Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1122
Views
0
Helpful
5
Replies

Intervlan switching on a layer 3 switch, not working no other issues in formans match

cindymcgeever
Level 1
Level 1

‎06-27-2012 05:51 PM - edited ‎03-07-2019 07:30 AM

                   Hello.  I have never configured a catalyst 3560 for inter VLAN switching and I am on a project with no support, this may be very basic for some.    The issue I am having is ONE I am not even sure if I am doing this correctly so I do not know where the problem is

The project is to take 5 existing stub networks with semi dumb switches ( not cisco ) hook them all up to a managed switch and on this switch there will be a server that all past stub networks will need to access for backups.   I was using a router but the flash port died, not the card, the port, so now I am stuck doing what I can with the layer three switch.  In the end I will need the server to be able to access the internet as well for RDP sessions.

The switch is plugged into another switch where the config is unknown so if I can somehow get the uplink interface to be DHCP, that would be great.

I was able to ping each VLAN and devices behind the VLANs with the server running Windows 2008 as long as I was on the VLAN of the devices ONLY, otherwise I could not talk to the deivces.    I added multiple IP's and gateways to the server and this did not work.

One subnet did not even have a gateway so I am using Proxy ARP.

Power inline never had to be activated because the ports were bouncing due to it being on.

Please help..

IOS

Cisco IOS Software, C3560 Software (C3560-IPBASE-M), Version 12.2(35)SE5, RELEASE SOFTWARE (fc1)

System image file is "flash:c3560-ipbase-mz.122-35.SE5/c3560-ipbase-mz.122-35.SE5.bin"

CONFIG:

enable password cisco

!

username cisco password 0 cisco

no aaa new-model

system mtu routing 1500

vtp domain cisco

vtp mode transparent

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree logging

spanning-tree portfast bpdufilter default

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 31

name PLC31

!

vlan 32

name PLC32

!

vlan 74

name PLC74

!

vlan 100

name-Server

!

interface FastEthernet0/1

power inline never

switchport access vlan 31

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface FastEthernet0/2

description PLC Port VLAN 74

power inline never

switchport access vlan 74

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface FastEthernet0/3

description PLC port VLAN 74

power inline never

switchport access vlan 74

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface FastEthernet0/4

description PLC port VLAN 74

power inline never

switchport access vlan 74

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface FastEthernet0/5

description PLC port VLAN 32

power inline never

switchport access vlan 32

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface FastEthernet0/6

power inline never

shutdown

!

interface FastEthernet0/7

power inline never

shutdown

!

interface FastEthernet0/8

power inline never

SERVER VLAN

switchport access vlan 100

switchport mode dot1q-tunnel

spanning-tree portfast

!

interface GigabitEthernet0/1

description -=Server=-

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan1

no ip address

interface Vlan31

ip address 192.168.31.0 255.255.240.0

!

interface Vlan32

ip address 192.168.32.254 255.255.255.0

!

interface Vlan74

ip address 172.29.75.158 255.255.255.0

!

interface Vlan100

ip address 192.168.254.254 255.255.255.0

!

ip default-gateway 172.19.75.1   ??????????

ip classless

ip route 0.0.0.0 0.0.0.0 0.0.0.0

no ip http server ??????????????

!

!

control-plane

!

!

line con 0

line vty 0 4

password cisco

login

line vty 5 15

password cisco

login

!

end

Labels:
0 Helpful
5 Replies 5

gdeangelis
Level 1
Level 1

‎06-27-2012 07:11 PM

Not knowing the configuration on the dumb switch, I'd try removing the dot1q statement or if the dumb switches can handle trunking, change the port to trunk.

Sent from Cisco Technical Support iPad App

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to gdeangelis

‎06-28-2012 05:43 AM

The original post mentions 5 stub networks. But the config has only 4 networks of which one seems to be the network for the server. So what about the other 2 networks?

Also the original post talks about semi dumb switches. Would I be correct in assuming that each of those switches had one (and only one) of these networks? If so then connecting each of those switches to a port in the 3560 which was in a separate VLAN would be the easy way to identify and access the stub networks.

I am not clear from the config where the server is connected. Is it on Fast0/8 or is it on Gig0/1? And is the server really doing dot1Q trunking? 

This config has 3 VLANs configured for what appear to be user VLANs. Assuming that the hosts on these VLANs are configured with IP addresses and masks that are consistent with what is configured on the switch, and assuming that the hosts configured default gateway is the address configured on the switch VLAN interface then I would think that routing between the VLANs should be working.

There is an ip default-gateway configured. But with ip routing enabled the switch will not use this. It is not necessary to remove it, but be aware that it will not be used.

There is a sort of default route configured but it is not configured correctly.

ip route 0.0.0.0 0.0.0.0 0.0.0.0

The last 0.0.0.0 should be the address of the next hop device that will get to outside. We do not know enough about the network environment to know what that should be at this point.

HTH

Rick

HTH

Rick
0 Helpful

gdeangelis
Level 1
Level 1
In response to Richard Burts

‎06-28-2012 07:27 AM

You might be on to something with the server trunk. If if is on gig1 and that is configured as a trunk that would explain it all. Routing could be working just fine but if the server is where they are trying to ping from it makes sense why it isn't working correctly. The server port should be an access port

Sent from Cisco Technical Support iPhone App

0 Helpful

cindymcgeever
Level 1
Level 1
In response to Richard Burts

‎06-28-2012 08:37 AM

The server is on port 8 which is set to VLAN100

The reason you only see 3 networks is because 2 of them have different IP ranges so I was able to seperate them onto a VLAN, when discovering the other three networks they want seperated, I found that they all have the exact same gateway and IP range.  Behind the switches are several different devices doing something different and they all come to a dumb switch running VLAN 1 and the three networks have the same gateway which is listed in the VLAN interface.. each network is connected to a switch which now connects to my switch. I was able to make that VLAN with the shared gateway and I could ping each device....

getting them seperated is a whole other beast and my router crashed and it will not be possible because the Switch I have cannot do NAT, so for now I am making all ports for the networks that use the same gateway, on the same VLAN.  There are no duplicate IP's..

Also, I just added the dot1q trunking as a test to see if this would work...  I also have had the switches port as trunking and access... sigh...

0 Helpful

cindymcgeever
Level 1
Level 1
In response to Richard Burts

‎06-28-2012 08:40 AM

Oh and Rick your very last comment will help a lot! Thank you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card