- Cisco Community
- Technology and Support
- Networking
- Switching
- Re: New Vlan - Packets bouncing between switch and firewall
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
New Vlan - Packets bouncing between switch and firewall
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 01:53 PM
Hi,
I am having a problem with some new vlans I created.
We are getting ready to implement a new phone system and I was working on setting up new vlans that will be used for voice.
My network is hub and spoke (P2P). All switches layer 3 - 2960x
I have created the new vlans on the main switch (hub location) and also the appropriate vlan for the remote site (spoke).
When I ping the new vlan from the remote switch, all packets die. When I ping from my desktop, I get TTL expired in transit. So from there I did a tracert to the vlan and it appears the packets are bouncing back and forth between the hub switch and firewall (gateway) until the TTL expires.
I have tried adding (and then removing) static routes to the vlans with the same results.
Any help is appreciated!
- Labels:
-
Catalyst 2000
-
LAN Switching
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 02:13 PM
Hello,
post the configs of the switches and a schematic overview of how they are connected...
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
08-18-2020 03:47 PM
Hi George,
Thank You for the reply. Your assistance is appreciated.
The network is a simple Point to Point (like a long ethernet cable) where as the main switch does all the routing. The remote sites all connect via an ELan with our service provider. In this situation, the new vlan I created is vlan 43 (bolded and underlined). On the main switch, I have added a static route, that didn't seem to help.
When I ping 10.120.43.1 on the remote site, the packets die. When I ping from my desktop, directly connected to the main switch, I get TTL expired in transit.
When I do a tracert (again from my pc) the packets bounce between my main switch (hpcsw01 in the graphic) and my barracuda firewall. (See attached graphic).
Thanks again for your help!
Below are the configs, I have also attached them in TXT format.
Here is the config of the Hub switch (main switch):
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
service sequence-numbers
!
hostname hpcsw01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$yo8a$uujBUeH.lu09E5FC8KHp20
!
username admin privilege 15 password 7 08075E410D1B101C434A
!
!
no aaa new-model
clock timezone EDT -5
clock summer-time EDT recurring
system mtu routing 1500
ip routing
!
!
ip domain-name hampark.com
ip name-server 10.10.2.18
ip name-server 10.10.2.19
!
!
crypto pki trustpoint TP-self-signed-3944580224
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3944580224
revocation-check none
rsakeypair TP-self-signed-3944580224
!
!
crypto pki certificate chain TP-self-signed-3944580224
certificate self-signed 01
3082024B 308201B4 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 33393434 35383032 3234301E 170D3933 30333031 30303031
32335A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 39343435
38303232 3430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
8100A7A7 FAE4D11C B637ADB1 B2839667 0FDCBC1D 0C5D9534 03E89CA9 89AF5379
C3849346 C8343440 F046A752 7D9A87E2 7F9CB73B 51F2CB16 E7085545 DB1942CB
D7477749 312478B5 EB7BA7C5 3049B9CB C938E033 ABF1D211 A61AADF7 9AE42F45
C38985CD E246A7FC E8F5DAFE 5BA72B2C 2B9FA124 85648BE5 31666B32 893CBD1C
83470203 010001A3 73307130 0F060355 1D130101 FF040530 030101FF 301E0603
551D1104 17301582 13687063 73773031 2E68616D 7061726B 2E636F6D 301F0603
551D2304 18301680 142A2F0D A1BF9316 A2BF0868 4BFBF0D3 E3A4562D 52301D06
03551D0E 04160414 2A2F0DA1 BF9316A2 BF08684B FBF0D3E3 A4562D52 300D0609
2A864886 F70D0101 04050003 81810023 824CD591 5F7EC839 6DE5E299 D8AACB75
902F4925 F32D3A16 C5E3A4A3 F4E002DE D5ADB0BC 57E20809 FF69D34C 8F636AB2
630FADD7 695294C2 20D79BE2 0FDA9C94 AFE5C45C DDEA9C99 8232C530 A7BD7E33
BF0FA581 14FBF214 008638C8 43226940 91CDFA5B B7CD3AB5 333DC884 DB7E8E9F
EC7ADA57 0C850C3C 5A7C855D 91BD0B
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
description Port Channel to HPCSW07
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
description Port Channel to HPCSW08
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
description to 2970
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/2
description to 2960
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/3
description to Cisco ASA Internet
no switchport
ip address 192.168.20.1 255.255.255.0
speed 100
duplex full
!
interface GigabitEthernet0/4
description to Cincy VPLS
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/5
description to DE VPLS
switchport access vlan 2
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/6
!
interface GigabitEthernet0/7
description data_2960_uplink
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/8
description Uplink to HPCSW04
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/9
description to SF500
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/10
description to SF300
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet0/11
description to CLE VPLS
switchport access vlan 40
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet0/12
description A2 - MClotts
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/13
description to 3250TG
switchport trunk encapsulation dot1q
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
switchport access vlan 4
switchport mode access
!
interface GigabitEthernet0/24
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface GigabitEthernet0/29
!
interface GigabitEthernet0/30
!
interface GigabitEthernet0/31
!
interface GigabitEthernet0/32
!
interface GigabitEthernet0/33
!
interface GigabitEthernet0/34
!
interface GigabitEthernet0/35
!
interface GigabitEthernet0/36
!
interface GigabitEthernet0/37
description Untangle Server
switchport access vlan 22
switchport mode access
!
interface GigabitEthernet0/38
!
interface GigabitEthernet0/39
description Uplink to HPCSW08 G1/0/47
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet0/40
description Uplink to HPCSW08 G1/0/48
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 2 mode active
!
interface GigabitEthernet0/41
description Uplink to HPCSW07
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/42
description Uplink to HPCSW07
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/43
description Uplink to HPCSW07
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/44
description Uplink to HPCSW07
switchport trunk encapsulation dot1q
switchport mode trunk
channel-group 1 mode active
!
interface GigabitEthernet0/45
description Barracuda Managemnt
!
interface GigabitEthernet0/46
!
interface GigabitEthernet0/47
!
interface GigabitEthernet0/48
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
description Columbus Data
ip address 10.10.1.1 255.255.255.0 secondary
ip address 192.168.1.254 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan2
description Delaware Data
ip address 10.20.1.1 255.255.255.0 secondary
ip address 192.168.2.254 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan3
description Cincinnati Data
ip address 10.30.1.1 255.255.255.0 secondary
ip address 192.168.3.254 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan4
description Columbus Workstations
ip address 10.10.4.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan8
description Wireless
ip address 10.10.8.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan11
ip address 192.168.11.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan12
ip address 192.168.12.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan13
ip address 192.168.13.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan16
description Columbus vMotion
ip address 10.10.16.1 255.255.255.0
!
interface Vlan22
description Columbus Servers
ip address 10.10.2.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan23
description Columbus iSCSI
ip address 10.10.3.1 255.255.255.0
!
interface Vlan24
description HamiltionParker SSID
ip address 10.10.24.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan28
description mobile SSID
ip address 10.10.28.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan32
description HamiltonParkerGuest SSID
ip address 10.10.32.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan40
description Cleveland Data
ip address 10.40.1.1 255.255.255.0 secondary
ip address 192.168.40.254 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan41
description HamiltonParkerAirtame SSID
ip address 10.10.41.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan42
description Columbus VoIP
ip address 10.110.42.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan43
description Delaware VoIP
ip address 10.120.43.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan44
description Cincinnati VoIP
ip address 10.130.44.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan45
description Cleveland VoIP
ip address 10.140.45.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.41
ip route 10.20.0.0 255.255.0.0 192.168.2.253
ip route 10.30.0.0 255.255.0.0 192.168.3.253
ip route 10.40.0.0 255.255.0.0 192.168.40.253
ip route 10.120.43.0 255.255.255.0 192.168.2.253
ip route 10.130.44.0 255.255.255.0 192.168.3.253
ip route 10.140.45.0 255.255.255.0 192.168.40.253
ip http server
ip http secure-server
!
arp 192.168.1.7 03bf.c0a8.0107 ARPA
snmp-server community private RW
!
!
line con 0
line vty 0 4
login local
transport input all
transport output none
line vty 5 15
login local
transport input all
transport output none
!
ntp clock-period 36027809
ntp server 10.10.2.18 prefer
ntp server 10.10.2.19
end
Here is the config of the remote switch (spoke):
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname DELSW01
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$7Ruy$jFjLkq3dqMKxKR4uSq5131
!
username admin password 7 06201D2E484C1C125456
username cisco password 7 110A1016141D
no aaa new-model
switch 1 provision ws-c2960x-48fpd-l
ip routing
!
!
ip domain-name hampark.com
ip name-server 10.10.2.18
ip name-server 10.10.2.19
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-838720640
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-838720640
revocation-check none
rsakeypair TP-self-signed-838720640
!
!
crypto pki certificate chain TP-self-signed-838720640
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38333837 32303634 30301E17 0D313830 33313331 39353730
325A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3833 38373230
36343030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
A08B2832 3EADE565 AF7E057F ABB91A0C A16C4F47 A3013ABB 30CD80E6 D79F745D
3323108B 58EFE422 E80845A9 05AC2B5B 24FBC349 9CA09313 C6F898C2 F9CB136B
0AC56298 0622E8E7 0832A5BF AB184856 33EA2EAE BD32B147 D78499F0 D645F523
C909D188 BDB631FB 2B958EDB AD2AC5E1 8267A9E3 85E94AD6 62F7E2CD 81B66537
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 168014A2 4617049B 0071385A B59CF4DF 33226ADA 33488830 1D060355
1D0E0416 0414A246 17049B00 71385AB5 9CF4DF33 226ADA33 4888300D 06092A86
4886F70D 01010505 00038181 001A56C9 B387F97F 7CAA7B21 4DF95D97 9DE40166
A93503EE 95971E79 2026A6CB F8925225 207E7E09 4491A3EC 64E2DB28 0BDF3F1A
C54B65EF 04F4F04C 7469C23E 6F90E44A DEA04F92 FA44966B 43AAB04D 8321FE83
91285BAE AD411555 BCAE79A0 9625DB1A DD32F895 2A969E61 234BB04A 43DC0766
4DA61202 5C47A398 D75895D5 21
quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface GigabitEthernet1/0/1
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/2
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/3
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/4
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/5
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/6
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/7
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/8
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/9
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/10
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/11
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/12
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/13
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/14
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/15
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/16
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/17
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/18
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/19
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/20
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/21
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/22
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/23
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/24
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/25
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/26
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/27
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/28
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/29
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/30
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/31
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/32
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/33
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/34
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/35
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/36
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/37
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/38
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/39
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/40
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/41
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/42
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/43
description DELOAP01
switchport trunk allowed vlan 8,24,28,32
switchport trunk native vlan 8
switchport mode trunk
!
interface GigabitEthernet1/0/44
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/45
description Workstation
switchport mode access
!
interface GigabitEthernet1/0/46
description DELAP01
switchport trunk allowed vlan 8,24,28,32
switchport trunk native vlan 8
switchport mode trunk
!
interface GigabitEthernet1/0/47
description DELAP02
switchport trunk allowed vlan 8,24,28,32
switchport trunk native vlan 8
switchport mode trunk
!
interface GigabitEthernet1/0/48
description Uplink to HPCSW1
switchport mode access
speed 100
duplex full
!
interface GigabitEthernet1/0/49
!
interface GigabitEthernet1/0/50
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
ip address 192.168.2.253 255.255.255.0
!
interface Vlan4
description Workstations
ip address 10.20.4.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan8
description Wireless
ip address 10.20.8.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan24
description HamiltonParkerSSID
ip address 10.20.24.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan28
description hpmobileSSID
ip address 10.20.28.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan32
description HamiltonParkerGuestSSID
ip address 10.20.32.1 255.255.252.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
interface Vlan43
description VoIP
ip address 10.120.43.1 255.255.255.0
ip helper-address 10.10.2.18
ip helper-address 10.10.2.19
!
ip default-gateway 192.168.2.254
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.2.254
ip route 0.0.0.0 0.0.0.0 10.20.1.1
!
!
!
line con 0
logging synchronous
login local
line vty 0 4
password 7 03224904020D34471F48
login local
transport input ssh
line vty 5 15
password 7 03224904020D34471F48
login local
transport input ssh
!
!
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
