3750x L3 Switch configuration Issue(s)

How is this 3750 uplinked to your network? I don't see any interfaces on this switch configured as trunk ports (usually an indicator of a port being an uplink port).
 
Is this setup of devices on vlan 63 going to have to talk to the rest of the network or are these devices all going to reside on this specific switch? If they need to be able to communicate data outside of the switch you are playing around on, then you will need to configure your uplink port on this switch to be a trunk port, otherwise the only traffic that will pass is (by default) vlan 1. I assume that your vlan1 is your native traffic/internet access vlan and that vlan 63 is setup for communicating/receiving data from the sensors.
 
this switch is the test switch. It doesn’t connect to any other switch, so no trunk port is necessary.

I need to get this able to communication on a single switch connecting the reader which is on vlan 63 cat-6 cable pulled into port 5 or 6

App Server connected into 3750 switch on vlan 1 cat-6 cable pulled into connected port #3

Switch IP address is - 128.1.1.161

App Server (Vlan 1 connected to port #3)
IP: 128.1.1.100 (just as an example)
Subnet: 255.255.0.0
Gateway: 128.1.1.161 (the IP of vlan 1 on the switch)

Reader #1: (connecting to Port #5 vlan 63)
IP: 10.10.63.2 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

Reader #2: (connecting to Port #6 vlan 63)
IP: 10.10.63.3 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

hopefully this helps give you the layout in my topology testing environment

Let me know if you need any more info:

best regards

2455
 
lightingguy32 said:
Is this setup of devices on vlan 63 going to have to talk to the rest of the network or are these devices all going to reside on this specific switch? If they need to be able to communicate data outside of the switch you are playing around on, then you will need to configure your uplink port on this switch to be a trunk port, otherwise the only traffic that will pass is (by default) vlan 1. I assume that your vlan1 is your native traffic/internet access vlan and that vlan 63 is setup for communicating/receiving data from the sensors.
Click to expand...

this is correct:
1st i need to be able to get the single switch working for testing:

the issue is my data streaming from the sensor devices - coming from a (10.10.63.2 - 255.255.255.240) network on Vlan 63 and

App server operating on a different Vlan (128.1.70.1 - 255.255.0.0 - 128.1.1.161) network on Vlan 1

3750 switch's IP address: 128.1.1.161

hope this helps

2455
 
lightingguy32 said:
Have you tried running the server and the device on the same subnet?
Click to expand...

Yes - we are doing that now:

interface Vlan63
ip address 10.10.63.1 255.255.255.0

Ports 5 and 6 are configured as;
-------------------------------------------
!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
no logging console
no logging monitor
enable secret 5 $1$GSWG$jL0KmdYxkDuwAJWts9Fbm0
!
username xxxx password 7 0009160208540C57
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1218624768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1218624768
revocation-check none
rsakeypair TP-self-signed-1218624768
!
!
spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 63
name **device
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1

!
interface GigabitEthernet1/0/5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 63
switchport mode access
!
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
logging trap notifications
!
!
line con 0
line vty 0 4
logging synchronous
line vty 5 15
logging synchronous
!
ntp server 128.1.20.20
end
----------------------------------------------------------
Sensor device is connected port#5 - (interface GigabitEthernet1/0/65)
Server is connected into port #6 - (interface GigabitEthernet1/0/6)

------------------------------------------------------

I can ping both ports from each other and get 4-sent and 4-received o-loss in 2msec

data flow from sensor device to reader is fine same because its in the same vlan - the problem is when I try to get the Vlan 1 to pull the data from vlan 63 port #5. again i can ping both directions and I can ping both ports from each other and get 4-sent and 4-received o-loss in 2msec.

Although I'm still not able to get data flowing into vlan 1 on port #3 from the

App server when it operating on a different Vlan (128.1.70.1 - 255.255.0.0 - 128.1.1.161) network on Vlan 1

L3 switch's IP address: 128.1.1.161

help - any suggestions ?

2455
 
Last edited:
How does the sensor address the server? Hardcoded IP, network broadcast, something else?
 
server pulls the data stream via http;//10.10.63.2:4200 (or what ever we program the port)

to validate this we simple open a telnet app and run a TCP/IP winsock: 10.10.63.2: port 4200

this answer your questions ?
 
Bill ... just turn the port the reader is on into a trunk port..

And make it native vlan 63... here is the syntax you need...

Config t
int gig 1/0/5 (or 6)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end

see if that works for you... sometimes hardware is retarded as shit and its looking for something we cant explain.

See what happens. Shoot from the hip on this one.

Also configure two different ports. Just rule those two out as being bad or good or not the issue. Thanks.
 
bill2455 said:
server pulls the data stream via http;//10.10.63.2:4200 (or what ever we program the port)

to validate this we simple open a telnet app and run a TCP/IP winsock: 10.10.63.2: port 4200

this answer your questions ?
Click to expand...

Create a span port in VLAN 1 and 63, connect a laptop to said port and run a Wireshark capture. You should see http traffic to/from the "server" to the webserver on your reader.
 
tangoseal said:
Bill ... just turn the port the reader is on into a trunk port..

And make it native vlan 63... here is the syntax you need...

Config t
int gig 1/0/5 (or 6)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end

see if that works for you... sometimes hardware is retarded as shit and its looking for something we cant explain.

See what happens. Shoot from the hip on this one.

Also configure two different ports. Just rule those two out as being bad or good or not the issue. Thanks.
Click to expand...

This actually worked - now I can see the "data stream" locally on the single L3 switch from PC running the app server - data flowing from the reader device - this is being done via vlan 63.

Note: PC and device are in the same subnet (10.10.63,x - 255.255.255.240)

My issue is when I have the app server in a different subnet (128.x.x.x - 255.255.0.0) on Vlan 1

The TCP/IP (winsock) packets via Broadcast mode: would this have anything to do with it ?

Note: Multicast Does Not Work in the Same VLAN in Catalyst Switches: http://www.cisco.com/en/US/products/hw/switches/ps708/products_tech_note09186a008059a9df.shtml
 
Last edited:
djflow195 said:
Yes. Multicast is a different beast altogether.

Did you try any of the solutions in the doc above?

Can you configure the readers for unicast?
Click to expand...

No - not yet ? No sure this was the issue or not ?

I have an web service App - which can pull the stream http or TCP/IP either or on the app server - the issue is how to get the traffic from Vlan 63 on the (10.10.63.2 - 255.255.255.0) network to Vlan 1 (128.x.x.x. - 255.255.0.0) subnet ?

once i put the changed ports 5 and 6 to trunk mode rather than access
sytax as below: thanks to "tangoseal"

!
Config t
int gig 1/0/5 (or 6)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end
!

I have this working in single L3 switch: I removed the "vlan 1" config to see if the hardware reader device was able to communication in the switch in a single vlan via "vlan63" configuration. This mode is TCP/IP (winsock) and port# "hyper terminal"

this works great:

now how to get this to work with another Vlan set-up in a different subnet using trunking?
 
Last edited:
lightingguy32 said:
Is this setup of devices on vlan 63 going to have to talk to the rest of the network or are these devices all going to reside on this specific switch? If they need to be able to communicate data outside of the switch you are playing around on, then you will need to configure your uplink port on this switch to be a trunk port, otherwise the only traffic that will pass is (by default) vlan 1. I assume that your vlan1 is your native traffic/internet access vlan and that vlan 63 is setup for communicating/receiving data from the sensors.
Click to expand...

This is correct: I need to be able to get the data from the reader devices to the app server which is on Vlan 1 on a different subnet - this data is tx from vlan 63 (10.10.63.2 - 255.255.255.0) via standard UDP/IP packets.

Solution works great with everything on the same subnet and gateway address:

Broadcast is being denied for security purposes to prevent smurf denial of service attacks!

I don't know how this effects TCP/IP traffice if at all? I'm assuming traffic via UDP/IP is also getting block outside of Vlan 63?


Help

2455
 
Last edited:
Bill,
Is the gateway of this subnet 10.10.63.1? If so wouldn't it be a problem if your vlan63 had the ip 10.10.63.1 and the rest of an inter-vlan configuration is missing?
 
lightingguy32 said:
Bill,
Is the gateway of this subnet 10.10.63.1? If so wouldn't it be a problem if your vlan63 had the ip 10.10.63.1 and the rest of an inter-vlan configuration is missing?
Click to expand...

this switch is the test switch. It doesn’t connect to any other switch, so no trunk port is necessary.

I need to get this able to communication on a single switch connecting the reader which is on vlan 63 cat-6 cable pulled into port 5 or 6

App Server connected into L3 switch on vlan 1 cat-6 cable pulled into connected port #3

Switch (L3) IP address is - 128.1.1.161

App Server (Vlan 1 connected to port #3)
IP: 128.1.1.100 (just as an example)
Subnet: 255.255.0.0
Gateway: 128.1.1.161 (the IP of vlan 1 on the switch)

Reader Device #1: (connecting to Port #5 vlan 63)
IP: 10.10.63.2 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

Reader Device #2: (connecting to Port #6 vlan 63)
IP: 10.10.63.3 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

------------note ---------------!
interface GigabitEthernet1/0/5 - Port-5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6 - Port-6
switchport access vlan 63
switchport mode access
------------note------------------!-
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
-------------note --------------------------!

hopefully this helps give you the layout in my topology testing environment - this might clear-up the thought of IP conflict ?

Let me know if you need any more info:

best regards

2455
 
Last edited:
App Server connected into L3 switch on vlan 1 cat-6 cable pulled into connected port #3

Switch (L3) IP address is - 128.1.1.161

App Server (Vlan 1 connected to port #3)
IP: 128.1.1.100 (just as an example)
Subnet: 255.255.0.0
Gateway: 128.1.1.161 (the IP of vlan 1 on the switch)

Reader Device #1: (connecting to Port #5 vlan 63)
IP: 10.10.63.2 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

Reader Device #2: (connecting to Port #6 vlan 63)
IP: 10.10.63.3 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

------------note ---------------!
interface GigabitEthernet1/0/5 - Port-5
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6 - Port-6
switchport access vlan 63
switchport mode access
------------note------------------!-
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
-------------note --------------------------!

!
version 12.2
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
logging buffered 16384
no logging console
no logging monitor
enable secret 5 $1$GSWG$jL0KmdYxkDuwAJWts9Fbm0
!
username XXXXX password 7 0009160208540C57
!
!
aaa new-model
!
!
aaa authentication login default local
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750x-24p
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-1218624768
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1218624768
revocation-check none
rsakeypair TP-self-signed-1218624768
!
!

spanning-tree mode pvst
spanning-tree portfast default
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
vlan 63
name **reader
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
Config t
int gig 1/0/5
switchport access vlan 63
switchport mode access
!
Config t
int gig 1/0/6
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
logging trap notifications
!
!
line con 0
line vty 0 4
logging synchronous
line vty 5 15
logging synchronous
!
ntp server 128.1.20.20
end
 
Last edited:
tangoseal said:
Bill ... just turn the port the reader is on into a trunk port..

And make it native vlan 63... here is the syntax you need...

Config t
int gig 1/0/5 (or 6)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end

see if that works for you... sometimes hardware is retarded as shit and its looking for something we cant explain.

See what happens. Shoot from the hip on this one.

Also configure two different ports. Just rule those two out as being bad or good or not the issue. Thanks.
Click to expand...

My reader devices is plugged into port 5 and 6 - their gateway is the same as the SVI for Vlan63 - could their be some default setting that i need to change
if I'm routing or forwarding TCP and UDP (fragment and unfrangment) packet back to my app server (128.1.1.100) connected to Vlan 1 (128.1.1.161 - 255.255.0.0)

My App serer: (connecting to Port #3 Vlan 1)
IP: 128.1.1.100
Subnet: 255.255.0.0
Gateway: 128.1.1.161

my reader devices:

Reader Device #1: (connecting to Port #5 Vlan 63)
IP: 10.10.63.2
Subnet: 255.255.255.240
Gateway: 10.10.63.1

-----------------
I'm now working with a New L3 Switch out of the box

configuration are as follows:

!
interface GigabitEthernet1/0/3 - app server
!
int range gi1/0/5 - reader device
switchport mode access
switchport access vlan 63
!
int range gi1/0/6 - reader device - If i put the app server on port #6 with the appropriate IP information for 10 network - they work fine together in same subnet.
switchport mode access
switchport access vlan 63

------------
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
!

I've confirmed that its correct (The interface on both Vlans are the gateway. This is correct, their is not IP conflicts)

Any suggestion or changes i need to make ?

thanks in advance for you assistance

2455
 
Last edited:
I can ping the reader device(s) and the app server from each other connected to the L3 3750x: Switch in any port other than ports (5 & 6) on 24 port switch!

using the following changes in ports 5 and 6:

they were set-up as access, although when i changed then to trunk - data was streaming out just fine within the same vlan:
!
interface GigabitEthernet1/0/5 - (Note Port-5 reader device-1)
switchport access vlan 63
switchport mode access
!
interface GigabitEthernet1/0/6 - (note Port-6 reader device-2)
switchport access vlan 63
switchport mode access
-----------------
Note syntax change for trunk
----------------
!
Config t
int gig 1/0/5 (Note Port-5 reader device-1)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end
!
Config t
int gig 1/0/6 (note Port-6 reader device-2)
switchport mode trunk
switchport trunk native vlan 63
switchport trunk allowed vlan 63
no sh
end
!
---------------
I can see the data flowing from the reader connected to port #5 from App server connected to port #6, although I'm still not able to get the data to flow to the app server connected to port 3 or port 9 via Vlan 1 ( 128.1.1.100 - 255.255.0.0)

------------note------------------!-
interface Vlan1
ip address 128.1.1.161 255.255.0.0
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
-------------note --------------------------!
App Server (Vlan 1 connected to port #3 or port #9)
IP: 128.1.1.100 (just as an example)
Subnet: 255.255.0.0
Gateway: 128.1.1.161 (the IP of vlan 1 on the switch)
-------------note --------------------------!
Reader Device #1: (connecting to Port #5 vlan 63)
IP: 10.10.63.2 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1

-------------note --------------------------!
App server: (connecting to Port #6 vlan 63)
IP: 10.10.63.2 (just as an example)
Subnet: 255.255.255.240
Gateway: 10.10.63.1
-------------note --------------------------!
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/9
!
-------------note --------------------------!
any body have any clues ?

thanks

2455
 
Last edited:
lightingguy32 said:
How is this 3750 uplinked to your network? I don't see any interfaces on this switch configured as trunk ports (usually an indicator of a port being an uplink port).
Click to expand...

This is a test switch - single Switch with two Vlans on different subnets
 
Try another computer? There is no way in hell the problem is that switch. But I see that you havent tried different ports yet. Insistent that ports 5 and 6 are non problematic. Why not try ports 15-16 or something else ... or ports 1 and 24 ? just I havent seen you rule out that one of those two ports are bad.
 
No you cant have an SVI a VLAN interface with the same IP as a host on the same subnet. Wont work. .. .

The VLAN IP cant be x.x.x.1 and the reader be x.x.x.1. The reader must be x.x.x.2 etc...
 
If the devices are using multicast then you will need to turn multicast routing on the switch to allow the device and server to communicate on different Vlans. By default the switch will not route multicast packets to different Vlans. Remove the trunks since you will only need access ports. To troubleshoot if the devices are communicating use these commands.

show ip mroute
show ip igmp detail

Conf t
!
ip multicast-routing
!
int range gi1/0/5 - 6
switchport mode access
switchport access vlan 63
no switchport trunk native vlan 63
no switchport trunk allow vlan 63
!
int vlan 1
ip pim dense-mode
!
int vlan 63
ip pim dense-mode
!
end
 
tangoseal said:
No you cant have an SVI a VLAN interface with the same IP as a host on the same subnet. Wont work. .. .

The VLAN IP cant be x.x.x.1 and the reader be x.x.x.1. The reader must be x.x.x.2 etc...
Click to expand...

This is the problem in my eyes - But what the "Network Analyst" is telling me when i presented this question and I Quote:

The configuration setting you had set me; Is the gateway of this 10.x.x.x subnet (10.10.63.1) for the devices? If so wouldn't it be a problem if your vlan63 had the IP address 10.10.63.1?

The "Network Analyst" response back: The Vlan 63 interface is the gateway. This is correct and It is not a conflict.

------------reader note ------------
Reader Device #1: (connecting to Port #5 vlan 63)
IP: 10.10.63.2
Subnet: 255.255.255.240
Gateway: 10.10.63.1 - this is the same IP as the Vlan 63
----------end note ------------

-------------Vlan Note-----------
interface Vlan1 (default switch IP 128.1.1.161)
ip address 128.1.1.161 255.255.0.0 -- primary Vlan-
!
interface Vlan63
ip address 10.10.63.1 255.255.255.0 - secondary Vlan--
-------------end Vlan note --------------------------!



Is this correct or not ?

2455
 
Last edited:
tangoseal said:
Try another computer? There is no way in hell the problem is that switch. But I see that you haven't tried different ports yet. Insistent that ports 5 and 6 are non problematic. Why not try ports 15-16 or something else ... or ports 1 and 24 ? just I haven't seen you rule out that one of those two ports are bad.
Click to expand...


I've set up ports 7&8 rather than 5&6 and got the same response as prior configuration.

this rules out its not the ports configuration

2455
 
tangoseal said:
No you cant have an SVI a VLAN interface with the same IP as a host on the same subnet. Wont work. .. .

The VLAN IP cant be x.x.x.1 and the reader be x.x.x.1. The reader must be x.x.x.2 etc...
Click to expand...

Let's clarify the configuration here:

interface Vlan63 - (Shouldn't the interface be the gateway for all host on Vlan63?)
ip address 10.10.63.1 255.255.255.0

although the host device is configured as:
IP: 10.10.63.2
Subnet; 255.255.255.240
Gateway: 10.10.63.1

----------------
interface Vlan1
ip address 128.1.1.161 255.255.0.0
--------------
although the host device is configured as:
App Server; cat-6 cable connected to (Vlan 1) in any port other than ports (5 and 6)
IP: 128.1.1.100
Subnet: 255.255.0.0
Gateway: 128.1.1.161 (the IP of vlan 1 on the switch)

Special note here: the IP of vlan 1 on the switch: 128.1.1.161
 
Last edited:
pizzahut4life said:
If the devices are using multicast then you will need to turn multicast routing on the switch to allow the device and server to communicate on different Vlans. By default the switch will not route multicast packets to different Vlans. Remove the trunks since you will only need access ports. To troubleshoot if the devices are communicating use these commands.

show ip mroute
show ip igmp detail

Conf t
!
ip multicast-routing
!
int range gi1/0/5 - 6
switchport mode access
switchport access vlan 63
no switchport trunk native vlan 63
no switchport trunk allow vlan 63
!
int vlan 1
ip pim dense-mode
!
int vlan 63
ip pim dense-mode
!
end
Click to expand...

Are there any reason(s) a network admin wouldn't want to allow "multicast routing" between two Private Vlans operating on a "intranet" network switch ?

thanks in advance

2455
 
tangoseal said:
Try another computer? There is no way in hell the problem is that switch. But I see that you havent tried different ports yet. Insistent that ports 5 and 6 are non problematic. Why not try ports 15-16 or something else ... or ports 1 and 24 ? just I havent seen you rule out that one of those two ports are bad.
Click to expand...


Through SVI I'm oppositely conducting "inter-vlan" routing. means it can route the packet from Vlan1 to Vlan63 because its a Layer 3 interface correct?

SVI Vlan63 will be using inter-vlan routing for vlan1 in both switches but VLAN63 is not communicating to each other directly, is this correct?

So what should I find - if I check show ip route on the switch itself?

Should I find:

10.10.63.1. is connected via SVI 63

and

128.1.1.161.x/23 is connected via SVI 1.

Only network in IP route matters for Vlan63, as long as don't exit interface while selecting a route or looking for a route in routing table. It just checks for route while routing the packet. and both SVI has existence on the switch, Vlan63 or Vlan1 is a ISO Layer-3 interface. It just cares about IP route.

So why would it matter if TCP/IP or multicast traffic is being transmitted to the switch, SVI or Vlans themselves?
-------------------------------------
SVI Note:

interface Vlan1
ip address 128.1.1.161 255.255.0.0

interface Vlan63
ip address 10.10.63.1 255.255.255.0
------------------------------------

If I were to add multicast routing to Vlan1 and Vlan63 would look something like this:
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
ip pim sparse-dense-mode
end
!

!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
ip pim sparse-dense-mode
end
!

in this configuration:

Vlan63 would route its multicast traffic to SVI 1 and Vlan1 correct ?

Please advise


2455
 
Last edited:
Question:
As I understand set-up vlans on L3 switch - since Vlan1 is the default Vlan for any L3 switch and the primary Vlan for remote access for administration purposes for the switch:

If that's the case and I want to route communication by and between two Vlans (i.e.Vlan1 and Vlan63) which both are on different subnet/gatway but configured on the same L3 switch:

My question is:
#1) Shouldn't I configure with Vlan 2 or higher rather than use Vlan 1?

#2) would this cause prevent routing communication in any way or be limited in some way? / what's the best practice in regards to this topic?

just a thought? - anyone care to clear this up for me please

2455
 
bill2455 said:
Through SVI I'm oppositely conducting "inter-vlan" routing. means it can route the packet from Vlan1 to Vlan63 because its a Layer 3 interface correct?

SVI Vlan63 will be using inter-vlan routing for vlan1 in both switches but VLAN63 is not communicating to each other directly, is this correct?

So what should I find - if I check show ip route on the switch itself?

Should I find:

10.10.63.1. is connected via SVI 63

and

128.1.1.161.x/23 is connected via SVI 1.

Only network in IP route matters for Vlan63, as long as don't exit interface while selecting a route or looking for a route in routing table. It just checks for route while routing the packet. and both SVI has existence on the switch, Vlan63 or Vlan1 is a ISO Layer-3 interface. It just cares about IP route.

So why would it matter if TCP, UDP or multicast traffic is being transmitted to the switch, SVI or Vlans themselves?
-------------------------------------
SVI Note:

interface Vlan1
ip address 128.1.1.161 255.255.0.0

interface Vlan63
ip address 10.10.63.1 255.255.255.0
------------------------------------

If I were to add multicast routing to Vlan1 and Vlan63 would look something like this:
!
interface Vlan1
ip address 128.1.1.161 255.255.0.0
ip pim sparse-dense-mode
end
!

!
interface Vlan63
ip address 10.10.63.1 255.255.255.0
ip pim sparse-dense-mode
end
!

in this configuration:

Vlan63 would route its multicast traffic to SVI 1 and Vlan1 correct ?

Please advise


2455
Click to expand...

I just found this: through a google search:Cisco 3750x L3 Switch:
Enabling Directed Broadcast-to-Physical Broadcast Translation with assistance from IP-helper Configuration.
By default, IP directed broadcasts are dropped; they are not forwarded. Dropping IP-directed broadcasts makes routers less susceptible to denial-of-service attacks.
You can enable forwarding of IP-directed broadcasts on an interface where the broadcast becomes a physical (MAC-layer) broadcast. Only those protocols configured by using the ip forward-protocol global configuration command are forwarded.

You can specify an access list to control which broadcasts are forwarded. When an access list is specified, only those IP packets permitted by the access list are eligible to be translated from directed broadcasts-to-physical broadcasts. For more information on access lists, see Chapter 37, "Configuring Network Security with ACLs."

http://www.cisco.com/en/US/docs/swi...e/configuration/guide/swiprout.html#wp1035813 Enabling Directed Broadcast-to-Physical Broadcast Translation
http://www.brocade.com/support/Product_Manuals/ServerIron_SwitchRouterGuide/IP.9.4.html lists the IP global parameters for Layer 3 Switches.
http://www.h3c.com/portal/Technical...ease1825P01-6W180/06/201302/774221_1285_0.htm (UPD helper) 09-UDP helper Configuration:
http://www.moxa.com/doc/man/Layer_3_Routing_UM_2e.pdf - Layer 3 Routing User’s Manual - Second Edition, July 2011
 
Last edited:
Your SVI (Vlan Interface IP) is the gateway correct but no host can use the gateway ip as their ip. It must be .2 etc... not .1 like your gateway.

Let me refer you over to....
http://www.networking-forum.com/

While HF has quite a bit of Cisco techheads this site http://www.networking-forum.com/ has a gazillion more available at any time to help answer questions.

Also in light of the question on whether or not the reader device you are using uses multicast or unicast is important. You may have to tweak your switch for that device to work properly. I recommend asking your questions in duplicate over at the networking site I referenced above in addition to HF.
 
ip forward-protocol udp echo - ip route 0.0.0.0 0.0.0.0 10.1.1.1
--------------------
!
interface Vlan9
no ip address
!
ip forward-protocol udp echo
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.1.1.1
!
 
tangoseal said:
Your SVI (Vlan Interface IP) is the gateway correct but no host can use the gateway ip as their ip. It must be .2 etc... not .1 like your gateway.

Let me refer you over to....
http://www.networking-forum.com/

While HF has quite a bit of Cisco techheads this site http://www.networking-forum.com/ has a gazillion more available at any time to help answer questions.

Also in light of the question on whether or not the reader device you are using uses multicast or unicast is important. You may have to tweak your switch for that device to work properly. I recommend asking your questions in duplicate over at the networking site I referenced above in addition to HF.
Click to expand...

Thanks for the info - you have been very helpful!

Also - I noticed in your config file: its using "ip forward-protocol udp echo - ip route 0.0.0.0 0.0.0.0 10.1.1.1" method as well?

Shouldn't this work here - in my reader device and app server use case ?
 
bill2455 said:
Question: in the config file: "ip routing" enabled - will this enable TCP or UDP traffic on the L3 switch ?

double checking my settings ?

2455
Click to expand...

"ip routing" enabled - will this enable TCP or UDP traffic on the L3 switch ?
 
tangoseal said:
Your SVI (Vlan Interface IP) is the gateway correct but no host can use the gateway ip as their ip. It must be .2 etc... not .1 like your gateway.

Let me refer you over to....
http://www.networking-forum.com/

While HF has quite a bit of Cisco techheads this site http://www.networking-forum.com/ has a gazillion more available at any time to help answer questions.

Also in light of the question on whether or not the reader device you are using uses multicast or unicast is important. You may have to tweak your switch for that device to work properly. I recommend asking your questions in duplicate over at the networking site I referenced above in addition to HF.
Click to expand...

I can send a simple notepad .txt file from my laptop substituting the host (reader) device connected in port#5 SVI 63 (10.10.63.1-255.255.255.0) routing Vlan 63 (10.10.63.2-255.255.255.0) traffic to port #3 SVI1 (128.1.1.161-255.255.0.0) routing to Vlan 1 (128.1.1.100 -255.255.0.0) and receive the text file successfully !

So I know there is communication routing between the host device and the app server - this is successful YES!

Now - the next steps is getting VLAN 63 to route "Fragmented and Unfragmented" Traffic (TCP or UDP) packets to Vlan 1 and not get dropped by the L3 switch itself!

can someone help me out on this one - i feel like I hit a wall and now just got through it and yet I hit another wall - help!

2455
 
Last edited:
By sending the text file you proved that packets are being routed from Vlan 63 to Vlan 1. Without an ACL then all unicast IP traffic will make it.

Now assume (post #52) that the RF readers and server are using Multicast to communicate you need to do the previous configuration to allow multicast routing between Vlans.

I think that you are digging way to deep into something that is pretty simple and a lot of the documents that you are looking at are just causing confusion.
 
pizzahut4life said:
By sending the text file you proved that packets are being routed from Vlan 63 to Vlan 1. Without an ACL then all unicast IP traffic will make it.

Now assume (post #52) that the RF readers and server are using Multicast to communicate you need to do the previous configuration to allow multicast routing between Vlans.

I think that you are digging way to deep into something that is pretty simple and a lot of the documents that you are looking at are just causing confusion.
Click to expand...

I believe by default the 3750's deny "Fragmented and Unfragmented" (TCP and UDP) packets, you have to configure the switch to enable this type of traffic when routing between multiple switches and/or Vlan(s)- tell me if I'm wrong?- tell me if I'm wrong?
 
Last edited:
bill2455 said:
I believe by default the 3750's deny Fragmented and Unfragmented (TCP and UDP) packets, My understanding is you have to configure the switch to enable forwarding this type of traffic when routing between switches and Vlan(s)- tell me if I'm wrong?
Click to expand...

to preempt broadcasting - "denial of service" attacks
 
Last edited:
You must log in or register to reply here.
Back
Top