J. Johnson wrote: > > Ugh. I was hoping there would be something obvious. I already > have what > you suggest - a "router on a stick" configuration with the > vlans combined > in an 802.1Q trunk to the router. Here's a picture:
The picture got a bit munged. I think I understand it, though. The router-on-a stick is the Linux box and it's supposed to be on the right side of the drawing? What do you mean by ix86? It's not a 486 machine is it? Ugh. :-) > > |--------------| |--------------| > | oreilly.net |------|vlan5 | > |--------------| | | > | | > |--------------| | | > | colophon.net |------|vlan6 s | > |--------------| | 2 w | 802.1Q | one > interface > | 9 i |============| > "router-on-a-stick" > |--------------| | 5 t | vlan5-8 | ix86 > running linux > | zoo.net |------|vlan8 0 c | > |--------------| | h | > | | > |--------------| | | > | safari.net |------|vlan7 | > |--------------| |--------------| > | > ----- > 3600 router > loopback address > 10.0.0.5 > ----- > | | | > big > network > cloud > > I would like to be able to telnet from any of the networks to > maintain the > switch, but can't. 10.0.0.6 is the address of the switch, and > it is > currently assigned to vlan 7. The 3600 router has 10.0.0.6 in > its routing > table as a directly connected address. The linux router has > the four local > networks in its routing table, with the 3600 router as the > default router. > The linux "router-on-a-stick" can ping 10.0.0.6, presumably > because it > sends the packet to its default router, the 3600, which then > routes the > packet back to the switch. The 3600 can also ping 10.0.0.6, as > expected. > However, when a box on oreilly.net pings 10.0.0.6, a sniffer > sees the ping > on the vlan5 line, What is the MAC destination address in these pings from the oreilly.net box? What is the box on oreilly.net using for its default gateway? It sounds like it should be using the Linux router-on-a-stick. Maybe it's not? I hate to say it, but to debug the problem we would have to see the config of the Linus router-on-a-stick too. You say it's doing 802.1Q? I didn't know it could do that. :-) Are you sure it's a stable and standard implementation? Does it have subinterfaces like a "real" router would have and an address on all the subnets? Is the Linux box running a firewall that could be blocking traffic? Does the Linux box have some troubleshooting tools you could use to see what traffic it's handling?? > but another sniffer sees nothing on the > 802.1Q trunk > wire and, of course, the ping is not successful. On the other > hand, when a > box on oreilly.net pings 10.0.0.5, it does so successfully. > Wierd. Is that its own subnet, though? That you might expect to work. Well, good luck with the puzzle. Let us know what else you find out. Thanks. Priscilla > > I've also tried putting 10.0.0.6 in the linux router's table, > with no > apparent change in behavior. Presumably, the linux router > sends packets > directly to the switch instead of making one hop through the > 3600, but > pings still don't get from oreilly.net to the switch. > > Anyone know why the switch isn't forwarding 10.0.0.6 packets to > the linux > router? > > DeVoe, Charles (PKI wrote: > > > You will need routing between the VLANs. If this is done via > the uplink > > you > > will also need to do some trunking. Hope this helps. > > > > -----Original Message----- > > From: J. Johnson [mailto:[EMAIL PROTECTED] > > Sent: Tuesday, February 25, 2003 5:06 PM > > To: [EMAIL PROTECTED] > > Subject: 2950 telnet access is lost after vlans [7:63789] > > > > > > I've lost some telnet access to my 2950 after implementing > vlans. > > > > Before - Address 10.0.0.6 was available on vlan 1, which was > the default > > vlan for all ports. telnet was possible into the switch from > machines > > connected to any port. > > > > After - Created several vlans (5, 6, 7, and 8) and split the > ports among > > them. Now when I do: > > switch(config)#interface vlan 5 > > switch(config-if)#ip address 10.0.0.6 255.255.255.0 > > switch(config-if)#no shutdown > > the vlan interface that was previously up shuts down and only > boxes > > connected to the ports in vlan 5 are able to telnet into the > switch. > > > > Is there a way to allow boxes on ports assigned to other > vlans to telnet > > into the switch at 10.0.0.6? > > > > James > > Nondisclosure violations to [EMAIL PROTECTED] > > Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=63912&t=63789 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
