Cisco Switching/Routing :: Hosts Can't Reach Each Other In Same VLAN In 3560G
Nov 19, 2012
We have recently started as Internet service provider in an open metropolitan.
We use a Cisco 3560G Layer 3 switch, where we have all our vlan where we have konfiguerat ex. Switch (config) # interface vlan 150, an interface for each VLAN capabilities such as int vlan 1 - 10/10 int vlan 2 to 30/10, int vlan 3 100/10 and so on.
Our int vlan is configured as follows:
dhcp relay information trusted
ip address <x.x.x.x> <x.x.x.x>
ip helper-address <x.x.x.x>
Ports (ex. int Gigabit Ethernet 0/1) are configured as follows:
description Uplink
switchport access vlan x
[Code].....
Now the problem; we have a customer in ex. vlan 3 who needs to access a server provided by another customer in the same vlan (vlan 3), and access to each other in the same vlan is not possible. You can access the server from any other vlan, but when it comes to access to another host in the same vlan, you will not reach it.
We suspect that the energy company has configured with pvlan isolated. If we use the command ip local-proxy-arp on each vlan, it works to reach each other, but it seems that our 3560 becomes overloaded when ip local-proxy-arp is enabled and it streaming and use IP telephony it doesn't work. The response time at ping is longer and the loss of packets increase with ip local-proxy-arp enabled. The other operators in the metropolitan also uses Cisco 3560G so the hardware should be sufficient.
We have also tried to add no split-horizon, but it made no difference. How do we get around this without negative consequences? Probably need something that makes you allow to send out the same interface that it came from, because it works as long as you are in another vlan.
Since two weeks I have a problem with the VLANs who I started to configure. I hope together we find the way.I have 5 VLANS configured in a CISCO 3560G switch. In my windows server 2003 I configured DHCP scope for each VLAN.One of the requirement to connect vlans each other is to put the IP of each vlan as gateway in the clients.So, how can I do to access to internet?. The ip of my Firewall are in one of the VLAN´s.When the configuration of the LAN only had one DHCP scope the gateway was the ip of my firewall. But now i don´t know how to configure the DHCP server, or the firewall, or the switch, or all of them To get access to internet.
I'm trying to set up per vlan routing on a 3560G switch but it's not performing as I would expect. I've got a server on the 109 vlan with a 10.1.9.100 address and a default gateway of 10.1.9.1 this address is an HSRP gateway and currently resides on 10.1.9.7. When I traceroute through to my user PC on the internal network it receives a response from 10.1.9.7 However, it is then denied by an ACL on the internal firewall which has been applied to interface Eth0/0. It should arrive at the firewall on Eth0/2.109 as it has the 10.1.9.4 address.
My goal here is to route traffic on the 101 vlan to a seperate interface on the internal firewall from 109 vlan traffic. I'm either doing something wrong or these routing commands aren't designed to work in the way I'm expecting (I couldn't find any documentation on the ip route command where it is followed by different gateways for different vlans)
I've a big problem with a loss of packets ICMP sent by different hosts in differents VLAN. Here my architecture:
Core Switch : 2 Switch's C6509 (Version 15.0 (1) SY1)- Mode VSS - One lien VSL , the other link is defective.Access Switch: C3750 , Connected to Core Switch through 2 fibre optique wires.Topology: redundant ring
When I send consecutive ping message I found always a missing of packets . Furthermore When I insert the "show ip traffic" command., the parameter "bad hop count" increase after a loss of packets. I've 2 hosts connected in my network and they send packets with TTL =127.
In the Core Switch I haven't configured the MEC because it gave me troubles with the packets multicast.
I have a multiple Offices in my location , all my external users are connecting my site using Cisco Client to site VPN and accessing my 2 sites , All users are able to access my 2nd office servers which are in 10.10.0.x pool , I have a different vlan in that same location with 10.10.35.x series and users are not able to access this pool servers , I am not much familiar with Routing . i am using ASA 5520 firewall .
I am able to reach VPN clients (Anyconnect) only from hosts directly connected to the ASA's inside interface subnet. However, hosts on other internal subnets (177.1.10.0 & 177.1.11.0) are unable to connect to clients on VPN. The ASA is running ver 8.4. [code]
The Linux Router and the 1811 have formed a PIM neighbor relationship. The multicast listener sends an IGMP Join and I can see the PIM join leave the 1811 router (via "debug ip pim"). Using tcpdump on my linux router I never see the Join come in, but I can see the PIM Hellos (which is why the neighbor relationship formed).
I have a 3560G switch with c3560-advipservicesk9-mz.122-46.SE and 2 routers. The switch has vlans defined. I want to route all traffic on vlan 25 out of one of the routers exclusively. Here is what I have attempted:
-Set the SDM template to routing & reload -Define an access-list for the v lan traffic -Define the route-map -Apply the route-map to the vlan interface
When I attempt the last step I receive the following syslog error:
%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map RM_IMDGuest not supported for Policy-Based Routing
Also, the route-map is removed from the vlan interface after this error is thrown. Im 99% confident that PBR is supported on this switch (am I wrong?). Here is the relevant show output:...
access-list 125 permit ip 192.168.25.0 0.0.0.255 any route-map RM_IMDGuest permit 10 match ip address 125 set ip next-hop 192.168.5.3 [code]....
I was assigned a task to connect two locations through a L2 VPN, The infrastructure which i have are...
Fortigate 80 C firewall at Location A CISCO 3560G at Location A CISCO 3750G at Location B 2 MBPS Leased Line connecting two locations. T1 line at Location A.
The requirements are as follows..
Both locations should be in the same ip range (ex 10.80.71.1/24) Internet for Location B should be from Location A, both locations should talk to each other.
I'm running into what seems a basic ip routing config problem with a Catalyst 3750 (IP Base) switch. I have several VLANS configured on the switch with IP routing enabled, and the switch is connected to the inside interace of a new ASA 5520 as follows:
ASA5520 IP (Default gateway): 192.168.1.1Switchport Gi1/0/1 is configured as a routed port, IP address 192.168.1.3 255.255.255.0Example VLAN is VLAN 100, IP address 192.168.100.1 255.255.252.0 From the switch CLI, I can ping all VLAN addresses, as well as the ASA5520, and the client laptop I'm testing with from VLAN 100.
From the client laptop on VLAN 100, I can ping all switch interface and VLAN addresses (inter-VLAN routing is working), including 192.168.1.3, but I CANNOT ping the default gateway at 192.168.1.1.
Here is the relevant configuration information on the 3750:
! no aaa new-model switch 1 provision ws-c3750x-24 system mtu routing 1500
We have 2 catalyst 3560g-48-PoE protected by a 1000Va 800Watt tripp-lite and I was cheking to see if that is really sufficient. Looking at the charts from Cisco suppport I would think I should have more, but have not had any issues with a few power outages
i facing problem with my switch cisco 3560G, when it power on only System light is green and noting happen. i check with serial cable ( Console) but noting happen no booting.
I have 3560g with 15.0(2)SE2 version. I try to give different default gateways for different interfaces.I've already changed the sdm, run "ip routing" and made interest interfaces in "no switchport" with ip addresses.
my route-map is " route-map ABC permit 10 set ip next-hop 192.168.77.3"
and it is applied on the interface with "ip policy route-map ABC" but when I try to apply it says "%PLATFORM_PBR-3-UNSUPPORTED_RMAP: Route-map ABC not supported for Policy-Based Routing" everything is fine if I change from "set ip default next-hop" to "set ip next-hop" but it is not I need in the guide of the version it is said this statement is not in unsupported list of route-map commands.[URL]
I have a WS-C3560G-24TS-S running 12.2(50)SE5 with IPBASE. I have been told that the functionality i seek (multicasting) is only available in the IPSERVICES version of the software. I was reading up on upgrading and saw that i needed to do a show license and get the UID and Serial number and get a license that is tied to my box. But the show license command doesnt work wtih my box. i then found something that said that the 3560's were special in that way. Im not sure how to get this box upgraded. I have a different 3560 running the IPSERVICES elsewhere in my organization. Can i take the IOS Version and update my switch to that?
We currently have two 5548UP and two 2232PP switches running on 5.1(3)N2(1a) and the plan is to connect our old 3560G switches to 2232 PP using enhanced Vpc.
I enabled spanning tree bpdufilter on the 2232 PP ports so that we can connect switches to them but VTP is not working on those ports. Is there anything that needs to be done on the HIFs for VTP to work.Does VTP depends on BPDUs? Does enabling Bpdufilter affects VTP?
We have a problem with the throughput over etherchannel in LACP with 2 or 4 ports. It is iSCSI traffic (vmware esxi 4.1 U3) is going from 2 separate NICs (ports) to the etherchannel (with 2 or 4 ports) that has a SAN connected (Nexenta).
The SAN is configured in passive LACP and the switch is in active LACP. Actually it does not matter if we do LACP or just MODE ON, still same result: ~1GBit/s throughtput in either direction. Like already mentioned, 2 or 4 ports in the etherchannel make no difference, or the configuration of the etherchannel.
I will post some config data below, but here is the question: Why can't we see traffic beyond 1GBit/s? Source and destination are capable of doing much more than that (vmware esxi RAID 5 of 1TB SATA; SAN 16 x 1TB NL-SAS). If we look with CNA, we can see that the traffic is balanced equally over the etherchannel ports. With or without QOS or flowcontrol, no difference. This whole traffic happenes on this switch.
We have a Catalyst 3560G 24 port POE switch. It's been running fine for 1+ years. A few weeks ago we enabled SPAN on it to capture packets. Today, we had a random spike in CPU on the switch. Seems hardware swithing continued to work fine, but software based processes choked and effectively took down EIGRP, HSRP, etc. We collect syslogs from the router and we saw 2 crashes/reboots. Both showed the exact same error both times, with the same hex values. I **believe** the CPU usage dropped when a tech disconneted the SPAN port and it's state changed to down, but I'm not 100% sure.Could this indicate an IOS bug (I'm hoping it's not a hardware failure)? And, how to track this down to see if this could be related to SPAN? I've disabled SPAN for now.
I currently have a 3560G switch running c3560-ipservicesk9-mz.122-58.SE2 I have a spare 3560 V2 switch I want to configure and have ready in case of a failure. This spare switch is running c3560-ipbasek9-mz.122-55.SE5 My plan was to pull the IOS image from the current switch and upload it to the spare that way I have an "idnetical" switch. From what I have read, there are some feature differences between "ipbase" and "ipservices". However, when I run the show license command on the production switch, I get an unrecongnized command error. So that throws into my confusion as if its running an ipservices image, shouldn't it have a license file?
on IOS versions higher than 12.2(50) on Cisco 3560G-48TS I get this error/traceback, when I reach a certain number of Access-lists group'ed to "interface vlan", and the ACL inserted in the TCAM reaches acl label #128 (can be seen with : Show platform acl label 128)I can see errors in the TCAM if I issue the command
How do i enable InterVLAN MultiCasting. I have a WS-C3560G-24TS as my core switch and it does InterVLAN Routing. I have a Server VLAN (70) and Workstation VLAN (71). I have a server that i have set up to deploy images to computers. Up to this point i have only done one computer at a time, so unicasting was ok. I would like to be able to Multicast to multiple computers, but am unsure what i need to do on the switch (if anything) to enable this.
We are seeing some high output drops on our 3560G's and I'm wondering if there is anything I can do to solve this, or should I just be looking at an upgrade.I do not have qos enabled:
do-rs-ah-3560g#show mls qos QoS is disabled QoS ip packet dscp rewrite is enabled
I don't have anything special configured apart from some trunk ports, otherwise its mostly defaults.Should I enable qos and tweak the buffering?
We have two 3560G-TS-E running 12.2(35)se2, configured as HSRP. Both are running ntp config "ntp peer 210.72.145.44" and it's pretty well that they get the correct time. Yesterday I upgraded the second device to IOS 12.2(58)se2 and ntp doesn't work now. I checked doc that 12.2(58)se2 runs ntp default version 4 so I change to "ntp peer 210.72.145.44 version 3" but still not work. I put here "show ntp" result for different IOS.
IOS 12.2(35) SW01>show ntp status Clock is synchronized, stratum 2, reference is 210.72.145.44 nominal freq is 119.2092 Hz, actual freq is 119.2022 Hz, precision is 2**18 reference time is D2EF12A5.2EB2DCB2 (15:07:17.182 GMT Wed Feb 22 2012) clock offset is -4.6616 msec, root delay is 57.50 msec
My question is wrt policy-based routing on my network. Our switch is a 3560G 24PS running Adv Ip Services image. It is connected to an 1841 and an 1811 each with a dual-wan connection . The 3560 defines 6 vlans and we are using PBR to route some vlans via the 1841 and some vlans via the 1811.
From a client on one vlan a traceroute to a client on another vlan goes through the 1811 before being routed back to the 3560. Is it possible to use PBR to detect traffic that is destined for another vlan on the same switch and then route it directly?
Not sure if this is a problem with the switch or the wireless AP connected to the switch, but I have a couple of 3560's, one is a 3560G and the other is a 3560, both have phones and wireless ap's connected to them. The ap's on both of these switches continue to loose there ip address and thus disconnect from the controller. This happens about once a week, but the odd thing is that the phones never loose there ip address. All of my other 3560s and 3560g's that have AP's and phones connected are working fine.
to resolve a problem with L2 etherchannel -when I add VLAN on Portchannel, this VLAN does not appear in config Members of this Po, so after reboot Portchannel does not work: "...and will be suspended (vlan mask is different)"
I try to simulate it on test switch in office, but problem does not appear! Both switch are Catalyst3560G with same IOS.
1. SW in real network segment:
Model revision number : D0 Motherboard revision number : B0 [Code]...
I have three VLANS set up on my Catalyst 3560G switch. Each VLAN has its own subnet and I have enabled IP routing and set up my VLANS so that clients on VLANS 1 and 3 can get to VLAN 2 because they share a server located on VLAN 2. However, now they can also see and get to each others VLANS! How I can allow my clients on VLANS 1 and 3 access a server on VLAN 2 but not access the other VLANS? I don't want VLAN 1 to get to VLAN 3 or VLAN 3 to get to VLAN 1.
I have a cisco 2851 router as the edge router, I have a 3750G and a 3560G switch and configured intervlan routing with four vlans, also connected to the switches a four servers and one has active directory and a dns server.i am able to ping from all te servers fine from different vlans and the servers are able to ping the edge router. the problem I am having is with DNS, in the edge router i have configured the isp's dns server address in ip name-server and i am able to reach the outside world.
the problem im having is the servers are not able to reach the outside, do i need to do something in the edge router to forward it to the 3750g or do i have to add my isp's dns servers on the 3750g with ip name-server.
I have this strange problem with my Macbook pro, when I connect it to my cisco 2940 8 port switch then I can reach my ISP (websites eg. google.com) in like 2 minuttes, then something is happening on my router, because suddenly I can´t reach my ISP
This is what I have found out so far:
1. when I lose connection to my ISP then I can only ping internal ip addresses eg. another computer in my network
2. if I renew my ip address on the Macbook then it works again in 2 minutts, then the same happens again. This is my network setup:
Router -> Switch 1 -> Switch 2
I also know that it is not the Macbook, because it have got a new motherboard, and it have been reinstalled also if I use the Macbook on a other network then it works fine.
All my other computers ( windows and linux ) works fine, no problems.
To me it looks like it is a Nat and/or DNS problem, but I can´t fine out what it is.
Configuring OSPF on a catalyst 3560G Switch to connect to our building next door by way of fiber. The other two switches in the other building are running OSPF, I am trying to connect to the other building and access a server which is on a switch running OSPF. I am trying to configure the switch here to run OSPF and be able to see the neighbor, but currently can't although I've identified the networks. Maybe I'm missing something, I've followed the instructions but something is not right.
We had some problems with 3560G-48PS-S switches and PoE for our phones. IOS is 12.2(50)SE3. There were some problems after power outage. The switches didn't reboot because we have two eletric circuits. But after the problems we had no PoE on all ports.
The switches logged to following syslog message:
%ILPOWER-3-CONTROLLER_PORT_ERR: Controller port error, Interface Gi0/17: Power Controller reports power supply VDD under voltage
I can't find any informations in the error message decoder for that. But there was another thread here with quiet the same message, but another problem regarding RPS2300.
After reloading the device all works fine again. The workaround with the commands "power inline never" and "power inline auto" I didn't know till today.
Some information about that syslog message?
My guess is that there was a voltage swing and the switch powered down its supply? Is that possible?
