Need help adding device to new vlan

Discussion in 'Cisco' started by pfisterfarm, Feb 6, 2009.

  1. pfisterfarm

    pfisterfarm Guest

    I need some help adding a device to an existing, recently created
    vlan.

    Here is the fragment of our network:

    [core 4507] -> [8540] -> [3550] -> [1230 WAP]

    [configuration excerpts are below]

    The 1230 access point described is attached to our network, and is
    functioning properly. Recently, I tried to add another 3550 (in
    another part of the building), and a 1230 access point, copying the
    first configuration as the model. The vlan 99 (the user workstations)
    worked right away, but vlan 199 (the wireless access points) I cannot
    get working.

    I can still get to the first access point, but am having trouble with
    the new one:

    - it's unreachable when connected to the new switch, but I can get to
    it when connected to the first switch
    - I can get to the vlan 199 default gateway from the new switch, and
    can get to the first access point from the new switch, but I can't get
    to the new access point, even when logged into the new switch.
    - If I assign an ip address to the vlan 199 interface, I can get to
    the new access point from the new switch, but then I can't get to the
    vlan's default gateway or to the first access point.

    Can someone help me find where the problem is? Do I need to allow vlan
    1 on the interface on the core 4507?

    Thanks for your help!

    --Steve

    Here are configuration fragments of each:

    4507 (vtp server, domain ADM_VTP):
    ----------------------------------

    interface GigabitEthernet1/1
    description Trunk to 8540
    switchport trunk encapsulation dot1q
    switchport trunk allowed vlan 40,51,99,199,997,998
    switchport mode trunk
    switchport nonegotiate
    no logging event link-status
    qos trust dscp
    tx-queue 3
    priority high
    !
    interface Vlan199
    description ADM WLAN Management
    ip address 192.168.199.1 255.255.255.0
    ip helper-address 10.99.20.62
    no ip redirects
    no ip unreachables
    no ip proxy-arp
    no ip mroute-cache
    end

    8540 (vtp client, domain ADM_VTP):
    ----------------------------------

    interface GigabitEthernet1/0/0
    description Fiber to 99-c45-clan1
    no ip address
    no ip redirects
    no ip proxy-arp
    no cdp enable
    !
    interface GigabitEthernet1/0/0.1
    description Native VLAN
    encapsulation dot1Q 1 native
    no ip redirects
    no ip proxy-arp
    !
    interface GigabitEthernet1/0/0.40
    description Security VLAN
    encapsulation dot1Q 40
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 40
    !
    interface GigabitEthernet1/0/0.51
    description Voice Network
    encapsulation dot1Q 51
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 51
    !
    interface GigabitEthernet1/0/0.99
    description ADM LAN Access VLAN
    encapsulation dot1Q 99
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 99
    !
    interface GigabitEthernet1/0/0.199
    description Admin WLAN Management
    encapsulation dot1Q 199
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 199
    !
    interface GigabitEthernet1/0/0.997
    description ADM IVDL
    encapsulation dot1Q 997
    no ip redirects
    no ip proxy-arp
    bridge-group 97
    !
    interface GigabitEthernet1/0/0.998
    description Admin WLAN
    encapsulation dot1Q 998
    no ip redirects
    no ip proxy-arp
    bridge-group 98
    !
    interface GigabitEthernet1/0/2
    description Fiber to 3550
    no ip address
    no ip redirects
    no ip proxy-arp
    no cdp enable
    !
    interface GigabitEthernet1/0/2.1
    description Native VLAN
    encapsulation dot1Q 1 native
    no ip redirects
    no ip proxy-arp
    !
    interface GigabitEthernet1/0/2.99
    description ADM LAN Access VLAN
    encapsulation dot1Q 99
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 99
    !
    interface GigabitEthernet1/0/2.199
    description Admin WLAN Management
    encapsulation dot1Q 199
    no ip redirects
    no ip proxy-arp
    bridge-group 199
    !
    interface GigabitEthernet1/0/2.998
    description Admin WLAN
    encapsulation dot1Q 998
    no ip redirects
    no ip proxy-arp
    bridge-group 98
    !
    interface BVI199
    description Admin WLAN Management
    ip address 192.168.199.2 255.255.255.0
    end

    3550 (vtp client, domain ADM_VTP):
    ---------------------------------

    interface GigabitEthernet0/1
    description to 99-c85-catm1
    switchport trunk encapsulation dot1q
    switchport mode trunk
    no ip address
    !
    interface GigabitEthernet0/2
    switchport mode dynamic desirable
    no ip address
    shutdown
    !
    interface Vlan1
    no ip address
    no ip route-cache
    !
    interface Vlan99
    ip address 10.99.20.211 255.255.248.0
    no ip route-cache
    ntp broadcast client
    !
    interface Vlan199
    no ip address
    !
    interface FastEthernet0/38
    description to 1230 WAP
    switchport access vlan 199
    switchport trunk encapsulation dot1q
    switchport mode trunk
    no ip address
    no snmp trap link-status
    storm-control broadcast level 1.00
    storm-control multicast level 2.00
    storm-control unicast level 5.00
    end
     
    pfisterfarm, Feb 6, 2009
    #1
    1. Advertising

  2. pfisterfarm

    Thrill5 Guest

    "pfisterfarm" <> wrote in message
    news:...
    >I need some help adding a device to an existing, recently created
    > vlan.
    >
    > Here is the fragment of our network:
    >
    > [core 4507] -> [8540] -> [3550] -> [1230 WAP]
    >
    > [configuration excerpts are below]
    >
    > The 1230 access point described is attached to our network, and is
    > functioning properly. Recently, I tried to add another 3550 (in
    > another part of the building), and a 1230 access point, copying the
    > first configuration as the model. The vlan 99 (the user workstations)
    > worked right away, but vlan 199 (the wireless access points) I cannot
    > get working.
    >
    > I can still get to the first access point, but am having trouble with
    > the new one:
    >
    > - it's unreachable when connected to the new switch, but I can get to
    > it when connected to the first switch
    > - I can get to the vlan 199 default gateway from the new switch, and
    > can get to the first access point from the new switch, but I can't get
    > to the new access point, even when logged into the new switch.
    > - If I assign an ip address to the vlan 199 interface, I can get to
    > the new access point from the new switch, but then I can't get to the
    > vlan's default gateway or to the first access point.
    >
    > Can someone help me find where the problem is? Do I need to allow vlan
    > 1 on the interface on the core 4507?
    >
    > Thanks for your help!
    >
    > --Steve
    >
    > Here are configuration fragments of each:
    >
    > 4507 (vtp server, domain ADM_VTP):
    > ----------------------------------
    >
    > interface GigabitEthernet1/1
    > description Trunk to 8540
    > switchport trunk encapsulation dot1q
    > switchport trunk allowed vlan 40,51,99,199,997,998
    > switchport mode trunk
    > switchport nonegotiate
    > no logging event link-status
    > qos trust dscp
    > tx-queue 3
    > priority high
    > !
    > interface Vlan199
    > description ADM WLAN Management
    > ip address 192.168.199.1 255.255.255.0
    > ip helper-address 10.99.20.62
    > no ip redirects
    > no ip unreachables
    > no ip proxy-arp
    > no ip mroute-cache
    > end
    >
    > 8540 (vtp client, domain ADM_VTP):
    > ----------------------------------
    >
    > interface GigabitEthernet1/0/0
    > description Fiber to 99-c45-clan1
    > no ip address
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > !
    > interface GigabitEthernet1/0/0.1
    > description Native VLAN
    > encapsulation dot1Q 1 native
    > no ip redirects
    > no ip proxy-arp
    > !
    > interface GigabitEthernet1/0/0.40
    > description Security VLAN
    > encapsulation dot1Q 40
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > bridge-group 40
    > !
    > interface GigabitEthernet1/0/0.51
    > description Voice Network
    > encapsulation dot1Q 51
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > bridge-group 51
    > !
    > interface GigabitEthernet1/0/0.99
    > description ADM LAN Access VLAN
    > encapsulation dot1Q 99
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > bridge-group 99
    > !
    > interface GigabitEthernet1/0/0.199
    > description Admin WLAN Management
    > encapsulation dot1Q 199
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > bridge-group 199
    > !
    > interface GigabitEthernet1/0/0.997
    > description ADM IVDL
    > encapsulation dot1Q 997
    > no ip redirects
    > no ip proxy-arp
    > bridge-group 97
    > !
    > interface GigabitEthernet1/0/0.998
    > description Admin WLAN
    > encapsulation dot1Q 998
    > no ip redirects
    > no ip proxy-arp
    > bridge-group 98
    > !
    > interface GigabitEthernet1/0/2
    > description Fiber to 3550
    > no ip address
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > !
    > interface GigabitEthernet1/0/2.1
    > description Native VLAN
    > encapsulation dot1Q 1 native
    > no ip redirects
    > no ip proxy-arp
    > !
    > interface GigabitEthernet1/0/2.99
    > description ADM LAN Access VLAN
    > encapsulation dot1Q 99
    > no ip redirects
    > no ip proxy-arp
    > no cdp enable
    > bridge-group 99
    > !
    > interface GigabitEthernet1/0/2.199
    > description Admin WLAN Management
    > encapsulation dot1Q 199
    > no ip redirects
    > no ip proxy-arp
    > bridge-group 199
    > !
    > interface GigabitEthernet1/0/2.998
    > description Admin WLAN
    > encapsulation dot1Q 998
    > no ip redirects
    > no ip proxy-arp
    > bridge-group 98
    > !
    > interface BVI199
    > description Admin WLAN Management
    > ip address 192.168.199.2 255.255.255.0
    > end
    >
    > 3550 (vtp client, domain ADM_VTP):
    > ---------------------------------
    >
    > interface GigabitEthernet0/1
    > description to 99-c85-catm1
    > switchport trunk encapsulation dot1q
    > switchport mode trunk
    > no ip address
    > !
    > interface GigabitEthernet0/2
    > switchport mode dynamic desirable
    > no ip address
    > shutdown
    > !
    > interface Vlan1
    > no ip address
    > no ip route-cache
    > !
    > interface Vlan99
    > ip address 10.99.20.211 255.255.248.0
    > no ip route-cache
    > ntp broadcast client
    > !
    > interface Vlan199
    > no ip address
    > !
    > interface FastEthernet0/38
    > description to 1230 WAP
    > switchport access vlan 199
    > switchport trunk encapsulation dot1q
    > switchport mode trunk
    > no ip address
    > no snmp trap link-status
    > storm-control broadcast level 1.00
    > storm-control multicast level 2.00
    > storm-control unicast level 5.00
    > end
    >


    All of your configurations are confusing because you are defining dot1Q
    subinterfaces on the 8540 and then using bridge-groups instead of defining
    VLAN interfaces and then setting up the connections to the 3550 as trunks.
    This would be much simpler design and easier to diagnose.

    First off, you need to make sure that VLAN 199 is defined on the new 3550
    (as a vlan i.e. "show vlan") as opposed to a VLAN interface. A VLAN
    interface is a Layer 3 interface and does not define a corresponding Layer
    2. Since you are using dot1Q interfaces instead of trunks, VTP will not
    work to automatically create layer 2 vlans on your attached switches. To
    create a layer 2 vlan you need to enter the command

    vlan 199
    name "bla bla bla"

    You then need to make sure that the vlan is connected via layer 2 to the
    new 3550. With dot1Q interfaces I have no idea how "trunk" this vlan more
    than one switch from the 8540.
     
    Thrill5, Feb 7, 2009
    #2
    1. Advertising

  3. pfisterfarm

    pfisterfarm Guest

    > All of your configurations are confusing because you are defining dot1Q
    > subinterfaces on the 8540


    Yes, that is confusing. I'm not sure why that was done. I "inherited"
    the configs this way, and haven't been able to change it.

    > First off, you need to make sure that VLAN 199 is defined on the new 3550


    Yes, it is (layer 2 and layer 3). I'm using vlan 99 on the same
    switches and it's working fine everywhere. Vlan 99 was here already,
    and vlan 199 is something I created myself in recent months.

    > You then need to make sure that the vlan is connected via layer 2  to the
    > new 3550.  


    I think it should be...how would I check?

    Thanks!

    --Steve
     
    pfisterfarm, Feb 9, 2009
    #3
  4. pfisterfarm

    pfisterfarm Guest

    On Feb 9, 8:57 am, pfisterfarm <> wrote:
    > > All of your configurations are confusing because you are defining dot1Q
    > > subinterfaces on the 8540

    >
    > Yes, that is confusing.


    To add to the confusion, I've noticed that I've left some of the 8540
    confg out. The connections that are relevant are:

    1/0/0 -> goes to 4507
    1/0/2 -> goes to old 3550 with working vlan 199
    0/0/0 -> goes to new 3550 with non-working vlan 199

    The config for 0/0/0 is similar to the config for 1/0/2:

    interface GigabitEthernet0/0/0
    description Fiber to new 3550
    no ip address
    no ip redirects
    no ip proxy-arp
    no cdp enable
    !
    interface GigabitEthernet0/0/0.1
    description Native VLAN
    encapsulation dot1Q 1 native
    no ip redirects
    no ip proxy-arp
    !
    interface GigabitEthernet0/0/0.99
    description ADM LAN Access VLAN
    encapsulation dot1Q 99
    no ip redirects
    no ip proxy-arp
    no cdp enable
    bridge-group 99
    !
    interface GigabitEthernet0/0/0.199
    description Admin WLAN Management
    encapsulation dot1Q 199
    no ip redirects
    no ip proxy-arp
    bridge-group 199
    !
    interface GigabitEthernet0/0/0.998
    description Admin WLAN
    encapsulation dot1Q 998
    no ip redirects
    no ip proxy-arp
    bridge-group 98

    Thanks!
     
    pfisterfarm, Feb 9, 2009
    #4
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Oli
    Replies:
    3
    Views:
    907
  2. v8rulezmore
    Replies:
    2
    Views:
    5,534
    Geert
    May 1, 2004
  3. v8rulezmore
    Replies:
    0
    Views:
    806
    v8rulezmore
    Apr 30, 2004
  4. Chuck
    Replies:
    2
    Views:
    10,482
    Chuck
    Oct 7, 2005
  5. echelon1

    adding vlan to portchannel

    echelon1, Jan 18, 2009, in forum: Cisco
    Replies:
    1
    Views:
    3,303
    echelon1
    Jan 20, 2009
Loading...

Share This Page