11-21-2016 06:53 AM - edited 03-08-2019 08:14 AM
Please refer to this answered topic for more information: https://supportforums.cisco.com/discussion/13159756/migrating-seperate-private-network-without-changing-ips-devices
I'm trying to create a layer 2 vlan for scanners on a 192.x.x.x range to migrate to a separate network on a 10.x.x.x range.
I always thought that layer 2 vlans will accept any IP range. As long as the vlan is trunked from top to bottom, I should be able to hard code two laptops with 192.x.x.x addresses, and they should be able to ping each other. Anything on this new VLAN should be able to communicate with each other, no matter what the IP range. Correct, or am I way off here?
11-21-2016 08:10 AM
Anything on this new VLAN should be able to communicate with each other, no matter what the IP range. Correct, or am I way off here?
Correct. You can create a vlan and assign an IP segment to it. For example vlan 20 with IP segment 192.168.20.0/24, vlan 30, IP segment 192.168.30.0/24 and so on. As long as the devices are in the same vlan, there is no need for routing. If you want to communicate between vlans, than you need a router or a multi-layer switch.
HTH
11-21-2016 08:15 AM
This is not an interface vlan though. It is layer 2 only. So for example:
!
vlan 22
name Test-VLAN-22
!
The vlan is setup as switchport access vlan 22 on the device port on the switch.
Shouldn't this still work and the vlan will pick-up any IP info configured on the device?
11-21-2016 08:27 AM
Yes, this should work fine. So, for vlan 22 your subnet maybe 192.168.22.0/24. You can have DHCP assign IP address to devices or simply use static IPs.
HTH
11-21-2016 08:42 AM
Ok, that is what I thought.. But for some reason the static IP devices are not communicating. They send packets, but do not receive, and cannot ping each other. They do not have firewalls enabled or anything like that.
11-21-2016 09:16 AM
It might be helpful if we had some information from the original poster about how this is set up. What IP address and what subnet mask are configured on the various hosts in the network. We have said that any two hosts in the same vlan should be able to communicate directly with each other without needing a router or any other device. And from the perspective of the switch that is true. From the perspective of the host that might or might not be true. If the hosts will send arp requests for each other and respond to arp requests from the other then they would certainly be able to communicate. So the question becomes will these hosts arp for each other? What if one or both host believe that the other host is in a different subnet. Some versions of OS will only send arp requests for addresses that it believes are in the same subnet and for addresses outside of the subnet will attempt to use its default gateway. So we may need to know if these hosts believe that they are in a common subnet or not.
It might be helpful to see the output of arp -a (or similar command if the host is not Windows) to see what the host has in its arp table.
HTH
Rick
11-21-2016 09:27 AM
Hi Rick - Thanks for the reply. The two hosts I have setup to test have the IP addresses of 192.168.6.186 and 192.168.6.200. Both have subnet masks of 255.255.255.0
This is the output I receive when I do an arp -a from one of the hosts:
Interface: 192.168.6.186 --- 0xb
Internet Address Physical Address Type
192.168.6.255 ff-ff-ff-ff-ff-ff static
224.0.0.2 01-00-5e-00-00-02 static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
11-21-2016 09:40 AM
Thanks for the additional information. These two host addresses should certainly attempt to arp for each other and there should be no need for any default gateway for them to communicate. So that is one potential problem that is eliminated.
The arp output shows that the two PC are not communicating with each other. So we need to understand better how they are connected. Is this on a single switch or on multiple switches? Would you post the output of these commands from each switch
show vlan
show interface trunk
show cdp neighbor
HTH
Rick
11-21-2016 09:50 AM
Hi Rick thanks again. For this test, the two PC's are on the same switch. Here is the requested output (truncated to only include relevant information)
show vlan:
22 Test-vlan-22 active Gi1/6, Gi1/7
show int trunk:
Port Mode Encapsulation Status Native vlan
Te3/1 on 802.1q trunking 1
Port Vlans allowed on trunk
Te3/1 22,100,105,108
Port Vlans allowed and active in management domain
Te3/1 22,100,105,108
Port Vlans in spanning tree forwarding state and not pruned
Te3/1 22,100,105,108
sho cdp nei:
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone,
D - Remote, C - CVTA, M - Two-port Mac Relay
Device ID Local Intrfce Holdtme Capability Platform Port ID
CoreSwitch1 Ten 3/1 125 R S I WS-C4510R Ten 9/5
11-21-2016 10:30 AM
Thanks for the information. Having it on a single switch keeps it simple. The output of show vlan seems to show that the two hosts should have local communication. Would you post the output of show mac address-table from the switch?
HTH
Rick
11-21-2016 10:34 AM
The ports are seeing the mac addresses of the hosts:
sho mac address-table
Unicast Entries
vlan mac address type protocols port
---------+---------------+--------+---------------------+-------------------------
22 28f1.0e02.314f dynamic ip,ipx,assigned,other GigabitEthernet1/6
22 f01f.af43.8d9e dynamic ip,ipx,assigned,other GigabitEthernet1/7
Multicast Entries
vlan mac address type ports
---------+---------------+-------+--------------------------------------------
22 ffff.ffff.ffff system Gi1/6,Gi1/7,Te3/1
11-21-2016 10:39 AM
Yes the switch is seeing the MAC of both hosts. Please attempt to ping host to host and then do arp -a on both and post the output.
HTH
Rick
11-21-2016 10:50 AM
From 192.168.6.186 host to 192.168.6.200:
ping 192.168.6.200
Pinging 192.168.6.200 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.6.200:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss
arp -a
Interface: 192.168.6.186 --- 0xb
Internet Address Physical Address Type
192.168.6.200 f0-1f-af-43-8d-9e dynamic
192.168.6.255 ff-ff-ff-ff-ff-ff static
224.0.0.2 01-00-5e-00-00-02 static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
From 192.168.6.200 to 192.168.6.186:
ping 192.168.6.186
Pinging 192.168.6.186 with 32 bytes of data:
Reply from 192.168.6.200: Destination host unreachable.
Reply from 192.168.6.200: Destination host unreachable.
Reply from 192.168.6.200: Destination host unreachable.
Reply from 192.168.6.200: Destination host unreachable.
Ping statistics for 192.168.6.186:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
arp -a
Interface: 192.168.6.200 --- 0xb
Internet Address Physical Address Type
192.168.6.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
255.255.255.255 ff-ff-ff-ff-ff-ff static
11-22-2016 07:25 AM
Thanks for doing this test. It looks like we are making some progress, though there are still some issues that I do not understand.
On the positive side we see that at least in terms of ARP that we have successful communication between the hosts. In this output
arp -a
Interface: 192.168.6.186 --- 0xb
Internet Address Physical Address Type
192.168.6.200 f0-1f-af-43-8d-9e dynamic
we see clearly that 6.186 and 6.200 have communicated. The ping was not successful but we did have successful communication between the hosts for ARP. So it suggests that there is some policy (or some device firewall) that is not permitting ping.
But we have puzzling results in this output
arp -a
Interface: 192.168.6.200 --- 0xb
Internet Address Physical Address Type
192.168.6.255 ff-ff-ff-ff-ff-ff static
So 6.200 attempted arp but it was not successful. I find it puzzling that between a pair of hosts that arp is successful in one direction but fails in the other direction. I am not clear what the issue is but believe that it is much more likely an issue with the hosts and not an issue in the switch configuration.
HTH
Rick
11-22-2016 10:47 AM
Hi Rick - Thanks for the reply. I think you're right, it has to be something on the host side of things. Maybe a Windows 7 issue, hard to tell for sure. But either way, I setup the exact configuration in Packet Tracer and it works fine. I actually trust Packet Tracer to simulate the end devices more than I do a Windows PC. :)
Thanks again.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide