Hello Jon, here are the outputs:

show vlan brief results:

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/7, Gi1/16, Gi1/17, Gi1/18, Gi1/19, Gi1/20, Gi1/21, Gi1/22, Gi1/23, Gi1/24
100 VLAN0100 active Gi1/3, Gi1/4, Gi1/8, Gi1/9, Gi1/10, Gi1/11, Gi1/12, Gi1/25, Gi1/26, Gi1/27, Gi1/28, Gi1/29, Gi1/30, Gi1/31, Gi1/32, Gi1/33
Gi1/34, Gi1/35, Gi1/36, Gi1/37, Gi1/38, Gi1/39, Gi1/40, Gi1/41, Gi1/42, Gi1/43, Gi1/44, Gi2/3, Gi2/4, Gi2/8, Gi2/9, Gi2/10
Gi2/11, Gi2/12, Gi2/13, Gi2/14, Gi2/15, Gi2/16, Gi2/17, Gi2/18, Gi2/19, Gi2/20, Gi2/21, Gi2/22, Gi2/23, Gi2/25, Gi2/26, Gi2/27
Gi2/28, Gi2/29, Gi2/30, Gi2/31, Gi2/32, Gi2/33, Gi2/34, Gi2/35, Gi2/36, Gi2/37, Gi2/38, Gi2/39, Gi2/40, Gi2/41, Gi2/42, Gi2/43
Gi2/44, Gi2/45, Gi2/46, Gi2/47, Gi2/48, Gi3/3, Gi3/4, Gi3/5, Gi3/6, Gi3/7, Gi3/8, Gi3/9, Gi3/10, Gi3/11, Gi3/12, Gi3/13, Gi3/14
Gi3/15, Gi3/16, Gi3/17, Gi3/18, Gi3/19, Gi3/20, Gi3/21, Gi3/22, Gi3/23, Gi3/24, Gi3/25, Gi3/26, Gi3/27, Gi3/28, Gi3/29, Gi3/30
Gi3/31, Gi3/32, Gi3/33, Gi3/34, Gi3/35, Gi3/36, Gi3/37, Gi3/38, Gi3/39, Gi3/40, Gi3/41, Gi3/42, Gi3/43, Gi3/44, Gi3/45, Gi3/46
Gi4/1, Gi4/2, Gi4/3, Gi4/4, Gi4/5, Gi4/6, Gi4/7, Gi4/8, Gi4/9, Gi4/10, Gi4/11, Gi4/12, Gi4/13, Gi4/14, Gi4/15, Gi4/16, Gi4/17
Gi4/18, Gi4/19, Gi4/20, Gi4/21, Gi4/22, Gi4/23, Gi4/24, Gi4/25, Gi4/26, Gi4/27, Gi4/28, Gi4/29, Gi4/30, Gi4/31, Gi4/32, Gi4/33
Gi4/34, Gi4/35, Gi4/36, Gi4/37, Gi4/38, Gi4/39, Gi4/40, Gi4/41, Gi4/42, Gi4/43, Gi4/44, Gi4/45, Gi4/46, Gi4/47, Gi4/48, Gi5/1
Gi5/2, Gi5/5, Gi5/6, Gi5/7, Gi5/8, Gi5/9, Gi7/3, Gi7/4, Gi7/5, Gi7/6, Gi7/7, Gi7/8, Gi7/9, Gi7/10, Gi7/11, Gi7/12, Gi7/13, Gi7/14
Gi7/15, Gi7/16, Gi7/17, Gi7/18, Gi7/19, Gi7/20, Gi7/21, Gi7/22, Gi7/23, Gi7/24, Gi7/25, Gi7/26, Gi7/27, Gi7/28, Gi7/29, Gi7/30
Gi7/31, Gi7/32, Gi7/33, Gi7/34, Gi7/35, Gi7/36, Gi7/37, Gi7/38, Gi7/39, Gi7/40, Gi7/41, Gi7/42, Gi7/44, Gi7/45, Gi7/46, Gi7/47
Gi7/48, Gi8/1, Gi8/2, Gi8/3, Gi8/4, Gi8/5, Gi8/6, Gi8/7, Gi8/8, Gi8/9, Gi8/10, Gi8/11, Gi8/12, Gi8/13, Gi8/14, Gi8/15, Gi8/16
Gi8/17, Gi8/18, Gi8/19, Gi8/20, Gi8/21, Gi8/22, Gi8/23, Gi8/24, Gi8/25, Gi8/26, Gi8/27, Gi8/28, Gi8/29, Gi8/30, Gi8/31, Gi8/32
Gi8/33, Gi8/34, Gi8/35, Gi8/36, Gi8/37, Gi8/38, Gi8/39, Gi8/40, Gi8/41, Gi8/42, Gi8/45, Gi8/46, Gi8/47, Gi8/48, Gi9/1, Gi9/3
Gi9/4, Gi9/5, Gi9/6, Gi9/7, Gi9/8, Gi9/9, Gi9/10, Gi9/11, Gi9/12, Gi9/13, Gi9/14, Gi9/15, Gi9/16, Gi9/17, Gi9/18, Gi9/19, Gi9/20
Gi9/21, Gi9/22, Gi9/23, Gi9/24, Gi9/25, Gi9/26, Gi9/27, Gi9/28, Gi9/29, Gi9/30, Gi9/31, Gi9/32, Gi9/33, Gi9/34, Gi9/35, Gi9/36
Gi9/37, Gi9/38, Gi9/39, Gi9/40, Gi9/41, Gi9/42, Gi9/43, Gi9/44, Gi9/45, Gi9/46, Gi9/47, Gi9/48

101 VLAN0101 active

102 VLAN0102 active

200 comcast active Gi9/2

201 VLAN0201 active

220 MGMT active Gi1/45, Gi1/46, Gi1/47, Gi1/48, Po7

300 VLAN0300 active Gi1/13, Gi1/14, Gi1/15, Gi7/1, Gi7/2

999 VLAN0999 active

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

Vlan ip addresses from show ip interface brief command:

Vlan100 10.129.32.1 YES NVRAM up up
Vlan101 10.229.32.1 YES NVRAM administratively down down
Vlan102 10.130.32.1 YES NVRAM administratively down down
Vlan200 10.1.14.200 YES NVRAM up up
Vlan220 10.129.220.1 YES NVRAM up up
Vlan300 unassigned YES manual up up
Vlan500 10.2.8.1 YES NVRAM administratively down down
Vlan999 10.100.0.17 YES NVRAM administratively down down

You have no ip address on the SVI for vlan 300.

So you need to assign an IP and make that the default gateway for clients in vlan 300.

Jon

Thanks Jon and Unbelievable, I had 10.129.50.1 assigned to vlan 300 and was able to ping it. No idea how it was removed. I have added it again and it pings fine. 

I still cannot ping vlan 300 from other buildings. 

VLAN 100 is 10.129.32.1

VLAN 300 is 10.129.50.1

I can ping VLAN100 (10.129.32.1) from anywhere but not vlan300 (10.129.50.1). Both VLANs are on the same L3 switch. 

C:\Users\admin2>ping 10.129.32.1

Pinging 10.129.32.1 with 32 bytes of data:
Reply from 10.129.32.1: bytes=32 time=5ms TTL=251

C:\Users\admin2>ping 10.129.50.1

Pinging 10.129.50.1 with 32 bytes of data:
Request timed out.

Access list on the switch is:

Core#show access-lists
Standard IP access list inside_nat
10 permit 10.0.0.0, wildcard bits 0.255.255.255 (564159 matches)
Extended IP access list 100
10 permit gre any any
Extended IP access list 101
10 deny ip host 10.129.32.243 any (126947 matches)
20 deny ip host 10.129.33.118 any
30 permit ip any any (118867512 matches)
Extended IP access list trial2
10 permit ip host 10.129.32.243 any (126947 matches)
Extended MAC access list trial
permit host 0022.191b.8e5e any
permit host 0022.191b.6ba4 any

Thanks!

Saji

Saji

How are the other buildings connected ie. you said originally you had no trunk links so are you doing routiing for vlans in each buiding or does your 6500 do all the routing ?

What vlan is the client you are pinging from in and where is it's SVI ?

Jon

Hi Jon,

Between other building, they are connected via eigrp.

Both the vlans are on the same 6509 switch and has interface IPs. Yesterday one of the network guys fixed it but no one knows how. They can ping the svi ip address now. 

I have checked the switch to the best of my knowledge and do not see any "ip routing" in the running config. So the question I have is:

1. Can VLANS (svi's) in the same L3 switch communicate with eigrp routing? Or is EIGRP is needed only to communicate with L3 switches/routers at different locations?

2. Is "ip routing" used only for communication between multiple VLANS on the same L3 switch? can they talk without "ip routing" and with "eigrp" enabled?

Thanks!

Saji

Thank you Jon, that was a point answer.

One last question:

The trunk we have for vlan 300 svi has this configuration:

switchport
switchport trunk allowed vlan 300
switchport mode trunk
mls qos trust dscp
spanning-tree portfast edge

I usally see an encapsulation dot1q configured on the trunk. In that case, is there any other encapsulation configured by default?

Also, if the traffic here is only vlan300, can the port be an access port instead of a trunk port?

And what is the difference between spanning-tree portfast edge and portfast trunk

Thanks!

Saji

Thank you Jon, that was a point answer.
One last question:
The trunk we have for vlan 300 svi has this configuration:
switchport
switchport trunk allowed vlan 300
switchport mode trunk
mls qos trust dscp
spanning-tree portfast edge
I usally see an encapsulation dot1q configured on the trunk. In that case, is there any other encapsulation configured by default?
Also, if the traffic here is only vlan300, can the port be an access port instead of a trunk port?
And what is the difference between spanning-tree portfast edge and portfast trunk
Thanks!
Saji

Hi Saji,

I usally see an encapsulation dot1q configured on the trunk. In that case, is there any other encapsulation configured by default?

GI :- Cisco ISL is also another trunk encapsulation protocol cna be used but with NX-OS only supports 802.1Q trunking protocol.

Also, if the traffic here is only vlan300, can the port be an access port instead of a trunk port?

GI :- Yes, If you are only allowing vlan 300 then you can configure access port at both side of the switches but normall recommendation is to have trunk so that in future you can allow multiple vlans between switches.

And what is the difference between spanning-tree portfast edge and portfast trunk

GI :- On an access port, both spanning-tree portfast and spanning-tree portfast trunk cause the port to act as a PortFast-enabled.

The spanning-tree portfast has no effect on trunk ports. If you want to make a trunk port become Forwarding imediately after coming up, you need the spanning-tree porfast trunk command. 

Hope if it Helps..

-GI

Rate if it Helps.

Thanks GI,

1) If I have to allow vlan 100 also, can I add "switchport trunk allowed vlan 300, 100" ? Would that allow vlan 100 and 300 without being a trunk?

2) I guess if I make it a trunk, it will allow all vlans without mentioning it seperately as "switchport trunk allowed vlan 300, 100"?

Regards,

Saji

Great. Thanks GI and Jon. I now know little bit more about Cisco.

1) it would have to be a trunk

2) see Ganesh's reply.

One last thing.

If you make the link an access port then you cannot use VTP to send the vlan information from one switch to another.

So you would need to create the vlans on each switch manually.

Which is no bad thing.

Jon

It depends on the IOS version on the 6500.

If it is 12.2SX and there is no encapsulation specified the switch will negotiate the enacapsulation with the other device and the 6500 with this IOS version supports both ISL and 802.1q so it depends.

Do a "sh int trunk" to see what it has negotiated

The access port or trunk question raises an interesting point actually in terms of control plane traffic and to be honest never really occured to me before as I always use trunks between switches.

As Ganesh says you can make both ends access ports and it would work but I am just wondering how the control plane traffic between switches then works.

I might lab this up today and will post back or amend this post with an update.

If the port connects to an end device though then yes it could be an access port.

Finally if that port is connected to another switch you don't want portfast edge on it.

That command can be used for connections to clients, server, routers etc.

The trunk version is for connections to end devices who are tagging on their NICs.

If it is connected to another switch I would recommend removing it but only out of hours as it could affect the STP topology and you can never be sure.

Any other queries please feel free to ask.

Jon