VLAN Testing

Hi amvaughn,

For the port connected to the PC, access mode with access to VLAN 20 should be the correct mode as the PC is probably passing untagged traffic. If you assign an IP address to VLAN 20 on the switch can it ping the X300? Can the PC ping that VLAN? Are ICMP packets blocked on the X300?

Josh,

I can ping the other Vlan interfaces with me set on vlan 1 so the firewall is not blocking

as soon as i set a pc to access port vlan 20 and set the ip address to the same subnetwork as subinterface for vlan 20 i cannot ping the gateway. so basically the switch shows vlan membership for the interface going to the firewall and interface to the pc as 20 and i cannot ping between the two.

Does VLAN 20 on the switch have an IP address? If not try assigning it one and see if you can ping that IP from the PC to see if we can isolate it to the connection to the switch from the PC or from the firewall. What does the configuration for the trunk look like?

So with the general port allowing vlan 1 and the PC on vlan 20 it works to ping the virtual interface for vlan 20. Is ip routing enabled on the switch? Is the virtual interface for vlan 20 set to respond to pings? Do the logs for the firewall show an incoming ping attempt?

Josh,

I setup another PC on Vlan 20 access. I can ping between the two PC that are both on vlan 20 so that works.

The trunk on the switch is set to TRUNK.

The router/firewall interface is setup with port 4 as subinterfaces

P4.1 Vlan 1

P4.20 Vlan 20

If i set the switchport trunk to GENERAL it works also but only if i set vlan 1 to tag also.

from my PC, that is currently on vlan 1 i can ping the vlan 20 ip address of the router.

However I cannot ping the PC that is on vlan 20 from my PC

Also I cannot ping the Vlan 20 interface on the router from my PC on vlan 20.

It has to be the trunk is not working properly.

Josh,

why would IP routing be needed on the switch? Thats what the router is for.

all subinterfaces allow ping. i set the first rule on the firewall to allow any ip any protocol to any ip

Here is the switchport config on the switch going to the router

Name: gi3/0/24

Switchport: enable

Administrative Mode: trunk

Operational Mode: up

Access Mode VLAN: none

Access Multicast TV VLAN: none

Trunking Native Mode VLAN: none

Trunking VLANs Enabled: 1,5,10,20,30,35,40

                       2-4,6-9,11-19,21-29,31-34,36-39,41-4094 (Inactive)

General PVID: 1

General VLANs Enabled: none

General Egress Tagged VLANs Enabled: none

General Forbidden VLANs: none

General Ingress Filtering: enabled

General Acceptable Frame Type: all

General GVRP status: disabled

Customer Mode VLAN: none

Private-vlan promiscuous-association primary VLAN: none

Private-vlan promiscuous-association Secondary VLANs Enabled: none

Private-vlan host-association primary VLAN: none

Private-vlan host-association Secondary VLAN Enabled: none

DVA: disable

Classification rules:

Classification type Group ID VLAN ID

------------------- -------- -------

MDFSwitches(config-if)#

I wasn't saying that ip routing should be enabled, just asking if it was. Try adding to that switchport Console(config-if)# switchport trunk native vlan 20

Josh,

Fixed the issue.

Basically web GUI was not removing Access and General mode completely. Had to do it through the CLI. GO DELL!!

Thanks for the update. Glad that you fixed it.