10-19-2011 11:59 AM - edited 03-07-2019 02:55 AM
I have a router on a stick (3845 router) connected to 3560 switch via an 802.1q trunk. VLAN 1 is shutdown. I am using VLAN 139 as my management VLAN. I also have several more user VLANs all defined on the switch and as Layer 3 interfaces on the router via the trunk.
From a user VLAN (ie VLAN 137) I am able to ping to the default gateways of both VLANs (137 and 139) that exist on the 3845 router. However, I am unable to ping to the management IP of the switch (VLAN 139) from a user port on VLAN 137.
Snippets of configuration
3845
Gig 0/1.137
encap dot1q
ip address 172.30.252.254 255.255.255.0
no shut
Gig 0/1.139
encap dot1q
ip address 172.30.254.254 255.255.255.0
no shut
3560
Gig 0/48
switchport mode trunk
switchport trunk encap dot1q
int vlan 139
ip address 172.30.254.100 255.255.255.0
no shut
Its probably something very simple and obvious, but Im not seeing the forest for the trees
Jeff
10-19-2011 12:08 PM
Jeff
On the switch do you have -
ip default-gateway 172.30.254.254
this is assuming you are not running "ip routing" on the switch.
By the way, if the switch is a 3560 why are running routing on a stick ? It is much more efficient to use the 3560 for inter-vlan routing.
Jon
10-19-2011 12:15 PM
Jon -
yes I have already configure the ip default gateway on the switch - I forgot to include that in my snippet
10-19-2011 12:18 PM
Do you have "ip routing" enabled on the switch ?
Jon
10-19-2011 12:27 PM
Jon -
No , ip routing is not enabled on the switch. In response to your previous comment about why, this single 3560 is only one of 32 different switches to we have in our test network. The switches are all running layer 2 and the 3845 is doing our intervlan routing as well as bringing in other external connections
10-19-2011 12:30 PM
Could you post configs of switch and router ?
Jon
10-19-2011 12:53 PM
Jon -
see below
Router
sh run
Building configuration...
Current configuration : 11120 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname 3845_MDF_1090
!
boot-start-marker
boot-end-marker
!
logging message-counter syslog
logging buffered 51200 warnings
!
aaa new-model
!
!
aaa authentication login default local
aaa authorization console
aaa authorization exec default local
!
!
aaa session-id common
clock timezone mst -7
no network-clock-participate slot 1
!
dot11 syslog
ip source-route
!
ip dhcp pool WAVE_VoIP
network 172.30.1.0 255.255.255.0
default-router 172.30.1.254
option 150 ip 172.30.1.251
!
!
ip cef
!
!
ip domain name yourdomain.com
ntp server 172.30.252.151
!
multilink bundle-name authenticated
--More-- !
!
!
crypto pki trustpoint TP-self-signed-876948590
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-876948590
revocation-check none
rsakeypair TP-self-signed-876948590
!
!
crypto pki certificate chain TP-self-signed-876948590
certificate self-signed 01
30820252 308201BB A0030201 02020101 300D0609 2A864886 F70D0101 04050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38373639 34383539 30301E17 0D313130 33303232 30353532
365A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3837 36393438
35393030 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
907C48DB 550D6A72 7E7FD507 F742A2BC 051A5943 2DCFBE46 B64D5826 765D859E
B57BE034 367FE9EB 862C05AE 62DC1805 C723481B FC5D9265 2848493F EA1FCDEA
B358BDE8 A046DCA5 72057A9F 29CE76C3 A63E02F0 70BEE850 982968A3 4FF79912
4350DFCF 669E247B ACBE183E C1ABEE55 0BA41781 3AA3ED0F 3A526039 8C98FD9B
02030100 01A37C30 7A300F06 03551D13 0101FF04 05300301 01FF3027 0603551D
11042030 1E821C33 3834355F 4D44465F 31303930 2E796F75 72646F6D 61696E2E
636F6D30 1F060355 1D230418 30168014 77B156B5 3D679A34 96BAB558 5C7B2340
6A4B248A 301D0603 551D0E04 16041477 B156B53D 679A3496 BAB5585C 7B23406A
4B248A30 0D06092A 864886F7 0D010104 05000381 81002390 4D3886ED 24ED9396
4BF98617 02B80956 0B10ED77 F98BFC76 B9E8A3B3 7678F555 A9D5E99A 09DD71DD
327FCDC0 D4BF9611 7F080EA6 476DD796 5C8DC2DD 46F47400 7C179B77 3B61F80E
51D7AFD0 CB297847 E89AD1FD B3A97681 4962457F 192ECDEE A49EEA0C 042EA3A4
BF13DDEA B83634FB 38DA8D7B 96D5FFA5 40A9A775 C0C5
quit
!
!
username ffid privilege 0 password 7 08074A470D264437515A5E57
username johnm privilege 15 password 7 141A1D041E01
username angelg privilege 15 password 7 011407095E11
username jeffg privilege 15 password 7 110E101716000F
username johnk privilege 15 password 7 060D013454
archive
log config
hidekeys
!
!
--More-- !
!
!
ip ssh time-out 60
ip ssh version 2
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1
description Connection to SW_3560_MDF
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/1.58
description DMAIN Voice Subnet
encapsulation dot1Q 58
ip address 148.25.124.60 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.59
description Div MAIN Data Subnet
encapsulation dot1Q 59
ip address 148.25.123.253 255.255.255.128
ip access-group VLAN59 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.134
description Common Services NTP VLAN
encapsulation dot1Q 134
ip address 172.30.252.254 255.255.255.0
no ip redirects
no ip unreachables
--More-- no ip proxy-arp
!
interface GigabitEthernet0/1.135
description Wireless Management VLAN
encapsulation dot1Q 135
ip address 172.30.253.254 255.255.255.0
ip access-group VLAN135 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.136
description WAVE
encapsulation dot1Q 136
ip address 172.30.1.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.137
description RTCA
encapsulation dot1Q 137
ip address 172.30.2.254 255.255.255.0
ip access-group VLAN137 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.138
description M&S
encapsulation dot1Q 138
ip address 172.30.8.254 255.255.254.0
ip access-group VLAN138 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.139
description Management VLAN
encapsulation dot1Q 139
ip address 172.30.254.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
--More-- !
interface GigabitEthernet0/1.140
description VOIP
encapsulation dot1Q 140
ip address 172.30.3.254 255.255.255.0
ip helper-address 172.30.3.251
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.141
description ABCS Data Collection
encapsulation dot1Q 141
ip address 172.30.4.254 255.255.255.0
ip access-group VLAN141 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.142
description NOT USED
encapsulation dot1Q 142
ip address 172.30.5.254 255.255.255.0
ip access-group VLAN142 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.143
description NOT USED
encapsulation dot1Q 143
ip address 172.30.6.254 255.255.255.0
ip access-group VLAN143 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.144
description NOT USED
encapsulation dot1Q 144
ip address 172.30.7.254 255.255.255.0
ip access-group VLAN144 in
no ip redirects
no ip unreachables
--More-- no ip proxy-arp
!
interface GigabitEthernet0/1.145
description NOT USED
encapsulation dot1Q 145
ip address 172.30.10.254 255.255.255.0
ip access-group VLAN145 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.146
description Layer 3 defintion for VLAN 146 for Surrogate Upper TI for NIPR
encapsulation dot1Q 146
ip address 172.30.11.254 255.255.255.0
ip access-group VLAN146 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.147
description Layer 3 defintion for VLAN 146 for Surrogate Upper TI for SIPR
encapsulation dot1Q 147
ip address 172.30.12.254 255.255.255.0
ip access-group VLAN147 in
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.148
description GPS Time Distribution
encapsulation dot1Q 148
ip address 172.30.13.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/1.149
description UAV Video
encapsulation dot1Q 149
ip address 172.30.14.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
--More-- !
interface GigabitEthernet0/1.150
encapsulation dot1Q 150
ip address 172.30.15.254 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
!
interface GigabitEthernet0/0/0
no ip address
shutdown
negotiation auto
!
interface FastEthernet1/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet1/1
no ip address
shutdown
duplex auto
speed auto
!
interface GigabitEthernet2/0
no ip address
shutdown
!
interface IDS-Sensor0/0
no ip address
shutdown
service-module fail-open
hold-queue 60 out
!
ip forward-protocol nd
ip http server
ip http access-class 23
ip http authentication local
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
!
!
!
--More-- ip access-list extended VLAN136
permit ip 172.30.1.0 0.0.0.255 172.30.1.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN137
permit ip 172.30.2.0 0.0.0.255 172.30.2.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN138
permit ip 172.30.8.0 0.0.1.255 172.30.8.0 0.0.1.255
deny ip any any log
ip access-list extended VLAN139
permit ip 172.30.254.0 0.0.0.255 172.30.254.0 0.0.0.255
permit ip 172.30.254.0 0.0.0.255 host 172.30.252.251
deny ip any any log
ip access-list extended VLAN140
permit ip 172.30.3.0 0.0.0.255 172.30.3.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN141
permit ip 172.30.4.0 0.0.0.255 172.30.4.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN142
permit ip 172.30.5.0 0.0.0.255 172.30.5.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN143
permit ip 172.30.6.0 0.0.0.255 172.30.6.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN144
permit ip 172.30.7.0 0.0.0.255 172.30.7.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN145
permit ip 172.30.10.0 0.0.0.255 172.30.10.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN146
permit ip 172.30.10.0 0.0.1.255 172.30.10.0 0.0.1.255
deny ip any any log
ip access-list extended VLAN147
permit ip 172.30.12.0 0.0.0.255 172.30.12.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN148
permit ip 172.30.13.0 0.0.0.255 172.30.13.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN149
permit ip 172.30.14.0 0.0.0.255 172.30.14.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN150
--More-- permit ip 172.30.15.0 0.0.0.255 172.30.15.0 0.0.0.255
deny ip any any log
ip access-list extended VLAN59
permit ip 148.25.123.128 0.0.0.127 any
deny ip any any log
!
!
!
!
!
snmp-server group BMCG6 v3 priv match exact
!
control-plane
!
banner motd ^C
You are accessing a U.S Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing,
COMSEC monitoring, network operations and defense, personnel
misconduct (PM), law enforcement (LE), and counterintelligence(CI)
investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private,
are subject to routine monitoring, interception, and search, and may be
disclosed or used for any USG authorized purpose.
-This IS includes security measures (e.g., authentication and access
controls) to protect USG interests-not for your personal benefit or
privacy.
-Notwithstanding the above, using this IS does not constitute consent
to PM,LE or CI investigative searching or monitoring of the content of
privileged communications, or work product, related to personal
representation or services by attorneys, psychotherapists, or clergy,
and their assistants. Such communications and work product are private and
confidential. See User Agreement for details.
^C
!
line con 0
privilege level 15
line aux 0
line 130
no activation-character
no exec
--More-- transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
line 322
no activation-character
no exec
transport preferred none
transport input all
transport output pad telnet rlogin lapb-ta mop udptn v120 ssh
stopbits 1
speed 115200
line vty 0 4
session-timeout 35791
exec-timeout 35791 0
privilege level 15
transport input ssh
line vty 5 15
privilege level 15
transport input ssh
!
scheduler allocate 20000 1000
end
3845_MDF_1090#
Switch
=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.19 13:46:07 =~=~=~=~=~=~=~=~=~=~=~=
sh run
Building configuration...
Current configuration : 6385 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec localtime
service password-encryption
!
hostname FFID_NOC_1090
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$9CTK$1Ua2K/ksBojRtDbQeH.sE1
enable password 7 101B51495528340D0500
!
username ffid privilege 0 password 7 0022150F00644A264C701E1D
username angelg privilege 15 password 7 020105560E1C
username johnk privilege 15 password 7 030F551E05042D495D
username jeffg privilege 15 password 7 0826455C080B01
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
clock timezone mdt -6
system mtu routing 1500
authentication mac-move permit
ip subnet-zero
!
!
!
!
!
!
!
!
spanning-tree mode pvst
--More-- spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
ip ssh time-out 60
ip ssh version 2
!
!
interface GigabitEthernet0/1
description Link to Laptop # 1 on VLAN 59 for Tactical Extension and ByPass
switchport access vlan 59
spanning-tree portfast
!
interface GigabitEthernet0/2
description Link to Laptop # 2 on VLAN 59 for tactical data
switchport access vlan 59
spanning-tree portfast
!
interface GigabitEthernet0/3
description Link to Laptop # 3 on VLAN 140 for BMC Test Support VoIP
switchport access vlan 140
spanning-tree portfast
!
interface GigabitEthernet0/4
description Link to Laptop # 4 on VLAN 135 for Wireless Management
switchport access vlan 135
spanning-tree portfast
!
interface GigabitEthernet0/5
description Link to Laptop # 5 on VLAN 137 for RTCA
switchport access vlan 137
spanning-tree portfast
!
interface GigabitEthernet0/6
description Link to Laptop # 6 on VLAN 139 for Management
switchport access vlan 139
spanning-tree portfast
!
interface GigabitEthernet0/7
description Link to Laptop # 7 on VLAN 147 for Simulated Tactical Brigade Data VLAN
switchport access vlan 147
spanning-tree portfast
!
--More-- interface GigabitEthernet0/8
description Link to Laptop # 8 on VLAN 138 for Modeling and Simulation VLAN
switchport access vlan 138
spanning-tree portfast
!
interface GigabitEthernet0/9
description Link to Laptop # 9 on VLAN 139 for WUG Reports Station
switchport access vlan 139
spanning-tree portfast
!
interface GigabitEthernet0/10
description Link to Laptop # 10 on VLAN 146 for BCNIS Ext
switchport access vlan 146
spanning-tree portfast
!
interface GigabitEthernet0/11
description Link to Laptop # 11 on VLAN 145 for OneSAF video
switchport access vlan 145
spanning-tree portfast
!
interface GigabitEthernet0/12
description Link to Laptop # 12 on VLAN 136 for WAVE
switchport access vlan 136
spanning-tree portfast
!
interface GigabitEthernet0/13
description Spare Cables on Side of Rack
shutdown
!
interface GigabitEthernet0/14
description Spare Cables on Side of Rack
shutdown
!
interface GigabitEthernet0/15
description Spare Cables on Side of Rack
shutdown
spanning-tree portfast
!
interface GigabitEthernet0/16
description Spare Cables on Side of Rack
shutdown
!
interface GigabitEthernet0/17
description Available Port
--More-- shutdown
spanning-tree portfast
!
interface GigabitEthernet0/18
description Link to vCenter Server in MDF
switchport access vlan 139
spanning-tree portfast
!
interface GigabitEthernet0/19
description Link to Left VoIP Phone on Right Desk - Test VoIP VLAN
switchport access vlan 140
spanning-tree portfast
!
interface GigabitEthernet0/20
description Link to Right VoIP Phone on Right Desk - Tactical VoIP VLAN
switchport access vlan 59
switchport voice vlan 58
spanning-tree portfast
!
interface GigabitEthernet0/21
description Link to Left VoIP Phone on Left Desk - Test VoIP VLAN
switchport access vlan 140
spanning-tree portfast
!
interface GigabitEthernet0/22
description Link to Right VoIP Phone on Left Desk - Tactical VoIP VLAN
switchport access vlan 59
switchport voice vlan 58
spanning-tree portfast
!
interface GigabitEthernet0/23
switchport access vlan 134
spanning-tree portfast
!
interface GigabitEthernet0/24
description TRUNK From MDF
switchport access vlan 500
switchport trunk encapsulation dot1q
switchport trunk native vlan 500
switchport trunk allowed vlan 2-4094
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/25
--More-- shutdown
!
interface GigabitEthernet0/26
shutdown
!
interface GigabitEthernet0/27
shutdown
!
interface GigabitEthernet0/28
shutdown
!
interface Vlan1
no ip address
shutdown
!
interface Vlan139
ip address 172.30.254.100 255.255.255.0
!
ip default-gateway 172.30.254.254
ip classless
no ip http server
no ip http secure-server
!
ip sla enable reaction-alerts
snmp-server group BMCG6 v3 priv
!
banner motd ^CC
You are accessing a U.S Government (USG) Information System (IS) that is
provided for USG-authorized use only. By using this IS (which includes any
device attached to this IS), you consent to the following conditions:
-The USG routinely intercepts and monitors communications on this IS for
purposes including, but not limited to, penetration testing,
COMSEC monitoring, network operations and defense, personnel
misconduct (PM), law enforcement (LE), and counterintelligence(CI)
investigations.
-At any time, the USG may inspect and seize data stored on this IS.
-Communications using, or data stored on, this IS are not private,
are subject to routine monitoring, interception, and search, and may be
disclosed or used for any USG authorized purpose.
-This IS includes security measures (e.g., authentication and access
controls) to protect USG interests-not for your personal benefit or
privacy.
-Notwithstanding the above, using this IS does not constitute consent
to PM,LE or CI investigative searching or monitoring of the content of
--More-- privileged communications, or work product, related to personal
representation or services by attorneys, psychotherapists, or clergy,
and their assistants. Such communications and work product are private and
confidential. See User Agreement for details.
^C
!
line con 0
session-timeout 10
privilege level 15
password 7 020002520F3928771E1E5849
line vty 0 4
session-timeout 10
privilege level 15
password 7 121F031E16342B52787B7578
transport input ssh
line vty 5 15
session-timeout 10
privilege level 15
password 7 121F031E16342B52787B7578
transport input ssh
!
ntp clock-period 36028803
ntp server 172.30.252.251
end
FFID_NOC_1090#
10-19-2011 01:09 PM
Jeffrey
interface GigabitEthernet0/1.137
description RTCA
encapsulation dot1Q 137
ip address 172.30.2.254 255.255.255.0
ip access-group VLAN137 in
no ip redirects
no ip unreachables
no ip proxy-arp
ip access-list extended VLAN137
permit ip 172.30.2.0 0.0.0.255 172.30.2.0 0.0.0.255
deny ip any any log
the above is abit confusing as -
1) in your original post you have the subnet as 172.30.252.0 but that subnet is assigned to your NTP vlan according to the config ?
2) i am surprised you can even ping the gi0/1.139 interface because the acl attached to the interface above is only allowing traffic to 172.30.2.x address so the ping from a user in vlan 137 to the vlan 139 subinterface should be dropped by this acl
Edit - also could you post config for gi0/48 off the switch as your output stops before this.
Jon
10-19-2011 01:18 PM
Jon -
Yes, you are right. I scrolled back and saw my typo
This is what Im trying to do. We added a new GPS based NTP server to the network. Created VLAN 134 (not 137) for this NTP server. I wanted to configure all my networking devices to use this NTP server. I configured ntp server 172.30.252.251 into the switch and it was not synching. I then tested connectivity and found that the switch is not able to ping the NTP server at 172.30.252.251.
I removed all the ACLs on the VLANs that I am troubleshooting (134 and 139).
10-19-2011 01:22 PM
Can you post from the switch -
1) sh vlan
2) the output of "sh trunk" for gi0/48
Jon
10-19-2011 01:24 PM
Couple of other questions -
1) can you ping the NTP server from the router
2) can you ping the vlan 139 subinterface from the switch
3) can you ping the vlan 134 subinterface from the switch
4) from the NTP server can you ping the 139 subinterface ie. does it have it's default-gateway setup correctly
Jon
10-19-2011 01:43 PM
Jon -
1) can you ping the NTP server from the router
Yes, just reconfirmed
2) can you ping the vlan 139 subinterface from the switch
Yes, just reconfirmed
3) can you ping the vlan 134 subinterface from the switch
yes, just reconfirmed
4) from the NTP server can you ping the 139 subinterface ie. does it have it's default-gateway setup correctly
No ability to ping from the NTP server, but reconfirmed default gateway is set to 172.30.252.254
10-19-2011 01:48 PM
Jeffrey
Based on the answers it doesn't look like an issue with the switch. If you can ping from the switch both the 139 and 134 subinterfaces everything seems to be fine both with the switch and the router.
Is there anything else syncing with the NTP server ?
I'm assuming you cannot ping the NTP server from the switch. Sorry if this is repetitive, it's just that the details have changed a bit.
Jon
10-19-2011 02:25 PM
Jon -
Have not tried to sync anything else to NTP server - we got it to be the time source for our networking devices.
You are correct, I am unable to ping the NTP server from any of the switches in our layer 2 architecture. Because they cannot ping it, they cant sync to it.
However, from a user device on a user vlan (ie test laptop on VLAN 140) I was able to ping to the NTP server
This has me baffled. It is only the switches that are unable to ping to anything outside of the VLAN 139.
Jeff
10-19-2011 02:35 PM
Jeff
So the switches cannot ping anything beyond the subinterfaces on the router ? ie. from a switch can you ping the test laptop on vlan 40 ?
What switch is the NTP server on ? If it is on a different switch how is that connected to the router ? or to the switch we are looking at ?
If the NTP server is on a different switch can you check that vlan 139 is allowed on the trunk link(s).
Basically i'm wondering if you have multiple switches all interconnected with trunks it may be that vlan 139 is not being allowed on some of those trunk links.
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide