HELP! Mgmt Interface 3550 in separate vlan MORE EXPLANATION

From: Steve Lown (yytexan_il@hotmail.com)
Date: Mon Sep 23 2002 - 20:47:39 GMT-3

• Next message: Sara Li: "Re: BGP help required."
• Previous message: Casey, Paul (6822): "Re: BGP help required."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Let me try to give a little more detail on this. What I am trying to do is
the following and I know that it works on the Cat5000, but the exact same
thing will NOT work on the 3550, any help would be greatly appreciated...
And please forgive the long post, but I want to see if anyone has the answer
to this one.

I have 3 routers and the 3550 switch with the latest EMI image 12.1(11) on
it. Lets say we have the routers as follows:

4-------3--------6

We have 3 being a trunk, we have the ethernet between 4 and 3 in vlan 10,
the vlan between 3 and 6 in vlan 20, and for giggles we put the managment
interface in vlan 30 but the managment vlan has an ip address from vlan 20.

So to do this we want to use irb on R3 and bridge between vlan 20 and vlan
30 and route between vlan 20 and vlan 10. So our config on R3 looks
something like this:

bridge irb

fa3/0.10
encapsulation isl 10
ip add 150.1.34.3 255.255.255.0

fa3/0.20
encapsulation isl 20
bridge-group 1

fa3/0.30
encapsulation isl 30
bridge-group 1

int bvi 1
ip add 150.1.36.3 255.255.255.0

bridge 1 protocol ieee
bridge 1 route ip

The switch has the vlan configured as:

int fa0/4
switchport access vlan 10

int fa0/6
switchport access vlan 20

int fa0/3
switchport trunk encapsulation isl
switchport mode trunk

int vlan 30
ip add 150.1.36.100 255.255.255.0

I've tried both default-gateway and ip route 0.0.0.0 0.0.0.0

R4 has the basic config

int e0
ip add 150.1.34.4 255.255.255.0

R6 has the basic config

int e0
ip add 150.1.36.6 255.255.255.0

There is OSPF routing between them, although I've tried all the other
routing protocols.

These are the very basic configs. R4 can ping the switch, R3 can ping the
switch, but anything on R6 or past R6 cannot ping the switch and the switch
cannot pin it either. If we debug ip packet from the switch while pinging
R6 we receive the following error:

00:53:04: datagramsize=100, IP 48: s=150.1.36.100 (local), d=150.1.36.6
(Vlan30)
, totlen 100, fragment 0, fo 0, sending.
00:53:07: datagramsize=100, IP 48: s=150.1.36.100 (local), d=150.1.36.6
(Vlan30)
, totlen 100, fragment 0, fo 0, encapsulation failed

I have tried dot1q encapsulation, I have made sure that routing was off on
the switch, I have tried vlan 1 as the management vlan and tried to bridge
between vlan 1 and vlan 20. I have tried just about everything I can think
of and I can't get it to work.

Has anyone else tried this? Can anyone else try it to see if it can be
done?

Thanks for reading and I hope someone can figure this out.

>From: "Balaji Siva" <bsivasub@cisco.com>
>To: "Steve Lown" <yytexan_il@hotmail.com>, <bwilliams175@comcast.net>,
><ccielab@groupstudy.com>
>Subject: RE: Mgmt Interface 3550 in separate vlan
>Date: Sat, 21 Sep 2002 21:19:29 -0400
>
>steve,
>
>I tried with SMI image..it works fine..
>
>provide a debug ip icmp (want to see if there is encap failures)
>
>
>just a guess..can you turn off ip routing if you have it enabled
>
>
>B
>
>
>
>
>
>-----Original Message-----
>From: Steve Lown [mailto:yytexan_il@hotmail.com]
>Sent: Saturday, September 21, 2002 7:03 PM
>To: bsivasub@cisco.com; bwilliams175@comcast.net; ccielab@groupstudy.com
>Subject: RE: Mgmt Interface 3550 in separate vlan
>
>
>I am trying to setup a bridge on a router with an isl trunk to a 3550. I
>have been asked to set a management interface on the switch on vlan 40, and
>I am trying to bridge via IRB on the router between the switch and the
>ethenet, vlan 30. I have no connectivity between the switch and the router.
>Here are some configs:
>
>switch:
>
>hostname 3550
>!
>interface FastEthernet0/12
>switchport trunk encapsulation isl
>switchport trunk native vlan 40
>switchport trunk allowed vlan 10,20,30,40,1002-1005
>switchport mode trunk
>no ip address
>!
>!
>interface Vlan40
>ip address 145.1.36.100 255.255.255.0
>!
>ip default-gateway 145.1.36.6
>ip classless
>ip http server
>!
>end
>
>router:
>hostname R6
>!
>bridge irb
>!
>interface FastEthernet3/0.30
>encapsulation isl 30
>no ip redirects
>bridge-group 1
>!
>interface FastEthernet3/0.40
>encapsulation isl 40
>no ip redirects
>bridge-group 1
>!
>interface BVI1
>ip address 145.1.36.6 255.255.255.0
>!
>bridge 1 protocol ieee
>bridge 1 route ip
>bridge 1 route ipx
>!
>
>end
>
>
>
> >From: "Balaji Siva" <bsivasub@cisco.com>
> >To: "Bruce Williams" <bwilliams175@comcast.net>, "Steve Lown"
> ><yytexan_il@hotmail.com>, <ccielab@groupstudy.com>
> >Subject: RE: Mgmt Interface 3550 in separate vlan
> >Date: Sat, 21 Sep 2002 17:59:43 -0400
> >
> >the problem description fro steve for me wasn't clear..but anyway,
> >
> >all vlans are allowed on a trunk by default so you don't need to make the
> >management vlan as native vlan if you don't have to... you can ofcourse
> >explictly allow the management vlan on a trunk..
> >
> >
> >B
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Bruce Williams
> >Sent: Saturday, September 21, 2002 5:30 PM
> >To: Steve Lown; ccielab@groupstudy.com
> >Subject: RE: Mgmt Interface 3550 in separate vlan
> >
> >
> >That happened to me too, while I was doing a lab. I made the VLAN of the
> >management interface the native VLAN of the trunk so that it would be
> >included in VLANs allowed to traverse the trunk.
> >
> >switch(config-if)#switchport trunk native vlan xx.
> >
> >It worked for me, but there must be another way.
> >
> >Bruce
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> >Steve Lown
> >Sent: Saturday, September 21, 2002 3:51 PM
> >To: ccielab@groupstudy.com
> >Subject: Mgmt Interface 3550 in separate vlan
> >
> >
> >I am trying to set up a practice lab where the management interface is of
> >the switch is set in its own vlan and is included in the allowed trunks
>on
> >a
> >port to a router. I find when I enter a vlan on a separate vlan from
>vlans
> >that have the command switchport access vlan XX, no connectivity is
> >established. The cat5 is easy to setup, you just put the sc0 interface in
> >the vlan number you want and set the ip address in the network of the
>vlan
> >you want connectivity. Any suggestions as to how to set this up on the
> >3550? Thank you for your input.
> >
> >
> >_________________________________________________________________
> >Chat with friends online, try MSN Messenger: http://messenger.msn.com
>
>
>
>
>_________________________________________________________________
>Join the worlds largest e-mail service with MSN Hotmail.
>http://www.hotmail.com

• Next message: Sara Li: "Re: BGP help required."
• Previous message: Casey, Paul (6822): "Re: BGP help required."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Oct 07 2002 - 07:44:01 GMT-3