VLAN PROBLEMS

pr3d4t0r

Well i'm trying to setup 2 vlans on a 2950 switch and a 2620 router for inter-vlan routing.

This is my config :

SWITCH :

interface FastEthernet0/1
switchport mode access
switchport access vlan 2
backup interface
no fair-queue
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 3
backup interface
no fair-queue

interface FastEthernet0/5
switchport mode trunk
speed 100
duplex full
backup interface
no fair-queue

vlan 2 name MAIL

vlan 3 name WWW

ROUTER :

interface FastEthernet0/0
no ip address
no ip directed-broadcast
backup interface
no fair-queue
!
interface FastEthernet0/0.1
encapsulation dot1q 1
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1q 2
ip address 192.168.2.1 255.255.255.0

PC 1 - VLAN2
IP 192.168.1.5
MASK 255.255.255.0
GW 192.168.1.1

PC 2 - VLAN3
IP 192.168.2.5
MASK 255.255.255.0
GW 192.168.2.1

OKAY. I cannot ping from pc1 to pc2, ffs what's wrong ????!?!?!!?

If i want to setup access-list to filter for example icmp. e.g access list 101 deny icmp any host 192.168.1.1 in witch interface of the router i apply this ?

I USE BOSON NETSIM ...

BubbaJ

You have the PCs set up for VLANs 1 and two, but the switch ports are set for VLANs 2 and 3. The router is trunking VLANs 1 and 2 but not VLAN 3.

pr3d4t0r

VLAN Name Status Ports
----

---

---

---

1 default active Fa0/3, Fa0/4, Fa0/5, Fa0/6
Fa0/7, Fa0/8, Fa0/9, Fa0/10
Fa0/11, Fa0/12
2 MAIL active Fa0/1

3 WWW active Fa0/2

They are in the correct vlans, don't they ?

pr3d4t0r

Switch# ping 192.168.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5), round-trip min/avg/max = 1/2/4 ms

Switch# ping 192.168.2.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms



Router# ping 192.168.2.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5), round-trip min/avg/max = 1/2/4 ms
Router# ping 192.168.1.5

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.5, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5), round-trip min/avg/max = 1/2/4 ms



wtf...

PCHoldmann

PC 1 has an IP address for for vlan 1, but is in VLAN 2
PC 2 has an IP address for for vlan 2, but is in VLAN 3
the router is routing VLANs 1 & 2, and cannot route VLAN 3 without setting up an interface in vlan 3.

Peter

Danman32

The PC names don't matter, other than to confuse you.

But yes, your trunk interface on the router side is using VLAN #1 and #2, whereas your switch is set to use #2 and #3. There's no existing VLANS that the router can route, and there's no router for VLANs 2 & 3 on the switch

So, change the VLAN #s on the switch or the router so that they corrolate.

pr3d4t0r

PCHoldmann wrote:

PC 1 has an IP address for for vlan 1, but is in VLAN 2
PC 2 has an IP address for for vlan 2, but is in VLAN 3
the router is routing VLANs 1 & 2, and cannot route VLAN 3 without setting up an interface in vlan 3.

Peter

Well,it was so simple i didn't see it. Interfaces VLAN 1,2,3 etc are for management only.

The configuration that worked at last,was as simple as this :

ROUTER
interface FastEthernet0/0
no ip address
no ip directed-broadcast
backup interface
no fair-queue
!
interface FastEthernet0/0.1
encapsulation dot1q 2
ip address 192.168.1.1 255.255.255.0
!
interface FastEthernet0/0.2
encapsulation dot1q 3
ip address 192.168.2.1 255.255.255.0

SWITCH
interface FastEthernet0/1
switchport mode access
switchport access vlan 2
backup interface
no fair-queue
!
interface FastEthernet0/2
switchport mode access
switchport access vlan 3
backup interface
no fair-queue

PC'S

PC ON VLAN 2
IP Address. . . . . . . . . . . . : 192.168.1.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.1.1

PC ON VLAN 3
Ethernet adapter Local Area Connection:
IP Address. . . . . . . . . . . . : 192.168.2.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.1


As u can see no interface vlan 2 or 3 were set.

Hosts can ping each other,hosts can ping router and vise versa.

So, i want to setup an access list as i mentioned above to deny icmp request to host 192.168.1.5

I setup an access list : access-list 101 deny icmp any host 192.168.1.5

From tests i put the access list in int fa0/0, then int fa0/0.1 like that
ip access-group 101 in

BUT it didn't work...why ?

Sorry for the big post

pr3d4t0r

wow questions keep coming

If i want to setup multiple vlans in 2 switches but to use ONE SUBNET.
In the router can i setup only one sub-if as the default gw and have inter-vlan routing ?

Didn't work in Boson net sim...i'm starting to believe that this sim sucks, it has some problems with vtp server-client mode...ffs.

pr3d4t0r

Answering my own questions...

Well to setup multiple vlans and use one subnet, first u mast split the subnet with the apropriate(i know my english sucks, but i'l get better) subnet mask.

It seems that either boson netsims works bad, either i am wrong.

I have set up a server-client vtp mode between 2 switches. For some reason i cannot assign a switch port to any of the vlans in the client switch.

Hope i'll the solution also...

Danman32

That's interesting. Did you verify that the client switch does see the VLAN definitions correctly?

VLANs should have different subnet network addresses. They are supposed to be separate broadcast domains.

pr3d4t0r

Danman32 wrote:

That's interesting. Did you verify that the client switch does see the VLAN definitions correctly?

VLANs should have different subnet network addresses. They are supposed to be separate broadcast domains.

Well here is the thing, maybe i'm wrong correct me plz.

I have 2 switches, 1 Server - 1 Client.

Port fa 0/1 on the server sw is part of VLAN 2

Port fa 0/2 on the server sw is part of VLAN 3

Now, in the client switch i cannot assign fa 0/2 to be part of VLAN 4 correct ?

Danman32

Do you have a VLAN # 4 defined on the server switch? If not, then there's no VLAN # 4 handed down to the client switch for a port on the client switch to use.

First you define VLANs, then you assign ports to those VLANs. You can only define the VLAN definitions on a server switch. A client switch can only receive those definitions from a server switch.

From what you have shown so far, this is your only VLAN definitions (other than the default VLAN 1 of course):

vlan 2 name MAIL
vlan 3 name WWW

There is no VLAN 4 defined.

So on both switches, type 'Show VLAN' and it will display the vlan definitions it knows about. On the server, if you assign a port to a non-existent vlan, the vlan will be automatically created.
But a client switch has a read-only copy of the VLAN definition, therefore it cannot auto-create vlans. Define the VLAN on the server, let it propogate to the client, then assign the ports to the new VLAN on the client.

By the way, this is very likely to be a test question.

pr3d4t0r

Νο, u didn't understand my question.

Assuming

I have 2 switches, 1 Server - 1 Client.

Port fa 0/1 on the server sw is part of VLAN 2

Port fa 0/2 on the server sw is part of VLAN 3

AND THERE IS VLAN 4 BUT WITH NO PORT ASSIGNMENT IN ANY SWITCH.

As i saw in the boson netsim when i did the above conf, and then issued show vlan IN THE CLIENT SWITCH i got this :

VLAN 2 int fa0/1

VLAN 3 int fa0/2

VLAN 4

Here is the question : when i went to the client switch and tried to assign port fa 0/2 in VLAN 4, i got nothing. Why is that ?

Danman32

Well, now that you've shown that the client does indeed know about a definition for VLAN 4, that could be a bug in the sim.

That's assuming that '4' is the vlan ID and not the label/name with a different ID.
Does fa 0/2 show itself to be a member of ANY vlan? It should default to VLAN ID #1.

pr3d4t0r

Danman32 wrote:

Well, now that you've shown that the client does indeed know about a definition for VLAN 4, that could be a bug in the sim.

That's assuming that '4' is the vlan ID and not the label/name with a different ID.
Does fa 0/2 show itself to be a member of ANY vlan? It should default to VLAN ID #1.

It is part of vlan 3 / server switch side

In the client switch port fa0/2 cannot beeing assigned to vlan 4, maybe is a bug of netsim. But testing some things, i see that if i change the client mode to server mode, so now i have 2 server switches. Create Vlan 4 on the 2nd server switch and then assing port fa 0/2 in the VLAN 4, it automatically dissapear from the 1st server switch and VLAN 3...dunno..

Danman32

pr3d4t0r wrote:

Danman32 wrote:

Well, now that you've shown that the client does indeed know about a definition for VLAN 4, that could be a bug in the sim.

That's assuming that '4' is the vlan ID and not the label/name with a different ID.
Does fa 0/2 show itself to be a member of ANY vlan? It should default to VLAN ID #1.

It is part of vlan 3 / server switch side

In the client switch port fa0/2 cannot beeing assigned to vlan 4, maybe is a bug of netsim. But testing some things, i see that if i change the client mode to server mode, so now i have 2 server switches. Create Vlan 4 on the 2nd server switch and then assing port fa 0/2 in the VLAN 4, it automatically dissapear from the 1st server switch and VLAN 3...dunno..

A port can only be on one physical switch as a port is a physical device. We ARE talking about a port on the client switch, are we not?
Now a VLAN definition is a logical thing, and can (and does) populate to all switches. Then you assign a physical port to a logical VLAN.

So, if you assign a port on switch 2, it cannot show up on switch 1. Switch 1 has its own set of switches, many of which will share the same label name.

You didn't need to create VLAN 4 on switch 2, you already have shown that it exists, assuming both switches are in the same VTP domain. When you made switch 2 be a server type, then it too can edit the VLAN definitions, which in turn would be passed to all the other switches in the same VTP domain.
But VLAN port assignments are local to the switch.

pr3d4t0r

In the client switch when i issue a show vlan command it shows me also the ports assigned from the vtp server switch in VLAN 2 and VLAN 3.

When u use a VTP SERVER-CLIENT architecture, all VLANS from Server are broadcast to clients as advertisements so all clients share the same config.

At the server switch, when i assign a port to a VLAN 2 for example, is that advertised to clients ? In Boson Netsim when i assign a port to the server switch lets say fa0/2 to VLAN 2 and then issue a show vlan command to a CLIENT switch. i see :

VLAN 1 fa0/1,fa0/3...

VLAN 2 fa0/2

Is this correct ? it has automatically assign clients fa0/2 to be part of vlan 2 although i haven't issued any command to client switch ?

Danman32

The VLAN definition yes. The port assignments, no. Port assignments are supposed to be individual to the switch. Otherwise, how do you distinguishe fa 0/0 from switch 1 with fa 0/0 from switch 2?

But then, what model switch are we talking about?

pr3d4t0r

That's my point man. Boson netsim seems to have a different opinion about this

The switch is a 2950.

Danman32

And it is possible that I could be wrong about reporting VLAN port assignments. It may somehow display VLAN assignments of ports from other switches, but it would have to distinguish it somehow. But I am certain that you assign the port at the switch the port physically exists on.

So I do believe it is a bug. A serious bug at that.

Danman32

Here's another question: do you have trunking between the 2 switches, or do you have individual links for the individual VLANs between the switches?

If you don't have either, you still should be able to define the VLANs and assign the ports on both switches, but a particular VLAN on one switch won't be able to forward a frame to the same VLAN on the other switch.
Remember, a VLAN on a physical switch is much like a virtual switch within that switch.

pr3d4t0r

Yes, there is a trunk link between the switches.