i thought this would be easy.... but instead fubared it :(

moose517

Gawd
Joined
Feb 28, 2009
Messages
640
this was posted over at networking-forum as well, but thought since this forum got more traffici i would try here as well.

ok, guys i need some serious help LOL, me and vlans are a new thing and it confuses the heck outta me. i have my network setup so that it goes DSL modem ->2821 -> 3500 -> dell 5324 -> WRVS4400N. as far as the 2821 and the 3550 goes, i have them set and working right, its once i move to the dell i have issues, first, the only way to access the dell switch is to connect to the 3550, then telnet into it. and as far as the WRVS4400N, i have to connect to it directly to do anything. So, with that said, i need help haha. i'm supplying the running configs of the first 3 devices, and on the WRVS4400N i'll grab SS if you need them. i have 3 vlans that i'm using, 10 is for management purposes only. 135 is for my voice traffic, and 136 is my native vlan for all other traffic. Now, on my desktop which is connected to the dell, if i ping the 3550's IP it goes to the router as it should and then to the 3550 on the mangement VLAN. but if i try and ping one step further to the dell management IP, it fails. I edited out the info for a few things for security reasons.

Cisco 2821 Running config:
Code:
Current configuration : 15683 bytes
!
! Last configuration change at 00:14:49 EST Sun Feb 7 2010 by Chris
! NVRAM config last updated at 00:14:51 EST Sun Feb 7 2010 by Chris
!
version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2821-Edge
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$JBJH$TJty9wwoHgWE1M84sKJmZ/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
!
dot11 syslog
no ip source-route
!
!
ip cef
ip dhcp excluded-address 10.10.135.51 10.10.135.255
!
ip dhcp pool VOICE_POOL
   network 10.10.135.0 255.255.255.0
   default-router 10.10.135.201
   dns-server 205.171.2.65 205.171.3.65
   option 150 ip 10.10.135.201
!
!
no ip bootp server
ip domain name MoosemanStudios
ip host NETWORK-SERVER 10.10.136.202
ip name-server 10.10.136.68
ip ips config location flash:/IPS-store retries 1
ip ips notify SDEE
!
ip ips signature-category
  category all
   retired true
  category ios_ips advanced
   retired false
!
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool DHCP_V6
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-73811248
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-73811248
 revocation-check none
 rsakeypair TP-self-signed-73811248
!
!
crypto pki certificate chain TP-self-signed-73811248
 certificate self-signed 01
  3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37333831 31323438 301E170D 30393132 30383034 32363538
  5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
  2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D373338 31313234
  3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CD3D
  548C5AF4 A8DA49AF 7EBE7E5F 60B0A423 9339538C AF539C9C 882C6FDA 92EC42CC
  5303DC45 6524F679 F72660C5 0E88D76C C38FF80A 5FF1F0BA DF84EB31 EED93679
  3B69FF84 FE2C7109 7FF90E5F F5CECE4F B8B2972C 672ECB23 3C742F9D 3E515898
  6A9A88CE CBF62232 AA8E1E7D 09EBBC2C BB89BE7A 42087B99 DE583BD2 F1A70203
  010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603 551D1104
  1E301C82 1A523238 32312D45 6467652E 4D6F6F73 656D616E 53747564 696F7330
  1F060355 1D230418 30168014 739C9573 0ED4273A 51636EB9 D6F3AAA4 4897BD16
  301D0603 551D0E04 16041473 9C95730E D4273A51 636EB9D6 F3AAA448 97BD1630
  0D06092A 864886F7 0D010104 05000381 810017BF B32FAEBC 4BFFAD74 17028D3C
  990A01B8 E2CAFB4C 9FA9C66C 3C74FD8D 85554907 4B083251 7C819F6B 3906CFD5
  82163EB6 F44C994B EAEAED37 DCFDA431 B6829FA5 427BD23D E5E3C79C 34487729
  A5A86FF6 2DAD25DE 0268A277 F1D2901D F7621792 0145AD51 1411848B 0BFA0028
  B825669F 62E68337 15E5264E 962B2031 3767
        quit
!
!
license udi pid CISCO2821 sn FTX0924A611
username Chris privilege 15 secret 5 $1$0jzs$54gcCMqR4H/sYABmUW5Nt.
username Dave privilege 15 secret 5 $1$6OS0$kN0L17O.NHBmtBdNiktBL.
!
redundancy
!
crypto key pubkey-chain rsa
 named-key realm-cisco.pub
  key-string
   30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
   00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
   17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
   B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
   5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
   FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
   50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
   006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
   2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
   F3020301 0001
  quit
!
!
!
!
crypto isakmp policy 10
 encr aes 256
 authentication pre-share
 group 2
!
crypto isakmp policy 30
 encr 3des
 authentication pre-share
 group 2
 lifetime 7200
crypto isakmp key cisco123 address aa.bb.cc.dd
crypto isakmp key cassiehurst address ee.ff.gg.hh
!
crypto isakmp client configuration group VPN_group
 key millervpn
 dns 205.171.2.68 205.171.3.65
 domain mooseman.com
 pool SDM_POOL_1
 max-users 5
 netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
   match identity group VPN_group
   client authentication list sdm_vpn_xauth_ml_1
   isakmp authorization list sdm_vpn_group_ml_1
   client configuration address respond
   virtual-template 1
!
!
crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
 set security-association idle-time 10800
 set transform-set ESP-3DES-SHA
 set isakmp-profile sdm-ike-profile-1
!
!
crypto map MASTER_CRYPTO_MAP 10 ipsec-isakmp
 set peer aa.bb.cc.dd
 set transform-set secure_transform
 match address GRE_IPSEC_TRAFFIC
crypto map MASTER_CRYPTO_MAP 20 ipsec-isakmp
 set peer ee.ff.gg.hh
 set transform-set secure_transform
 match address GRE_IPSEC_TRAFFIC2
!
!
!
!
!
!
interface Loopback0
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 !
!
interface Tunnel100
 description $FW_INSIDE$
 ip address 192.168.100.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 tunnel source GigabitEthernet0/0
 tunnel destination aa.bb.cc.dd
 !
!
interface Tunnel101
 description $FW_INSIDE$
 ip address 192.168.101.1 255.255.255.252
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip virtual-reassembly
 tunnel source GigabitEthernet0/0
 tunnel destination ee.ff.gg.hh
 !
!
interface Null0
 no ip unreachables
!
interface GigabitEthernet0/0
 description $FW_OUTSIDE$
 mtu 1492
 ip address dhcp
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nat outside
 ip virtual-reassembly
 duplex auto
 speed auto
 crypto map MASTER_CRYPTO_MAP
 !
!
interface GigabitEthernet0/1
 description $ETH-LAN$$FW_INSIDE$
 no ip address
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 ip nbar protocol-discovery
 ip virtual-reassembly
 duplex full
 speed 1000
 !
!
interface GigabitEthernet0/1.10
 encapsulation dot1Q 10
 ip address 10.10.10.201 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/1.135
 encapsulation dot1Q 135
 ip address 10.10.135.201 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface GigabitEthernet0/1.136
 encapsulation dot1Q 136 native
 ip address 10.10.136.201 255.255.255.0
 ip nat inside
 ip virtual-reassembly
!
interface Serial0/3/0
 no ip address
 shutdown
 clock rate 2000000
 !
!
interface Virtual-Template1 type tunnel
 description $FW_INSIDE$
 ip unnumbered Loopback0
 no ip redirects
 no ip unreachables
 no ip proxy-arp
 tunnel mode ipsec ipv4
 tunnel protection ipsec profile SDM_Profile1
 !
!
!
router eigrp 40
 network 10.0.0.0
 network 172.0.0.0 0.255.255.255
 network 192.168.0.0 0.0.255.255
!
router rip
 version 2
 network 10.0.0.0
 network 172.20.0.0
!
ip local pool SDM_POOL_1 10.10.140.50 10.10.140.55
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source list NAT_T interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.136.200 80 interface GigabitEthernet0/0 80
ip nat inside source static udp 10.10.136.200 88 interface GigabitEthernet0/0 88
ip nat inside source static udp 10.10.136.200 3074 interface GigabitEthernet0/0 3074
ip nat inside source static tcp 10.10.136.200 3074 interface GigabitEthernet0/0 3074
ip nat inside source static tcp 10.10.136.200 53 interface GigabitEthernet0/0 53
ip nat inside source static tcp 10.10.136.221 56012 interface GigabitEthernet0/0 56012
!
ip access-list standard BLOCK_CASS_DAVE
 deny   192.168.254.0 0.0.0.255
 permit any
ip access-list standard BLOCK_DAVE_CASS
 permit 10.10.136.0 0.0.0.255
 deny   any
ip access-list standard TELNET_IN
 permit 10.0.0.0 0.255.255.255 log
 permit 172.16.0.0 0.0.255.255 log
 permit 192.168.254.0 0.0.0.255 log
!
ip access-list extended GRE_IPSEC_TRAFFIC
 permit gre host ii.jj.kk.ll host aa.bb.cc.dd
ip access-list extended GRE_IPSEC_TRAFFIC2
 permit gre host ii.jj.kk.ll host ee.ff.gg.hh
ip access-list extended NAT_T
 permit ip 10.0.0.0 0.255.255.255 any
!
logging trap debugging
logging 10.10.136.202
!
!
!!
banner login ^CDO NOT ACCESS THIS ROUTER!!!!!!!!!^C
banner motd ^CC
************************************************
DO NOT ACCESS THIS DEVICE, UNAUTHORIZED PERSON'S
SHALL BE EXECUTED TO THE FULLEST OF THE LAW.
************************************************^C
!
line con 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXXXXXXXXX
 logging synchronous
line aux 0
 exec-timeout 0 0
 password 7 XXXXXXXXXXXXXXXXXX
 logging synchronous
line vty 0 4
 access-class TELNET_IN in
 exec-timeout 5 0
 password 7 XXXXXXXXXXXXXXXXXX
 logging synchronous
 transport input telnet
line vty 5 9
 exec-timeout 5 0
 logging synchronous
 transport input ssh
line vty 10 988
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp master
ntp update-calendar
ntp server 129.6.15.28 prefer
ntp server 129.6.15.29
end

3550:
Code:
Current configuration : 4047 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C3550-PoE
!
enable secret 5 $1$r/rB$vPekwl/3grgZsc19ZkNTw1
!
username chris privilege 15 secret 5 $1$jUlC$j5zI.XeD9EIGa6abRcal51
username dave privilege 15 secret 5 $1$58Ju$5Q/M6Mbtrselo1fqVWmc90
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan 10
 name MANAGEMENT_VLAN
!
vlan 135
 name VOICE_VLAN
!
vlan 136
 name DATA_VLAN
!
interface FastEthernet0/1
 switchport access vlan 10
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/2
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/3
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/4
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/5
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/6
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/7
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/8
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/9
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/10
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/11
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/12
 switchport access vlan 136
 switchport mode access
 switchport voice vlan 135
 spanning-tree portfast
!
interface FastEthernet0/13
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/14
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/15
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/16
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/17
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/18
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/19
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/20
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/21
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/22
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/23
 switchport access vlan 136
 switchport mode access
!
interface FastEthernet0/24
 switchport access vlan 136
 switchport mode access
!
interface GigabitEthernet0/1
 description UPLINK_TO_2821
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 136
 switchport mode trunk
!
interface GigabitEthernet0/2
 description UPLINK_TO_DELL_5324
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 136
 switchport mode trunk
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan10
 description MANAGEMENT_VLAN
 ip address 10.10.10.202 255.255.255.0
!
interface Vlan135
 description VOICE_VLAN
 no ip address
!
interface Vlan136
 description COMPUTER_VLAN
 no ip address
!
ip default-gateway 10.10.10.201
ip classless
ip http server
!
!
banner motd ^C
*****************************

DO NOT ACCESS THIS SWITCH.
VIOLATORS WILL BE PROSECUTED.

*****************************^C
!
line con 0
 exec-timeout 0 0
 logging synchronous
 login local
line vty 0 4
 exec-timeout 0 0
 logging synchronous
 login local
line vty 5 9
 exec-timeout 0 0
 logging synchronous
 login local
line vty 10 15
 login
!
end

and the dell 5324
Code:
interface range ethernet g(1-23)
spanning-tree portfast
exit
interface ethernet g1
spanning-tree cost 4
exit
interface ethernet g2
spanning-tree cost 19
exit
interface range ethernet g(3-23)
spanning-tree cost 100
exit
interface port-channel 1
description FILE_SERVER
exit
interface ethernet g24
description UPLINK_C3550_POE
exit
port jumbo-frame
interface range ethernet g(21,24)
switchport mode trunk
exit
vlan database
vlan 10,135-136
exit
interface range ethernet g(21,24)
switchport trunk allowed vlan add 10
exit
interface range ethernet g(21,24)
switchport trunk allowed vlan add 135
exit
interface range ethernet g(1-20,22-23)
switchport access vlan 136
exit
interface port-channel 1
switchport access vlan 136
exit
interface ethernet g24
switchport trunk native vlan 136
exit
interface ethernet g21
switchport trunk allowed vlan add 136
exit
interface vlan 10
name MANAGEMENT_VLAN
exit
interface vlan 135
name VOICE_VLAN
exit
interface vlan 136
name DATA_VLAN
exit
port-channel load-balance layer-2-3-4
interface vlan 1
ip address 10.0.0.1 255.0.0.0
exit
interface vlan 10
ip address 10.10.10.203 255.255.255.0
exit
ip default-gateway 10.10.10.201
hostname DELL_5324
line console
exec-timeout 0
exit
enable password level 15 056e188807055099fba545b9a2ae719f encrypted
username chris password d41d8cd98f00b204e9800998ecf8427e level 15 encrypted
username dave password d41d8cd98f00b204e9800998ecf8427e level 15 encrypted
clock summer-time recurring usa zone EDT
ip name-server  205.171.2.65 205.171.3.65
looking for what i did wrong here LOL.
 
Last edited:
On the 3550 I saw the trunk (G0/1 or whatever it was) but did not see where you allowed your VLAN's across that trunk. I would verify that first as the only thing allowed across that trunk as is would be the native VLAN.
 
On the 3550 I saw the trunk (G0/1 or whatever it was) but did not see where you allowed your VLAN's across that trunk. I would verify that first as the only thing allowed across that trunk as is would be the native VLAN.
You dont need an allowed VLAN list, by default every VLAN that's configured is allowed across the trunk link.

Moose,

first thing is first, you have a multi-layer switch... move your routing on a stick's subints to your 3550(its half done already! :p) and create your SVI's and pop ip routing on. There is no reason to go back to the 2800 for routing when you can do it at the switch.

I would verify that all VLANs are not being pruned for some reason(I see you have vtp, but its in transparent so it shouldn't prune). You're going to want to check this on the dell as well.
^ sh int trunk

If your hosts can't get to the dell directly, and they're hanging off the 3550 it would appear to be a trunking issue as you have your gateways of last resort defined but have you tried to ping from the dell to the default gateway? From the dell to one of the sub-interfaces?
 
Here is my network topology
doc.jpg


@TheMadZealot, the reason you don't see the allowed vlans is because all are allowed by default like phil said.

@xphil3, i know that the 3550 is layer 3 but for now i just want to do like this for practice sake. as for VLAN pruning, not occuring, both the dell and the 3550 are showing they are allowing all the VLAN's traffic through.

As for some ping testing i did, if i ping from the network server to the dell's management VLAN IP it fails, being routed from the data vlan and back into the management vlan. if i ping vice-versa it also fails. gonna do some tracerts to see if i can't find where in that it is failing.
 
Sorry, you are right, trunk links propogate all VLANs by default.

I did blast your configs into packet tracer on the Cisco devices and everything seemed to work OK on the Cisco side,

Hung some devices off the 3550 on VLAN 135 and 10 and was able to ping through all three VLANs. I know jack about Dell and had no way to emulate that device.

I am learning too and would be interested in what the problem was once you figure it out, sorry I couldn't be more help.
 
hey its no problem zealot, glad someone else will benefit from what fixes it LOL.

EDIT: i found something but it still isn't getting me anywhere, maybe it will be some help to xphil, if i am on the 3500 i can telnet into the dell, as well as from the 2821. So i guess all hopes not totally lost. i wonder if maybe one of the access-lists i have is blocking it for some reason.
 
woot, fixed a couple problems tonight. first got the dell to be right when i try and log into it, turns out i goofed on the IP for it LOL. so i can log into it fine now. also got the teaming for my server fixed, i didn't realize you had to leave the actual ports in vlan 1 and set the team to the VLAN you want LOL. i'm in the process of getting my wireless working, although for some strang reason my mom's laptop keeps pulling an IP for a subnet that doesn't exist on my LAN or through my VPN's, got it working but still not sure where it came from haha.

So.... with that said, time to see what the deal is with the wireless router. BTW, should i just connect that up through a switchport and trunk that way or should i actually switch it to router mode and connect it to the DELL trhough the WAN port, reason i ask is i run eigrp on my network, and the WAP only does RIP.
 
Your wireless "router" doesn't need to route really based on the drawing above. Just connect one of its LAN ports to the Dell switch in the same VLAN that all your other home PCs are in. Shut RIP off because it is terribad and it's just not needed on that device. Basically unless you want complexity for the sake of complexity there's no real reason to route on the WAP.

Jumbo frame on the link to the 3550 isn't needed really either from the Dell.
 
ok, i give up, still having problems, on the dell i made the port i'm connecting the linksys to a trunk port, with vlans 10,135 tagged, and 136 untagged, like the rest of the network is. Then on the linksys on the port thats connected to the dell i made it tag vlans 10, and 135, 136 untagged as well. but no matter what, it won't work. i went and set the SSID Vlan to 136 as well and still nothing. tried setting static IP on the wireless device and nothing. i'm just totally lost as to how to fix this. If i set it into router mode and try and do it that way my entire network shifts thinking that its the way out to the internet which its def not.

I'm starting to think my best option is just gonna be to get a cisco router and hook it into the 3550 and just forget about wireless N at this point. would like to have it for my laptop but this is getting stupid.

EDIT: and on that note, what is a good cisco AP that will trunk and supports multiple SSID's on different VLANS?
 
Last edited:
Did you verify the state of the trunk from the Dell to make sure it's actually up? On a Cisco switch the command would be "sh int type mod/num switchport"

Questions:

1. Why are you trunking to the WAP in the first place?
2. Why do you think you need another router when you have a L3 capable 3550 and a 2821?

Personally what I'd do is get rid of the Dell switch as it is unnecessary based on the port-density of your 3550. Do a point-to-point link from the 2821 to the 3550 (create a L3 interface and use a /30 network) and turn on EIGRP on the 3550 and 2821. Shut RIP off. Turn on ip routing on the 3550 as was mentioned above and let it route your internal vlans. Not sure why you are trunking to the WAP since you don't have any wireless phones and presumably you can just use ACLs to restrict access to the management vlan from the data vlan. Get rid of all that router-on-a-stick junk off the 2821 because this is not 1999 and it's inefficient.
 
Did you verify the state of the trunk from the Dell to make sure it's actually up? On a Cisco switch the command would be "sh int type mod/num switchport"

Questions:

1. Why are you trunking to the WAP in the first place?
2. Why do you think you need another router when you have a L3 capable 3550 and a 2821?

Personally what I'd do is get rid of the Dell switch as it is unnecessary based on the port-density of your 3550. Do a point-to-point link from the 2821 to the 3550 (create a L3 interface and use a /30 network) and turn on EIGRP on the 3550 and 2821. Shut RIP off. Turn on ip routing on the 3550 as was mentioned above and let it route your internal vlans. Not sure why you are trunking to the WAP since you don't have any wireless phones and presumably you can just use ACLs to restrict access to the management vlan from the data vlan. Get rid of all that router-on-a-stick junk off the 2821 because this is not 1999 and it's inefficient.

i'm wanting to trunk from the dell to the WAP because i have 2 VLAN's that i want kept seperate, the 135 and the 136 VLAN, 135 is for my wifi phones that are running on CME.

as for getting rid of the dell, no way thats happening, i need the gig connection for devices. besides, 24 ports is not enough on a single device, the dell alone has 15 of the 24 ports being used at any given moment, if i add any devices that will just be pushing it to needing another switch anyways.
 
ok, i give up, still having problems, on the dell i made the port i'm connecting the linksys to a trunk port, with vlans 10,135 tagged, and 136 untagged, like the rest of the network is. Then on the linksys on the port thats connected to the dell i made it tag vlans 10, and 135, 136 untagged as well. but no matter what, it won't work.
Well, what does "it won't work" mean then? Start with layer 1 (do I have link?), next layer 2 (do I see MAC addresses in the CAM table on the switch, i.e. is my trunk up?), next layer 3 (can I ping hosts on the same subnet? ...other subnets?)...

Instead of adding more complexity, why don't you try simplifying it first?

For example, construct a detailed drawing like I use to maintain my sanity at home. Erase your config(s) and start from the beginning verifying each segment works before adding another layer of PITA to it.

Clean, simple, effective... Interfacing with a frame cloud I could make out of my parts pile, adding voice, more vlans, firewalls, VRF, swapping routing protocols for practice, etc to something bulletproof like this would be cake.

homeot.jpg
 
You should realize how easy it is to extract passwords from configs ...

Gordon24 is not a great password. Consider scrubbing your configs.
 
doh good point archival, forgot about the line passwords, not that it really matters as no puplic IP is seen other than for DNS. will edit out. as for pruning, i have no idea how to check that on the dell as there CLI is horrid and the web gui i havent' seen such thing.

But i did give up eventually, i just set the port where the WAP was to an access port with 136 as default VLAN, then gave WAP a IP in the data IP range and its working, now how i want to do it but will suffice for now.
 
Back
Top