3750x L3 Switch configuration Issue(s)

Discussion in 'Networking & Security' started by bill2455, Jul 3, 2013.

  1. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    I have RFID Reader (10.10.63.2 - 255.255.255.240) connected Cat-6 POE to ws-c3750x-24p-s - standard TCP/IP web service app pulling data from the reader every 250msec:

    I have my app server connect via vlan by ws-c3750x-24p-s IP address (128.1.70.1 - 255.255.0.0) as you can see its on a different subnet;

    I can ping the device from the server - although I'm not getting any data coming through:

    my config are as:
    0 [switch 1 provision ws-c3750x-24p-s]
    1 [system mtu routing 1500]
    2 [ip routing]
    3 [no ip domain-lookup]
    4 [vtp mode transparent]
    5 [crypto pki trustpoint TP-self-signed-1218624768]
    6 [enrollment selfsigned]
    7 [subject-name cn=IOS-Self-Signed-Certificate-1218624768]
    8 [revocation-check none]
    9 [rsakeypair TP-self-signed-1218624768!!]
    10 [crypto pki certificate chain TP-self-signed-1218624768]
    11 [certificate self-signed 01]
    Vlan; [vlan 63] Name; [**reader!!!]
    12[interface FastEthernet]
    13[no ip address]
    14[no ip route-cache cef]
    15[no ip route-cache]
    16[no ip mroute-cache
    for parts 5 and 6:
    Port#5 [interface GigabitEthernet1/0/5 switchport access vlan 63 switchport mode access !]
    Port#6 [interface GigabitEthernet1/0/6 switchport access vlan 63 switchport mode access!]
    17 [spanning-tree mode pvst]
    18 [spanning-tree portfast default]
    19 [spanning-tree extend system-id!!!!]
    20 [vlan internal allocation policy ascending!]
    21 [vlan 63 name **reader!!!]
    22 [interface FastEthernet0]
    23 [switchport mode access]

    4th line:
    1 [interface Vlan1]
    2 [ip address 128.1.1.161 255.255.0.0!] (switch IP address?)
    3 [ntp server 128.1.20.20]
    4 [interface Vlan63]
    4a[ip address 10.10.63.1 255.255.255.0!]
    5 [classless]
    6 [ip classless]
    7 [ip http server]
    8 [ip http secure-server!]
    9 [ip sla enable reaction-alerts]
    9a [logging trap notifications!]
    10 [line con 0]
    11 [line vty 0 4]
    12 [logging synchronous]
    13 [line vty 5 15]
    14 [logging synchronous]
    15 [ntp server 128.1.20.20] NTP=Network Time Protocol
    16 [end]

    I can ping the device from the server - although I'm not getting any data coming through:

    Help 3750x - any ideas ?

    2455:confused:
     
    Last edited: Jul 26, 2013
  2. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    I need to state more topic here -

    I'm needing to pull the "data-stream" from the reader device which is connected to the L3 switch via vlan63 IP Address (10.10.63.3 - 255.255.255.240)

    App Server w/Web services running: connected to vlan1 (128.1.70.1 - 255.255.0.0)

    I open Web service app: pulling via TCP/IP port 6700 (client)
    TCP/IP Winsock, IP Address (10.10.63.3 - 255.255.255.240) and Port# 4200 or 10.10.63.12:4200

    App Server hosting "Data Connector Service" (config file) pulls the data-stream from vlan63 10.10.63.12:4200

    I can ping the device from the server - although no data is coming through on the server:

    The telnet client can not establish a connection on (10.10.63.12:4200) as well

    I can not receive the data connected to the local L3 switch with the device pulled directly into the local switch either - although like I said - I can ping it and get 4-sent and 4-received 100%. very fast 2msec

    any one out their who may be able to shed some light on this issue ?

    Best regards,

    Bill2455:
     
    Last edited: Jul 26, 2013
  3. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,166
    Joined:
    Mar 18, 2008
    Have you tried using a laptop configured with the IP of the reader and trying with that?
     
  4. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,901
    Joined:
    Dec 18, 2010
    DO us a favor and post a real config of the switch. not some cliff note version. We need to see the real config. Also your 3750 router will pass data between subnets no problem unless you have some kind of ACL blocking xyz....

    By default a Cisco switch/router will pass EVERYTHING between VLANS. It will not block crap until you tell it to.

    Telnet will not establish a session on anything with port 4200 since telnet uses port 23.

    The switch doesnt have an "address" so to say. It will answer any SVI that is assigned an IP and the VLAN/SVI has an IP.

    For instance you can
    int vlan 1
    ip address 10.1.1.1. 255.255.255.0

    int vlan 500
    ip address 10.2.1.2 255.255.255.248

    whatever and the switch is tecnically IP'd to answer on address 10.1.1.1 and 10.2.1.2. Unless you are using a dedicated managment interface then the switch has multiple addresses.

    I would tell you run certain debug commands but without an actual config I am not sure what to tell you to run and if it is even necessary.

    see if that helps but that is all I can do for now.

    Also try and see if you can place like 2-3 ports in the same subnet and have your PC and reader device be on the same subnet and see how the traffic passes. Just eliminate intervlan routing for a minute and see if you get better results? Have you ensured there is no operating system firewall running that is blocking certain traffic?
     
    Last edited: Jul 3, 2013
  5. lightingguy32

    lightingguy32 n00b

    Messages:
    24
    Joined:
    Jan 3, 2010
    Have you tried running the server and the device on the same subnet?
     
  6. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,166
    Joined:
    Mar 18, 2008
    You can telnet to ports other than 23....

    I telnet all the time to 25 or 80 to verify SMTP and HTTP.
     
  7. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Sorry here is the configuration:

    I have a Dell 2324 L2 switch. connected the reader and server on the same subnet and i can get the telnet traffic on any port it set the web service app to pull from and this set-up works great:

    When I put this same set-up on the L3 switch using this config below: I get nothing although I can ping the reader device from the server through the 3750 on the same subnet and on a different subnets so it appears its able to communicate just fine.


    !
    version 12.2
    no service pad
    service timestamps debug datetime msec localtime show-timezone
    service timestamps log datetime msec localtime show-timezone
    service password-encryption
    !
    hostname Switch
    !
    boot-start-marker
    boot-end-marker
    !
    logging buffered 16384
    no logging console
    no logging monitor
    enable secret 5 $1$GSWG$jL0KmdYxkDuwAJWts9Fbm0
    !
    username xxxxxx password 7 0009160208540C57
    !
    !
    aaa new-model
    !
    !
    aaa authentication login default local
    !
    !
    !
    aaa session-id common
    clock timezone EST -5
    clock summer-time EDT recurring
    switch 1 provision ws-c3750x-24p
    system mtu routing 1500
    ip routing
    !
    !
    no ip domain-lookup
    vtp mode transparent
    !
    !
    crypto pki trustpoint TP-self-signed-1218624768
    enrollment selfsigned
    subject-name cn=IOS-Self-Signed-Certificate-1218624768
    revocation-check none
    rsakeypair TP-self-signed-1218624768
    !
    !

    spanning-tree mode pvst
    spanning-tree portfast default
    spanning-tree extend system-id
    !
    !
    !
    !
    vlan internal allocation policy ascending
    !
    vlan 63
    name **reader
    !
    !
    !
    interface FastEthernet0
    no ip address
    no ip route-cache cef
    no ip route-cache
    no ip mroute-cache
    !
    interface GigabitEthernet1/0/1
    !
    interface GigabitEthernet1/0/2
    !
    interface GigabitEthernet1/0/3
    !
    interface GigabitEthernet1/0/4
    !
    interface GigabitEthernet1/0/5
    switchport access vlan 63
    switchport mode access
    !
    interface GigabitEthernet1/0/6
    switchport access vlan 63
    switchport mode access
    !
    interface GigabitEthernet1/0/7
    !
    interface GigabitEthernet1/0/8
    !
    interface GigabitEthernet1/0/9
    !
    interface GigabitEthernet1/0/10
    !
    interface GigabitEthernet1/0/11
    !
    interface GigabitEthernet1/0/12
    !
    interface GigabitEthernet1/0/13
    !
    interface GigabitEthernet1/0/14
    !
    interface GigabitEthernet1/0/15
    !
    interface GigabitEthernet1/0/16
    !
    interface GigabitEthernet1/0/17
    !
    interface GigabitEthernet1/0/18
    !
    interface GigabitEthernet1/0/19
    !
    interface GigabitEthernet1/0/20
    !
    interface GigabitEthernet1/0/21
    !
    interface GigabitEthernet1/0/22
    !
    interface GigabitEthernet1/0/23
    !
    interface GigabitEthernet1/0/24
    !
    interface GigabitEthernet1/1/1
    !
    interface GigabitEthernet1/1/2
    !
    interface GigabitEthernet1/1/3
    !
    interface GigabitEthernet1/1/4
    !
    interface TenGigabitEthernet1/1/1
    !
    interface TenGigabitEthernet1/1/2
    !
    interface Vlan1
    ip address 128.1.1.161 255.255.0.0
    !
    interface Vlan63
    ip address 10.10.63.1 255.255.255.0
    !
    ip classless
    ip http server
    ip http secure-server
    !
    ip sla enable reaction-alerts
    logging trap notifications
    !
    !
    line con 0
    line vty 0 4
    logging synchronous
    line vty 5 15
    logging synchronous
    !
    ntp server 128.1.20.20
    end
     
    Last edited: Jul 26, 2013
  8. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Yes, i did that and the app works great no problems !
     
    Last edited: Jul 26, 2013
  9. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    I just post the full config - thanks
     
  10. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Yes - i did that and it works fine, also on the Dell PowerConnect L2 switch - out of the box this works fine - I will note O/S Firewall has to be off:

    thanks in advance for any assistance you maybe able to provide!

    best regards,

    2455 :)
     
    Last edited: Jul 26, 2013
  11. lightingguy32

    lightingguy32 n00b

    Messages:
    24
    Joined:
    Jan 3, 2010
    I don't see a single port configured on the switch for access to vlan 1. One thing I can't remember off the top of my head with layer three switch gear from cisco is that if you don't apply a per port configuration if the port "knows" what vlan to run on with out the config. Have you tried making one of the other ports in the range gi1/0/1-5 or gi1/0/7-48 configured as such:

    !
    interface GigabitEthernet 1/0/1
    switchport mode access
    switchport access vlan 1
    !

    Does any one else know how a non configured switchport behaves on a 3750 that has multiple traffic passing vlans configured on it?
     
  12. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,901
    Joined:
    Dec 18, 2010

    I was tired and misread .... I was thinking he was trying to telnet to his cisco switch using port 4300 or any other port other than 23. Cisco will no answer on 4300. That is what I was aiming at with my statement. Yes you are right about oher products answering on any other port.
     
  13. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,901
    Joined:
    Dec 18, 2010
    There is nothing in your config I can see that is causing your issue. Something is telling me that your problem is with the device or the PC that you are trying to use.

    You do not need an IP or an interface or VLAN 1. Dont worry about that.

    Also to answer your question ...
    If a switch port is not configured on a 3750 the port is basically dead and the route processor will just ignore it for traffic reasons.

    Have you run a show interface on those two gig ports to ensure you are not getting any layer 1 CRC errors i.e. a bad cable?

    Also you are not leaving something out are you? Like you are uplinking switches rather than trunking? That will cause problems too. If you are linking your cisco switch up to the dell then you need to establish a dot1q encapsulated trunk between the two in order to pass vlan information.

    Is it possible that you can just elminate the vlan 63 and just use native vlan 1? you dont have to configure vlan 1 other than an IP for the SVI i.e.

    int vlan 1
    ip addre etc...

    then just use two non shutdown raw non configured switch ports as they are defaulted to vlan 1 when no switchport access vlan is specified.

    Also IOS has a version 15 update for that switch with a ton of bug fixes etc... you may want to look into installing the ver15 ios image. I run it on all my devices.

    But I am not seeing how the IOS version matters here.

    Have you tired different ethernet cables? COnfigure other ports and try them? maybe you have physically bad switch port. I wish I could play with your switch in person.

    Ill post my config for my 3750 for you-- which might be a little dirty as I was labbing around with last night but I havent cleaned it up as I just woke up not too long ago. It works fine for all vlans etc...

    Code:
    version 15.0
    no service pad
    service timestamps debug uptime
    service timestamps log datetime
    no service password-encryption
    service sequence-numbers
    no service dhcp
    !
    hostname Switch
    !
    boot-start-marker
    boot-end-marker
    !
    !
    username XXXXXXXXXX privilege 15 secret 5 XXXXXXXXXX
    no aaa new-model
    clock timezone EST -5 0
    clock summer-time EDT recurring
    switch 1 provision ws-c3750e-24td
    system mtu routing 1500
    ip routing
    !
    !
    no ip domain-lookup
    vtp domain SED.local
    vtp mode transparent
    !
    !
    I DELETED ALL THE CRYPTO STUFF
    !
    spanning-tree mode rapid-pvst
    spanning-tree extend system-id
    spanning-tree vlan 2-3,9 priority 0
    !
    !
    !
    !
    vlan internal allocation policy ascending
    !
    vlan 2
     name core
    !
    vlan 3
     name Core2
    !
    vlan 8
     name UverseTV
    !
    vlan 9
     name Guest
    !
    !
    !
    !
    !
    !
    interface Port-channel1
     switchport access vlan 3
     switchport mode access
    !
    interface FastEthernet0
     no ip address
     no ip route-cache
     shutdown
    !
    interface GigabitEthernet1/0/1
     description Trunk-to-1921
     switchport trunk encapsulation dot1q
     switchport trunk native vlan 2
     switchport trunk allowed vlan 2,3,8,9
     switchport mode trunk
    !
    interface GigabitEthernet1/0/2
     description HP LJ 300
     switchport access vlan 2
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/3
     description Dev-Line
     switchport access vlan 2
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/4
     description NAS-IPMI-KVM
     switchport access vlan 2
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/5
     switchport access vlan 2
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/6
     switchport access vlan 3
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/7
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/8
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/9
     description BackupNAS
     switchport access vlan 3
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/10
     description BIG-PC-GigNIC
     switchport access vlan 3
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/11
     description NAS-NIC1-LACP
     switchport access vlan 3
     switchport mode access
     channel-group 1 mode active
    !
    interface GigabitEthernet1/0/12
     description NAS-NIC2-LACP
     switchport access vlan 3
     switchport mode access
     channel-group 1 mode active
    !
    interface GigabitEthernet1/0/13
     description TV-Mainline
     switchport access vlan 8
     switchport mode access
     speed 100
     duplex full
    !
    interface GigabitEthernet1/0/14
     description TV-Bedroom
     switchport access vlan 8
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/15
     description TV-Office
     switchport access vlan 8
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/16
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/17
     switchport mode access
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/18
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/19
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/20
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/21
     switchport mode access
     shutdown
     spanning-tree portfast
    !
    interface GigabitEthernet1/0/22
     no switchport
     ip address 172.16.1.1 255.255.255.0
     shutdown
    !
    interface GigabitEthernet1/0/23
     description Trunk-to-WAP
     switchport trunk encapsulation dot1q
     switchport trunk allowed vlan 2,3,8,9
     switchport mode trunk
    !
    interface GigabitEthernet1/0/24
     description Trunk-to-LivRM
     switchport trunk encapsulation dot1q
     switchport trunk native vlan 2
     switchport trunk allowed vlan 2,3,8,9
     switchport mode trunk
    !
    interface GigabitEthernet1/0/25
     shutdown
    !
    interface GigabitEthernet1/0/26
     shutdown
    !
    interface GigabitEthernet1/0/27
     shutdown
    !
    interface GigabitEthernet1/0/28
     shutdown
    !
    interface TenGigabitEthernet1/0/1
     description Big-PC-10gbNIC
     switchport access vlan 2
     switchport mode access
     spanning-tree portfast
    !
    interface TenGigabitEthernet1/0/2
     description NAS-10GB-SR
     switchport access vlan 2
     spanning-tree portfast
    !
    interface Vlan1
     no ip address
    !
    interface Vlan2
     description Core
     ip address 10.1.1.2 255.255.255.0
     ip helper-address 10.1.1.1
     ip directed-broadcast 101
    !
    interface Vlan3
     description Core-Sec-Brdcst-Domain
     ip address 10.2.1.2 255.255.255.0
     ip helper-address 10.2.1.1
     ip directed-broadcast 100
    !
    interface Vlan9
     no ip address
    !
    ip forward-protocol udp echo
    ip http server
    ip http authentication local
    ip http secure-server
    !
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    !
    !
    line con 0
     logging synchronous
     login local
    line vty 0 4
     login local
     length 0
    line vty 5 15
     login local
    !
    end
    
    Switch#
     
    Last edited: Jul 4, 2013
  14. thrash408

    thrash408 Limp Gawd

    Messages:
    327
    Joined:
    Jan 22, 2010
    Try setting the ports to trunk. I know this sounds weird, but i had a phone system that acted just like what you describe. They only way to get it 100% operational is to set the access ports and phone system to trunk all traffic. Even the phone system tech was like wtf?
     
  15. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,901
    Joined:
    Dec 18, 2010
    ^^ This maybe? I have seen this too and its friggin wierd.
     
  16. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    I have remove vlan1 and focusing on physical connection to vlan63 using ports 5 or 6 on the L3 switch;

    port 5 - connected reader device
    port6 - connected app server

    again i can ping - but still no datastream traffic ?
     
    Last edited: Jul 26, 2013
  17. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Yes - on valn63 physical connection to the 3750 switch; ports 5 connected to reader device and port 6 PC app server:

    I checked the cables and work on the dell switch fine, reader and PC work fine - full data stream flowing off the dell 3424 switch:

    I can ping the reader device from the PC via the L3 Switch;
    4packets-sent and 4-received O-loss - it fast too: 2msec

    although no data stream still?
     
    Last edited: Jul 26, 2013
  18. tangoseal

    tangoseal [H]ardness Supreme

    Messages:
    6,901
    Joined:
    Dec 18, 2010
    Try and do a Clear Config and build your switch config from scratch... I have no idea why this isnt working on your switch as Cisco is literally or should be with your config passing 100% of whatever it gets to where it needs to go with no firewalling/acl'ing or any of that biz.
     
  19. lightingguy32

    lightingguy32 n00b

    Messages:
    24
    Joined:
    Jan 3, 2010
    Bill, could you run this command on both interfaces (gi1/0/5 and gi1/0/6) and post the outputs here?

    show interface gi1/0/5 | include input

    and the same for gi1/0/6

    this will show a number of error counters, including that of the crc error type and input error type. If these counters are high to begin with you may have a bad cable, if after you replace a cable they continue to increment at a rapid rate, then you more than likely have a bad switch port
     
  20. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Question: If "ip routing" is configured - TCP, UDP and Telnet session should be able to be routed via VSI and Vlan configurations for multiple vlans?
     
    Last edited: Jul 10, 2013
  21. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Question: in the config file: "ip routing" is enabled -

    double checking my settings ?

    2455
     
    Last edited: Jul 12, 2013
  22. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013

    in my config file - Vlan 1 and Vlan 63 - ip routing is configured

    if the reader is connected to vlan 63/port #5 and the app server is connected to Vlan 1 and to any other ports other than ports 5 and 6 on the same L3 3750x 24p-switch - should be able to receive the packets being sent routed from the reader on vlan 63 - via TCP / UDP via telnet IP#, Port# and (WinSock) Connection.

    Question - in default setting are TCP and UDP packets blocked by default - to prevent DoS attacks? If the answer is yes - what's the best method to safely enable the switch to allow TCP or UDP traffic from specific (IP and Mac) addresses and forwarded to another Vlan ?

    I've been reading about - IP helper-address
    ------------------------------
    UDP helper (09-UDP helper Configuration) http://www.h3c.com/portal/Technical_...221_1285_0.htm
    IP helper-address
    -----------------

    you are using this type of set-up in your own configuration :
    !
    interface Vlan2
    description Core
    ip address 10.1.1.2 255.255.255.0
    ip helper-address 10.1.1.1 ---------------- ip helper-address
    ip directed-broadcast 101 ---------------- ip directed-broadcast 101
    !
    ----------------------------------
    !
    ip forward-protocol udp echo --------------- ip forward-protocol udp echo
    ip http server
    ip http authentication local
    ip http secure-server
    !
    ip route 0.0.0.0 0.0.0.0 10.1.1.1
    !
    ---------------------------------

    please advise

    2455
     
    Last edited: Jul 26, 2013
  23. Nicklebon

    Nicklebon Gawd

    Messages:
    543
    Joined:
    May 22, 2006
    No. If the reader is on VLAN63 then anything that needs to talk to it must either be:

    Routed or connected to a port on VLAN63.
     
  24. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    everything defaults to vlan 1, as niclebon said you need a route for vlan 1 to speak to or access vlan 63, unless you are trunking.
     
  25. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    -----------------------------------------------------------------------
    Thanks for your response;
    L3 switch vlan 1 and vlan 63 configured the following:
    interface Vlan1
    ip address 128.1.1.161 255.255.0.0
    !
    interface Vlan63
    ip address 10.10.63.1 255.255.255.0

    Ports 5 and 6 are configured;
    !
    interface GigabitEthernet1/0/5
    switchport access vlan 63
    switchport mode access
    !
    interface GigabitEthernet1/0/6
    switchport access vlan 63
    switchport mode access
    !
    again with this type of configuration set-up: see attached config file: if "ip routing" is not enabled - if the reader is connected by Cat-6 cable to vlan 63 and the app server is connected to any other ports on the same L3 switch by Cat-6 cable - should I be able to receive data being transmitted from the reader on vlan 63 off of Port 5 or 6 - pulling data by a telnet session?

    best regards,

    2455
     
    Last edited: Jul 26, 2013
  26. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    the reader will not be able to access the server, as for the telnet session if you are logged in as the admin you will be able to do anything just as you were connected with the console cable. IF i understand the question right, do I? looking at the setting you have HTTP setup it maybe easier for you to log in through a web browser and monitor activity via web browser.
     
    Last edited: Jul 5, 2013
  27. Nicklebon

    Nicklebon Gawd

    Messages:
    543
    Joined:
    May 22, 2006
    Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.
     
  28. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Question:
    isn't vlan 1 addressed:
    interface Vlan1
    ip address 128.1.1.161 255.255.0.0
    !
    interface Vlan63
    ip address 10.10.63.1 255.255.255.0
    !
    and the ports 5 and 6 are addressed:
    !
    interface GigabitEthernet1/0/5
    switchport access vlan 63
    switchport mode access
    !
    interface GigabitEthernet1/0/6
    switchport access vlan 63
    switchport mode access
    !

    Its able to be ping from the PC to the switch, PC to the reader which is connected to port 5 or 6 al have 4-sent 4-received 0-loss i less than 2 msec.

    So hard is all good, switchport is programed and ports are live - other wise you wouldn't be able to ping them all.

    Cables are all good -- other wise you wouldn't be able to ping the switch, PC or reader at all.

    The configuration of the switch does allow for ip routing on both VLANS

    On the switch config that I sent in prior post, Vlan 1 interface is up. Both vlans have an interface on the switch.

    There is no “upstream switch” on the config that I sent in the prior post above here. There is only 1 switch.

    Question: Since "crypto pki trustpoint" is being used here - is it possible that telnet is disabled ?

    best regrds,

    2455
     
  29. /usr/home

    /usr/home [H]ardness Supreme

    Messages:
    6,166
    Joined:
    Mar 18, 2008
    Both of your switch ports are on the same vlan. The server and client are in different subnets are they not? If you want the switch to do the vlan routing, the switch ports needs to be in different Vlans.
     
  30. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    thanks for the fast reply:

    Only the devices plugged into ports 5 and 6 will be able to communicate on VLAN63.

    Then my question is as follows: Isn’t Vlan 1 – the default configuration for Vlan63? Shouldn’t Vlan1 connected to port #3 be able to receive or communication with ports 5 or 6?

    I can ping from the app server in any port on the L3 switch the reader device; the reader is connected on port 5 or 6; either one and gets 4-sent 4-received 0-loss?

    is this right ?
     
    Last edited: Jul 26, 2013
  31. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Can you give me an example please:
     
  32. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    NO, when you put the command switchport access 63 you told ports 5 and 6 only vlan 63 is able to access these ports. do command show vlan that will tell you everything.
     
  33. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    So although I can ping from the app server which connected on any port of the L3 switch, ping the reader device successfully;

    although I'm not able to receive anything from the reader back to the server? am i understanding this correctly?


    2455
     
    Last edited: Jul 26, 2013
  34. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    From the switch you will be able to ping the devices, if you are at the server and trying to ping the computer that is connected to vlan 63 you will not be able to, UNLESS you add a route for that vlan. or move the server to the same vlan.
    from command line.
    config t
    int fa0/8 if that is the port the server is connected to
    switchport access vlan 63
    no shut
    exit
    go to server and ping computer they will be successful.
     
    Last edited: Jul 5, 2013
  35. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Yes and successfully

    Although thinking about this a little here - I have not tested the reverse of this test:
    pinging the server from ports 5 or 6: would that matter?

    2455
     
  36. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    I can ping from the server that is connected to port#3 on the L3 switch
    I'm pinging 10.10.63.2 connected to port-5 The response is as follows:
    4-sent 4-received and 0-loss very last 2msec

    any thoughts?

    2455
     
    Last edited: Jul 26, 2013
  37. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    i don't understand the question, could you please elaborate, what do you mean from ports?
     
  38. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    if you are in telnet session or console cable to the switch you will be able to ping any device connected to it. again if you go to the server and try to ping the computer you will not be able to, or if you are at the computer and ping the server you will not be able to, you will be able to ping the switch from either device. again once you moved ports 5 and 6 to vlan 63 you removed vlan 1, kind of like making it invisible to vlan 1. if you move the server to vlan 63 it becomes visible to all the devices connected to vlan 63...
     
  39. bill2455

    bill2455 [H]Lite

    Messages:
    66
    Joined:
    Jul 3, 2013
    Vlan 63 is config to ports 5 and 6 in my configuration file: see below
    ---------------------------------------------------
    interface Vlan1
    ip address 128.1.1.161 255.255.0.0
    !
    interface Vlan63
    ip address 10.10.63.1 255.255.255.0

    Ports 5 and 6 are configured;
    !
    interface GigabitEthernet1/0/5 (Port 5)
    switchport access vlan 63
    switchport mode access
    !
    interface GigabitEthernet1/0/6 (Port 5)
    switchport access vlan 63
    switchport mode access
    !
    !
    interface Vlan1
    ip address 128.1.1.161 255.255.0.0
    !
    interface Vlan63
    ip address 10.10.63.1 255.255.255.0
    !
    ip classless
    ip http server
    ip http secure-server
    !
    ip sla enable reaction-alerts
    logging trap notifications
    !
    !
    line con 0
    line vty 0 4
    logging synchronous
    line vty 5 15
    logging synchronous
    !
    ntp server 128.1.20.20
    end
    ---------------------

    is this helping ?
     
  40. Autopia

    Autopia Limp Gawd

    Messages:
    246
    Joined:
    Feb 24, 2006
    are you in a telnet session to the switch?