Re: inter-vlan communication

pacsniffing · ‎03-12-2009

Hey One and all;

I'm having an issue that I need to figure out and would like advice/guidance in how I can resolve it. Here goes: our company has a domain in which we have a few computers; the company has several departments and we decided to segment the network using VLANS . our core device is a catalyst 3750 switch and that is also doing the inter-vlan routing. I can ping any machine and I can access applications from our application server from any other VLAN. However if I try to \\computername to machines in another VLAN I get an error stating that the network path was not found. If I try the command between 2 machines that are in the same VLAN it works; but across VLANs it's a no go. I have checked the configuration and there is no access-list restricting traffic across the VLANs. Any ideas, guidance, information on resolving this matter would be greatly appreciated.

lamav · ‎03-12-2009

Can you post the config of the 3750 switch that is doing the i-v routing and provide some more architecture info?

Tshi M · ‎03-12-2009

It sounds like ports 445 and 139 are blocked somewhere though you did mention of no ACL.

Joseph W. Doherty · ‎03-12-2009

Are these computers Windows systems? If I recall correctly, Windows treats DNS name resolution differently from NetBIOS name resolution (or did). I'm not current with Windows technology, but the NetBIOS name resolution used to be done by WINS servers. I think Windows has improved the integration between IP and NetBIOS, but don't know what the currrent scheme is for Windows off local subnet name resolution. (Same subnet used to be resolved by local broadcast.) Something you might want to check.

pacsniffing · ‎03-12-2009

Thanks for all the responses, yes the systems are all windows XP with one or two of them being win2k please find attached text of config and network diagram. our current network does not have any WINS servers

Tshi M · ‎03-12-2009

Did you try to use IP address rather than FQDN?

pacsniffing · ‎03-12-2009

yes i did but i get the same error as if i used the FQDN

Joseph W. Doherty · ‎03-12-2009

So something like:

net use x: \\ahost\ashare

or

net use x: \\#.#.#.#\ashare

works on the same subnet but neither works across subnets, yet both ping ahost or ping #.#.#.# work?

pacsniffing · ‎03-12-2009

Yes that is correct

Joseph W. Doherty · ‎03-12-2009

I was afraid you were going to say that.

I didn't see anything that looked wrong in your 3750 config, but I didn't sift through it either.

Other than what another poster inquired about blocking NetBIOS ports, which doesn't seem the case, the only other thing that comes to mind is somehow your clients NetBIOS isn't running over TCP (IPv4) but uses something else that works on a local segment.

I'm too rusty at Windows client support to recall what all you might look at. You might seach Microsoft's knowledgebase.

I was afraid you were going to say that.

I didn't see anything that looked wrong in your 3750 config, but I didn't sift through it either.

Other than what another poster inquired about blocking NetBIOS ports, which doesn't seem the case, the only other thing that comes to mind is somehow your clients NetBIOS isn't running over TCP (IPv4) but uses something else that works on a local segment.

I'm too rusty at Windows client support to recall what all you might look at. You might seach Microsoft's knowledgebase.

[edit]

PS:

To help confirm its a Windows NetBIOS/client issue, you might try a "pure" IP service on your Windows hosts like HTTP, FTP, Telnet, etc. across your VLANs. (The fact that you note some other applications work, might already validate this.)

Tshi M · ‎03-12-2009

I as Joseph did not see anything on your configuration. Could you try to telnet to port 445 and 139 across VLAN?

pacsniffing · ‎03-13-2009

thanks for the responses, even though i can't \\ to the machines i can use a remote access application that works over http for eg i can go to http://machinename:22222 and can connect to the machine and resolve user issues

Tshi M · ‎03-13-2009

were you able to telnet to port 445 and 139 from one host on a vlan to the another host on a different vlan?

pacsniffing · ‎03-13-2009

no i was not able to i get a connection failed error: as per below

I:\>telnet 172.20.31.16 445

Connecting To 172.20.31.16...Could not open connection to the host, on port 445:

Connect failed

sharma16031981 · ‎03-13-2009

first correct the port configuration. You have configured trunk and access port on same port.

you have created interfaces for different vlans have you created vlans for them.

if you are running stp and your vlan info is shown in sh vlan in 3750 then check your access layer switches they are learning about those vlans or not.

If not, configure stp on them or create vlans manually in all of the switches.

Configured trunk properly so that different vlan traffic can flow through them.

Most probably the problem is with trunk port config and vlan flow problem.

HTH