4

I have to setup a stack of 3 Cisco 3850 switchs. They are licences to IP Base feature.

I inspirated my setup from an another configuration we got here but those switches have the IP Services IOS. As my topic said, I'm unable to ping other vlan in the switch.

There's the scenario :

My stack will connect to a Cisco Switch that we don't manage. This switch provide us (via VPN MPLS) network we can use.

This switch (from ISP) have two ports (network) enable :

Port 1 L3 : 10.140.68.1/22 Port 2 L3 : 192.168.69.33/27

My switch stack (LAN) configuration looks like this :

ip routing interface Vlan1 no ip address shutdown interface Vlan68 ip address 10.140.68.2 255.255.255.0 ip helper-address 10.140.68.4 interface Vlan69 ip address 10.140.69.1 255.255.255.0 ip helper-address 10.140.68.4 interface Vlan70 ip address 10.140.70.1 255.255.255.0 ip helper-address 10.140.68.4 shutdown interface Vlan71 ip address 10.140.71.1 255.255.255.0 ip helper-address 10.140.68.4 shutdown interface Vlan192 ip address 192.168.69.33 255.255.255.224 router eigrp 100 network 10.140.68.0 0.0.3.255 network 192.168.69.32 0.0.0.31 redistribute static passive-interface default eigrp stub connected summary ip route 0.0.0.0 0.0.0.0 10.140.68.1 interface GigabitEthernet1/0/1 description To MPLS SWITCH PORT 1 switchport access vlan 68 interface GigabitEthernet1/0/2 description To MPLS SWITCH PORT 2 switchport access vlan 192

Someone can help me to configure the InterVlan routing and the I'm not sure if the 2 ports who'll be connected to the uplink switch is correct too.

I made ping test having a two laptops connected to the switch, 1 in vlan 68 and 1 in vlan 69.

EDIT: (for a comment below that I can't format)

Interface IP-Address OK? Method Status Protocol Vlan1 172.16.100.1 YES manual administratively down down Vlan68 10.140.68.3 YES manual up up Vlan69 10.140.69.1 YES manual up up Vlan70 10.140.70.1 YES NVRAM administratively down down Vlan71 10.140.71.1 YES NVRAM administratively down down Vlan192 192.168.69.34 YES manual up up

EDIT2:
Now I can ping all vlan from the switch (via the console connection). I can put a laptop in a port in the Vlan68 and ping the switch (by all vlan ip address) same thing from a laptop in the Vlan192. BUT, if I put a laptop in a port of Vlan69 I can't ping the switch from any vlan IP even the Vlan69 (69.1). When I do a show arp the laptop's mac and IP address don't show. I try with many laptop and samething everytime.

Resolution The problem came of the fact that some interface configuration about dhcp snooping and arp inspection prevents statics address ip. Adding a DHCP solve the problem.

Improve this question
4
  • You say port 1 (presumably the device connected to port 1) is 10.140.68.1/*22* but the vlan 68 interface is config'd for /24. Is that /22 a typo? Commented Nov 26, 2014 at 1:01
  • @dk1, it's not a typo. The device it's place as a kind of edge mark that "propagate" those two networks at our site. So our site can use the 10.140.68.1/22 network for users/servers and the other for video conferencing. Commented Nov 26, 2014 at 3:30
  • 2
    I think you are misunderstanding the network mask... if the ISP will not perform local network routing for you (with correct vlan tags), then you need to use the correct subnet mask on a single vlan interface. Commented Nov 26, 2014 at 5:26
  • Nowhere in your original question do you even begin to hint at having DHCP snooping or DAI configured. Naturally you will have problems with using statically configured IP addresses on a network configured to use DAI. Next time consider posting your full configuration rather than just what you think is important, and the community may be able to help with a better answer. Commented Dec 2, 2014 at 4:44

2 Answers 2

Reset to default
5

In general, a VLAN SVI will not be "UP" if there are no ports within that VLAN that are up. As only 2 of your VLANs are assigned to interfaces (as per the limited bit of config provided), only 2 VLANs should be operational.

Improve this answer
2
  • 1
    Best way to rectify no UP ports is to plug in a trunk link, ethernet loop, or patch an access VLAN into a different access VLAN. Commented Nov 25, 2014 at 23:20
  • I got two laptops connected on the stack, 1 in vlan 68 and 1 in vlan 69. Commented Nov 26, 2014 at 3:26
2

The problem came of the fact that some interface configuration about dhcp snooping and arp inspection prevents static address ip. Adding a DHCP solve the problem.

Improve this answer

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.