Solved: Problem to reach Vlan 1 Interfaces of 2960-X Switches after Migration to SVI/new Vlan Design

1pdemharter · ‎08-17-2020

Hi,

after migration to an SVI design, the 'old' vlan 1 interfaces are not reachable.

The old design was as follows:

Internet - ASA ------- 2960-X-SW 1 ------Trunk to ------- 2960-X-SW 2 only vlan 1 one subnet.

After introducing the vlan design vlan 10, vlan 20, etc. all works fine, except the old vlan 1 IP-interfaces on SW1 and SW 2 aren't not reachable from the new vlans 10 and 20 (for example ping from a client in vlan 10 or vlan 20 fails!)

During migration SW was chosen as SVI (routing) switch, so the new design is as follows:

vlan 10, 20 clients

and transfer to ASA/Internet

!

SVI-2960-X-SW 1

! ! (= trunk)

x.x.134.0 !

! !

Internet ----------ASA 2960-X-SW 2

(with vlan 10, 20 clients)

The relevant switch configuration are as follows:

Config SVI Switch:

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname SVI Switch

!

interface GigabitEthernet1/0/1

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

! output omitted

!

interface GigabitEthernet1/0/50

shutdown

!

interface TenGigabitEthernet1/0/1

description core: 3OG->4OG

switchport mode trunk

switchport nonegotiate

udld port

ip dhcp snooping trust

!

interface Vlan1

ip address x.x.134.1 255.255.255.0

!

interface Vlan10

ip address x.x.10.1 255.255.255.0

!

interface Vlan20

ip address x.x.20.1 255.255.255.0

ip helper-address x.x.x.x

!

ip route 0.0.0.0 0.0.0.0 x.x.134.5

! to Internet

!

no vstack

!

Config SW connect via trunk to SVI switch

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname SW-via Trunk

!

interface GigabitEthernet1/0/1

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/3

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

… Output omitted

!

interface GigabitEthernet1/0/49

!

interface GigabitEthernet1/0/50

interface TenGigabitEthernet1/0/1

switchport mode trunk

switchport nonegotiate

udld port

ip dhcp snooping trust

!

interface TenGigabitEthernet1/0/2

!

interface Vlan1

ip address x.x.134.10 255.255.255.0

!

ip route 0.0.0.0 0.0.0.0 x.x.134.5

!

end

Any ideas, many thx in advance for your help.

Pete

Seb Rupik · ‎08-17-2020

Hi there,

The switch 'SW-via Trunk' does not know how to reach VLANs 10 and 20. you need to add entires to is route table:

!
ip route x.x.10.x 255.255.255.0 x.x.134.1
ip route x.x.20.x 255.255.255.0 x.x.134.1
!

...(you will need to fill in the x's !)

The ASA will need to be configured to NAT your new VLANs. It will also need to know how to reach the new VLANs. Add route entries for those subnets directing traffic to x.x.134.1

cheers,

Seb.

View solution in original post

Seb Rupik · ‎08-17-2020

Hi there,

The switch 'SW-via Trunk' does not know how to reach VLANs 10 and 20. you need to add entires to is route table:

!
ip route x.x.10.x 255.255.255.0 x.x.134.1
ip route x.x.20.x 255.255.255.0 x.x.134.1
!

...(you will need to fill in the x's !)

The ASA will need to be configured to NAT your new VLANs. It will also need to know how to reach the new VLANs. Add route entries for those subnets directing traffic to x.x.134.1

cheers,

Seb.

1pdemharter · ‎08-18-2020

Hi Seb,
my thx, I'll check it, thx for the hints to ASA, here all works as expected ... !
Will come back .....

Peter

1pdemharter · ‎08-22-2020

Hi.

works fine solved
thx

Peter