Problems with VLAN...
Hello
I try to get a controller 2106 (latest firmware) and 3 1252 to our network access points. We have 3560 switches to base with a few VIRTUAL networks. I can put it all fine on its own with my laptop on the WAC himself, but connect it to a switch port in our server VLAN does work at all. Its not accessible via ping, telnet, HTTP.
I have for this kind of work. I created a switchport mode trunk and I ALSO HAD to TAG management/access point interfaces. It's the only way I can telnet/HTTP in to the WAC. BUT I can't do now within this server VLAN. I can't reach our client device, VLAN, or I can reach the WAC to our client VLAN. Even with the trunkport game, if I put the interfaces on the WAC to unlabeled, I can't do anything on the WAC at all! Any ideas what I'm missing?
Thank you
Make sure you have all the VLAN defined on the switch. Make sure all connections to the switch are attached to the trunk. Each vlan must also a layer 3 interface. management and the ap-Manager should be on the same vlan and the dot1q trunk port must be defined on vlan native x where X is the vlan, management and ap-Manager ip is on. On the WLC, you must set the tag of vlan '0' unidentified. Who should you get.
Place the access point on the same subnet as the management and the ap Manager and make sure that there is a for this subnet dhcp scope to the ap can obtain an ip address and be able to join the WLC. Then, you can move the access point to a different subnet if you wish.
Tags: Cisco Wireless
Similar Questions
-
Problem with VLAN between Cisco Catalyst (3560G) and SG300-52
I am having trouble with the creation of a trunk of vlan between a SG300-52 and a Cisco Catalyst 3560 G. I have 4 VLANS (1, 2, 10 and 11) on the 3650 and I need ports on the SG300 to be able to communicate with them.
On the 3560, port 14 is defined as:
interface GigabitEthernet0/14
switchport trunk encapsulation dot1q
switchport mode trunk
spanning tree portfast
On the Sg300 port 52 is defined as:
interface GigabitEthernet52
point to point link type spanningtree
switchport trunk allowed vlan add 1,2,10,11
description macro switch
Try to understand what the problem... Any help would be appreciated.
Thank you
Chris
Hi Chris, the first problem is the spanning tree portfast, it shouldn't be on an interconnection network switch. You may have a mismatch of vlan native as well, but that shouldn't matter.
A suggestion, however, the value of the port SG300 general mode and disable the input filter.
-Tom
Please mark replied messages useful -
2910al - 48G Switch: problem with the VLAN
Hi all,
I write a new message because I don't know what is happening on my SW series 2910al - 48G and v1910 - 48G.
I put on the main core SW VLAN 610 and I put to this VLAN IP addreess 100.110.10.1 24-bit etc and it worked fine until yesterday. I change only PLEASE and I enebale STP - loop protect for ports in the range 1-52. (now I rolback this settings as was before)
STP configuration
Now, every PC that has for a long time what IP range 100.110.10.1 24-bit works fine, but new PC have problem with to get the new IP address. I tested it add a static and same address does not work.
Introduced in second v1910 SW - 48 G VLAN as below
I connect this flexible switch this \port SW 2910 - G 48, 46 (Vlan 610 tag) <>- at v1910-48G\ port 50 SW (Vlan 610 tahgged) other ports on this switch I put not marked.
Configuration file for sw v1910 - 48G looks to below:
#
activate default domain system
#
LLDP enable#
domain system
disable the access limit
Active state
Disable Idle-cut
self-service-url disable#
rstp STP mode
enable STP
#
NULL0 interface
#
GigabitEthernet1/0/1 interface
hybrid type port link
port hybrid vlan tagged 610 620
untagged port hybrid vlan 1
#
interface GigabitEthernet1/0/2
access port vlan 610
#
interface GigabitEthernet1/0/3
access port vlan 610
#
interface GigabitEthernet1/0/4
access port vlan 610
#
interface GigabitEthernet1/0/5
access port vlan 610
#
interface GigabitEthernet1/0/6
access port vlan 610
#
interface GigabitEthernet1/0/7
access port vlan 610
#
interface GigabitEthernet1/0/8
access port vlan 610
#
interface GigabitEthernet1/0/9
access port vlan 610
#
interface GigabitEthernet1/0/10
access port vlan 610
##
interface GigabitEthernet1/0/49
hybrid type port link
port hybrid vlan tagged 610 620
port hybrid vlan 1 10 untagged
#
interface GigabitEthernet1/0/50
hybrid type port link
port hybrid vlan tagged 610 620
port hybrid vlan 1 10 untagged
#
interface GigabitEthernet1/0/51
hybrid type port link
port hybrid vlan tagged 610 620
untagged port hybrid vlan 1
#
interface GigabitEthernet1/0/52
hybrid type port link
port hybrid vlan tagged 610 620
untagged port hybrid vlan 1etc...
Could you help me when I made a mistake?
THX
The problem was that solve this problem.
I have blocked all ports. It was a problem. I change several settings and everything works well.
-
Problem with SG-200 and access point on VLAN
I'm having some problems with the configuration of VLANS on the SG-200 and the WiFi access point. The access point (a TP-Link WA801N) is able to access the internet when it is plugged into a port that is on the default VLAN (1 PVID). If I plug it into one of the other VLAN then all clients connected to WiFi to lose access to the internet and can not access on the local VIRTUAL network devices. I've used this configuration with a Cisco WAP4410N of first generation.
I'm not sure if it's something wrong with the way I configured the switch or a problem with the access point.
The setup I have is:
Modem/router ADSL (7800N billion)
|
-------------------Port 1--------------------
| |
| SG-200 08 |
| |
---3---port 8 - port
| |
Access point |
(TP-Link WA801N).
|
SF - 100 D
The port configurations are
Port Mode PVID membership
1 general 1 1U, 7U, 666U
2 general 1 1U, 7U, 666U
3 general 7 1U, 7U
4 General 7 1U, 7U
5 General 7 1U, 7U
6 General 7 1U, 7U
7 general 1U 666, 666U
8 General 1U 666, 666U
Iain,
You have virtual local networks put in place on your router? The subnets that you use on each vlan? The router will give DHCP for each vlan?
The SG200 isn't a fully managed layer 3 switch, it's just a "smart switch" so you can not actually be able to do simply only switch. A sg300 mode layer 3 would be able to do this because it is a fully managed switch.
If the router is configured with the VLAN, vlan 1 unidentified, the rest the tag, the router-> SG200 port is trunking and the others as access ports on their vlan respective. Once the router is configured, this video contributor forum albums and Cisco employee David Hornstein is very useful to correctly configure the switch.
Best,
David
Please evaluate the useful messages.
-
Problem with DHCP broadcast between VLAN
Hello
I trying to solve the lab that I set up, I have a problem with broadcast between VLANS with my DHCP. I looked around the vmware community to find my answer, but I did not who is right why I post here!
So here's my situation :
- ESX with 2 race of VM:
- An R2 of 2012 Windows running a DHCP server with a configured scope
- This virtual machine is assigned to the vmnic4 with the port VLAN 100 group
- A Windows 7, which I use as a customer
- This virtual machine is assigned to the vmnic4 with the port VLAN 110 group
- An R2 of 2012 Windows running a DHCP server with a configured scope
- Switch Cisco with a simple configuration:
interface FastEthernet0/1
Description LINK FOR ESX
switchport mode trunk
switchport nonegotiate
interface FastEthernet0/24
Description OF LINK ROUTER
switchport mode trunk
- Configuration of the Cisco "router on the stick:
interface FastEthernet0/0.100
encapsulation dot1q 100
10.1.1.254 IP address 255.255.255.0
interface FastEthernet0/0,110
encapsulation dot1q 110
IP 10.1.2.254 255.255.255.0
IP helper 10.1.1.0
The resolution of the problems that I did:
- Affecting the client static IP and that both virtual machine can ping each other
- Moving from the client to the same VLAN as DHCP server, and the DHCP server is to give the client an IP address.
- Sniffing the packet:
- I can see the client DHCPDiscover
- I can see the router with the command "debug ip dhcp server packet" package passed on the 10.1.1.0.
- I am not able to see the packets from the router to DHCP perspective
That's why I guess miss me something ESX configuration.
Thanks in advance for reading this post!
PS: I've linked a vswitch configuration screenshot
I think that you have configured an incorrect address of IP support, take a look at the following line:
IP helper 10.1.1.0
Your DCHP server is really 10.1.1.0? I think not, since 10.1.1.0 corresponds to the ID of the network 10.1.1.0/24 network.
- ESX with 2 race of VM:
-
VMware Distributed Switch with VLAN
Hi again,
A lot of work with VLAN now.
But just a quick Questions. Is there a documentation or HowTo Guides how to set up vSphare VMware Distributed Switch with several VLANS on a Switch GS724Tv4?
But soon, I try to add a host or network, it is empty.
This is probably an easy problem of VMware, but I try here first to see if someone has document guide HowTo so I can start with.
Thank you
Christian
Never mind about this,
I found the problem on my own, but perhaps a documentation would be great to have. But it's a good start to have the right license of VMware, before you start.
* I was just out of luck when I thought *.
/ Christian
-
Problems with config Small Business switch
Hi, I know that if I read the documentation I will come for answers, but I'd really like some input from someone with more knowledge than me. I have a problem with Cisco SF300, one of the Small Business switches. I have a single interface on my router and I need to separate my internal networks, I thought that one way would be to use VLANs. On my two internal networks a network has D-Link unmanaged switches, the other has the Cisco SF300 I did as follows.
On the Cisco Switch, all of the default ports for ports of junction. I changed FE1-FE24 and GE1-2 to access ports.
Created two VLAN and placed FE1-FE24 in VLAN10 (also my management VLAN), GE3 is a trunk Port for unidentified VLAN20, VLAN 20 uplinks to my DiLink switches. This way my unmanaged switches traffic arrives on a trunk on VLAN20 untagged port.
GE4 is a trunk port and I assigned to VLAN1 untagged, tag VLAN10 VLAN20 tag and. 10 of VLANS and VLAN 20 then to my router.
The plan was to connect GE4 to my router, but I had two things happen that I can't explain.
All first as soon as I connected my D-Link to GE3 LAN on VLAN20 came down, I couldn't ping servers from computers etc, all devices are connected to the D-links unmanaged. Secondly, the responsibilities of VLAN changed on GE3 GE4, VLAN 10 and 20 disappeared and only the VLAN by default was assigned, also under settings VLAN my state of interface VLAN for VLAN20 shows people with reduced mobility. One of my FE12 continues also to change VLAN access ports.
Can anyone offer any suggestions as to what might have crushed the LAN and why change my VLAN. I wrote my config running at startup configuration incidentally.
I added two screenshots.
Seriously, I'd appreciate the help.
Thank you
Bob
Hi Bob,
Could you please post a topology? I can help with this, but it would be much easier that I could see your network.
Thanks in advance,
Garrett
-
Having the problem with the function on SG300 Dhcp / 500?
Having the problem with the function on SG300 Dhcp / 500? now I can use the dhcp server on the two model, but have a problem.
My problem is when I create
VLAN 1: 192.168.0.1/24 dhcp pool 192.168.0.10 - 250
VLAN 10: 192.168.10.10 - 250 192.168.10.1/24 dhcp pool
case 1
I plug the pc to vlan 1 can I get ip 192.168.0.11. But when I change this pc to a new port in vlan 2 I always get the same ip address. why I can not get IP of vlan2.
case 1
I plug the pc to vlan 2 I can get ip 192.168.10.11. But when I change this pc to a new port in the vlan 1 I always get the same ip address. why I can not get IP of vlan1.
but when I have access to the switch and remove the link after that that i will get correct IP.
I think this is the bug of this firmware. Could you help this case.
This is a known bug that is the setting of Cisco
Sent by Cisco Support technique iPad App
-
Problem with the start of VMware ESXi 5.0
I just installed VMware ESXi 5.0 on a new Cisco UCS B200 series blade with two 300 GB hard drives configured in a RAID 1 mirror. I went through and completed the installation of VMware ESXi 5.0 on this server. When the installation is complete and the server restarted, he did not initiate the ESXi where I can change the IP address and VLAN. Instead, I get this text string after the initial boot sequence that is shown in the attachment. I have a guest who said Shell > do not know why I can not start correctly in ESXi 5.0. Thank you! Paul
Hi Paul,.
Looks like you boot to the EFI shell. What is the startup policy that you have configured on this server service profile? It should look like the one below. If there is a problem with the boot order, you should be able to type "EXIT", then enter on the EFI shell to exit the prompt. If your startup is similar to the one below and you still experience this issue, try to downgrade and re - ack the blade.
Let me know if it helps.
-
problem with the ports of the two SLM2048
Hello:
I have a problem with two models of SLM2048.
I only as configured in these devices was 4 VLAN and link aggregation port between these devices.
I detect some Don t work ports (I connect to a workstation in the port and the Don t upward, but in the other port if upward)
Could be a hardware failure? or maybe the switch block these ports?
Best regardsI'm not sure that I fully understand your port problems. Is this a failure of single port or you have a problem of end-to-end between ports on two different switches?
Andrew Lissitz
-
I'm migrating from ACS v4.2.1 to v5.3. I want the final v5.3 system to assume the IP address of the machine 4.2 of origin so I don't have to change any configs on network devices.
Are there problems with the change of the IP address of the system AFTER the initial installation v5.3?
I tried without problem. I changed the ip address of the WLC several times.
You must ensure that:
1-) you change the switchport accordingly to the appropriate vlan if the new ip address belongs to a subnet of a vlan different.
2-) make sure that all clients AAA configured to use the new IP address of the ACS servers.
Here is the procedure how to change the ip address of the interface (according to the doc of cisco):
I also changed parIP normal address and it works. but of course, the server must be autonomous before doing this step (i.e. no secondary ACSS registered to him and he is not on the other ACSS in a distributoin).
HTH
Amjad
-
Problem with ping VPN cisco 877
Hi all!
I have a working VPN between a fortigate and a Cisco.
I have a problem with ping network behind the cisco of the network behind the forti.
When I ping to vlan2 cisco without problem (192.168.252.1) interface, but I can't ping a server in the vlan2 (192.168.252.2) behind the cisco.
However the Cisco I can ping the server. In the forti, I see that ping to the interface vlan2 and server in vlan2 take in the same way, and I can see package.
I post my config could see it it as blocking the ping from 10.41.2.36 to 192.168.252.2 while 192.168.252.1 ping is OK?
IPSEC #show run
Building configuration...Current configuration: 3302 bytes
!
! Last modification of the configuration at 14:42:17 CEDT Friday, June 25, 2010
! NVRAM config update at 14:42:23 CEDT Friday, June 25, 2010
!
version 12.4
no service button
horodateurs service debug datetime msec
Log service timestamps datetime localtime show-time zone
encryption password service
!
IPSEC host name
!
boot-start-marker
boot-end-marker
!
logging buffered 1000000
enable secret 5 abdellah
!
No aaa new-model
clock timezone GMT 1
clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00
!
!
dot11 syslog
IP cef
No dhcp use connected vrf ip
DHCP excluded-address IP 192.168.254.0 192.168.254.99
DHCP excluded-address IP 192.168.254.128 192.168.254.255
!
IP dhcp DHCP pool
network 192.168.254.0 255.255.255.0
router by default - 192.168.254.254
Server DNS A.A.A.A B.B.B.B
!
!
no ip domain search
name of the IP-server A.A.A.A
name of the IP-server B.B.B.B
!
!
!
!
!
crypto ISAKMP policy 1
BA aes 256
preshared authentication
Group 5
ISAKMP crypto key ciscokey address IP_forti
!
!
Crypto ipsec transform-set esp - aes 256 esp-sha-hmac vpntest
!
myvpn 10 ipsec-isakmp crypto map
defined by peer IP_forti
Set transform-set vpntest
match address 101
!
Archives
The config log
hidekeys
!
!
!
!
!
interface Tunnel0
IP 2.2.2.1 255.255.255.252
source of Dialer0 tunnel
destination of IP_forti tunnel
myvpn card crypto
!
ATM0 interface
bandwidth 320
no ip address
load-interval 30
No atm ilmi-keepalive
DSL-automatic operation mode
!
point-to-point interface ATM0.1
MTU 1492
bandwidth 160
PVC 8/35
VBR - nrt 160 160
PPPoE-client dial-pool-number 1
!
!
interface FastEthernet0
switchport access vlan 2
!
interface FastEthernet1
!
interface FastEthernet2
!
interface FastEthernet3
switchport access vlan 2
!
interface Vlan1
IP 192.168.20.253 255.255.255.0
IP nat inside
no ip virtual-reassembly
!
interface Vlan2
IP 192.168.252.1 255.255.255.0
IP nat inside
IP virtual-reassembly
!
interface Dialer0
bandwidth 128
the negotiated IP address
NAT outside IP
no ip virtual-reassembly
encapsulation ppp
load-interval 30
Dialer pool 1
Dialer-Group 1
KeepAlive 1 2
Authentication callin PPP chap Protocol
PPP chap hostname [email protected] / * /
PPP chap password 7 abdelkrim
myvpn card crypto
!
IP forward-Protocol ND
IP route 0.0.0.0 0.0.0.0 Dialer0
IP route 10.41.2.32 Tunnel0 255.255.255.240
!
no ip address of the http server
no ip http secure server
The dns server IP
translation of nat IP tcp-timeout 5400
no ip nat service sip 5060 udp port
overload of IP nat inside source list NAT interface Dialer0
!
IP access-list standard BROADCAST
permit of 0.0.0.0
deny all
!
NAT extended IP access list
IP enable any host IP_cisco
deny ip 192.168.252.0 0.0.0.255 10.41.2.32 0.0.0.31
!
access-list 101 permit ip 192.168.252.0 0.0.0.255 10.41.2.32 0.0.0.31
public RO SNMP-server community
3 RW 99 SNMP-server community
SNMP-server community a RO
SNMP-Server RO community oneCommunityRead
not run cdp
!
!
!
control plan
!
!
Line con 0
password 7 abdelkrim
opening of session
no activation of the modem
line to 0
line vty 0 4
password 7 aaaaa
opening of session
escape character 5
!
max-task-time 5000 Planner
NTP-period clock 17175037
Server NTP B.B.B.B
Server NTP A.A.A.Aend
Alex,
It's your GRE tunnel:
interface Tunnel0
IP 2.2.2.1 255.255.255.252
source of Dialer0 tunnel
destination of IP_forti tunnel
myvpn card cryptoYou also have routing set by it.
You don't need a GRE tunnel, nor do you need the road to tunnel if you want just IPsec tunnel.
-
Problems with Cisco 881, internet connection
I have a newly addedCisco 881 connected to a firewall, which is connected to the ADSL. We have added to the wireless and when wireless clients connect to the network (using standalone APs) they are capable of anything on the 192.168.88.0 network ping. They can also ping the firewall 10.0.88.1, but only because it is on the same network as port fa4. It seems to me like there is a problem with my default routes, but they look good, and I have tried different methods to do this. Here's the running-config on my 881, please help!
Wireless_881 #show run
Building configuration...Current configuration: 3679 bytes
!
! Last modification of the configuration at 15:45:48 UTC Friday, July 27, 2012
version 15.2
no service button
horodateurs service debug datetime msec
Log service timestamps datetime msec
encryption password service
!
hostname Wireless_881
!
boot-start-marker
boot-end-marker
!
!
logging buffered 51200 warnings
Select the secret 4 Ng0lbQgI3BKsMMXv78pz6UP80gaDVrhUBQB3XKZMl3M
!
No aaa new-model
iomem 10 memory size
!
Crypto pki trustpoint TP-self-signed-1620898290
enrollment selfsigned
name of the object cn = IOS - Self - signed - certificate - 1620898290
revocation checking no
rsakeypair TP-self-signed-1620898290
!
!
TP-self-signed-1620898290 crypto pki certificate chain
certificate self-signed 01
3082025A 308201 3 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
69666963 31363230 38393832 6174652D 3930301E 170 3132 30373132 31353431
30365A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 36323038 65642D
39383239 3030819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
8100ED42 50BD2E07 D6A61E1C 7A8C236F 5499F47D 0FF2F1AC 23657162 66769F02
92921298 C4E68A84 B90B572D 300 C 6653 ADAB41F2 005F1544 122C99DF 16AA1F01
D3DC117D B92750F5 F6C2D4CE D6D173C5 A197E9C2 7B5EEF9B 4B2404BD D8243ABB
14EFF08B 21DE9D0A B11610EB 624E3B22 17BA1C73 60212253 DE86D7B8 EFD5771E
18B 90203 010001 HAS 3 8181307F 300F0603 551D 1301 01FF0405 30030101 FF302C06
03551D 73735F38 38312E70 616C6D65 74746F63 11 04253023 82215769 72656 C 65
6974697A 656E732E 6F726730 1 230418 30168014 BDFA0DBF FE8B72A7 1F060355
9B2D214C 466C1EDF 33D2FA3F 301D 0603 551D0E04 160414BD FA0DBFFE 8B72A79B
2D214C46 6C1EDF33 D2FA3F30 0D06092A 864886F7 010104 05000381 8100E0EF 0D
6D122A92 75ABE448 620EEDAD 131569 D 2 05BEB6D9 FA77DF2F 87FD464F 8111454F
CAE20CC2 580C8DC8 421065CD 31CF2F79 00722044 4B99E26A 5C48FD2D 2DCE835B
D0ADBD53 B768064B 9E4AB048 F0E9F751 11C9DA51 8EA9C1D3 DCEB136A EE3944D7
FD7EF038 DE965699 DAC4186F 3AAEBD85 B95F05D1 B3AF0BD5 566498 3 6424
quit smoking
!
!
!
DHCP excluded-address IP 192.168.88.1 192.168.88.10
!
PCFCU dhcp IP pool
network 192.168.88.0 255.255.255.0
router by default - 192.168.88.1
Server DNS 208.67.222.222
!
!
!
no ip domain search
IP domain name *.
IP cef
No ipv6 cef
!
!
license udi pid CISCO881-K9 sn FTX161080BP
!
!
username privilege 15 secret 5 mgaskin $1$ y8... $cCDIZqgRtHqBbsh36XW9d.
username privilege 15 secret 5 jlivingston $1$ Qs6L$ mhAtoKguqLmzmlfGbMYqW.
!
!
!
!
!
property intellectual ssh authentication-5 retries
!
!
!
!
!
!
!
!
!
interface FastEthernet0
switchport access vlan 880
no ip address
!
interface FastEthernet1
switchport access vlan 880
no ip address
!
interface FastEthernet2
switchport access vlan 880
no ip address
!
interface FastEthernet3
switchport access vlan 880
no ip address
!
interface FastEthernet4
IP 10.0.88.2 255.255.255.248
NAT outside IP
IP virtual-reassembly in
automatic duplex
automatic speed
!
interface Vlan1
no ip address
!
interface Vlan880
IP 192.168.88.1 255.255.255.0
IP nat inside
IP virtual-reassembly in
!
default IP gateway - 10.0.88.2
IP forward-Protocol ND
IP http server
23 class IP http access
local IP http authentication
IP http secure server
IP http timeout policy slowed down 60 life 86400 request 10000
!
IP nat inside source list 10 interface FastEthernet4 overload
network default IP 0.0.0.0
IP route 0.0.0.0 0.0.0.0 10.0.88.1
!
access-list 10 permit 192.168.88.0 0.0.0.255
not run cdp
!
!
!
Line con 0
line to 0
line vty 0 4
password 7 144F425C5D14292D273D6B657A46
opening of session
transport telnet entry
!
max-task-time 5000 Planner
!
endand if you disconnect the router announcement use pc directly to the firewall with ip 10.0.88.2 work?
-
Problem with FWSM and the same L3 interface switch
I have two 6513 s with a 802. 1 q trunk linking them. Each switch is redundant Sup720s running in native mode, worm IOS 12.2 (18) SXF (that they were running out of SXD3). A FWSM (ver 2.3 (3), routed mode, unique context) is in each switch, Setup in failover mode.
I can't get a PC in a virtual LAN that has the defined layer 3 interface on the switch with the active FWSM in this document, to communicate with the devices 'behind' the FWSM. If I move the configuration of layer 3 to this vlan to the other 6513, everything works fine.
The MSFCs are inside the firewall, they have a configured layer 3 interface in the same vlan as the FWSM 'inside' interface. Several "same security level" interfaces are defined on the FWSM and used to protect the farms. I use OSPF on the MSFCs and FWSM and the routing table is correct.
The FWSM generates connections to the attempts made by the PC with interface layer 3 defined on the same switch as the active FWSM very well, so this isn't a problem with FWSM ACL.
A ping of the FWSM "inside" interface from a PC with the defined layer 3 interface on the same switch as the active FWSM fails, although debug icmp trace on the FWSM demand and response shows. A the packet capture, using the NAM-2, only shows the request packets. I captured on the vlan common and FWSM port channel interface bottom of basket.
Just to add to the confusion, if I capture in the same places, but do the ping of a PC which is in a VLAN with the interface of layer 3 defined in the 6513 which does not contain the active FWSM, that works very well, I see the request and response on the capture of vlan common, but only on demand on the capture of the port channel.
This problem has been there since the beginning of this implementation and has not changed with IOS and FWSM software upgrades. I had this experience with all the VLANS that I tried to define the interface of layer 3 to on the switch with the active FWSM. I turned on MLS.
If anyone has experienced this and solved, or knows what is happening, I would be grateful for any ideas.
Thank you.
Keith
Keith, are you running etherchannel distributed on of your 6513?
-
Problem with a spanning tree Protocol
Hello
I have a problem with the spanning tree Protocol, when I connect a printer on C3560E cisco switch. It's the Show Logging:
* 27 sep 18:57:29.451: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600* 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled* 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening* 27 sep 18:57:32.731: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 moving to listen to persons with disabilities* 27 sep 18:57:32.731: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600* 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled* 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening* 27 sep 18:57:37.068: % LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed State to* 27 sep 18:57:38.075: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed State toThis is the configuration of the port, this switch was created L2 of the Vlan:
See the memory of Vlan:
600 PLT_SERVICE active Gi0/8Display Port access:interface GigabitEthernet0/8
Zebra printer description
switchport access vlan 600
switchport mode access
logging events spanning tree
event logging status
endTrunk Port:interface GigabitEthernet1/1
Description box
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1 600
switchport mode trunkPlease someone help me.
Kind regards.
Thank you.
Hello
The port passes all traffic? You can test the printer.
Thank you
John
Maybe you are looking for
-
I see reports of people who "do not keep history" who seem to have a similar result. I don't have this game, but manually erase all history (Yes, "Everything" (although "Forever" would be a better time-Word)) and Yes, all checkboxes checked... does N
-
Satellite M70 - black screen after the installation of recovery
So far, what I did is put in the Recovery DVD - ROM product. Then when my computer restarts I was invited to restore my computer failing and said. After that he went through this process, that he told me to remove the disc that I did. Now he only get
-
My Dell Dimension 8250 with XP was initially equipped with Roxio Easy CD Creator 5.2.0.91 which enabled me to write on the CD drive (NEC CD - RW NR-9100). Later found out that the installation of Service Packs (2 or 3) disabled this feature. In an at
-
HP Pavilion n040se-15 Notebook PC, on the guarantee
Hello I ve brought 15-n040se-HP Pavilion Notebook PC before 6 months. My PC now has some missing drivers. I need to check it out .do have guaranteed for 1 year. Expires the january2015. But HP service Center said they won't it work with on the purcha
-
P0rn sites incorporated in I.E. 6.0 - need help to remove
Thanks to an email from bad, I have now three p0rn sites incorporated into my program I.E. 6.0. Is there a way to "désincorporer" them, or should I just uninstall I.E. and reinstall it. If I need to unstall it, how should I do that? It is not in Add/