12-17-2006 08:51 AM - edited 03-05-2019 01:22 PM
Situation: Our organization was pushed ahead of schedule to implement switching and routing in a building that was not supposed to be ready for a while. We are setting up a new WAN that will only run IP across four counties. Since this building was ready earlier than anticipated, we are pushed to implement IPX on Cisco Catalyst 2950(4) and 3750(1) Switches that we had already purchased for the new network. The 3750 is a Distribution Switch that connects via Fiber to a Bay Networks router on the County MetroNet. The 2950s are connected to the 3750 via fiber converters to individual VLANs.
Status So Far: The 2950s should be able to process L2 as normal. IP has been flowing correctly for several days through our 3750. Users can connect to most of their servers. We have two legacy Novell networks; one is Novell 4 and the other is 6.5. Both networks still use IPX for management. One of my Engineers for our developing network recommended using VLAN Bridging and sent me a short PDF on how to implement it (Chap 42, Configuring Fallback Bridging). I have followed his steps, and now it is the weekend and no one is available.
Gotchas: After enabling Fallback Bridging on the port connected to the IPX Network in question, I have completely lost IP Connectivity for their users. Was this supposed to be done on the VLAN versus the port? I tried to go back and use the NO BRIDGE and NO BRIDGE-GROUP commands in their respective configuration locations, and IP will not come back. The specific error response is "Fa1/0/5 is not a Switching port". I even tried BRIDGE CRB, so I could transfer both IPX and IP across the same port. It did not help. I was using "SWITCHPORT MODE ACCESS" and "SWITCHPORT ACCESS VLAN 201" to bring it back to original configuration. To make it all more interesting, the building is completely locked up for the weekend, and I have to administer through VPN and Telnet, so I can not just activate another port and move them to it at this moment.
HELP: How can I get the switch back to a Switching Port to return IP Access to that network? What did I miss to correctly enable IPX Passthrough to the routers on the MetroNet? Three other networks are IP Only so I cannot make the entire switch IPX Passthrough. One more network coming up Monday is going to require IPX; it is the older of the two Novell networks. The ideal situation is to provide IP to everyone with the established VLANs and to allow IPX Bridging (passthrough) on two ports while still allowing IP Traffic, which is 90% of the activity. What else do I need to provide the community, to more accurately assist me in this endeavor?
Solved! Go to Solution.
12-17-2006 11:12 AM
You can use "show ipx route" and show ipx server" to see other ipx devices on the network . Did you get the bridgeing to work or did you configure ipx routing on the 3750 ? If using bridgeing then use the "show bridge " command.
12-17-2006 09:01 AM
SH VER Results:
I am using the following System Image File:
c3750-ipservices-mz.122-25.SEE2
12-17-2006 09:31 AM
Switch#sh ver
Cisco IOS Software, C3750 Software (C3750-IPSERVICES-M), Version 12.2(25)SEE2, RELEASE SOFTWARE (fc1
)
Copyright (c) 1986-2006 by Cisco Systems, Inc.
Compiled Fri 28-Jul-06 08:46 by yenanh
Image text-base: 0x00003000, data-base: 0x010CE290
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(25r)SEB, RELEASE SOFTWARE (fc)
Switch uptime is 1 hour, 19 minutes
System returned to ROM by power-on
System image file is "flash:c3750-ipservices-mz.122-25.SEE2"
cisco WS-C3750-24TS (PowerPC405) processor (revision K0) with 118784K/12280K bytes of memory.
Processor board ID CAT0922N26R
Last reset from power-on
7 Virtual Ethernet interfaces
24 FastEthernet interfaces
2 Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address : XXXXXX
Motherboard assembly number : 73-9677-08
Power supply part number : 341-0034-01
Motherboard serial number : CAT092301LQ
Power supply serial number : DAB091404LU
Model revision number : K0
Motherboard revision number : B0
Model number : WS-C3750-24TS-S
System serial number : CAT0922N26R
Top Assembly Part Number : 800-25857-02
Top Assembly Revision Number : A0
Version ID : V05
CLEI Code Number : CNMV100CRE
Hardware Board Revision Number : 0x01
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 26 WS-C3750-24TS 12.2(25)SEE2 C3750-IPSERVICES-M
Configuration register is 0xF
Switch#conf term
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#int fa1/0/5
Switch(config-if)#switchport mode access
Command rejected: Fa1/0/5 not a switching port.
Switch(config-if)#
12-17-2006 09:07 AM
Do you have access to the other side of the link(s)? It's possible that something in one of your interim configs has caused the other side of the link to shut down the port on the other side (errdisable).
Do you have access to / can you insert a "sniffer" to see what the actual traffic flow is?
Check your access list(s)
Verify the IP addresses and mask(s) for the VLAN / IRB bridge group. Also check to see that the routes are proper (Default Gateway, Statics, etc)
That's all that comes to mind for now, I'm sure others will have some other suggestions.
Good Luck
Scott
12-17-2006 09:26 AM
This is a testament to the VALUE of the Cisco Forums. I did not expect to get a reply within 6 minutes on a Sunday morning. Thank you. I will provide as much detail as I can...
I am fairly new to this side of Networking. All my background is in Novell and Microsoft, with a little Security for balance.
To answer your questions:
I do not have a Sniffer that I can deploy though I just downloaded the 30 day version of SolarWinds for help. Is there a Sniffer in there? I am looking at the moment.
I have access to all the 2950s, except the one on the 3750 port that I just disabled. I do not have access to the Bay Networks Router as it belongs to the county. They won't be back until Monday.
I have no access lists enabled. I will forward a "cleaned" copy of my config that you can look at. Unless there is an IPX filter on the core router that I am not aware of, there should not be any. Up until three days ago, IPX and IP flowed freely through the core routers from their earlier building about a half mile away on the same fiber MetroNet. The routers should support IPX data traffic as they have for many years. The networks in question have every desire to switch to pure IP but this early move caught everyone, including the county experts, unprepared. I am learning a lot very fast on the fly. :-)
12-17-2006 09:46 AM
Switch#show runn
Building configuration...
Current configuration : 2773 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
service password-encryption
service sequence-numbers
!
hostname Switch
!
!
no aaa new-model
clock timezone CST -5
switch 1 provision ws-c3750-24ts
ip subnet-zero
ip routing
ip name-server 172.20.0.7
ip name-server 172.20.0.10
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
bridge crb
!
!
interface FastEthernet1/0/1
switchport access vlan 2
switchport mode access
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
description Org1 ! NOTE: Port I disabled with VLAN BRIDGE command
no switchport
no ip address
speed 100
duplex full
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
switchport access vlan 301
switchport mode access
speed 100
duplex full
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
switchport access vlan 101
switchport mode access
speed 100
duplex full
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
description Org5
switchport access vlan 200
switchport mode access
speed 100
duplex full
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
switchport access vlan 200
switchport mode access
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
switchport access vlan 101
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet1/0/1
switchport access vlan 200
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan2
ip address 172.20.12.251 255.255.252.0
!
interface Vlan101
ip address 10.131.26.1 255.255.255.0
!
interface Vlan102
ip address 10.131.27.1 255.255.255.0
!
interface Vlan200
ip address XXXX 255.255.255.0
!
interface Vlan201
ip address 10.131.32.1 255.255.255.0
!
interface Vlan301
ip address 10.131.36.1 255.255.255.0
!
router rip
version 2
network 10.0.0.0
network 172.20.0.0
network XXXX
no auto-summary
!
ip default-gateway XXXX
ip classless
ip route 0.0.0.0 0.0.0.0 XXXX
ip http server
!
!
!
control-plane
!
!
line con 0
password 7 xxxxxx
line vty 0 4
password 7 xxxxxx
no login
line vty 5 15
password 7 xxxxxx
no login
!
end
12-17-2006 10:02 AM
Switch05#sh runn
Building configuration...
Current configuration : 4144 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Switch05
!
enable secret 5 XXXX
!
clock timezone CST -5
ip subnet-zero
!
ip name-server 172.20.0.17
ip name-server 172.20.2.17
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
description Org1
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/2
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/3
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/4
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/5
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/6
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/7
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/8
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/9
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/10
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/11
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/12
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/13
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/14
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/15
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/16
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/17
switchport access vlan 102
switchport mode access
speed 100
duplex full
12-17-2006 10:04 AM
Continued from above:
!
interface FastEthernet0/18
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/19
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/20
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/21
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/22
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/23
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface FastEthernet0/24
switchport access vlan 102
switchport mode access
speed 100
duplex full
!
interface Vlan1
no ip address
no ip route-cache
shutdown
!
interface Vlan102
ip address 10.131.27.2 255.255.255.0
no ip route-cache
!
ip default-gateway 10.131.27.1
ip http server
snmp-server enable traps <..... removed for posting....>
!
line con 0
password 7 XXXX
line vty 0 4
password 7 XXXX
login
line vty 5 15
password 7 XXXX
login
!
!
end
12-17-2006 10:17 AM
to change back from a routed port just add the following to the interface. If you were trying to implement ipx on this network the definitions would go on the layer 3 SVI (vlan 102 ) definition not the port . If you do a show interface status you will probably see the port in question as "routed" , the comands below will change it to a switched port .
interface FastEthernet1/0/5
switchport
switchport mode access
switchport access vlan 102
no ip address
speed 100
duplex full
12-17-2006 11:05 AM
Is there a monitoring command that I can use to verify IPX traffic is going across the Switch?
SH IP INT BRIEF tells me that UP and UP on Status and Protocol. VLAN 201 is now functioning at the level that I witnessed prior to my changes as far as I can tell; it is also UP and UP.
12-17-2006 11:10 AM
Would the appropriate testing command be:
SHOW BRIDGE VLAN 201
Are there any other useful T/S commands that would be appropriate here?
12-17-2006 11:23 AM
12-17-2006 11:12 AM
You can use "show ipx route" and show ipx server" to see other ipx devices on the network . Did you get the bridgeing to work or did you configure ipx routing on the 3750 ? If using bridgeing then use the "show bridge " command.
12-17-2006 11:38 AM
I reconfigured the BRIDGING again using the VLAN. I was told that VLAN-BRIDGING was the only way to get IPX to flow across a Catalyst 3750 Switch with my IOS and Version.
I asked an Administrator from the organization in question to go into work or log in from home to see if he could now see his missing server again that is on that VLAN. I am 3 counties away, and I have no login rights to his network (remote or local), so I really cannot test it for him.
The Routers are also handled by another third organization, so I have no access to run commands on those devices for testing.
In case these child organizations are not converted from IPX to IP by the time my new network comes up in 2-3 months, will your mentioned SHOW IPX ROUTE and SHOW IPX SERVER commands work on Cisco 2800 and 2810 series Routers, which is what I will be using on the new network. It will be a managed network, so I should have A LOT of help by that time. The timing of this move, left me unsupported, and I was tasked to "make it happen".
12-17-2006 12:33 PM
I missed one step that was necessary to make it all work. I assumed that the Bridge went out the default gateway to the next network. I also tried to use two different VLAN Bridges for the two different organizations. I had to add the uplink VLAN to the same "BRIDGE-GROUP 1" that the first organization was added to. I then had to add the second organization to the same BRIDGE-GROUP, since only ONE Bridge-group could be added to the uplink.
I received a phone call from the administrator, saying his network was still not up. At that point I realized that I needed to add the Uplink to the same group. He can now see all his other servers, but he is getting SAP alarms, since the routers still think his server was supposed to be at the old building. At this point, my work is done, other than a phone call to the person responsible for the routers to make sure the SAP alarms go away and the IPX Network Number is pointing to the right building.
I want to offer a BIG THANK YOU to SCOTT and GLEN for all your advice. You guys are REAL PROS!!!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide