Hi,
I am relatively new to managed switch configuration so please bear with me here as I try to explain my issue.
I have three Cisco 3560 switches with 3 VLAN's. The main networked vlan is 10.1.1.0, I have a VoIP vlan at 10.1.20.0 and a newly added VLAN at 10.1.2.0
I have a Cisco ASA 5510 as my perimeter firewall at 10.1.1.254, but use one of the switches as a gateway. My DHCP server has two NIC's, one on 10.1.1.x and one on 10.1.2.x,
-I can ping the VLAN gateway addresses on the 10.1.2.x subnet from 10.1.1.1
-If I setup a static ip on the 10.1.2.x subnet I can NOT ping anything on 10.1.1.0 or get out to the internet
-My PBX box, setup on 10.1.20.x with a gateway of 10.1.20.252 can get to anything on the other two VLAN's
Here is the config for the switch my dhcp server is connected to:
no aaa new-model
clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-2,20 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1-21 (all the same)
description Data+Voice
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/22 -- Second NIC on dhcp server to this interface
description Data+Voice
switchport access vlan 2
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
--Rest of interfaces same as 0/1--
interface Vlan1
ip address 10.1.1.251 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan2
ip address 10.1.2.251 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan20
ip address 10.1.20.251 255.255.255.0
ip helper-address 10.1.1.4
!
ip default-gateway 10.1.1.254
no ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip http server
!
Here is the config for my 10.1.1.x network gateway:
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-2,20 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description ASA Interface
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/2
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/3
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/4
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/5-52
description Data+Voice
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
interface Vlan1
ip address 10.1.1.252 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan2
ip address 10.1.2.252 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan20
ip address 10.1.20.252 255.255.255.0
ip helper-address 10.1.1.4
!
ip default-gateway 10.1.1.254
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip http server
!
!
control-plane
!
I think that is just about everything...Any help that anyone could provide would be greatly appreciated.
I am relatively new to managed switch configuration so please bear with me here as I try to explain my issue.
I have three Cisco 3560 switches with 3 VLAN's. The main networked vlan is 10.1.1.0, I have a VoIP vlan at 10.1.20.0 and a newly added VLAN at 10.1.2.0
I have a Cisco ASA 5510 as my perimeter firewall at 10.1.1.254, but use one of the switches as a gateway. My DHCP server has two NIC's, one on 10.1.1.x and one on 10.1.2.x,
-I can ping the VLAN gateway addresses on the 10.1.2.x subnet from 10.1.1.1
-If I setup a static ip on the 10.1.2.x subnet I can NOT ping anything on 10.1.1.0 or get out to the internet
-My PBX box, setup on 10.1.20.x with a gateway of 10.1.20.252 can get to anything on the other two VLAN's
Here is the config for the switch my dhcp server is connected to:
no aaa new-model
clock summer-time UTC recurring last Sun Mar 1:00 last Sun Oct 2:00
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-2,20 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1-21 (all the same)
description Data+Voice
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
interface GigabitEthernet0/22 -- Second NIC on dhcp server to this interface
description Data+Voice
switchport access vlan 2
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
--Rest of interfaces same as 0/1--
interface Vlan1
ip address 10.1.1.251 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan2
ip address 10.1.2.251 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan20
ip address 10.1.20.251 255.255.255.0
ip helper-address 10.1.1.4
!
ip default-gateway 10.1.1.254
no ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip http server
!
Here is the config for my 10.1.1.x network gateway:
!
no aaa new-model
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
spanning-tree vlan 1-2,20 priority 24576
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description ASA Interface
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
!
interface GigabitEthernet0/2
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/3
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/4
description ShoreTel System
switchport access vlan 20
switchport trunk allowed vlan 1,2,20
spanning-tree portfast
!
interface GigabitEthernet0/5-52
description Data+Voice
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,2,20
switchport mode trunk
spanning-tree portfast
interface Vlan1
ip address 10.1.1.252 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan2
ip address 10.1.2.252 255.255.255.0
ip helper-address 10.1.1.4
!
interface Vlan20
ip address 10.1.20.252 255.255.255.0
ip helper-address 10.1.1.4
!
ip default-gateway 10.1.1.254
ip classless
ip route 0.0.0.0 0.0.0.0 10.1.1.254
ip http server
!
!
control-plane
!
I think that is just about everything...Any help that anyone could provide would be greatly appreciated.