Re: VLAN Issues

nsnoonan · ‎06-26-2008

I'm having some trouble setting up a new vlan on our existing network.

Our current infrastructure:

primary 3500yl
secondary 3500yl
2 2650s
1 2610
1 2608
1 (and potentially up to 5) 1800

I'd like a fully functional (can go in and out) VLAN on vlan 10. All other vlans are currently working correctly. Here are some of my configs:

-------------------------
hostname "3500yl-Primary"
time timezone -360
time daylight-time-rule Continental-US-and-Canada
sntp server 192.5.41.40
sntp server 192.5.41.41
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "ServerVLAN"
untagged 1-7,9-18,20,48
ip address 192.168.1.1 255.255.255.0
no untagged 8,19,21-47
exit
vlan 2
name "ClientVLAN"
untagged 19,21-39,42-46
ip address 192.168.2.1 255.255.255.0
tagged 48
exit
vlan 11
name "PhoneVLAN"
untagged 8
ip address 192.168.11.1 255.255.255.0
tagged 1-7,9-48
exit
vlan 1000
name "InternetVLAN"
untagged 47
ip helper-address 192.168.2.101
ip address 192.168.0.1 255.255.255.0
tagged 48
exit
vlan 10
name "VideoVLAN"
untagged 41
ip address 192.168.10.1 255.255.255.0
exit
mirror 1 remote ip 192.168.11.1 40000 192.168.11.2
ip route 0.0.0.0 0.0.0.0 192.168.0.254
ip route 192.168.10.0 255.255.255.0 192.168.10.1
ip ssh
router vrrp
vlan 1
vrrp vrid 1
owner
virtual-ip-address 192.168.1.1 255.255.255.0
priority 255
enable
exit
vrrp vrid 10
exit
exit
vlan 2
vrrp vrid 2
owner
virtual-ip-address 192.168.2.1 255.255.255.0
priority 255
enable
exit
exit
vlan 10
vrrp vrid 10
owner
virtual-ip-address 192.168.10.1 255.255.255.0
primary-ip-address 192.168.10.1
priority 255
enable
exit
exit
vlan 11
monitor all Both mirror 1
vrrp vrid 11
owner
virtual-ip-address 192.168.11.1 255.255.255.0
priority 255
enable
exit
exit
vlan 1000
vrrp vrid 100
owner
virtual-ip-address 192.168.0.1 255.255.255.0
priority 255
enable
exit
exit
----------------
hostname "3500yl-Secondary"
time daylight-time-rule Continental-US-and-Canada
sntp server 192.5.41.40
sntp server 192.5.41.41
ip routing
snmp-server community "public" Unrestricted
vlan 1
name "ServerVLAN"
untagged 48
ip address 192.168.1.2 255.255.255.0
no untagged 1-47
exit
vlan 2
name "ClientVLAN"
untagged 3-46
ip address 192.168.2.2 255.255.255.0
tagged 48
exit
vlan 11
name "PhoneVLAN"
untagged 1-2
ip address 192.168.11.2 255.255.255.0
tagged 3-18,20-46,48
exit
vlan 1000
name "InternetVLAN"
untagged 47
ip helper-address 192.168.2.101
ip address 192.168.0.2 255.255.255.0
tagged 48
exit
vlan 10
name "VideoVLAN"
ip address 192.168.10.2 255.255.255.0
tagged 20
exit
mirror 1 port 2
mirror endpoint ip 192.168.11.1 40000 192.168.11.2 port 2
ip route 0.0.0.0 0.0.0.0 192.168.0.254
ip ssh
router vrrp
vlan 1
vrrp vrid 1
backup
virtual-ip-address 192.168.1.1 255.255.255.0
priority 120
enable
exit
exit
vlan 2
vrrp vrid 2
backup
virtual-ip-address 192.168.2.1 255.255.255.0
priority 120
enable
exit
exit
vlan 10
vrrp vrid 10
backup
virtual-ip-address 192.168.10.1 255.255.255.0
priority 120
enable
exit
exit
vlan 11
monitor all Both mirror 1
vrrp vrid 11
backup
virtual-ip-address 192.168.11.1 255.255.255.0
priority 120
enable
exit
exit
vlan 1000
vrrp vrid 100
backup
virtual-ip-address 192.168.0.1 255.255.255.0
priority 120
enable
exit
exit
--------------------
hostname "C&D-2610-24/12pwr"
ip default-gateway 192.168.2.1
sntp server 192.5.41.40
sntp server 192.5.41.41
snmp-server community "public" Unrestricted
vlan 1
name "DEFAULT_VLAN"
untagged 2-7,13-28
ip address 192.168.2.206 255.255.255.0
no untagged 1,8-12
exit
vlan 10
name "VLAN10"
untagged 1,8-12
no ip address
exit
password manager
-----------------------

The routing tables are the closest thing i've found that suggests anything is wrong (blackhole route?). Here are the primary and secondary "show ip route".

----------------------

(Primary) IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.0.254 1000 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.0.0/24 InternetVLAN 1000 connected 1 0
192.168.1.0/24 ServerVLAN 1 connected 1 0
192.168.2.0/24 ClientVLAN 2 connected 1 0
192.168.11.0/24 PhoneVLAN 11 connected 1 0

-------------------------

(Secondary) IP Route Entries

Destination Gateway VLAN Type Sub-Type Metric Dist.
------------------ --------------- ---- --------- ---------- ---------- -----
0.0.0.0/0 192.168.0.254 1000 static 1 1
127.0.0.0/8 reject static 0 0
127.0.0.1/32 lo0 connected 1 0
192.168.0.0/24 InternetVLAN 1000 connected 1 0
192.168.1.0/24 ServerVLAN 1 connected 1 0
192.168.2.0/24 ClientVLAN 2 connected 1 0
192.168.10.0/24 VideoVLAN 10 connected 1 0
192.168.10.1/32 blackhole static 1 1
192.168.11.0/24 PhoneVLAN 11 connected 1 0

Matt Hobbs · ‎06-26-2008

Make sure those ports for VLAN 10 are physically connected, also I would remove the line:

ip route 192.168.10.0 255.255.255.0 192.168.10.1

Ryan_G · ‎06-26-2008

You also dont have vlan 10 tagged on port 48 (which looks like your uplink to somewhere) as you do with the other vlans?

nsnoonan · ‎06-27-2008

Awesome, guys. Thanks, it works! I knew it was something simple...

Looks like I need to go re-study up on vlans :)

Thanks again!

Categories

Company

Local Language

Forums

Discussions

Forums

Discussions

Discussions

Forums

Discussions

Forums

Discussions

Forums

Forums

Discussions

Forums

Discussions

Forums

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Discussion Boards

Community

Resources

Other HPE Sites

Discussions

Forums

Blogs

Re: VLAN Issues

VLAN Issues

Re: VLAN Issues

Re: VLAN Issues

Re: VLAN Issues