leolaohoo wrote:
Is your diagram right?  Is 10.10.10.0/24 the managmenet IP address for VLAN 10 or 20?  And you've got access ports?  How can inter-vlan work if your uplinks are all access ports instead of trunks?

Leo

The setup is fine. This is the way to connect devices running in transparent mode ie. on each side of the transparent device, the IPS in this case, you have the same IP subnet because the device is simply acting at L2. So it has to be the same IP subnet on both sides. But you can't use the same vlan on both sides otherwise you get an STP loop, so you use 2 vlans and literally "join" them with the transparent device.

This is the way you deply the FWSM/IPS/ACE modules in transparent mode.

Jon

Jon,

That is exact what I am dooing. But it is not working on the 3560. I also replaced the IPS with a crossover cable, wich causes the same issue.

But it is working on two diffrent 4507R. (Same IOS Version 12.2(20))

Christoph

christoph.bloos wrote:
Jon,
That is exact what I am dooing. But it is not working on the 3560. I also replaced the IPS with a crossover cable, wich causes the same issue.
But it is working on two diffrent 4507R. (Same IOS Version 12.2(20))
Christoph

Christoph

How are you trying to access the routers ie. is it with ping from the 3560 ? If so are you using vlan 20 as the source interface ?

Can you also check on what STP is doing regarding the links.

Jon

Hi Jon,

I am pining from the 3560 with sourch interface 10.10.10.3

If I connect a device via access port to VLAN20 (laptop) with IP 10.10.10.4, I can reach the 10.10.10.1 and .2, also in other direction.

below the  "sh spanning-tree"

gi0/1 is a router (10.10.10.1) VLAN10

gi0/11 is the IPS VLAN10

gi0/12 is the IPS VLAN20

gi0/23 is a Laptop (10.10.10.4) VLAN20

VLAN0010
  Spanning tree enabled protocol rstp
  Root ID    Priority    24707
             Address     0012.daa4.11c0
             Cost        27
             Port        1 (GigabitEthernet0/1)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0013.1a8d.e280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/1            Root FWD 19        128.1    P2p
Gi0/11           Desg FWD 4         128.11   P2p

VLAN0020
  Spanning tree enabled protocol rstp
  Root ID    Priority    24707
             Address     0012.daa4.11c0
             Cost        31
             Port        13 (GigabitEthernet0/13)
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0013.1a8d.e280
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Gi0/13           Root FWD 4         128.13   P2p
Gi0/23           Desg FWD 4         128.23   Edge

Christoph

Hi all,

I have found a way where it is working:

I have added an IP for the VLAN 10

     Interface VLAN 10

          ip address 192.168.0.1 255.255.255.0

Than it is working! But this IP is not used...

And It is also working without ip routing enabled!

If this is the work arround I can live with it ;-)

Thanks!

Christoph