cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
983
Views
0
Helpful
3
Replies

Problem to reach Vlan 1 Interfaces of 2960-X Switches after Migration to SVI/new Vlan Design

1pdemharter
Level 1
Level 1

Hi,

 

after migration to an SVI design, the 'old' vlan 1 interfaces are not reachable. 

The old design was as follows:

 

Internet -   ASA ------- 2960-X-SW 1 ------Trunk to ------- 2960-X-SW 2 only vlan 1 one subnet.

 

After introducing the vlan design vlan 10, vlan 20, etc. all works fine, except the old vlan 1 IP-interfaces on SW1 and SW 2 aren't not reachable from the new vlans 10 and 20 (for example ping from a client in vlan 10 or vlan 20 fails!)

 

During migration SW was chosen as SVI (routing) switch, so the new design is as follows:

                                   

                                   vlan 10, 20 clients

                                   and transfer to ASA/Internet 

                                                !

                                  SVI-2960-X-SW 1

                                  !                            ! (= trunk)

                        x.x.134.0                        !

                                  !                            !

Internet ----------ASA                         2960-X-SW 2

                                                               (with vlan 10, 20 clients)

 

The relevant switch configuration are as follows:

 

Config SVI Switch:

 

version 15.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname SVI Switch

!

interface GigabitEthernet1/0/1

switchport access vlan 10

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/2

switchport access vlan 20

switchport mode access

spanning-tree portfast

!

! output omitted

!

interface GigabitEthernet1/0/50

shutdown

!

interface TenGigabitEthernet1/0/1

description core: 3OG->4OG

switchport mode trunk

switchport nonegotiate

udld port

ip dhcp snooping trust

!

!

interface Vlan1

ip address x.x.134.1 255.255.255.0

!

interface Vlan10

ip address x.x.10.1 255.255.255.0

!

interface Vlan20

ip address x.x.20.1 255.255.255.0

ip helper-address x.x.x.x

!

!

ip route 0.0.0.0 0.0.0.0 x.x.134.5

! to Internet

!

no vstack

!

 

Config SW connect via trunk to SVI switch

 

no service pad

service timestamps debug datetime msec

service timestamps log datetime

service password-encryption

!

hostname SW-via Trunk

!

!

interface GigabitEthernet1/0/1

 switchport access vlan 20

 switchport mode access

 spanning-tree portfast

!

interface GigabitEthernet1/0/2

 switchport mode access

 spanning-tree portfast

!

interface GigabitEthernet1/0/3

 switchport access vlan 10

 switchport mode access

 spanning-tree portfast

!

!

… Output omitted

!

!

interface GigabitEthernet1/0/49

!

interface GigabitEthernet1/0/50

interface TenGigabitEthernet1/0/1

 switchport mode trunk

 switchport nonegotiate

 udld port

 ip dhcp snooping trust

!

interface TenGigabitEthernet1/0/2

!

interface Vlan1

 ip address x.x.134.10 255.255.255.0

!

!

ip route 0.0.0.0 0.0.0.0 x.x.134.5

!

end

Any ideas, many thx in advance for your help.

 

Pete

1 Accepted Solution

Accepted Solutions

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

The switch 'SW-via Trunk' does not know how to reach VLANs 10 and 20. you need to add entires to is route table:

!
ip route x.x.10.x 255.255.255.0 x.x.134.1
ip route x.x.20.x 255.255.255.0 x.x.134.1
!

...(you will need to fill in the x's !)

 

The ASA will need to be configured to NAT your new VLANs. It will also need to know how to reach the new VLANs. Add route entries for those subnets directing traffic to x.x.134.1

 

 

cheers,

Seb.

 

View solution in original post

3 Replies 3

Seb Rupik
VIP Alumni
VIP Alumni

Hi there,

The switch 'SW-via Trunk' does not know how to reach VLANs 10 and 20. you need to add entires to is route table:

!
ip route x.x.10.x 255.255.255.0 x.x.134.1
ip route x.x.20.x 255.255.255.0 x.x.134.1
!

...(you will need to fill in the x's !)

 

The ASA will need to be configured to NAT your new VLANs. It will also need to know how to reach the new VLANs. Add route entries for those subnets directing traffic to x.x.134.1

 

 

cheers,

Seb.

 

Hi Seb,
my thx, I'll check it, thx for the hints to ASA, here all works as expected ... !
Will come back .....

Peter

Hi.

works fine solved
thx

Peter
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco