Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
521
Views
0
Helpful
3
Replies

Wrong understanding and therefore false configuration of switches

Paul113331
Level 1
Level 1

‎08-06-2015 02:59 AM - edited ‎03-08-2019 01:15 AM

Hello community

I think I understand something completely wrong and therefore it is not working as I did.

I have three layer3-switches (SG300-28P) all connected to a Catalyst switch (3750X). These switches are all connected via trunk connection to the catalyst switch. The catalyst switch is connected to a firewall. The firewall is managing the access rights to the different vlans. So vlan 10 is able to connect to vlan5, vlan 200 is able to connect to vlan 202. The firewall is working. Following a overview of my network:

I created on every switch the VLAN: 5,10,15,200,202
The trunking connections have the vlans 5.10.200,202 allowed.

Vlan 5 is my management network, therefore my plan was to put the ip addresses of the switches in this network. I gave every switch an ip address in the vlan 5:
Switch1 has the ip address 172.19.17.10
Switch2 has the ip address 172.19.17.11
Switch3 has the ip address 172.19.17.12

I have configured on every switch on port 1 "switchport mode access vlan 5". When I connect to this port with an ip address from the network 172.19.17.X (for example 172.19.17.20) I can reach the management interface from the switch.

The problem is now when I connect to a port (it doesn`t care which switch or catalyst) in vlan 10. I cannot reach the management interfaces of the switches. The firewall allows me to go to vlan 5 so this is not the problem.

What do I wrong?

The second problem is, my vlan1 gets ip addresses from office vlan 10? That means when I have a port configured with vlan 1 and I connect my computer to that port - dhcp enabled - I get an ip address from my dhcp server from vlan10. How is that possible?

Thank you

Paul

Labels:
0 Helpful
3 Replies 3

Peter Paluch
Cisco Employee
Cisco Employee

‎08-06-2015 03:41 AM

Hi Paul,

The problem is now when I connect to a port (it doesn`t care which switch or catalyst) in vlan 10. I cannot reach the management interfaces of the switches.

Have you configured the IP address of a default gateway on the switches? With VLAN5 being their management VLAN, they act like hosts in VLAN5. If they need to talk to someone outside VLAN5, they must go through a default gateway which itself must be in VLAN5. I assume that the default gateway is the firewall, so each switch must be configured with the IP address of the firewall in VLAN5 as its default gateway.

The second problem is, my vlan1 gets ip addresses from office vlan 10? That means when I have a port configured with vlan 1 and I connect my computer to that port - dhcp enabled - I get an ip address from my dhcp server from vlan10. How is that possible?

I assume that the DHCP server runs on the firewall. Is there perhaps a native VLAN mismatch on the trunk between the Catalyst and the firewall? Is it possible that the communication in VLAN1 on switches is processed in VLAN10 by the firewall?

Best regards,
Peter

0 Helpful

Paul113331
Level 1
Level 1
In response to Peter Paluch

‎08-09-2015 10:33 PM

Hello Peter,

Thank you, it is working now:

I forgot the default-gateway and the dhcp server was really a fault on the catalyst switch.

Thank you for the right direction :-)

0 Helpful

Peter Paluch
Cisco Employee
Cisco Employee
In response to Paul113331

‎08-09-2015 11:37 PM

Hi Paul,

You are welcome! :)

Best regards,
Peter

0 Helpful
Customers Also Viewed These Support Documents