this was posted over at networking-forum as well, but thought since this forum got more traffici i would try here as well.
ok, guys i need some serious help LOL, me and vlans are a new thing and it confuses the heck outta me. i have my network setup so that it goes DSL modem ->2821 -> 3500 -> dell 5324 -> WRVS4400N. as far as the 2821 and the 3550 goes, i have them set and working right, its once i move to the dell i have issues, first, the only way to access the dell switch is to connect to the 3550, then telnet into it. and as far as the WRVS4400N, i have to connect to it directly to do anything. So, with that said, i need help haha. i'm supplying the running configs of the first 3 devices, and on the WRVS4400N i'll grab SS if you need them. i have 3 vlans that i'm using, 10 is for management purposes only. 135 is for my voice traffic, and 136 is my native vlan for all other traffic. Now, on my desktop which is connected to the dell, if i ping the 3550's IP it goes to the router as it should and then to the 3550 on the mangement VLAN. but if i try and ping one step further to the dell management IP, it fails. I edited out the info for a few things for security reasons.
Cisco 2821 Running config:
3550:
and the dell 5324
looking for what i did wrong here LOL.
ok, guys i need some serious help LOL, me and vlans are a new thing and it confuses the heck outta me. i have my network setup so that it goes DSL modem ->2821 -> 3500 -> dell 5324 -> WRVS4400N. as far as the 2821 and the 3550 goes, i have them set and working right, its once i move to the dell i have issues, first, the only way to access the dell switch is to connect to the 3550, then telnet into it. and as far as the WRVS4400N, i have to connect to it directly to do anything. So, with that said, i need help haha. i'm supplying the running configs of the first 3 devices, and on the WRVS4400N i'll grab SS if you need them. i have 3 vlans that i'm using, 10 is for management purposes only. 135 is for my voice traffic, and 136 is my native vlan for all other traffic. Now, on my desktop which is connected to the dell, if i ping the 3550's IP it goes to the router as it should and then to the 3550 on the mangement VLAN. but if i try and ping one step further to the dell management IP, it fails. I edited out the info for a few things for security reasons.
Cisco 2821 Running config:
Code:
Current configuration : 15683 bytes
!
! Last configuration change at 00:14:49 EST Sun Feb 7 2010 by Chris
! NVRAM config last updated at 00:14:51 EST Sun Feb 7 2010 by Chris
!
version 15.0
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname R2821-Edge
!
boot-start-marker
boot-end-marker
!
logging buffered 4096
enable secret 5 $1$JBJH$TJty9wwoHgWE1M84sKJmZ/
!
aaa new-model
!
!
aaa authentication login default local
aaa authentication login sdm_vpn_xauth_ml_1 local
aaa authorization exec default local
aaa authorization network sdm_vpn_group_ml_1 local
!
!
!
!
!
aaa session-id common
!
!
!
clock timezone EST -5
clock summer-time EDT recurring
!
dot11 syslog
no ip source-route
!
!
ip cef
ip dhcp excluded-address 10.10.135.51 10.10.135.255
!
ip dhcp pool VOICE_POOL
network 10.10.135.0 255.255.255.0
default-router 10.10.135.201
dns-server 205.171.2.65 205.171.3.65
option 150 ip 10.10.135.201
!
!
no ip bootp server
ip domain name MoosemanStudios
ip host NETWORK-SERVER 10.10.136.202
ip name-server 10.10.136.68
ip ips config location flash:/IPS-store retries 1
ip ips notify SDEE
!
ip ips signature-category
category all
retired true
category ios_ips advanced
retired false
!
ipv6 unicast-routing
ipv6 cef
ipv6 dhcp pool DHCP_V6
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
voice-card 0
!
!
crypto pki trustpoint TP-self-signed-73811248
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-73811248
revocation-check none
rsakeypair TP-self-signed-73811248
!
!
crypto pki certificate chain TP-self-signed-73811248
certificate self-signed 01
3082024E 308201B7 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 37333831 31323438 301E170D 30393132 30383034 32363538
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D373338 31313234
3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100CD3D
548C5AF4 A8DA49AF 7EBE7E5F 60B0A423 9339538C AF539C9C 882C6FDA 92EC42CC
5303DC45 6524F679 F72660C5 0E88D76C C38FF80A 5FF1F0BA DF84EB31 EED93679
3B69FF84 FE2C7109 7FF90E5F F5CECE4F B8B2972C 672ECB23 3C742F9D 3E515898
6A9A88CE CBF62232 AA8E1E7D 09EBBC2C BB89BE7A 42087B99 DE583BD2 F1A70203
010001A3 7A307830 0F060355 1D130101 FF040530 030101FF 30250603 551D1104
1E301C82 1A523238 32312D45 6467652E 4D6F6F73 656D616E 53747564 696F7330
1F060355 1D230418 30168014 739C9573 0ED4273A 51636EB9 D6F3AAA4 4897BD16
301D0603 551D0E04 16041473 9C95730E D4273A51 636EB9D6 F3AAA448 97BD1630
0D06092A 864886F7 0D010104 05000381 810017BF B32FAEBC 4BFFAD74 17028D3C
990A01B8 E2CAFB4C 9FA9C66C 3C74FD8D 85554907 4B083251 7C819F6B 3906CFD5
82163EB6 F44C994B EAEAED37 DCFDA431 B6829FA5 427BD23D E5E3C79C 34487729
A5A86FF6 2DAD25DE 0268A277 F1D2901D F7621792 0145AD51 1411848B 0BFA0028
B825669F 62E68337 15E5264E 962B2031 3767
quit
!
!
license udi pid CISCO2821 sn FTX0924A611
username Chris privilege 15 secret 5 $1$0jzs$54gcCMqR4H/sYABmUW5Nt.
username Dave privilege 15 secret 5 $1$6OS0$kN0L17O.NHBmtBdNiktBL.
!
redundancy
!
crypto key pubkey-chain rsa
named-key realm-cisco.pub
key-string
30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101
00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16
17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128
B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E
5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35
FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85
50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36
006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE
2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3
F3020301 0001
quit
!
!
!
!
crypto isakmp policy 10
encr aes 256
authentication pre-share
group 2
!
crypto isakmp policy 30
encr 3des
authentication pre-share
group 2
lifetime 7200
crypto isakmp key cisco123 address aa.bb.cc.dd
crypto isakmp key cassiehurst address ee.ff.gg.hh
!
crypto isakmp client configuration group VPN_group
key millervpn
dns 205.171.2.68 205.171.3.65
domain mooseman.com
pool SDM_POOL_1
max-users 5
netmask 255.255.255.0
crypto isakmp profile sdm-ike-profile-1
match identity group VPN_group
client authentication list sdm_vpn_xauth_ml_1
isakmp authorization list sdm_vpn_group_ml_1
client configuration address respond
virtual-template 1
!
!
crypto ipsec transform-set secure_transform esp-aes esp-sha-hmac
crypto ipsec transform-set ESP-3DES-SHA esp-3des esp-sha-hmac
!
crypto ipsec profile SDM_Profile1
set security-association idle-time 10800
set transform-set ESP-3DES-SHA
set isakmp-profile sdm-ike-profile-1
!
!
crypto map MASTER_CRYPTO_MAP 10 ipsec-isakmp
set peer aa.bb.cc.dd
set transform-set secure_transform
match address GRE_IPSEC_TRAFFIC
crypto map MASTER_CRYPTO_MAP 20 ipsec-isakmp
set peer ee.ff.gg.hh
set transform-set secure_transform
match address GRE_IPSEC_TRAFFIC2
!
!
!
!
!
!
interface Loopback0
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
!
!
interface Tunnel100
description $FW_INSIDE$
ip address 192.168.100.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
tunnel source GigabitEthernet0/0
tunnel destination aa.bb.cc.dd
!
!
interface Tunnel101
description $FW_INSIDE$
ip address 192.168.101.1 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip virtual-reassembly
tunnel source GigabitEthernet0/0
tunnel destination ee.ff.gg.hh
!
!
interface Null0
no ip unreachables
!
interface GigabitEthernet0/0
description $FW_OUTSIDE$
mtu 1492
ip address dhcp
no ip redirects
no ip unreachables
no ip proxy-arp
ip nat outside
ip virtual-reassembly
duplex auto
speed auto
crypto map MASTER_CRYPTO_MAP
!
!
interface GigabitEthernet0/1
description $ETH-LAN$$FW_INSIDE$
no ip address
no ip redirects
no ip unreachables
no ip proxy-arp
ip nbar protocol-discovery
ip virtual-reassembly
duplex full
speed 1000
!
!
interface GigabitEthernet0/1.10
encapsulation dot1Q 10
ip address 10.10.10.201 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.135
encapsulation dot1Q 135
ip address 10.10.135.201 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface GigabitEthernet0/1.136
encapsulation dot1Q 136 native
ip address 10.10.136.201 255.255.255.0
ip nat inside
ip virtual-reassembly
!
interface Serial0/3/0
no ip address
shutdown
clock rate 2000000
!
!
interface Virtual-Template1 type tunnel
description $FW_INSIDE$
ip unnumbered Loopback0
no ip redirects
no ip unreachables
no ip proxy-arp
tunnel mode ipsec ipv4
tunnel protection ipsec profile SDM_Profile1
!
!
!
router eigrp 40
network 10.0.0.0
network 172.0.0.0 0.255.255.255
network 192.168.0.0 0.0.255.255
!
router rip
version 2
network 10.0.0.0
network 172.20.0.0
!
ip local pool SDM_POOL_1 10.10.140.50 10.10.140.55
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http timeout-policy idle 600 life 86400 requests 10000
!
!
ip nat inside source list NAT_T interface GigabitEthernet0/0 overload
ip nat inside source static tcp 10.10.136.200 80 interface GigabitEthernet0/0 80
ip nat inside source static udp 10.10.136.200 88 interface GigabitEthernet0/0 88
ip nat inside source static udp 10.10.136.200 3074 interface GigabitEthernet0/0 3074
ip nat inside source static tcp 10.10.136.200 3074 interface GigabitEthernet0/0 3074
ip nat inside source static tcp 10.10.136.200 53 interface GigabitEthernet0/0 53
ip nat inside source static tcp 10.10.136.221 56012 interface GigabitEthernet0/0 56012
!
ip access-list standard BLOCK_CASS_DAVE
deny 192.168.254.0 0.0.0.255
permit any
ip access-list standard BLOCK_DAVE_CASS
permit 10.10.136.0 0.0.0.255
deny any
ip access-list standard TELNET_IN
permit 10.0.0.0 0.255.255.255 log
permit 172.16.0.0 0.0.255.255 log
permit 192.168.254.0 0.0.0.255 log
!
ip access-list extended GRE_IPSEC_TRAFFIC
permit gre host ii.jj.kk.ll host aa.bb.cc.dd
ip access-list extended GRE_IPSEC_TRAFFIC2
permit gre host ii.jj.kk.ll host ee.ff.gg.hh
ip access-list extended NAT_T
permit ip 10.0.0.0 0.255.255.255 any
!
logging trap debugging
logging 10.10.136.202
!
!
!!
banner login ^CDO NOT ACCESS THIS ROUTER!!!!!!!!!^C
banner motd ^CC
************************************************
DO NOT ACCESS THIS DEVICE, UNAUTHORIZED PERSON'S
SHALL BE EXECUTED TO THE FULLEST OF THE LAW.
************************************************^C
!
line con 0
exec-timeout 0 0
password 7 XXXXXXXXXXXXXXXXXX
logging synchronous
line aux 0
exec-timeout 0 0
password 7 XXXXXXXXXXXXXXXXXX
logging synchronous
line vty 0 4
access-class TELNET_IN in
exec-timeout 5 0
password 7 XXXXXXXXXXXXXXXXXX
logging synchronous
transport input telnet
line vty 5 9
exec-timeout 5 0
logging synchronous
transport input ssh
line vty 10 988
!
scheduler allocate 20000 1000
ntp source GigabitEthernet0/0
ntp master
ntp update-calendar
ntp server 129.6.15.28 prefer
ntp server 129.6.15.29
end
3550:
Code:
Current configuration : 4047 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname C3550-PoE
!
enable secret 5 $1$r/rB$vPekwl/3grgZsc19ZkNTw1
!
username chris privilege 15 secret 5 $1$jUlC$j5zI.XeD9EIGa6abRcal51
username dave privilege 15 secret 5 $1$58Ju$5Q/M6Mbtrselo1fqVWmc90
ip subnet-zero
!
vtp mode transparent
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
vlan 10
name MANAGEMENT_VLAN
!
vlan 135
name VOICE_VLAN
!
vlan 136
name DATA_VLAN
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/2
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/3
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/4
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/5
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/6
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/7
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/8
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/9
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/10
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/11
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/12
switchport access vlan 136
switchport mode access
switchport voice vlan 135
spanning-tree portfast
!
interface FastEthernet0/13
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/14
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/15
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/16
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/17
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/18
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/19
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/20
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/21
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/22
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/23
switchport access vlan 136
switchport mode access
!
interface FastEthernet0/24
switchport access vlan 136
switchport mode access
!
interface GigabitEthernet0/1
description UPLINK_TO_2821
switchport trunk encapsulation dot1q
switchport trunk native vlan 136
switchport mode trunk
!
interface GigabitEthernet0/2
description UPLINK_TO_DELL_5324
switchport trunk encapsulation dot1q
switchport trunk native vlan 136
switchport mode trunk
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
description MANAGEMENT_VLAN
ip address 10.10.10.202 255.255.255.0
!
interface Vlan135
description VOICE_VLAN
no ip address
!
interface Vlan136
description COMPUTER_VLAN
no ip address
!
ip default-gateway 10.10.10.201
ip classless
ip http server
!
!
banner motd ^C
*****************************
DO NOT ACCESS THIS SWITCH.
VIOLATORS WILL BE PROSECUTED.
*****************************^C
!
line con 0
exec-timeout 0 0
logging synchronous
login local
line vty 0 4
exec-timeout 0 0
logging synchronous
login local
line vty 5 9
exec-timeout 0 0
logging synchronous
login local
line vty 10 15
login
!
end
and the dell 5324
Code:
interface range ethernet g(1-23)
spanning-tree portfast
exit
interface ethernet g1
spanning-tree cost 4
exit
interface ethernet g2
spanning-tree cost 19
exit
interface range ethernet g(3-23)
spanning-tree cost 100
exit
interface port-channel 1
description FILE_SERVER
exit
interface ethernet g24
description UPLINK_C3550_POE
exit
port jumbo-frame
interface range ethernet g(21,24)
switchport mode trunk
exit
vlan database
vlan 10,135-136
exit
interface range ethernet g(21,24)
switchport trunk allowed vlan add 10
exit
interface range ethernet g(21,24)
switchport trunk allowed vlan add 135
exit
interface range ethernet g(1-20,22-23)
switchport access vlan 136
exit
interface port-channel 1
switchport access vlan 136
exit
interface ethernet g24
switchport trunk native vlan 136
exit
interface ethernet g21
switchport trunk allowed vlan add 136
exit
interface vlan 10
name MANAGEMENT_VLAN
exit
interface vlan 135
name VOICE_VLAN
exit
interface vlan 136
name DATA_VLAN
exit
port-channel load-balance layer-2-3-4
interface vlan 1
ip address 10.0.0.1 255.0.0.0
exit
interface vlan 10
ip address 10.10.10.203 255.255.255.0
exit
ip default-gateway 10.10.10.201
hostname DELL_5324
line console
exec-timeout 0
exit
enable password level 15 056e188807055099fba545b9a2ae719f encrypted
username chris password d41d8cd98f00b204e9800998ecf8427e level 15 encrypted
username dave password d41d8cd98f00b204e9800998ecf8427e level 15 encrypted
clock summer-time recurring usa zone EDT
ip name-server 205.171.2.65 205.171.3.65
Last edited: