Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1027
Views
0
Helpful
6
Replies

Cisco Configuration issue between switches and router

gnoetzel1125
Level 1
Level 1

‎03-15-2019 09:22 AM

We have determined that there is an issue with one of our Cisco 12port switch (3560) when the port it is connected to the Router is turned on - a financial application function will fail from task to task.

There are two port on the 12port-3560 that is connected to the router and they are as follows:

P1 (Vlan1, 2,10)

P2 (Vlan1, 2, 10)

P3 (Vlan1)

P4 (n/a)

P5 (Vlan 1, 2, 10)

P6 (Vlan 1, 2, 10)

P7 (Vlan 1, 2)

P8 (Vlan 1)

P9 (Vlan 1,10)

P10 (Vlan 10)

P11 (Vlan 10)

P12 (Vlan 10)

 

P3 is linked to Router Port 4.  Router P4 is on native Vlan1.  P7 is linked to Router P14 - which is switchport access Vlan 2.

 

Currently P3 is shutdown, P7 to Router P14 is OPEN.

 

Router P6/6 (fiber link) set as Siwtchport mode trunk to the Switch on another floor (3650 - G1/1/1).  Switch 3650-G1/1/1 has Switchport trunk allowed vlan 1,2,4,7,1001).  Switch 3650(G1/1/4) is connected to 2960(G1/0/49) native Vlan1.

 

Switch 3560(G1/1/4)(switchport mode trunk) is uplinked to Switch 2960G-P1/0/49.  Switch 2960G-P1/0/49 is switchport mode trunk. 

On that same switch 2960G - P1/0/10 has spanning-tree portfast set on it.

 

I am unable to get Traffic from  the first Switch 3960(P7) to the final designation Switch 2960G(P10).

Since 3560-P7 is already Vlan1 and Vlan2 - the Router (P14) is already set Vlan2 (switchport mode access vlan2), then I set the Switch(G1/1/4) to Switchport trunk allowed vlan 1,2.  Then Switch 2960G-P1/0/49) to switchport trunk allowed vlan 1,2. Then finally Switch 2960G-P1/0/10 to switchport trunk allow vlan1,2 / switchport mode trunk.  

Still the data is not going to the device 2960G on P1/0/10.

This is Video data from camera system.

 

I've been doing "trial & error" for the past 2 weeks after hours without affecting the production hours.  I am at wits end and we don't have budget for outside services to scour through these configurations to fix 1 problem.

 

Does anyone have recommendation?

Could it be some Router issue via "access-list" configuration?

 

Thank you all for your help.

 

Gil

 

 

Labels:
0 Helpful
6 Replies 6

Sergey Lisitsin
VIP Alumni
VIP Alumni

‎03-15-2019 10:13 AM

gnoetzel1125,

 

Can you please share a topology diagram of your network with IP addressing information. Also, when you say an application will fail from task to task, what do you actually mean? What symptoms do you see and what exactly makes you think this is a network related issue?

0 Helpful

gnoetzel1125
Level 1
Level 1
In response to Sergey Lisitsin

‎03-25-2019 09:24 AM

Latest Update:

We were able to get Vlan2 running on our internet network.  

 

Now we are unable to allow Vlan10 to access the Cable Modem for internet access.  The Vlan10 needs to be configure so it can hand out DHCP IP Address to devices.  The Cable Modem have static IP address and the DHCP server within the Cable Modem is turned off.  Reason why it is turned off is that the DHCP scope is /24 which will only allow up to 254 clients connections.  We need to have /16 scope.  The vendor of the cable modem will not allow the modem to use /16 subnet.

 

Therefore, we need to setup the C3560 to serve IP address to all the Vlan10 traffic.

 

See below link for my sample topology. 

 

 

Preview file
43 KB
0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni
In response to gnoetzel1125

‎03-25-2019 01:15 PM

Hi,

 

Apply the PBR as below: 

 

Ip access-list standard 100

5 deny ip host 10.10.10.1 any   --->10.10.10.1 replace with Modem IP address

10 deny IP 10.10.10.0 0.0.255.255 <10.X.X.X y.y.y.y> ----> 10.x.x.x.x y.y.y.y replace with VLAN 2 Subnet

50 permit ip 10.10.10.0 0.0.255.255 any

 

route-map CABLE_Modem permit 10

match ip address 100

set ip next-hop 10.10.10.1   ----> 10.10.10.1 replace with Modem IP address

 

interface VLAN 10

ip policy route-map CABLE_Modem 

 

If PBR will not accept then please share Switch SDM and Show version output. 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful

paul driver
VIP
VIP
In response to Deepak Kumar

‎03-25-2019 02:50 PM

Hello

@Deepak Kumar wrote:

Hi,

 

Apply the PBR as below: 

 

Ip access-list standard 100

5 deny ip host 10.10.10.1 any   --->10.10.10.1 replace with Modem IP address

10 deny IP 10.10.10.0 0.0.255.255 <10.X.X.X y.y.y.y> ----> 10.x.x.x.x y.y.y.y replace with VLAN 2 Subnet

50 permit ip 10.10.10.0 0.0.255.255 any

 

route-map CABLE_Modem permit 10

match ip address 100

set ip next-hop 10.10.10.1   ----> 10.10.10.1 replace with Modem IP address

 

interface VLAN 10

ip policy route-map CABLE_Modem 

 

Just looking at your route-map and relating it to the PBR logic, it seems that the rtr may look at the route-map and will match on the deny ace entry and then cease processing and as such the rtr will route via its rib table and not PBR -

Possible suggest to use a deny route-map stanza for the prefixes you wish not to pbr and then apply a catch all permit statement  so everything else is PBR'd

Ip access-list standard 100
permit ip ............

route-map CABLE_Modem deny 10
match ip address 100

 

route-map CABLE_Modem permit 99
set ip next-hop 10.10.10.1   

 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

paul driver
VIP
VIP

‎03-25-2019 02:09 PM

Hello

@gnoetzel1125 wrote:

Router P6/6 (fiber link) set as Siwtchport mode trunk to the Switch on another floor (3650 - G1/1/1).  Switch 3650-G1/1/1 has Switchport trunk allowed vlan 1,2,4,7,1001).  Switch 3650(G1/1/4) is connected to 2960(G1/0/49) native Vlan1.

 

Switch 3560(G1/1/4)(switchport mode trunk) is uplinked to Switch 2960G-P1/0/49.  Switch 2960G-P1/0/49 is switchport mode trunk. 

On that same switch 2960G - P1/0/10 has spanning-tree portfast set on it.

 

I am unable to get Traffic from  the first Switch 3960(P7) to the final designation Switch 2960G(P10).

Since 3560-P7 is already Vlan1 and Vlan2 - the Router (P14) is already set Vlan2 (switchport mode access vlan2), then I set the Switch(G1/1/4) to Switchport trunk allowed vlan 1,2.  Then Switch 2960G-P1/0/49) to switchport trunk allowed vlan 1,2. Then finally Switch 2960G-P1/0/10 to switchport trunk allow vlan1,2 / switchport mode trunk.  

Still the data is not going to the device 2960G on P1/0/10.

Your description and posted topology is rather convoluted and doesn't really show which switch is which what port is what

Can you elaborate and maybe post some configuration of the switches and routers


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

gnoetzel1125
Level 1
Level 1
In response to paul driver

‎07-14-2023 01:37 PM

Alas - above all information is old and I got it working.  Apparently the Vlan tagging on the port was messed up by someone else.  I was able to get it working where as assinging Vlan to internet traffic only and the other Vlans to proper tag to allow different data path for other lan devices.

 

Thank you everyone!   

 

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card