11-29-2006 10:23 AM - edited 03-05-2019 01:05 PM
Here is the equipment
Layer 3 3560 switch
two vlans:
vlan1 and vlan 20
vlan 1 servers:
gateway is vlan 1 ip
vlan 20 servers:
gateway is vlan 20 ip
Currently vlan 1 or vlan 20 cannot communicate to each other. Vlan 1 cannot ping vlan 20 interface.
I need my vlan 1 servers to be able to connect to my vlan 20 servers. But, disallow vlan 20 servers to directly connect to vlan 1 servers. What am I missing?
Thanks
Ryan
11-29-2006 11:03 AM
Ryan,
It would help if you post the configuration you are currently using on the 3560 switch.
Assuming both VLAN interfaces are up you should be able to ping the VLAN interfaces from a host on another VLAN. Do you have 'ip routing' enabled in the switch? Verify this by doing a show ip route in the switch.
As far as disallowing the servers on VLAN 20 from not talking to servers on VLAN 1 you may be able to do this by using ACLs.
HTH
Sundar
11-29-2006 11:15 AM
IP Routing is enabled. I really do not want to post my whole config on here.
Both VLAN Interfaces are up.
Do the ports in Vlan 1 need vlan 20 also allowed?
Or something else?
Thanks
11-29-2006 11:31 AM
No, the ports connected to hosts don't have to allow the other VLAN i.e access port on vlan 1 need not allow vlan 20 traffic. The switch should route traffic between the VLANs.
Can you make sure the hosts aren't assigned IP from the wrong VLAN block? Make sure the IP/Subnet mask is configured correctly and the access ports connected to servers are on the correct VLANs. Little things like could very well be the problem. If you are using public IP addresses the post the VLAN IP addresses by hiding the first 2 octects.
HTH
Sundar
11-29-2006 11:33 AM
Do a show vlan and make sure both 1 and 20 show active with ports assigned to them .
11-29-2006 12:29 PM
NIESW3560-48-1#sh run
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service sequence-numbers
!
!
no aaa new-model
clock timezone EST -5
clock summer-time EDT recurring
ip subnet-zero
ip routing
!
login on-failure
!
!
!
no file verify auto
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description connected to SERVER
spanning-tree portfast
!
interface GigabitEthernet0/2
description connected to SERVER
spanning-tree portfast
!
interface GigabitEthernet0/3
description connected to SERVER
spanning-tree portfast
!
.
.
.
!
interface GigabitEthernet0/29
description VLAN
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/30
description VLAN
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/31
description VLAN
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/32
description VLAN
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface Vlan1
ip address x.x.80.11 255.255.252.0
!
interface Vlan20
description ATI VLAN
ip address x.x.79.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 x.x.80.1
80.1 <----PIX is default route
ip http server
!
!
!
end
The show vlan was correct.. Thanks everyone..
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide