cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
717
Views
10
Helpful
18
Replies

Cisco Catalyst 3560-CX Series PD VLAN Setup not working

bob0198labops
Level 1
Level 1

Goal: Create 2 VLANs on a switch (for now, will expand to 4 - have 8 ports on the switch) for a test lab, not for production. Connect devices on these ports (direct connection) and #1. verify ping to VLAN IP, and other devices, and #2. verify ability to talk between devices on the same VLAN, and #3. verify ability to talk between devices on different VLANs. This switch will never connect to a router for Internet access, it will only act as a L3 Switch for a relatively small network 

Device Info: Cisco Catalyst 3560-CX Series PD Cisco IOS Software Version 15.2(4)E8
show version
License level: ipbase
License Type: Default. No Valid License found

What has been done so far on this switch:

enable
config terminal
hostname no_internet_switch
vlan 10
interface Gi0/1 (and Gi0/2)
switchport mode access
switchport access vlan 10
interface vlan 10
ip address 192.168.10.1 subnet mask 255.255.255.0

<< Repeated the same seps for VLAN 20, with Gi0/3 and Gi0/4) >>

ip routing

show vlan
1   default                    active     Gi0/3, Gi0/4, Gi0/5, Gi0/6, Gi0/7, Gi0/8
10  vlan1                     active     Gi0/1, Gi0/2
20  vlan2                     active     Gi0/3, Gi0/4

show ip route
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C   192.168.10.0/24 is directly connected, Vlan 10
L   192.168.10.1/32 is directly connected, Vlan 10
C   192.168.20.0/24 is directly connected, Vlan 20
L   192.168.20.1/32 is directly connected, Vlan 20

show ip interface brief
Vlan1                        unassigned         Yes   unset      up                     down
Vlan10                      192.168.10.1      Yes   unset      up                     down
Vlan20                      192.168.20.1     Yes   unset      up                     down

Here is the problem:

When I got the switch, did not check everything, set this up, same VLAN ping worked. Inter VLAN  communications did not work. During the course of debugging, did a factory reset and now nothing works. Can someone please point out whats going on ? I am fairly new to this area, and have seen lots of questions like this here, but none where there is a requirement to not have a Router. I have the Vlan IPs as the default gateway on the Linux devices I have connected on the switch. Any help is greatly appreciated. 

1 Accepted Solution

Accepted Solutions

Hi,

    It all looks good, meaning you have ports Gi0/1, Gi0/2 in VLAN10 and Gi0/3, Gi0/4 in VLAN 20 (except that on STP output for VLAN 20, port Gi0/4 does not show up; did you not paste complete output or have disabled STP on that port via BPDFilter?); assuming hosts connected to these ports have IP addresses from the correct subnet, you should be able to have connectivity between PC's and default gateway which is the switch, while based on routing also between hosts in different VLAN's assuming you'v set the correct gateway IP address (the switch) on the hosts. Not sure what OS are the hosts running, however, try to ping the switch from hosts (the other way around, from switch to hosts may not work as maybe hosts have firewall turned on which filters ICMP packets). Based on the ARP and MAC table, you should at leat be able to ping from host 192.168.10.2 to switch which is 192.168.10.1.

   ARP entries on the switch will show up only if there is IP communication between switch and host (if you ping the switch from all hosts, the switch should have all ARP entries); MAC entries will show up on switch only if the hosts sends any kind of traffic for switch to learn the MAC address.

Best,

Cristian.

View solution in original post

18 Replies 18

@bob0198labops 

  In order to route between vlan, you need the command "ip routing", that's it. AS your switch have ipbase license, it is able to accept the command and do the needfull

Factory reset is not reason to stopping working. Can you share the show running-config? 

bob0198labops
Level 1
Level 1

Thank you for the response, greatly appreciated. I did run the "ip routing" command. Please see the show running-config output and please see if there are any mistakes in the cisco switch setup.

Building Configuration

Current Configuration
version 15.2
no service pad
no service password-encryption
!
hostname xxxxxx
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
system mtu routing 1500
!
!
!
!
!
ip routing
!
!
!
!
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
interface GigabitEthernet0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet0/3
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/4
switchport access vlan 20
switchport mode access
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 192.168.10.1 255.255.255.0
!
interface Vlan20
ip address 192.168.20.1 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http secure server
!
line con 0
line vty 5 15
!
!

end
-----------
Note about the host Linux PCs am testing with :
The hosts I am testing them with have some bridges setup for QEMU and maybe expecting tags - so if the switch configuration looks good, I can switch start looking for issues on the connected hosts. so far, all I have done on the hosts are these commands
sudo ip addr add 192.168.10.2/255.255.255.0 dev enp0s25 (a static ip in the 10 subnet)
sudo ip route add 0.0.0.0 via 192.168.10.1 --> which is Vlan 10's IP on the switch

Please let me know, thank you so much for the help!

There is nothing need except 

No shut down 

Needed under vlan SVI 

That all 

MHM

thanks @MHM Cisco World  can you please confirm if this is what you mean ?

#Assign Ports

interface GigabitEthernet0/<x>
no shutdown ?????
switchport mode access
switchport access vlan <vlan id>

or is this what you mean ?

#enable VLAN to VLAN communications
ip routing
no shutdown ?????

I see this before 

show ip interface brief
Vlan1                        unassigned         Yes   unset      up                     down
Vlan10                      192.168.10.1      Yes   unset      up                     down
Vlan20                      192.168.20.1     Yes   unset      up                     down

then you now share below 

show ip interface brief
Vlan1 unassigned Yes unset up down
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up

So the VLAN SVI are both UP not problem 

only check if you connect correct PC to correct VLAN, i.e. PC with IP in subnet 192.168.10.x must connect to port assign to vlan 10 and PC with IP in subnet 192.168.20.x must connect to port assign to vlan20

MHM

 

 

Send the commnad of "show ip int br" please

 

did you create the vlan on the switch with the command

conf t

vlan 10

exit

vlan 20 

?

@Flavio Miranda here is the output - my apologies for the delay, I do not have remote access to this particular environment makes it hard to respond after evening. 

 

show ip interface brief
Vlan1 unassigned Yes unset up down
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset up up
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down

 

For your question#2 this is the notes and sequence I used to create them

Config 1/4
----------
enable
config termninal
hostname <name>
show vlan
vlan <vlan id>

#Assign Ports

interface GigabitEthernet0/<x>
switchport mode access
switchport access vlan <vlan id>

#Assign IPs
interface vlan <vlan id>
ip address <match the subnet ids, start with 1, not zero> <subnet mask 255.255.255.0>

#to check everything
ip interface brief

#enable VLAN to VLAN communications
ip routing

 

Please let me know if you see something not right

@bob0198labops  dont worry

Something has change since your first post. The vlan were down

show ip interface brief
Vlan1 unassigned Yes unset up down
Vlan10 192.168.10.1 Yes unset up down
Vlan20 192.168.20.1 Yes unset up down

 

They are up now

show ip interface brief
Vlan1 unassigned Yes unset up down
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up

Still can not communicate?

bob0198labops
Level 1
Level 1

Yes, I just tried with 3 devices connected none of them are able to ping each other. I tried pinging the Vlan Ips, the other device ips, all come back with "Destination Host Unreachable"

I might say the problem does not seems to be on the switch any more. If you have interface up, vlans UP and ip routing. there is no reason to not ping.

"The hosts I am testing them with have some bridges setup for QEMU and maybe expecting tags - so if the switch configuration looks good, I can switch start looking for issues on the connected hosts. so far, all I have done on the hosts are these commands
sudo ip addr add 192.168.10.2/255.255.255.0 dev enp0s25 (a static ip in the 10 subnet)
sudo ip route add 0.0.0.0 via 192.168.10.1 --> which is Vlan 10's IP on the switch"

As you are running linux,  I think it is a good idea to check firewall on the host.

Eventually, test with windows os to make sure. The switch seems to be fine now to me.

 

Hi,

   Can you ping from the switch to any host in any of the VLAN's? Please provide confirmation. From switch side, provide following outputs: "show vlan brief", "show vlan id 10", "show vlan id 20", "show interfaces trunk", "show ip interface brief", "show spanning-tree vlan 10", "show spanning-tree vlan 20", "show ip route", "show ip cef", "show ip arp", "show mac address-table", "show version".

Best,

Cristian.

 
answer to your first question - No am not able to
from the switch : ping - fails traceroute ip - gives 30 hops all with * * *
 
please review the outputs below and provide your inputs.
 
just a dumb question, since I have never used ip cef before or the mac address-table - they both seem to show only one connected host - could this mean the switch is good, something wrong with the connected hosts ?
 
show vlan brief
1 default active Gi0/5.Gi0/6.Gi0/7.Gi0/8.
Gi0/9.Gi0/10
10 VLAN0010 active Gi0/1.Gi0/2
20 VLAN0020 active Gi0/3.Gi0/4
1002 fddi-default            act/unsup
1003 token-ring-default      act/unsup
1004 fddinet-default         act/unsup
1005 trnet-default           act/unsup
 
show vlan id 10
VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------------------
10     VLAN0010                       active    Gi0/1.Gi0/2
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
10   enet  100010     1500  -      -      -        -    -        0      0
 
Remote SPAN VLANs
------------------------------------------------------------------------------
Disabled
 
Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
 
 
show vlan id 20
VLAN Name                             Status    Ports
---- -------------------------------- --------- ------------------------------
20     VLAN0020                       active    Gi0/3.Gi0/4
 
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20   enet  100020     1500  -      -      -        -    -        0      0
 
Remote SPAN VLANs
------------------------------------------------------------------------------
Disabled
 
Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------
 
show interfaces trunk
<no output>
 
show ip interface brief
Vlan1 unassigned YES unset up down
Vlan10 192.168.10.1 YES manual up up
Vlan20 192.168.20.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset up up
GigabitEthernet0/2 unassigned YES unset up up
GigabitEthernet0/3 unassigned YES unset up up
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down
 
 
show spanning-tree vlan 10
 
Spanning tree enabled protocol rstp
 
Root ID Priority 32778
Address 308b.b2e2.c380
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 
Bridge ID Priority 32778 (priority 32768 sys-id-ext 10)
Address 308b.b2e2.c380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
 
Interface Role  Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi0/1   Desg FWD 4 128.1    P2p
Gi0/2   Desg FWD 4    128.2    P2p
 
 
show spanning-tree vlan 20
 
Spanning tree enabled protocol rstp
 
Root ID Priority 32788
Address 308b.b2e2.c380
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
 
Bridge ID Priority 32788 (priority 32768 sys-id-ext 20)
Address 308b.b2e2.c380
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
 
Interface Role  Sts Cost Prio.Nbr Type
—————- —- — ——— ——– ——————————–
Gi0/3   Desg FWD 4 128.3    P2p
 
 
show ip route
 
  192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, Vlan10
L 192.168.10.1/32 is directly connected, Vlan10
  192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, Vlan20
L 192.168.20.1/32 is directly connected, Vlan20
 
show ip cef
Prefix               Next Hop             Interface
0.0.0.0/0            no route
0.0.0.0/8            drop
0.0.0.0/32           receive             
127.0.0.0/8          drop
192.168.10.0/24      attached             Vlan10
192.168.10.0/32      receive              Vlan10
192.168.10.1/32      receive              Vlan10
192.168.10.2/32      attached             Vlan10
192.168.10.255/32    receive              Vlan10
192.168.20.0/24      attached             Vlan20
192.168.20.0/32      receive              Vlan20
192.168.20.1/32      receive              Vlan20
192.168.20.255/32    receive              Vlan20
224.0.0.0/4          drop
224.0.0.0/24         receive             
240.0.0.0/4          drop
255.255.255.255/32   receive
 
show ip arp
 
Protocol       Address           Age(min)   Hardware Addr          Type          Interface
Internet     192.168.10.1         -         308b.b2e2.c3c1         ARPA          Vlan10
Internet     192.168.10.2         184       20c5.eb9a.299c         ARPA          Vlan10
Internet     192.168.20.1          -        308b.b2e2.c3c2         ARPA          Vlan20
 
show mac address-table
 
 
 
          Mac Address Table
-------------------------------------------.
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
All    0100.9297.cccc    STATIC      CPU
All    0100.9297.cccd    STATIC      CPU
All    0100.9297.cddc    STATIC      CPU
All    0180.c200.ef01    STATIC      CPU
All    0180.c200.ef02    STATIC      CPU
All    0180.c200.ef03    STATIC      CPU
All    0180.c200.ef04    STATIC      CPU
All    0180.c200.ef05    STATIC      CPU
All    0180.c200.ef06    STATIC      CPU
All    0180.c200.ef07    STATIC      CPU
All    0180.c200.ef08    STATIC      CPU
All    0180.c200.ef09    STATIC      CPU
All    0180.c200.ef0a    STATIC      CPU
All    0180.c200.ef0b    STATIC      CPU
All    0180.c200.ef0c    STATIC      CPU
All    0180.c200.ef0d    STATIC      CPU
All    0180.c200.ef0e    STATIC      CPU
All    0180.c200.ef0f    STATIC      CPU
All    0180.c200.ef10    STATIC      CPU
All    ffff.ffff.ffff    STATIC      CPU
 10    20c5.eb9a.299c    Dynamic     Gi0/2
 10    5254.009d.fcfb    Dynamic     Gi0/2
 
show version
Cisco IOS Software, C3560CX Software (C3560CX-UNIVERSALK9-M), Version 15.2(4)E8, RELEASE SOFTWARE (fc3)
Copyright (c) 1986-2019 by Cisco Systems, Inc.
Compiled Thu 15-Mar-19 12:14 by prod_rel_team
 
ROM: Bootstrap program is C3560CX boot loader
BOOTLDR: C3560CX Boot Loader (C3560CX-HBOOT-M) Version 15.2(4r)E5, RELEASE SOFTWARE (fc4)
 
License Level: ipbase
License Type: Default. No valid license found.
Next reload license Level: ipbase
 
cisco WS-C3560CX-8PT-S (ARM86XXX) processor (revision H0) with 524288K bytes of memory.
Processor board ID FOC1330R1AT
Last reset from power-on
3 Virtual Ethernet interface
10 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
 
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address       :xxxx
Motherboard assembly number     :xxxx
Motherboard serial number       : xxxxxx
Model revision number           : H0
Motherboard revision number     : C0
Model number                    : WS-C3560E-48PD-S
System serial number            : xxxxx
Top Assembly Part Number        : xxxxx
Top Assembly Revision Number    : F0
Version ID                      : V02
CLEI Code Number                : xxxxx
Hardware Board Revision Number  : 0x09
 
Switch Ports Model              SW Version            SW Image
------ ----- -----              ----------            ----------
*    1 10    WS-C3560CX-8PT-S   15.2(4)E8             C3560CX-UNIVERSALK9-M
 
Configuration register is 0xF
 
 

Hi,

    It all looks good, meaning you have ports Gi0/1, Gi0/2 in VLAN10 and Gi0/3, Gi0/4 in VLAN 20 (except that on STP output for VLAN 20, port Gi0/4 does not show up; did you not paste complete output or have disabled STP on that port via BPDFilter?); assuming hosts connected to these ports have IP addresses from the correct subnet, you should be able to have connectivity between PC's and default gateway which is the switch, while based on routing also between hosts in different VLAN's assuming you'v set the correct gateway IP address (the switch) on the hosts. Not sure what OS are the hosts running, however, try to ping the switch from hosts (the other way around, from switch to hosts may not work as maybe hosts have firewall turned on which filters ICMP packets). Based on the ARP and MAC table, you should at leat be able to ping from host 192.168.10.2 to switch which is 192.168.10.1.

   ARP entries on the switch will show up only if there is IP communication between switch and host (if you ping the switch from all hosts, the switch should have all ARP entries); MAC entries will show up on switch only if the hosts sends any kind of traffic for switch to learn the MAC address.

Best,

Cristian.

@Cristian Matei Thank you so much, I believe I am one step closer to the solution at this point. my hosts are linux machines, and had someone make some changes to remove bridges running on both the hosts today, so now

the host connected to VLAN 10 is able to successfully ping the gateway IP  - that was not working so far

the host connected to VLAN 20 is NOT able to successfully ping the gateway IP "Destination Host Unreachable" which means there is some issue on the switch. Here are the ONLY differences I saw today, with your list of commands (ran all of them again this morning) 

192.168.10.0/24 attached Vlan10
192.168.10.0/32 receive Vlan10
192.168.10.1/32 receive Vlan10
192.168.10.2/32 attached Vlan10
192.168.10.255/32 receive Vlan10
192.168.20.0/24 attached Vlan20
192.168.20.0/32 receive Vlan20
192.168.20.1/32 receive Vlan20
192.168.20.2/32 attached Vlan20 <----- NEW LINE TODAY, AFTER CHANGES TO HOST CONNECTED ON VLAN 20
192.168.20.255/32 receive Vlan20

 

Protocol Address Age(min) Hardware Addr Type Interface
Internet 192.168.10.1 - 308b.b2e2.c3c1 ARPA Vlan10
Internet 192.168.10.2 44 20c5.eb9a.299c ARPA Vlan10
Internet 192.168.20.1 - 308b.b2e2.c3c2 ARPA Vlan20
Internet 192.168.20.2 47 20c5.eb9a.298d ARPA Vlan20 <----- NEW LINE TODAY, AFTER CHANGES TO HOST CONNECTED ON VLAN 20

Can you please explain "(except that on STP output for VLAN 20, port Gi0/4 does not show up; did you not paste complete output or have disabled STP on that port via BPDFilter?);" I did not have any hosts connected on Gi0/4 - can you explain this in a bit more detail ? One last step before I can 100% declare the Switch is good, mark yours as the right answer (helping with all the commands to make sure I can verify if the config was good). Or any other suggestions on why I would get a "Destination Host Unreachable" for a host on Vlan 20 and not on Vlan 10. 

Once again, thanks much !

 

Review Cisco Networking for a $25 gift card