Solved: Simple VLAN Routing? - Page 2

Rory Hamaker · ‎10-01-2011

Hello all, I am probably the only person workin on a Saturday so I am afraid that I wont hear back until Monday but I am going ahead anyway. I have a Cisco 3560G that I am trying to setup to route multiple VLAN's. The setup is this, port g0/1 goes back to a Macintosh DHCP server that is handing out addresses. It is on the 192.168.1.x network, and is configured to give addressed for 192.168.1.x and 192.168.2.x. The switch has 6 VLAN's configured with the default VLAN being disabled. Right now I am only working with VLAN 2 and 6, 2 is the VLAN my workstations will be on and will have addresses in the 192.168.2.x subnet, and 6 is the server VLAN using the 192.168.1.x subnet. VLAN 2 has an ip of 192.168.2.1 and 6 has an ip of 192.168.1.254. THe DHCP server is configured to use the switch as a router, so the 192.168.1.x range uses router 192.168.1.254 and similarly with the .2.x. If I assign a computer to VLAN 6 it gets an address no problem, but VLAN 2 does not issue them and as i have been monkey-ing with this all morning, I am exhausted as to what to do. My switch config is below, any help would be appreciated.

2097_Dev_3560# sh run
Building configuration...

Current configuration : 12758 bytes
!
! Last configuration change at 00:44:58 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname 2097_Dev_3560
!
boot-start-marker
boot-end-marker
!
!
logging console emergencies
no aaa new-model
system mtu routing 1500
ip routing
--More--         ip domain-name develop.ds.amrdec.army.mil
!
!
!
!
!
crypto pki trustpoint TP-self-signed-107389056
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-107389056
revocation-check none
rsakeypair TP-self-signed-107389056
!
!
crypto pki certificate chain TP-self-signed-107389056
certificate self-signed 01
30820260 308201C9 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 31303733 38393035 36301E17 0D393330 33303130 30303331
335A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3130 37333839
30353630 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
BF2AF9D2 7E088539 EE934AED C2856E52 7928AB84 CE902458 B736428A B657B98D
1F340E71 4E0C8AD2 7C9CF736 823A899D A5497047 46C4536B 856BBA2C 04E63681
2A54DBA6 EB33BCA3 F9334BC9 9DCB1451 D5802155 88B56C77 53029AD7 2A344503
--More--           D6CECDA3 D2395DFB 08B4BF95 1239CD76 A72C7471 4F36A86E 86FBCDB0 68DA757D
02030100 01A38189 30818630 0F060355 1D130101 FF040530 030101FF 30330603
551D1104 2C302A82 28323039 375F4465 765F3335 36302E64 6576656C 6F702E64
732E616D 72646563 2E61726D 792E6D69 6C301F06 03551D23 04183016 801449F6
DB77116A 75513044 D160F250 7E7D08B1 DCD6301D 0603551D 0E041604 1449F6DB
77116A75 513044D1 60F2507E 7D08B1DC D6300D06 092A8648 86F70D01 01040500
03818100 288247EF 2C5FC860 6B3D797F E1CEF22A 02FF0B32 C0D93219 FED34060
CB9B9840 F3224E85 D1F5B9E7 EC27A10F D3A7BE65 336F8F8C 66420E69 345B08BC
13F2C6C4 FC26A7A2 275D521C 86956F65 551419E5 2AE30DAE B44F4816 A6C2F4B5
7A9881FE D3E0A671 E311742C C173F4E6 177B6022 9486629E EE7BFFF9 079BF622 9CF3E9DE
quit
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
--More--         !
!
interface GigabitEthernet0/1
switchport access vlan 6
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/2
switchport access vlan 2
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/3
switchport access vlan 2
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
--More--          spanning-tree portfast
!
interface GigabitEthernet0/4
switchport access vlan 2
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/5
switchport access vlan 2
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/6
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
--More--         !
interface GigabitEthernet0/7
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/8
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/9
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/10
switchport mode access
--More--          switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/11
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/12
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/13
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
--More--          spanning-tree portfast
!
interface GigabitEthernet0/14
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/15
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/16
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/17
--More--          switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/18
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/19
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/20
switchport mode access
switchport port-security maximum 255
switchport port-security
--More--          switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/21
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/22
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
--More--         interface GigabitEthernet0/24
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/25
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/26
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/27
switchport mode access
switchport port-security maximum 255
--More--          switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/28
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/29
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/30
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
--More--         !
interface GigabitEthernet0/31
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/32
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/33
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/34
switchport mode access
--More--          switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/35
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/36
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/37
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
--More--          spanning-tree portfast
!
interface GigabitEthernet0/38
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/39
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/40
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/41
--More--          switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/42
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/43
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/44
switchport mode access
switchport port-security maximum 255
switchport port-security
--More--          switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/45
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/46
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/47
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
--More--         interface GigabitEthernet0/48
switchport mode access
switchport port-security maximum 255
switchport port-security
switchport port-security violation protect
spanning-tree portfast
!
interface GigabitEthernet0/49
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/50
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/51
switchport trunk encapsulation dot1q
switchport mode trunk
shutdown
!
interface GigabitEthernet0/52
switchport trunk encapsulation dot1q
--More--          switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.1 255.255.255.0
ip helper-address 192.168.1.254
!
interface Vlan3
ip address 192.168.3.1 255.255.255.0
ip helper-address 192.168.1.254
!
interface Vlan4
ip address 192.168.4.1 255.255.255.0
ip helper-address 192.168.1.254
!
interface Vlan5
ip address 192.168.5.1 255.255.255.0
ip helper-address 192.168.1.254
!
interface Vlan6
ip address 192.168.1.254 255.255.255.0
--More--          ip helper-address 192.168.1.6
ip helper-address 192.168.1.8
!
ip default-gateway 192.168.1.254
ip http server
no ip http secure-server
!
!
!
ip access-list extended VTYACL
permit ip host 192.168.1.6 any
permit ip 192.168.1.0 0.0.0.255 any
!
access-list 1 permit 192.168.1.6
!
!
!
line con 0
logging synchronous
line vty 0 4
login local
transport input ssh
line vty 5 15
login local
--More--          transport input ssh
!
end

2097_Dev_3560#

Rory Hamaker · ‎10-01-2011

Your summary is exactly correct. If i ping 192.168.1.254 from the DHCP server it replys as it should, if i ping 192.168.2.1 it fails all requests. I double checked the gateways on the DHCP server and they are correct. Would it be the subnet on the DHCP server? Currently it is set to 255.255.255.0.

Peter Paluch · ‎10-01-2011

Hi Rory,

Just curious: Is a PC connected to the Gi0/2 while you are pinging the 192.168.2.1 from the DHCP server? Please note that there must be a live device connected to a port in VLAN2 if we want to ping the interface VLAN2 itself.

In addition, what would be the exact output of the command traceroute 192.168.2.1 performed on the DHCP server? And also, can you post the output of the show ip route from the switch? Thank you!

Best regards,

Peter

johnlloyd_13 · ‎10-01-2011

Hi Rory,

You initially mentioned no DHCP issues on VLAN 6. Could you add the below and try again?

interface vlan2

ip helper-address 192.168.1.8

Sent from Cisco Technical Support iPhone App

Rory Hamaker · ‎10-03-2011

OK, Peter, i do have a system plugged into G0/2 for the testing that is permanant so all of the recent commands and outputs you requested were with a system there. Traceroute from the DHCP server returned null on every attempt.

John, I currently do have a helper address setup on VLAN 2 pointing back to the DHCP server, which is 1.6.

Peter, here is the IP Route:

2097_Dev_3560#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is not set

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan6
L        192.168.1.254/32 is directly connected, Vlan6
      192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.2.0/24 is directly connected, Vlan2
L        192.168.2.1/32 is directly connected, Vlan2
2097_Dev_3560#

mpawlik · ‎10-03-2011

Hello Rory,

I see that you checked the "gateways" on your DHCP server... as in plural... If that is the case, you can only use one gateway. So if you want to use the other interface as your default gw, you will need to add a route for the 192.168.2.0/24 network to your DHCP server, pointing back to 192.168.1.254.

Alexander Maroukian · ‎10-03-2011

Hi Rory,

In your config you have used "ip default-gateway 192.168.1.254". You should not use this command when you are using "ip routing". You can use "ip route 0.0.0.0 0.0.0.0 ".

Where do you apply the ACLs in the end of the config?

Best regards,

Alex

Peter Paluch · ‎10-03-2011

Hi Rory,

The routing table of your 3560 looks just fine.

At this point, I am strongly considering the DHCP server to be wrongly configured, as it should be capable of talking to any network on your switch perfectly.

If you connected a normal PC in place of the DHCP server, configured it with the same IP address as the DHCP server and used the default route via 192.168.1.254, would the PC be capable of pinging both 192.168.1.254 and 192.168.2.1?

Best regards,

Peter

Rory Hamaker · ‎10-04-2011

Peter, you are EXACLTY right. I setup a Windows DHCP server and plugged it in, then poof all is well. I dont know what the difference is because i have it configured identical to the Mac server i was using. Who knows, and I really dont care at this point, because it is working. I am having other issues with it now that i am trying to work out, (some computers cant talk to others), but this issue is good to go. Thank you so much for all the aid with this!!!