VLAN setup on Cisco 2950

mitateknikit · ‎09-14-2011

Hello Everyone

Let me start by saying that i am quite new to cisco equipment.

I have been trying to setup a cupple of 2950 switches to fit our company network. I have the switches setup with a few VLAN´s, but the problem is, that when i connect the switches to our network, i cannot ping the switch, but everyting else works. The cliens get correct IP-addresses assigned matching the VLAN that they belong, and can ping servers and other clients. This is clearly some configuration error from my side.

I have assigned two trunk ports, one of which is connected to en uplink to a HP switch allready running correctly in the company network. I guess the problem is with my configuration on the trunk ports. All trunk ports are in the default VLAN 1.

Hope you have some input to this.

Thanks in advance.

Configuration from Switch:

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname dksw31

!

enable secret 5 REMOVED.

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/23

switchport mode trunk

!

interface FastEthernet0/24

switchport mode trunk

!

interface Vlan1

ip address 192.168.10.52 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.10.1

no ip http server

snmp-server location "REMOVED"

snmp-server contact "REMOVED"

!

line con 0

password 7 REMOVED

login

line vty 0 4

password 7 REMOVED

login

line vty 5 15

password 7 REMOVED

login

!

end

Output from Show Vlan:

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/23

70 OPERATION active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/15, Fa0/16

Fa0/17, Fa0/18, Fa0/19, Fa0/20

Fa0/21, Fa0/22

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1 enet 100001 1500 - - - - - 0 0

70 enet 100070 1500 - - - - - 0 0

1002 fddi 101002 1500 - - - - - 0 0

1003 tr 101003 1500 - - - - - 0 0

1004 fdnet 101004 1500 - - - ieee - 0 0

1005 trnet 101005 1500 - - - ibm - 0 0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type Ports

------- --------- ----------------- ------------------------------------------

lgijssel · ‎09-14-2011

In itself, the config of the trunkl ports is correct. However, there may be a mismatch between the vlans on HP-side and your switches. This would result in vlan 1 being isolated. Please verify that the subnet assigned to vlan 1 (192.168.10.0) is also on vlan 1 in the rest of the network.

If not, you need to assign the ip address to a different vlan, for example vlan 10. In order to change this, you need to remove the address from vlan 1 first.

regards,

Leo

mitateknikit · ‎09-14-2011

Hello Leo

Thanks for your reply.

We use VLAN 10 as the management VLAN in our company. I have shut down vlan 1 and made gigabit ports able to access vlan 10 and trunk. Would that be correct, or should i remove the access to vlan 10 on the trunk ports? That would cause them to be members of vlan 1 by default i assume.

Thanks in advance.

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname dksw30

!

enable secret REMOVED

enable password REMOVED

!

ip subnet-zero

!

no ip domain-lookup

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 70

switchport mode access

!

interface GigabitEthernet0/1

switchport access vlan 10

switchport mode trunk

!

interface GigabitEthernet0/2

switchport access vlan 10

switchport mode trunk

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

interface Vlan10

ip address 192.168.10.50 255.255.255.0

no ip route-cache

!

ip default-gateway 192.168.10.1

no ip http server

snmp-server location REMOVED

snmp-server contact REMOVED

!

line con 0

exec-timeout 0 0

password 7 REMOVED

login

line vty 0 4

password 7 REMOVED

login

line vty 5 15

password 7 REMOVED

login

!

end

lgijssel · ‎09-14-2011

Hi Kenneth,

This should be correct and you can verify by trying to ping or telnet. This did not work before.

If everything is fine, it should work now.

regards,

Leo

mitateknikit · ‎09-15-2011

Hello Leo

I have tested the switch on the compnay network again. Everything works besides of pinging the switch itself (telnet does not work either). Again, correct addresses are assigned and ping requests to servers ect. is working.

The result is the same when i connect directly to a port on the swtich and when i connect from another switch, i cannot ping the switch itself.

Does each port that i set to VLAN 70 have to belong to VLAN 10 on another level?

Thanks in advance.

cadet alain · ‎09-15-2011

Hi,

an access port is a member of one and only one VLAN and if you want one VLAN to communicate with the same VLAN on another switch then you must not prune it from the trunk link between the 2 switches which is the default on Cisco as all VLANS are allowed on the trunk.

But is your interface VLAN 10 up/up ---> sh ip int br | i Vlan

Are you trying to ping from an interface in VLAN 70 ? if so then you must route between the 2 VLANs for the ping to be successful.

Regards.

Alain.

Don't forget to rate helpful posts.

Kristian Alexander Brown · ‎10-16-2011

Hi,

I would have changed the configuration on gi 0/1 and 0/2 to:

No switchport access vlan 10

Switchport mode trunk

Switchport trunk allowed vlan 10, 70

Sent from Cisco Technical Support iPad App