303738 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100CE1F 3F3F0A68 A56A965D 87EA589B CBCAE221 30EED636 3AA0B0D7 F15D618E
D94D3FA8 0EDE4702 190B27AF 82492F94 994F4852 60C8ED80 CC2C18F1 5E470EBC
0055F991 C9855658 7878BF35 F6F96909 A3C38774 799DC111 F2A9A0FC 79B36954
564883CB B87B3406 FCFF09AC 91DEE2FC FAB44507 58AD8C2E 92CFF954 68400776
B6ED0203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
551D2304 18301680 140F64C1 A8EDCBCE 49EA88AD 38B677F0 68A4301D 46301D06
03551D0E 04160414 0F64C1A8 EDCBCE49 EA88AD38 B677F068 A4301D46 300D0609
2A864886 F70D0101 05050003 81810092 C938A489 423038D7 1E63A09C 35D3FE3C
9ABBDA46 953AE71D 0BF09EAF E2658400 C6CE4081 7CFA8265 7091754D BF28EC4E
B12D686C 10623160 B46A1DB3 2A14B901 36FFF789 65B80773 08783CE8 30E338A8
917EC777 C761192A D762AC7D C1330C77 8240EA7E E7B3F3CB 5F217625 C605683A
B4D3FAB2 6666A535 3DE7781F D068F9
quit
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1/0/1
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet1/0/3
switchport mode access
!
interface GigabitEthernet1/0/4
switchport mode access
!
interface GigabitEthernet1/0/5
switchport mode access
!
interface GigabitEthernet1/0/6
switchport mode access
!
interface GigabitEthernet1/0/7
switchport mode access
!
interface GigabitEthernet1/0/8
switchport mode access
!
interface GigabitEthernet1/0/9
switchport mode access
!
interface GigabitEthernet1/0/10
switchport mode access
!
interface GigabitEthernet1/0/11
switchport mode access
!
interface GigabitEthernet1/0/12
switchport mode access
!
interface GigabitEthernet1/0/13
switchport mode access
!
interface GigabitEthernet1/0/14
switchport mode access
!
interface GigabitEthernet1/0/15
switchport mode access
!
interface GigabitEthernet1/0/16
switchport mode access
!
interface GigabitEthernet1/0/17
switchport mode access
!
interface GigabitEthernet1/0/18
switchport mode access
!
interface GigabitEthernet1/0/19
switchport mode access
!
interface GigabitEthernet1/0/20
switchport mode access
!
interface GigabitEthernet1/0/21
switchport mode access
!
interface GigabitEthernet1/0/22
switchport mode access
!
interface GigabitEthernet1/0/23
switchport mode access
!
interface GigabitEthernet1/0/24
switchport mode access
!
interface GigabitEthernet1/0/25
switchport mode access
!
interface GigabitEthernet1/0/26
switchport mode access
!
interface GigabitEthernet1/0/27
switchport mode access
!
interface GigabitEthernet1/0/28
switchport mode access
!
interface GigabitEthernet1/0/29
switchport mode access
!
interface GigabitEthernet1/0/30
switchport mode access
!
interface GigabitEthernet1/0/31
switchport mode access
!
interface GigabitEthernet1/0/32
switchport mode access
!
interface GigabitEthernet1/0/33
switchport mode access
!
interface GigabitEthernet1/0/34
switchport mode access
!
interface GigabitEthernet1/0/35
switchport mode access
!
interface GigabitEthernet1/0/36
switchport mode access
!
interface GigabitEthernet1/0/37
switchport mode access
!
interface GigabitEthernet1/0/38
switchport mode access
!
interface GigabitEthernet1/0/39
switchport mode access
!
interface GigabitEthernet1/0/40
switchport mode access
!
interface GigabitEthernet1/0/41
switchport mode access
!
interface GigabitEthernet1/0/42
switchport mode access
!
interface GigabitEthernet1/0/43
switchport mode access
!
interface GigabitEthernet1/0/44
switchport mode access
!
interface GigabitEthernet1/0/45
switchport mode access
!
interface GigabitEthernet1/0/46
switchport mode access
!
interface GigabitEthernet1/0/47
switchport mode access
!
interface GigabitEthernet1/0/48
switchport mode access
!
interface GigabitEthernet1/0/49
switchport mode access
!
interface GigabitEthernet1/0/50
switchport mode access
!
interface GigabitEthernet1/0/51
switchport mode access
!
interface GigabitEthernet1/0/52
switchport mode access
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 192.168.1.1 255.255.255.0
!
interface Vlan3
ip address 192.168.2.1 255.255.255.0
!
ip http server
ip http secure-server
!
!
!
!
!
vstack
!
line con 0
line vty 0 4
login
line vty 5 15
login
!
end
02-10-2021 11:19 AM
Hello,
the config looks good. Make sure the Vlans actually exist on the switch (sh vlan). Also, check if the PCs don't block ICMP in their firewalls.
Vlan 1 is down because there is no active port (trunk or access) for Vlan 1.
02-10-2021 11:46 AM
The PCs are not blocking ICMP packets. I am still unable to ping between the workstations.
02-10-2021 12:12 PM
Hello,
can each PC ping its respective default gateway ?
02-10-2021 01:55 PM
You need to shut the vlan 1 if you are not using, since no ports belong to vlan up you see up/down.
interface GigabitEthernet1/0/1 switchport access vlan 2 switchport mode access ! interface GigabitEthernet1/0/2 switchport access vlan 3 switchport mode access
is the end device connected to repsected ports only configured for vlan 2 and Vlan3
If yes follow below tests :
1. what is the device connected to port 1/0/1
2. Windows PC ( post ipconfig /all)
3. can this PC can ping 192.168.1.1 ? ( from switch are you able to ping device IP address ?)
4. what is the device connected to port 1/0/2
5. Windows PC ( post ipconfig /all)
6. can this PC can ping 192.168.2.1 ? ( from switch are you able to ping device IP address ?)
Make sure windows has by default FW (disable and test PC to PC or device to device ping to work.
02-10-2021 05:07 PM
@calderonl.odari11 wrote:
vstack
There was a network out in the Middle East that got "pwn" because they did not disable this.
Cisco IOS and IOS XE Software Smart Install Denial of Service Vulnerability
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide