cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
825
Views
0
Helpful
4
Replies

VLAN connectivity problem

jdleon
Level 1
Level 1

I have a user is from our hr department and is being house with the purchasing dept.  On the Cisco switch(3750), I configured the port that user's PC is connected to, to be on his vlan - vlan105, and everyone else is on vlan110.  This department where he's at is across the street from the main office, and the building connects to the main office via wireless bridges (Cisco 1410).  The problem I am having with is that user's PC cannot ping his gateway of his vlan - 10.100.105.1, which is back at the core switch (Cisco 6506).  Yet if I do an ip scan from the PC, it can see all the devices on his vlan and can ping those devices, but not the gateway.  From the core switch, I can sometimes ping his PC - 10.100.105.20.  I have connected another PC to his port, to see if its not the NIC on the user's PC, but I get the same results. Everyone that is on the 110 vlans, has no problems

4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Jdleon,

are the wireless bridges capable to carry  802.1Q frames?

if they are 802.1Q trunk you need to check if there is a native vlan mismatch on the different devices on the path:

vlan 105 has to be permitted on C3750 uplink, carried on the wireless link, accepted on the C6500.

The same has to happen for frames coming  on the opposite direction.

>> Yet if I do an ip scan from the PC, it can see all the devices on his  vlan and can ping those devices, but not the gateway.

This would lead to consider the link operational and well configured.

check with sh ip arp on C6500 what MAC address (if one) is associated to that PC IP address

compare it with PC NIC MAC address are they the same?

If they don't match what is the MAC address learned on C6500, try to see if you can find it in your network.

also more important question, regardless of gateway ping results, is that PC capable to talk to devices in other IP subnets or not?

Hope to help

Giuseppe

are the wireless bridges capable to carry  802.1Q frames?

yes they are.

check with sh ip arp on C6500 what MAC address (if one) is associated to that PC IP address

compare it with PC NIC MAC address are they the same?

Yes the MAC address associated is the same as the NIC MAC.

also more important question, regardless of gateway ping results, is that PC capable to talk to devices in other IP subnets or not?

I forgot to mention, sometimes the PC is able to communicate to the gateway, and it is able to to talk to other devices in other subnets.  When it does not communcate to the gateway, it can only communicate with the devices on the 105 vlan.

I have also taken a laptop and connected it to the port which the PC is connected, and I get the same results.

Did you have sticky port security installed anywhere?  Is it possible that some switch is still expecting to see his MAC address on his old port?

Kevin Dorrell

Luxembourg

Did you have sticky port security installed anywhere?  Is it possible that some switch is still expecting to see his MAC address on his old port?

No, I do not have sticky port security installed.  No other switch is expecting to see his MAC address, because the PC is new.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco