Problems with VLAN...

Similar Questions

• Problem with VLAN between Cisco Catalyst (3560G) and SG300-52

  I am having trouble with the creation of a trunk of vlan between a SG300-52 and a Cisco Catalyst 3560 G.  I have 4 VLANS (1, 2, 10 and 11) on the 3650 and I need ports on the SG300 to be able to communicate with them.

  On the 3560, port 14 is defined as:

  interface GigabitEthernet0/14

  switchport trunk encapsulation dot1q

  switchport mode trunk

  spanning tree portfast

  On the Sg300 port 52 is defined as:

  interface GigabitEthernet52

  point to point link type spanningtree

  switchport trunk allowed vlan add 1,2,10,11

  description macro switch

  Try to understand what the problem... Any help would be appreciated.

  Thank you

  Chris

  Hi Chris, the first problem is the spanning tree portfast, it shouldn't be on an interconnection network switch. You may have a mismatch of vlan native as well, but that shouldn't matter.

  A suggestion, however, the value of the port SG300 general mode and disable the input filter.

  -Tom
  Please mark replied messages useful

• 2910al - 48G Switch: problem with the VLAN

  Hi all,

  I write a new message because I don't know what is happening on my SW series 2910al - 48G and v1910 - 48G.

  I put on the main core SW VLAN 610 and I put to this VLAN IP addreess 100.110.10.1 24-bit etc and it worked fine until yesterday. I change only PLEASE and I enebale STP - loop protect for ports in the range 1-52. (now I rolback this settings as was before)

  

  STP configuration

  

  Now, every PC that has for a long time what IP range 100.110.10.1 24-bit works fine, but new PC have problem with to get the new IP address. I tested it add a static and same address does not work.

  Introduced in second v1910 SW - 48 G VLAN as below

  I connect this flexible switch this \port SW 2910 - G 48, 46 (Vlan 610 tag) <>- at v1910-48G\ port 50 SW (Vlan 610 tahgged) other ports on this switch I put not marked.

  Configuration file for sw v1910 - 48G looks to below:

  #
  activate default domain system
  #
  LLDP enable

  #
  domain system
  disable the access limit
  Active state
  Disable Idle-cut
  self-service-url disable

  #
  rstp STP mode
  enable STP
  #
  NULL0 interface
  #
  GigabitEthernet1/0/1 interface
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1
  #
  interface GigabitEthernet1/0/2
  access port vlan 610
  #
  interface GigabitEthernet1/0/3
  access port vlan 610
  #
  interface GigabitEthernet1/0/4
  access port vlan 610
  #
  interface GigabitEthernet1/0/5
  access port vlan 610
  #
  interface GigabitEthernet1/0/6
  access port vlan 610
  #
  interface GigabitEthernet1/0/7
  access port vlan 610
  #
  interface GigabitEthernet1/0/8
  access port vlan 610
  #
  interface GigabitEthernet1/0/9
  access port vlan 610
  #
  interface GigabitEthernet1/0/10
  access port vlan 610
  #

  #
  interface GigabitEthernet1/0/49
  hybrid type port link
  port hybrid vlan tagged 610 620
  port hybrid vlan 1 10 untagged
  #
  interface GigabitEthernet1/0/50
  hybrid type port link
  port hybrid vlan tagged 610 620
  port hybrid vlan 1 10 untagged
  #
  interface GigabitEthernet1/0/51
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1
  #
  interface GigabitEthernet1/0/52
  hybrid type port link
  port hybrid vlan tagged 610 620
  untagged port hybrid vlan 1

  etc...

  Could you help me when I made a mistake?

  THX

  The problem was that solve this problem.

  I have blocked all ports. It was a problem. I change several settings and everything works well.

• Problem with SG-200 and access point on VLAN

  I'm having some problems with the configuration of VLANS on the SG-200 and the WiFi access point. The access point (a TP-Link WA801N) is able to access the internet when it is plugged into a port that is on the default VLAN (1 PVID). If I plug it into one of the other VLAN then all clients connected to WiFi to lose access to the internet and can not access on the local VIRTUAL network devices. I've used this configuration with a Cisco WAP4410N of first generation.

  I'm not sure if it's something wrong with the way I configured the switch or a problem with the access point.

  The setup I have is:

  Modem/router ADSL (7800N billion)

  |

  -------------------Port 1--------------------

  |                                               |

  |               SG-200 08 |

  |                                               |

  ---3---port 8 - port

  |                    |

  Access point |

  (TP-Link WA801N).

  |

  SF - 100 D

  The port configurations are

  Port Mode PVID membership

  1 general 1 1U, 7U, 666U

  2 general 1 1U, 7U, 666U

  3 general 7 1U, 7U

  4 General 7 1U, 7U

  5 General 7 1U, 7U

  6 General 7 1U, 7U

  7 general 1U 666, 666U

  8 General 1U 666, 666U

  Iain,

  You have virtual local networks put in place on your router? The subnets that you use on each vlan? The router will give DHCP for each vlan?

  The SG200 isn't a fully managed layer 3 switch, it's just a "smart switch" so you can not actually be able to do simply only switch. A sg300 mode layer 3 would be able to do this because it is a fully managed switch.

  If the router is configured with the VLAN, vlan 1 unidentified, the rest the tag, the router-> SG200 port is trunking and the others as access ports on their vlan respective. Once the router is configured, this video contributor forum albums and Cisco employee David Hornstein is very useful to correctly configure the switch.

  Best,

  David

  Please evaluate the useful messages.

• Problem with DHCP broadcast between VLAN

  Hello

  I trying to solve the lab that I set up, I have a problem with broadcast between VLANS with my DHCP. I looked around the vmware community to find my answer, but I did not who is right why I post here!

  So here's my situation :

  • ESX with 2 race of VM:
    • An R2 of 2012 Windows running a DHCP server with a configured scope
      • This virtual machine is assigned to the vmnic4 with the port VLAN 100 group
    • A Windows 7, which I use as a customer
      • This virtual machine is assigned to the vmnic4 with the port VLAN 110 group
  • Switch Cisco with a simple configuration:

  interface FastEthernet0/1

  Description LINK FOR ESX

  switchport mode trunk

  switchport nonegotiate

  interface FastEthernet0/24

  Description OF LINK ROUTER

  switchport mode trunk

  • Configuration of the Cisco "router on the stick:

  interface FastEthernet0/0.100

  encapsulation dot1q 100

  10.1.1.254 IP address 255.255.255.0

  interface FastEthernet0/0,110

  encapsulation dot1q 110

  IP 10.1.2.254 255.255.255.0

  IP helper 10.1.1.0

  
  

  The resolution of the problems that I did:

  • Affecting the client static IP and that both virtual machine can ping each other
  • Moving from the client to the same VLAN as DHCP server, and the DHCP server is to give the client an IP address.
  • Sniffing the packet:
    • I can see the client DHCPDiscover
    • I can see the router with the command "debug ip dhcp server packet" package passed on the 10.1.1.0.
    • I am not able to see the packets from the router to DHCP perspective

  That's why I guess miss me something ESX configuration.

  Thanks in advance for reading this post!

  
  

  PS: I've linked a vswitch configuration screenshot
  

  I think that you have configured an incorrect address of IP support, take a look at the following line:

  IP helper 10.1.1.0

  
  

  Your DCHP server is really 10.1.1.0? I think not, since 10.1.1.0 corresponds to the ID of the network 10.1.1.0/24 network.
  

• VMware Distributed Switch with VLAN

  Hi again,

  A lot of work with VLAN now.

  But just a quick Questions. Is there a documentation or HowTo Guides how to set up vSphare VMware Distributed Switch with several VLANS on a Switch GS724Tv4?

  

  But soon, I try to add a host or network, it is empty.

  This is probably an easy problem of VMware, but I try here first to see if someone has document guide HowTo so I can start with.

  Thank you

  Christian

  Never mind about this,

  I found the problem on my own, but perhaps a documentation would be great to have. But it's a good start to have the right license of VMware, before you start.

  * I was just out of luck when I thought *.

  / Christian

• Problems with config Small Business switch

  Hi, I know that if I read the documentation I will come for answers, but I'd really like some input from someone with more knowledge than me. I have a problem with Cisco SF300, one of the Small Business switches. I have a single interface on my router and I need to separate my internal networks, I thought that one way would be to use VLANs. On my two internal networks a network has D-Link unmanaged switches, the other has the Cisco SF300 I did as follows.

  On the Cisco Switch, all of the default ports for ports of junction. I changed FE1-FE24 and GE1-2 to access ports.

  Created two VLAN and placed FE1-FE24 in VLAN10 (also my management VLAN), GE3 is a trunk Port for unidentified VLAN20, VLAN 20 uplinks to my DiLink switches. This way my unmanaged switches traffic arrives on a trunk on VLAN20 untagged port.

  GE4 is a trunk port and I assigned to VLAN1 untagged, tag VLAN10 VLAN20 tag and. 10 of VLANS and VLAN 20 then to my router.

  The plan was to connect GE4 to my router, but I had two things happen that I can't explain.

  All first as soon as I connected my D-Link to GE3 LAN on VLAN20 came down, I couldn't ping servers from computers etc, all devices are connected to the D-links unmanaged. Secondly, the responsibilities of VLAN changed on GE3 GE4, VLAN 10 and 20 disappeared and only the VLAN by default was assigned, also under settings VLAN my state of interface VLAN for VLAN20 shows people with reduced mobility. One of my FE12 continues also to change VLAN access ports.

  Can anyone offer any suggestions as to what might have crushed the LAN and why change my VLAN. I wrote my config running at startup configuration incidentally.

  I added two screenshots.

  Seriously, I'd appreciate the help.

  Thank you

  Bob

  Hi Bob,

  Could you please post a topology? I can help with this, but it would be much easier that I could see your network.

  Thanks in advance,

  Garrett

• Having the problem with the function on SG300 Dhcp / 500?

  Having the problem with the function on SG300 Dhcp / 500? now I can use the dhcp server on the two model, but have a problem.

  My problem is when I create

  VLAN 1: 192.168.0.1/24 dhcp pool 192.168.0.10 - 250

  VLAN 10: 192.168.10.10 - 250 192.168.10.1/24 dhcp pool

  case 1

  I plug the pc to vlan 1 can I get ip 192.168.0.11. But when I change this pc to a new port in vlan 2 I always get the same ip address. why I can not get IP of vlan2.

  case 1

  I plug the pc to vlan 2 I can get ip 192.168.10.11. But when I change this pc to a new port in the vlan 1 I always get the same ip address. why I can not get IP of vlan1.

  but when I have access to the switch and remove the link after that that i will get correct IP.

  I think this is the bug of this firmware. Could you help this case.

  This is a known bug that is the setting of Cisco

  Sent by Cisco Support technique iPad App

• Problem with the start of VMware ESXi 5.0

  I just installed VMware ESXi 5.0 on a new Cisco UCS B200 series blade with two 300 GB hard drives configured in a RAID 1 mirror.  I went through and completed the installation of VMware ESXi 5.0 on this server.  When the installation is complete and the server restarted, he did not initiate the ESXi where I can change the IP address and VLAN.  Instead, I get this text string after the initial boot sequence that is shown in the attachment.  I have a guest who said Shell > do not know why I can not start correctly in ESXi 5.0.  Thank you!  Paul

  Hi Paul,.

  Looks like you boot to the EFI shell. What is the startup policy that you have configured on this server service profile? It should look like the one below.  If there is a problem with the boot order, you should be able to type "EXIT", then enter on the EFI shell to exit the prompt. If your startup is similar to the one below and you still experience this issue, try to downgrade and re - ack the blade.

  Let me know if it helps.

  

• problem with the ports of the two SLM2048

  Hello:
  I have a problem with two models of SLM2048.
  I only as configured in these devices was 4 VLAN and link aggregation port between these devices.
  I detect some Don t work ports (I connect to a workstation in the port and the Don t upward, but in the other port if upward)
  Could be a hardware failure? or maybe the switch block these ports?
  Best regards

  I'm not sure that I fully understand your port problems.  Is this a failure of single port or you have a problem of end-to-end between ports on two different switches?

  Andrew Lissitz

• Are there problems with changing the IP address of a system of v5.3 ACS after the initial Setup?

  I'm migrating from ACS v4.2.1 to v5.3.  I want the final v5.3 system to assume the IP address of the machine 4.2 of origin so I don't have to change any configs on network devices.

  Are there problems with the change of the IP address of the system AFTER the initial installation v5.3?

  I tried without problem. I changed the ip address of the WLC several times.

  You must ensure that:

  1-) you change the switchport accordingly to the appropriate vlan if the new ip address belongs to a subnet of a vlan different.

  2-) make sure that all clients AAA configured to use the new IP address of the ACS servers.

  Here is the procedure how to change the ip address of the interface (according to the doc of cisco):

  http://goo.GL/0BYqVT

  I also changed parIP normal address and it works. but of course, the server must be autonomous before doing this step (i.e. no secondary ACSS registered to him and he is not on the other ACSS in a distributoin).

  HTH

  Amjad

• Problem with ping VPN cisco 877

  Hi all!

  I have a working VPN between a fortigate and a Cisco.

  I have a problem with ping network behind the cisco of the network behind the forti.

  When I ping to vlan2 cisco without problem (192.168.252.1) interface, but I can't ping a server in the vlan2 (192.168.252.2) behind the cisco.

  However the Cisco I can ping the server. In the forti, I see that ping to the interface vlan2 and server in vlan2 take in the same way, and I can see package.

  I post my config could see it it as blocking the ping from 10.41.2.36 to 192.168.252.2 while 192.168.252.1 ping is OK?

  IPSEC #show run
  Building configuration...

  Current configuration: 3302 bytes
  !
  ! Last modification of the configuration at 14:42:17 CEDT Friday, June 25, 2010
  ! NVRAM config update at 14:42:23 CEDT Friday, June 25, 2010
  !
  version 12.4
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime localtime show-time zone
  encryption password service
  !
  IPSEC host name
  !
  boot-start-marker
  boot-end-marker
  !
  logging buffered 1000000
  enable secret 5 abdellah
  !
  No aaa new-model
  clock timezone GMT 1
  clock to summer time CEDT recurring last Sun Mar 02:00 last Sun Oct 03:00
  !
  !
  dot11 syslog
  IP cef
  No dhcp use connected vrf ip
  DHCP excluded-address IP 192.168.254.0 192.168.254.99
  DHCP excluded-address IP 192.168.254.128 192.168.254.255
  !
  IP dhcp DHCP pool
  network 192.168.254.0 255.255.255.0
  router by default - 192.168.254.254
  Server DNS A.A.A.A B.B.B.B
  !
  !
  no ip domain search
  name of the IP-server A.A.A.A
  name of the IP-server B.B.B.B
  !
  !
  !
  !
  !
  crypto ISAKMP policy 1
  BA aes 256
  preshared authentication
  Group 5
  ISAKMP crypto key ciscokey address IP_forti
  !
  !
  Crypto ipsec transform-set esp - aes 256 esp-sha-hmac vpntest
  !
  myvpn 10 ipsec-isakmp crypto map
  defined by peer IP_forti
  Set transform-set vpntest
  match address 101
  !
  Archives
  The config log
  hidekeys
  !
  !
  !
  !
  !
  interface Tunnel0
  IP 2.2.2.1 255.255.255.252
  source of Dialer0 tunnel
  destination of IP_forti tunnel
  myvpn card crypto
  !
  ATM0 interface
  bandwidth 320
  no ip address
  load-interval 30
  No atm ilmi-keepalive
  DSL-automatic operation mode
  !
  point-to-point interface ATM0.1
  MTU 1492
  bandwidth 160
  PVC 8/35
  VBR - nrt 160 160
  PPPoE-client dial-pool-number 1
  !
  !
  interface FastEthernet0
  switchport access vlan 2
  !
  interface FastEthernet1
  !
  interface FastEthernet2
  !
  interface FastEthernet3
  switchport access vlan 2
  !
  interface Vlan1
  IP 192.168.20.253 255.255.255.0
  IP nat inside
  no ip virtual-reassembly
  !
  interface Vlan2
  IP 192.168.252.1 255.255.255.0
  IP nat inside
  IP virtual-reassembly
  !
  interface Dialer0
  bandwidth 128
  the negotiated IP address
  NAT outside IP
  no ip virtual-reassembly
  encapsulation ppp
  load-interval 30
  Dialer pool 1
  Dialer-Group 1
  KeepAlive 1 2
  Authentication callin PPP chap Protocol
  PPP chap hostname [email protected] / * /
  PPP chap password 7 abdelkrim
  myvpn card crypto
  !
  IP forward-Protocol ND
  IP route 0.0.0.0 0.0.0.0 Dialer0
  IP route 10.41.2.32 Tunnel0 255.255.255.240
  !
  no ip address of the http server
  no ip http secure server
  The dns server IP
  translation of nat IP tcp-timeout 5400
  no ip nat service sip 5060 udp port
  overload of IP nat inside source list NAT interface Dialer0
  !
  IP access-list standard BROADCAST
  permit of 0.0.0.0
  deny all
  !
  NAT extended IP access list
  IP enable any host IP_cisco
  deny ip 192.168.252.0 0.0.0.255 10.41.2.32 0.0.0.31
  !
  access-list 101 permit ip 192.168.252.0 0.0.0.255 10.41.2.32 0.0.0.31
  public RO SNMP-server community
  3 RW 99 SNMP-server community
  SNMP-server community a RO
  SNMP-Server RO community oneCommunityRead
  not run cdp
  !
  !
  !
  control plan
  !
  !
  Line con 0
  password 7 abdelkrim
  opening of session
  no activation of the modem
  line to 0
  line vty 0 4
  password 7 aaaaa
  opening of session
  escape character 5
  !
  max-task-time 5000 Planner
  NTP-period clock 17175037
  Server NTP B.B.B.B
  Server NTP A.A.A.A

  end

  Alex,

  It's your GRE tunnel:

  interface Tunnel0
  IP 2.2.2.1 255.255.255.252
  source of Dialer0 tunnel
  destination of IP_forti tunnel
  myvpn card crypto

  You also have routing set by it.

  You don't need a GRE tunnel, nor do you need the road to tunnel if you want just IPsec tunnel.

• Problems with Cisco 881, internet connection

  I have a newly addedCisco 881 connected to a firewall, which is connected to the ADSL. We have added to the wireless and when wireless clients connect to the network (using standalone APs) they are capable of anything on the 192.168.88.0 network ping. They can also ping the firewall 10.0.88.1, but only because it is on the same network as port fa4. It seems to me like there is a problem with my default routes, but they look good, and I have tried different methods to do this. Here's the running-config on my 881, please help!

  Wireless_881 #show run
  Building configuration...

  Current configuration: 3679 bytes
  !
  ! Last modification of the configuration at 15:45:48 UTC Friday, July 27, 2012
  version 15.2
  no service button
  horodateurs service debug datetime msec
  Log service timestamps datetime msec
  encryption password service
  !
  hostname Wireless_881
  !
  boot-start-marker
  boot-end-marker
  !
  !
  logging buffered 51200 warnings
  Select the secret 4 Ng0lbQgI3BKsMMXv78pz6UP80gaDVrhUBQB3XKZMl3M
  !
  No aaa new-model
  iomem 10 memory size
  !
  Crypto pki trustpoint TP-self-signed-1620898290
  enrollment selfsigned
  name of the object cn = IOS - Self - signed - certificate - 1620898290
  revocation checking no
  rsakeypair TP-self-signed-1620898290
  !
  !
  TP-self-signed-1620898290 crypto pki certificate chain
  certificate self-signed 01
  3082025A 308201 3 A0030201 02020101 300 D 0609 2A 864886 F70D0101 04050030
  2 060355 04031326 494F532D 53656 C 66 2 AND 536967 6E65642D 43657274 31312F30
  69666963 31363230 38393832 6174652D 3930301E 170 3132 30373132 31353431
  30365A 17 0D 323030 31303130 30303030 305A 3031 06035504 03132649 312F302D
  4F532D53 5369676E 656C662D 43 65727469 66696361 74652 31 36323038 65642D
  39383239 3030819F 300 D 0609 2A 864886 01050003, 818, 0030, 81890281 F70D0101
  8100ED42 50BD2E07 D6A61E1C 7A8C236F 5499F47D 0FF2F1AC 23657162 66769F02
  92921298 C4E68A84 B90B572D 300 C 6653 ADAB41F2 005F1544 122C99DF 16AA1F01
  D3DC117D B92750F5 F6C2D4CE D6D173C5 A197E9C2 7B5EEF9B 4B2404BD D8243ABB
  14EFF08B 21DE9D0A B11610EB 624E3B22 17BA1C73 60212253 DE86D7B8 EFD5771E
  18B 90203 010001 HAS 3 8181307F 300F0603 551D 1301 01FF0405 30030101 FF302C06
  03551D 73735F38 38312E70 616C6D65 74746F63 11 04253023 82215769 72656 C 65
  6974697A 656E732E 6F726730 1 230418 30168014 BDFA0DBF FE8B72A7 1F060355
  9B2D214C 466C1EDF 33D2FA3F 301D 0603 551D0E04 160414BD FA0DBFFE 8B72A79B
  2D214C46 6C1EDF33 D2FA3F30 0D06092A 864886F7 010104 05000381 8100E0EF 0D
  6D122A92 75ABE448 620EEDAD 131569 D 2 05BEB6D9 FA77DF2F 87FD464F 8111454F
  CAE20CC2 580C8DC8 421065CD 31CF2F79 00722044 4B99E26A 5C48FD2D 2DCE835B
  D0ADBD53 B768064B 9E4AB048 F0E9F751 11C9DA51 8EA9C1D3 DCEB136A EE3944D7
  FD7EF038 DE965699 DAC4186F 3AAEBD85 B95F05D1 B3AF0BD5 566498 3 6424
  quit smoking
  !
  !
  !
  DHCP excluded-address IP 192.168.88.1 192.168.88.10
  !
  PCFCU dhcp IP pool
  network 192.168.88.0 255.255.255.0
  router by default - 192.168.88.1
  Server DNS 208.67.222.222
  !
  !
  !
  no ip domain search
  IP domain name *.
  IP cef
  No ipv6 cef
  !
  !
  license udi pid CISCO881-K9 sn FTX161080BP
  !
  !
  username privilege 15 secret 5 mgaskin $1$ y8... $cCDIZqgRtHqBbsh36XW9d.
  username privilege 15 secret 5 jlivingston $1$ Qs6L$ mhAtoKguqLmzmlfGbMYqW.
  !
  !
  !
  !
  !
  property intellectual ssh authentication-5 retries
  !
  !
  !
  !
  !
  !
  !
  !
  !
  interface FastEthernet0
  switchport access vlan 880
  no ip address
  !
  interface FastEthernet1
  switchport access vlan 880
  no ip address
  !
  interface FastEthernet2
  switchport access vlan 880
  no ip address
  !
  interface FastEthernet3
  switchport access vlan 880
  no ip address
  !
  interface FastEthernet4
  IP 10.0.88.2 255.255.255.248
  NAT outside IP
  IP virtual-reassembly in
  automatic duplex
  automatic speed
  !
  interface Vlan1
  no ip address
  !
  interface Vlan880
  IP 192.168.88.1 255.255.255.0
  IP nat inside
  IP virtual-reassembly in
  !
  default IP gateway - 10.0.88.2
  IP forward-Protocol ND
  IP http server
  23 class IP http access
  local IP http authentication
  IP http secure server
  IP http timeout policy slowed down 60 life 86400 request 10000
  !
  IP nat inside source list 10 interface FastEthernet4 overload
  network default IP 0.0.0.0
  IP route 0.0.0.0 0.0.0.0 10.0.88.1
  !
  access-list 10 permit 192.168.88.0 0.0.0.255
  not run cdp
  !
  !
  !
  Line con 0
  line to 0
  line vty 0 4
  password 7 144F425C5D14292D273D6B657A46
  opening of session
  transport telnet entry
  !
  max-task-time 5000 Planner
  !
  end

  and if you disconnect the router announcement use pc directly to the firewall with ip 10.0.88.2 work?

• Problem with FWSM and the same L3 interface switch

  I have two 6513 s with a 802. 1 q trunk linking them. Each switch is redundant Sup720s running in native mode, worm IOS 12.2 (18) SXF (that they were running out of SXD3). A FWSM (ver 2.3 (3), routed mode, unique context) is in each switch, Setup in failover mode.

  I can't get a PC in a virtual LAN that has the defined layer 3 interface on the switch with the active FWSM in this document, to communicate with the devices 'behind' the FWSM. If I move the configuration of layer 3 to this vlan to the other 6513, everything works fine.

  The MSFCs are inside the firewall, they have a configured layer 3 interface in the same vlan as the FWSM 'inside' interface. Several "same security level" interfaces are defined on the FWSM and used to protect the farms. I use OSPF on the MSFCs and FWSM and the routing table is correct.

  The FWSM generates connections to the attempts made by the PC with interface layer 3 defined on the same switch as the active FWSM very well, so this isn't a problem with FWSM ACL.

  A ping of the FWSM "inside" interface from a PC with the defined layer 3 interface on the same switch as the active FWSM fails, although debug icmp trace on the FWSM demand and response shows. A the packet capture, using the NAM-2, only shows the request packets. I captured on the vlan common and FWSM port channel interface bottom of basket.

  Just to add to the confusion, if I capture in the same places, but do the ping of a PC which is in a VLAN with the interface of layer 3 defined in the 6513 which does not contain the active FWSM, that works very well, I see the request and response on the capture of vlan common, but only on demand on the capture of the port channel.

  This problem has been there since the beginning of this implementation and has not changed with IOS and FWSM software upgrades. I had this experience with all the VLANS that I tried to define the interface of layer 3 to on the switch with the active FWSM. I turned on MLS.

  If anyone has experienced this and solved, or knows what is happening, I would be grateful for any ideas.

  Thank you.

  Keith

  Keith, are you running etherchannel distributed on of your 6513?

• Problem with a spanning tree Protocol

  Hello

  I have a problem with the spanning tree Protocol, when I connect a printer on C3560E cisco switch. It's the Show Logging:

  * 27 sep 18:57:29.451: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600
  * 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled
  * 27 sep 18:57:31.976: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening
  * 27 sep 18:57:32.731: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 moving to listen to persons with disabilities
  * 27 sep 18:57:32.731: % SPANTREE-7-PORTDEL_SUCCESS: GigabitEthernet0/8 removed from Vlan 600
  * 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking disabled
  * 27 sep 18:57:35.072: % SPANTREE-6-PORT_STATE: Port Gi0/8 instance 600 from blocking to listening
  * 27 sep 18:57:37.068: % LINK-3-UPDOWN: Interface GigabitEthernet0/8, changed State to
  * 27 sep 18:57:38.075: % LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/8, changed State to
   

  This is the configuration of the port, this switch was created L2 of the Vlan:

  See the memory of Vlan:
  
  600 PLT_SERVICE active Gi0/8
   
  Display Port access:
   
  interface GigabitEthernet0/8
  Zebra printer description
  switchport access vlan 600
  switchport mode access
  logging events spanning tree
  event logging status
  end
   
  Trunk Port:
   
  interface GigabitEthernet1/1
  Description box
  switchport trunk encapsulation dot1q
  switchport trunk allowed vlan 1 600
  switchport mode trunk
   

  Please someone help me.

  Kind regards.

  Thank you.

   
   
   
   
   
   
   
   
   
   
   

  Hello

  The port passes all traffic? You can test the printer.

  Thank you

  John