3750x L3 Switch configuration Issue(s)

[bill2455]

I have RFID Reader (10.10.63.2 - 255.255.255.240) connected Cat-6 POE to ws-c3750x-24p-s - standard TCP/IP web service app pulling data from the reader every 250msec:

I have my app server connect via vlan by ws-c3750x-24p-s IP address (128.1.70.1 - 255.255.0.0) as you can see its on a different subnet;

I can ping the device from the server - although I'm not getting any data coming through:

my config are as:
0 [switch 1 provision ws-c3750x-24p-s]
1 [system mtu routing 1500]
2 [ip routing]
3 [no ip domain-lookup]
4 [vtp mode transparent]
5 [crypto pki trustpoint TP-self-signed-1218624768]
6 [enrollment selfsigned]
7 [subject-name cn=IOS-Self-Signed-Certificate-1218624768]
8 [revocation-check none]
9 [rsakeypair TP-self-signed-1218624768!!]
10 [crypto pki certificate chain TP-self-signed-1218624768]
11 [certificate self-signed 01]
Vlan; [vlan 63] Name; [**reader!!!]
12[interface FastEthernet]
13[no ip address]
14[no ip route-cache cef]
15[no ip route-cache]
16[no ip mroute-cache
for parts 5 and 6:
Port#5 [interface GigabitEthernet1/0/5 switchport access vlan 63 switchport mode access !]
Port#6 [interface GigabitEthernet1/0/6 switchport access vlan 63 switchport mode access!]
17 [spanning-tree mode pvst]
18 [spanning-tree portfast default]
19 [spanning-tree extend system-id!!!!]
20 [vlan internal allocation policy ascending!]
21 [vlan 63 name **reader!!!]
22 [interface FastEthernet0]
23 [switchport mode access]

4th line:
1 [interface Vlan1]
2 [ip address 128.1.1.161 255.255.0.0!] (switch IP address?)
3 [ntp server 128.1.20.20]
4 [interface Vlan63]
4a[ip address 10.10.63.1 255.255.255.0!]
5 [classless]
6 [ip classless]
7 [ip http server]
8 [ip http secure-server!]
9 [ip sla enable reaction-alerts]
9a [logging trap notifications!]
10 [line con 0]
11 [line vty 0 4]
12 [logging synchronous]
13 [line vty 5 15]
14 [logging synchronous]
15 [ntp server 128.1.20.20] NTP=Network Time Protocol
16 [end]

I can ping the device from the server - although I'm not getting any data coming through:

Help 3750x - any ideas ?

2455

 

[bill2455]

I need to state more topic here -

I'm needing to pull the "data-stream" from the reader device which is connected to the L3 switch via vlan63 IP Address (10.10.63.3 - 255.255.255.240)

App Server w/Web services running: connected to vlan1 (128.1.70.1 - 255.255.0.0)

I open Web service app: pulling via TCP/IP port 6700 (client)
TCP/IP Winsock, IP Address (10.10.63.3 - 255.255.255.240) and Port# 4200 or 10.10.63.12:4200

App Server hosting "Data Connector Service" (config file) pulls the data-stream from vlan63 10.10.63.12:4200

I can ping the device from the server - although no data is coming through on the server:

The telnet client can not establish a connection on (10.10.63.12:4200) as well

I can not receive the data connected to the local L3 switch with the device pulled directly into the local switch either - although like I said - I can ping it and get 4-sent and 4-received 100%. very fast 2msec

any one out their who may be able to shed some light on this issue ?

Best regards,

Bill2455:

 

[/usr/home]

Have you tried using a laptop configured with the IP of the reader and trying with that?

 

[tangoseal]

DO us a favor and post a real config of the switch. not some cliff note version. We need to see the real config. Also your 3750 router will pass data between subnets no problem unless you have some kind of ACL blocking xyz....

By default a Cisco switch/router will pass EVERYTHING between VLANS. It will not block crap until you tell it to.

Telnet will not establish a session on anything with port 4200 since telnet uses port 23.

The switch doesnt have an "address" so to say. It will answer any SVI that is assigned an IP and the VLAN/SVI has an IP.

For instance you can
int vlan 1
ip address 10.1.1.1. 255.255.255.0

int vlan 500
ip address 10.2.1.2 255.255.255.248

whatever and the switch is tecnically IP'd to answer on address 10.1.1.1 and 10.2.1.2. Unless you are using a dedicated managment interface then the switch has multiple addresses.

I would tell you run certain debug commands but without an actual config I am not sure what to tell you to run and if it is even necessary.

see if that helps but that is all I can do for now.

Also try and see if you can place like 2-3 ports in the same subnet and have your PC and reader device be on the same subnet and see how the traffic passes. Just eliminate intervlan routing for a minute and see if you get better results? Have you ensured there is no operating system firewall running that is blocking certain traffic?

 

[lightingguy32]

Have you tried running the server and the device on the same subnet?

 

[/usr/home]

DO us a favor and post a real config of the switch. not some cliff note version. We need to see the real config. Also your 3750 router will pass data between subnets no problem unless you have some kind of ACL blocking xyz....

By default a Cisco switch/router will pass EVERYTHING between VLANS. It will not block crap until you tell it to.

Telnet will not establish a session on anything with port 4200 since telnet uses port 23.

The switch doesnt have an "address" so to say. It will answer any SVI that is assigned an IP and the VLAN/SVI has an IP.

For instance you can
int vlan 1
ip address 10.1.1.1. 255.255.255.0

int vlan 500
ip address 10.2.1.2 255.255.255.248

whatever and the switch is tecnically IP'd to answer on address 10.1.1.1 and 10.2.1.2. Unless you are using a dedicated managment interface then the switch has multiple addresses.

I would tell you run certain debug commands but without an actual config I am not sure what to tell you to run and if it is even necessary.

see if that helps but that is all I can do for now.

Also try and see if you can place like 2-3 ports in the same subnet and have your PC and reader device be on the same subnet and see how the traffic passes. Just eliminate intervlan routing for a minute and see if you get better results? Have you ensured there is no operating system firewall running that is blocking certain traffic?

You can telnet to ports other than 23....

I telnet all the time to 25 or 80 to verify SMTP and HTTP.

 

[bill2455]

Sorry here is the configuration:

I have a Dell 2324 L2 switch. connected the reader and server on the same subnet and i can get the telnet traffic on any port it set the web service app to pull from and this set-up works great:

When I put this same set-up on the L3 switch using this config below: I get nothing although I can ping the reader device from the server through the 3750 on the same subnet and on a different subnets so it appears its able to communicate just fine.


!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
no logging console
no logging monitor
enable secret 5 $1$GSWG$jL0KmdYxkDuwAJWts9Fbm0
!
username xxxxxx password 7 0009160208540C57
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1218624768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1218624768
revocation-check none
rsakeypair TP-self-signed-1218624768
!
!

spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 63
name **reader
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
logging trap notifications
!
!
line con 0
line vty 0 4
logging synchronous
line vty 5 15
logging synchronous
!
ntp server 128.1.20.20
end

 

[bill2455]

Yes, i did that and the app works great no problems !

 

[bill2455]

I just post the full config - thanks

 

[bill2455]

Have you tried using a laptop configured with the IP of the reader and trying with that?

Yes - i did that and it works fine, also on the Dell PowerConnect L2 switch - out of the box this works fine - I will note O/S Firewall has to be off:

thanks in advance for any assistance you maybe able to provide!

best regards,

2455

 

[lightingguy32]

I don't see a single port configured on the switch for access to vlan 1. One thing I can't remember off the top of my head with layer three switch gear from cisco is that if you don't apply a per port configuration if the port "knows" what vlan to run on with out the config. Have you tried making one of the other ports in the range gi1/0/1-5 or gi1/0/7-48 configured as such:

!
interface GigabitEthernet 1/0/1
switchport mode access
switchport access vlan 1
!

Does any one else know how a non configured switchport behaves on a 3750 that has multiple traffic passing vlans configured on it?

 

[tangoseal]

You can telnet to ports other than 23....

I telnet all the time to 25 or 80 to verify SMTP and HTTP.

I was tired and misread .... I was thinking he was trying to telnet to his cisco switch using port 4300 or any other port other than 23. Cisco will no answer on 4300. That is what I was aiming at with my statement. Yes you are right about oher products answering on any other port.

 

[tangoseal]

There is nothing in your config I can see that is causing your issue. Something is telling me that your problem is with the device or the PC that you are trying to use.

You do not need an IP or an interface or VLAN 1. Dont worry about that.

Also to answer your question ...
If a switch port is not configured on a 3750 the port is basically dead and the route processor will just ignore it for traffic reasons.

Have you run a show interface on those two gig ports to ensure you are not getting any layer 1 CRC errors i.e. a bad cable?

Also you are not leaving something out are you? Like you are uplinking switches rather than trunking? That will cause problems too. If you are linking your cisco switch up to the dell then you need to establish a dot1q encapsulated trunk between the two in order to pass vlan information.

Is it possible that you can just elminate the vlan 63 and just use native vlan 1? you dont have to configure vlan 1 other than an IP for the SVI i.e.

int vlan 1
ip addre etc...

then just use two non shutdown raw non configured switch ports as they are defaulted to vlan 1 when no switchport access vlan is specified.

Also IOS has a version 15 update for that switch with a ton of bug fixes etc... you may want to look into installing the ver15 ios image. I run it on all my devices.

But I am not seeing how the IOS version matters here.

Have you tired different ethernet cables? COnfigure other ports and try them? maybe you have physically bad switch port. I wish I could play with your switch in person.

Ill post my config for my 3750 for you-- which might be a little dirty as I was labbing around with last night but I havent cleaned it up as I just woke up not too long ago. It works fine for all vlans etc...

version 15.0
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
no service dhcp
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username XXXXXXXXXX privilege 15 secret 5 XXXXXXXXXX
no aaa new-model
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3750e-24td
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp domain SED.local
vtp mode transparent
!
!
I DELETED ALL THE CRYPTO STUFF
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2-3,9 priority 0
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name core
!
vlan 3
 name Core2
!
vlan 8
 name UverseTV
!
vlan 9
 name Guest
!
!
!
!
!
!
interface Port-channel1
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description Trunk-to-1921
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description HP LJ 300
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description Dev-Line
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 description NAS-IPMI-KVM
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 description BackupNAS
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 description BIG-PC-GigNIC
 switchport access vlan 3
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 description NAS-NIC1-LACP
 switchport access vlan 3
 switchport mode access
 channel-group 1 mode active
!
interface GigabitEthernet1/0/12
 description NAS-NIC2-LACP
 switchport access vlan 3
 switchport mode access
 channel-group 1 mode active
!
interface GigabitEthernet1/0/13
 description TV-Mainline
 switchport access vlan 8
 switchport mode access
 speed 100
 duplex full
!
interface GigabitEthernet1/0/14
 description TV-Bedroom
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 description TV-Office
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 no switchport
 ip address 172.16.1.1 255.255.255.0
 shutdown
!
interface GigabitEthernet1/0/23
 description Trunk-to-WAP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/24
 description Trunk-to-LivRM
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/25
 shutdown
!
interface GigabitEthernet1/0/26
 shutdown
!
interface GigabitEthernet1/0/27
 shutdown
!
interface GigabitEthernet1/0/28
 shutdown
!
interface TenGigabitEthernet1/0/1
 description Big-PC-10gbNIC
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface TenGigabitEthernet1/0/2
 description NAS-10GB-SR
 switchport access vlan 2
 spanning-tree portfast
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Core
 ip address 10.1.1.2 255.255.255.0
 ip helper-address 10.1.1.1
 ip directed-broadcast 101
!
interface Vlan3
 description Core-Sec-Brdcst-Domain
 ip address 10.2.1.2 255.255.255.0
 ip helper-address 10.2.1.1
 ip directed-broadcast 100
!
interface Vlan9
 no ip address
!
ip forward-protocol udp echo
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
!
line con 0
 logging synchronous
 login local
line vty 0 4
 login local
 length 0
line vty 5 15
 login local
!
end

Switch#

 

[thrash408]

Try setting the ports to trunk. I know this sounds weird, but i had a phone system that acted just like what you describe. They only way to get it 100% operational is to set the access ports and phone system to trunk all traffic. Even the phone system tech was like wtf?

 

[tangoseal]

Try setting the ports to trunk. I know this sounds weird, but i had a phone system that acted just like what you describe. They only way to get it 100% operational is to set the access ports and phone system to trunk all traffic. Even the phone system tech was like wtf?

^^ This maybe? I have seen this too and its friggin wierd.

 

[bill2455]

I don't see a single port configured on the switch for access to vlan 1. One thing I can't remember off the top of my head with layer three switch gear from cisco is that if you don't apply a per port configuration if the port "knows" what vlan to run on with out the config. Have you tried making one of the other ports in the range gi1/0/1-5 or gi1/0/7-48 configured as such:

!
interface GigabitEthernet 1/0/1
switchport mode access
switchport access vlan 1
!

Does any one else know how a non configured switchport behaves on a 3750 that has multiple traffic passing vlans configured on it?

I have remove vlan1 and focusing on physical connection to vlan63 using ports 5 or 6 on the L3 switch;

port 5 - connected reader device
port6 - connected app server

again i can ping - but still no datastream traffic ?

 

[bill2455]

Have you tried running the server and the device on the same subnet?

Yes - on valn63 physical connection to the 3750 switch; ports 5 connected to reader device and port 6 PC app server:

I checked the cables and work on the dell switch fine, reader and PC work fine - full data stream flowing off the dell 3424 switch:

I can ping the reader device from the PC via the L3 Switch;
4packets-sent and 4-received O-loss - it fast too: 2msec

although no data stream still?

 

[tangoseal]

Try and do a Clear Config and build your switch config from scratch... I have no idea why this isnt working on your switch as Cisco is literally or should be with your config passing 100% of whatever it gets to where it needs to go with no firewalling/acl'ing or any of that biz.

 

[lightingguy32]

Bill, could you run this command on both interfaces (gi1/0/5 and gi1/0/6) and post the outputs here?

show interface gi1/0/5 | include input

and the same for gi1/0/6

this will show a number of error counters, including that of the crc error type and input error type. If these counters are high to begin with you may have a bad cable, if after you replace a cable they continue to increment at a rapid rate, then you more than likely have a bad switch port

 

[bill2455]

You can telnet to ports other than 23....

I telnet all the time to 25 or 80 to verify SMTP and HTTP.

Question: If "ip routing" is configured - TCP, UDP and Telnet session should be able to be routed via VSI and Vlan configurations for multiple vlans?

 

[bill2455]

Try and do a Clear Config and build your switch config from scratch... I have no idea why this isnt working on your switch as Cisco is literally or should be with your config passing 100% of whatever it gets to where it needs to go with no firewalling/acl'ing or any of that biz.

Question: in the config file: "ip routing" is enabled -

double checking my settings ?

2455

 

[bill2455]

There is nothing in your config I can see that is causing your issue. Something is telling me that your problem is with the device or the PC that you are trying to use.

You do not need an IP or an interface or VLAN 1. Dont worry about that.

Also to answer your question ...
If a switch port is not configured on a L3 the port is basically dead and the route processor will just ignore it for traffic reasons.

Have you run a show interface on those two gig ports to ensure you are not getting any layer 1 CRC errors i.e. a bad cable?

Also you are not leaving something out are you? Like you are uplinking switches rather than trunking? That will cause problems too. If you are linking your cisco switch up to the dell then you need to establish a dot1q encapsulated trunk between the two in order to pass vlan information.

Is it possible that you can just eliminate the vlan 63 and just use native vlan 1? you don't have to configure vlan 1 other than an IP for the SVI i.e.

int vlan 1
ip addre etc...

then just use two non shutdown raw non configured switch ports as they are defaulted to vlan 1 when no switchport access vlan is specified.

Also IOS has a version 15 update for that switch with a ton of bug fixes etc... you may want to look into installing the ver15 ios image. I run it on all my devices.

But I am not seeing how the IOS version matters here.

Have you tired different ethernet cables? Configure other ports and try them? maybe you have physically bad switch port. I wish I could play with your switch in person.

Ill post my config for my 3750 for you-- which might be a little dirty as I was labeling around with last night but I haven't cleaned it up as I just woke up not too long ago. It works fine for all vlans etc...

version 15.0
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
no service dhcp
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username XXXXXXXXXX privilege 15 secret 5 XXXXXXXXXX
no aaa new-model
clock timezone EST -5 0
clock summer-time EDT recurring
switch 1 provision ws-c3750e-24td
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp domain SED.local
vtp mode transparent
!
!
I DELETED ALL THE CRYPTO STUFF
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 2-3,9 priority 0
!
!
!
!
vlan internal allocation policy ascending
!
vlan 2
 name core
!
vlan 3
 name Core2
!
vlan 8
 name UverseTV
!
vlan 9
 name Guest
!
!
!
!
!
!
interface Port-channel1
 switchport access vlan 3
 switchport mode access
!
interface FastEthernet0
 no ip address
 no ip route-cache
 shutdown
!
interface GigabitEthernet1/0/1
 description Trunk-to-1921
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description HP LJ 300
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 description Dev-Line
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 description NAS-IPMI-KVM
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 description BackupNAS
 switchport access vlan 3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 description BIG-PC-GigNIC
 switchport access vlan 3
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 description NAS-NIC1-LACP
 switchport access vlan 3
 switchport mode access
 channel-group 1 mode active
!
interface GigabitEthernet1/0/12
 description NAS-NIC2-LACP
 switchport access vlan 3
 switchport mode access
 channel-group 1 mode active
!
interface GigabitEthernet1/0/13
 description TV-Mainline
 switchport access vlan 8
 switchport mode access
 speed 100
 duplex full
!
interface GigabitEthernet1/0/14
 description TV-Bedroom
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 description TV-Office
 switchport access vlan 8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport mode access
 shutdown
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 no switchport
 ip address 172.16.1.1 255.255.255.0
 shutdown
!
interface GigabitEthernet1/0/23
 description Trunk-to-WAP
 switchport trunk encapsulation dot1q
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/24
 description Trunk-to-LivRM
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 2
 switchport trunk allowed vlan 2,3,8,9
 switchport mode trunk
!
interface GigabitEthernet1/0/25
 shutdown
!
interface GigabitEthernet1/0/26
 shutdown
!
interface GigabitEthernet1/0/27
 shutdown
!
interface GigabitEthernet1/0/28
 shutdown
!
interface TenGigabitEthernet1/0/1
 description Big-PC-10gbNIC
 switchport access vlan 2
 switchport mode access
 spanning-tree portfast
!
interface TenGigabitEthernet1/0/2
 description NAS-10GB-SR
 switchport access vlan 2
 spanning-tree portfast
!
interface Vlan1
 no ip address
!
interface Vlan2
 description Core
 ip address 10.1.1.2 255.255.255.0
 ip helper-address 10.1.1.1
 ip directed-broadcast 101
!
interface Vlan3
 description Core-Sec-Brdcst-Domain
 ip address 10.2.1.2 255.255.255.0
 ip helper-address 10.2.1.1
 ip directed-broadcast 100
!
interface Vlan9
 no ip address
!
ip forward-protocol udp echo
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
!
line con 0
 logging synchronous
 login local
line vty 0 4
 login local
 length 0
line vty 5 15
 login local
!
end

Switch#

in my config file - Vlan 1 and Vlan 63 - ip routing is configured

if the reader is connected to vlan 63/port #5 and the app server is connected to Vlan 1 and to any other ports other than ports 5 and 6 on the same L3 3750x 24p-switch - should be able to receive the packets being sent routed from the reader on vlan 63 - via TCP / UDP via telnet IP#, Port# and (WinSock) Connection.

Question - in default setting are TCP and UDP packets blocked by default - to prevent DoS attacks? If the answer is yes - what's the best method to safely enable the switch to allow TCP or UDP traffic from specific (IP and Mac) addresses and forwarded to another Vlan ?

I've been reading about - IP helper-address
------------------------------
UDP helper (09-UDP helper Configuration) http://www.h3c.com/portal/Technical_...221_1285_0.htm
IP helper-address
-----------------

you are using this type of set-up in your own configuration :
!
interface Vlan2
description Core
ip address 10.1.1.2 255.255.255.0
ip helper-address 10.1.1.1 ---------------- ip helper-address
ip directed-broadcast 101 ---------------- ip directed-broadcast 101
!
----------------------------------
!
ip forward-protocol udp echo --------------- ip forward-protocol udp echo
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
---------------------------------

please advise

2455

 

[Nicklebon]

in my config file - Vlan 1 and Vlan 63 - ip routing is not allowed:

if the reader is connected to vlan 63 and the app server is connected to any other ports on the same 3750 switch - should be able to receive the data being sent from the reder on vlan 63 - via my telnet session ?

No. If the reader is on VLAN63 then anything that needs to talk to it must either be:

Routed or connected to a port on VLAN63.

 

[Autopia]

I don't see a single port configured on the switch for access to vlan 1. One thing I can't remember off the top of my head with layer three switch gear from cisco is that if you don't apply a per port configuration if the port "knows" what vlan to run on with out the config. Have you tried making one of the other ports in the range gi1/0/1-5 or gi1/0/7-48 configured as such:

!
interface GigabitEthernet 1/0/1
switchport mode access
switchport access vlan 1
!

Does any one else know how a non configured switchport behaves on a 3750 that has multiple traffic passing vlans configured on it?

everything defaults to vlan 1, as niclebon said you need a route for vlan 1 to speak to or access vlan 63, unless you are trunking.

 

[bill2455]

everything defaults to vlan 1, as niclebon said you need a route for vlan 1 to speak to or access vlan 63, unless you are trunking.

-----------------------------------------------------------------------
Thanks for your response;
L3 switch vlan 1 and vlan 63 configured the following:
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured;
!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!
again with this type of configuration set-up: see attached config file: if "ip routing" is not enabled - if the reader is connected by Cat-6 cable to vlan 63 and the app server is connected to any other ports on the same L3 switch by Cat-6 cable - should I be able to receive data being transmitted from the reader on vlan 63 off of Port 5 or 6 - pulling data by a telnet session?

best regards,

2455

 

[Autopia]

-----------------------------------------------------------------------
Thanks for your response;
3750 switch vlan 1 and vlan 63 configured the following:
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured;
!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!
again with this type of configuration set-up: see attached config file: if "ip routing" is not enabled - if the reader is connected by Cat-6 cable to vlan 63 and the app server is connected to any other ports on the same 3750 switch by Cat-6 cable - should I be able to receive data being transmitted from the reader on vlan 63 off of Port 5 or 6 - pulling data by a telnet session?

best regards,

2455

the reader will not be able to access the server, as for the telnet session if you are logged in as the admin you will be able to do anything just as you were connected with the console cable. IF i understand the question right, do I? looking at the setting you have HTTP setup it maybe easier for you to log in through a web browser and monitor activity via web browser.

 

[Nicklebon]

-----------------------------------------------------------------------
Thanks for your response;
3750 switch vlan 1 and vlan 63 configured the following:
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured;
!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!
again with this type of configuration set-up: see attached config file: if "ip routing" is not enabled - if the reader is connected by Cat-6 cable to vlan 63 and the app server is connected to any other ports on the same 3750 switch by Cat-6 cable - should I be able to receive data being transmitted from the reader on vlan 63 off of Port 5 or 6 - pulling data by a telnet session?

best regards,

2455

Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.

 

[bill2455]

Question:
isn't vlan 1 addressed:
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
and the ports 5 and 6 are addressed:
!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!

Its able to be ping from the PC to the switch, PC to the reader which is connected to port 5 or 6 al have 4-sent 4-received 0-loss i less than 2 msec.

So hard is all good, switchport is programed and ports are live - other wise you wouldn't be able to ping them all.

Cables are all good -- other wise you wouldn't be able to ping the switch, PC or reader at all.

The configuration of the switch does allow for ip routing on both VLANS

On the switch config that I sent in prior post, Vlan 1 interface is up. Both vlans have an interface on the switch.

There is no “upstream switch” on the config that I sent in the prior post above here. There is only 1 switch.

Question: Since "crypto pki trustpoint" is being used here - is it possible that telnet is disabled ?

best regrds,

2455

 

[/usr/home]

Both of your switch ports are on the same vlan. The server and client are in different subnets are they not? If you want the switch to do the vlan routing, the switch ports needs to be in different Vlans.

 

[bill2455]

Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.

thanks for the fast reply:

Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.

Then my question is as follows: Isn’t Vlan 1 – the default configuration for Vlan63? Shouldn’t Vlan1 connected to port #3 be able to receive or communication with ports 5 or 6?

I can ping from the app server in any port on the L3 switch the reader device; the reader is connected on port 5 or 6; either one and gets 4-sent 4-received 0-loss?

is this right ?

 

[bill2455]

Both of your switch ports are on the same vlan. The server and client are in different subnets are they not? If you want the switch to do the vlan routing, the switch ports needs to be in different Vlans.

Can you give me an example please:

 

[Autopia]

thanks for the fast reply:

Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.

Then my question is as follows: Isn’t Vlan 1 – the default configuration for Vlan63? Shouldn’t Vlan this be able to receive or communication with ports 5 or 6?

I can ping from the app server in any port on the 3750 switch the reader device; the reader is connected on port 5 or 6; either one and gets 4-sent 4-received 0-loss?

is this right ?

NO, when you put the command switchport access 63 you told ports 5 and 6 only vlan 63 is able to access these ports. do command show vlan that will tell you everything.

 

[bill2455]

NO, when you put the command switchport access 63 you told ports 5 and 6 only vlan 63 is able to access these ports. do command show vlan that will tell you everything.

So although I can ping from the app server which connected on any port of the L3 switch, ping the reader device successfully;

although I'm not able to receive anything from the reader back to the server? am i understanding this correctly?


2455

 

[Autopia]

So although I can ping from the app server which connected on any port of the 3750, ping the reader device successfully;

although I'm not able to receive anything from the reader back to the server? am i understanding this correctly?


2455

From the switch you will be able to ping the devices, if you are at the server and trying to ping the computer that is connected to vlan 63 you will not be able to, UNLESS you add a route for that vlan. or move the server to the same vlan.
from command line.
config t
int fa0/8 if that is the port the server is connected to
switchport access vlan 63
no shut
exit
go to server and ping computer they will be successful.

 

[bill2455]

From the switch you will be able to ping the devices, if you are at the server and trying to ping the computer that is connected to vlan 63 you will not be able to, UNLESS you add a route for that vlan.

Yes and successfully

Although thinking about this a little here - I have not tested the reverse of this test:
pinging the server from ports 5 or 6: would that matter?

2455

 

[bill2455]

Yes and successfully

Although thinking about this a little here - I have not tested the reverse of this test:
pinging the server from ports 5 or 6: would that matter?

2455

I can ping from the server that is connected to port#3 on the L3 switch
I'm pinging 10.10.63.2 connected to port-5 The response is as follows:
4-sent 4-received and 0-loss very last 2msec

any thoughts?

2455

 

[Autopia]

Yes and successfully

Although thinking about this a little here - I have not tested the reverse of this test:
pinging the server from ports 5 or 6: would that matter?

2455

i don't understand the question, could you please elaborate, what do you mean from ports?

 

[Autopia]

I can ping from the server that is connected to port#3 on the 3750
I'm pinging 10.10.63.2 connected to port-5 The response is as follows:
4-sent 4-received and 0-loss very last 2msec

any thoughts?

2455

if you are in telnet session or console cable to the switch you will be able to ping any device connected to it. again if you go to the server and try to ping the computer you will not be able to, or if you are at the computer and ping the server you will not be able to, you will be able to ping the switch from either device. again once you moved ports 5 and 6 to vlan 63 you removed vlan 1, kind of like making it invisible to vlan 1. if you move the server to vlan 63 it becomes visible to all the devices connected to vlan 63...

 

[bill2455]

i don't understand the question, could you please elaborate, what do you mean from ports?

Vlan 63 is config to ports 5 and 6 in my configuration file: see below
---------------------------------------------------
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured;
!
interface GigabitEthernet1/0/5 (Port 5)
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6 (Port 5)
switchport access vlan 63
switchport mode access
!
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
logging trap notifications
!
!
line con 0
line vty 0 4
logging synchronous
line vty 5 15
logging synchronous
!
ntp server 128.1.20.20
end
---------------------

is this helping ?

 

[Autopia]

Vlan 63 is config to ports 5 and 6 in my configuration file: see below
---------------------------------------------------
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured;
!
interface GigabitEthernet1/0/5 (Port 5)
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6 (Port 5)
switchport access vlan 63
switchport mode access
!
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
logging trap notifications
!
!
line con 0
line vty 0 4
logging synchronous
line vty 5 15
logging synchronous
!
ntp server 128.1.20.20
end
---------------------

is this helping ?

are you in a telnet session to the switch?