Re: Issue with internetwork Expert Security racks

From: Brian Dennis (bdennis@internetworkexpert.com)
Date: Sat Jun 14 2008 - 20:51:44 ART

Dane,
   Your access VLAN was 113 but your VLAN interface is 133. Additionally
your IP addressing was wrong for rack6.

Brian Dennis, CCIEx5 #2210 (R&S/ISP-Dial/Security/SP/Voice)
bdennis@internetworkexpert.com

Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987
Direct: +1-775-544-1653 (Outside the US and Canada)

>----- Original Message -----
Subject: Issue with internetwork Expert Security racks
Date: Sat, June 14, 2008 16:20
From: "Dane Newman" <dane.newman@gmail.com>

> Hello
>
> I have an issue with InternetworkExpert security racks. Can anyone spot an
> issue with my config and why I can't find 204.12.1.254 (bb3). I keep going
> back and forth with IE support and I have wasted tons of time on this issue
> and there support told me it was a problem with my config which I don't see
> how it could be?
>
> BB3 is supposed to be connected to switch 1 via there cabling diagram in
> port fa0/24. When I do a show cdp neighbor I get the following output
>
> Rack6SW1#show cdp ne
> Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
> S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
> Device ID Local Intrfce Holdtme Capability
> Platform Port ID
> RM-H-SW1 Fas 0/20 161 T S
> WS-C2924-XFas 0/13
> RM-H-SW1 Fas 0/24 161 T S
> WS-C2924-XFas 0/15
>
>
> This output clearly shows its connected to another switch (which is fine as
> long as I could get conectivity to my backbone 3 router). I created a vlan
> interface for vlan 133 and gave it the ip 204.12.1.50 and pinged ASA2's
> interface of 204.12.1.13 fine as seen in the output below but was unable to
> ping 204.12.1.254 When I show arp it gives
>
> Internet 204.12.1.254 0 Incomplete ARPA
>
> I also just hard coded int fa0/20 to trunk to the unknown switch on all
> vlan's to see if I could ping it still and was not able too
>
> Rack6SW1#show int trunk
> Port Mode Encapsulation Status Native vlan
> Fa0/20 on 802.1q trunking 1
> Fa0/23 on isl trunking 1
> Port Vlans allowed on trunk
> Fa0/20 1-4094
> Fa0/23 1-4094
> Port Vlans allowed and active in management domain
> Fa0/20 1,3-5,9,29,33,44,69,112-113,115,133,137-138,170,783
> Fa0/23 1,3-5,9,29,33,44,69,112-113,115,133,137-138,170,783
> Port Vlans in spanning tree forwarding state and not pruned
> Fa0/20 1,3-5,9,29,33,44,69,112-113,115,133,137-138,170,783
> Fa0/23 1,3-5,9,29,33,44,69,112-113,115,133,137-138,170,783
>
> Rack1SW1#ping 204.12.1.254
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.254, timeout is 2 seconds:
> .....
> Success rate is 0 percent (0/5)
> Rack6SW1#show arp
> Protocol Address Age (min) Hardware Addr Type Interface
> Internet 132.1.137.7 - 000a.8a28.f000 ARPA Vlan137
> Internet 132.1.170.7 - 000a.8a28.f000 ARPA Vlan170
> Internet 132.1.170.1 60 000d.bd03.f9e0 ARPA Vlan170
> Internet 204.12.1.254 0 Incomplete ARPA
> Internet 132.1.137.113 111 001a.2ffc.8916 ARPA Vlan137
> Internet 204.12.1.13 15 001a.2ffc.8917 ARPA Vlan133
> Internet 132.1.137.213 42 001a.2ffc.8916 ARPA Vlan137
> Internet 204.12.1.50 - 000a.8a28.f000 ARPA Vlan133
> Rack6SW1#show run int vlan 133
> Building configuration...
> Current configuration : 63 bytes
> !
> interface Vlan133
> ip address 204.12.1.50 255.255.255.0
> end
> Rack6SW1#ping 204.12.1.13
> Type escape sequence to abort.
> Sending 5, 100-byte ICMP Echos to 204.12.1.13, timeout is 2 seconds:
> !!!!!
> Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
> Rack6SW1#
>
>
>
>
> Below is my full config of switch 1
>
> Rack1SW1#show run
> Building configuration...
> Current configuration : 3450 bytes
> !
> ! Last configuration change at 16:08:51 UTC Sat Jun 14 2008
> ! NVRAM config last updated at 14:26:33 UTC Sat Jun 14 2008
> !
> version 12.2
> no service pad
> service timestamps debug uptime
> service timestamps log uptime
> no service password-encryption
> !
> hostname Rack1SW1
> !
> enable password cisco
> !
> no aaa new-model
> ip subnet-zero
> ip routing
> !
> no ip domain-lookup
> !
> !
> !
> no file verify auto
> spanning-tree mode pvst
> spanning-tree extend system-id
> !
> !
> !
> vlan internal allocation policy ascending
> !
> !
> interface Loopback0
> ip address 150.1.7.7 255.255.255.0
> !
> interface FastEthernet0/1
> switchport access vlan 170
> switchport mode access
> !
> interface FastEthernet0/2
> switchport access vlan 29
> switchport mode access
> !
> interface FastEthernet0/3
> switchport access vlan 3
> switchport mode access
> !
> interface FastEthernet0/4
> switchport access vlan 4
> switchport mode access
> !
> interface FastEthernet0/5
> switchport access vlan 115
> switchport mode access
> !
> interface FastEthernet0/6
> switchport access vlan 69
> switchport mode access
> !
> interface FastEthernet0/7
> switchport mode dynamic desirable
> !
> interface FastEthernet0/8
> switchport mode dynamic desirable
> !
> interface FastEthernet0/9
> switchport access vlan 29
> switchport mode access
> !
> interface FastEthernet0/10
> switchport access vlan 170
> switchport mode access
> !
> interface FastEthernet0/11
> switchport access vlan 112
> switchport mode access
> !
> interface FastEthernet0/12
> switchport mode dynamic desirable
> !
> interface FastEthernet0/13
> switchport access vlan 9
> switchport mode access
> !
> interface FastEthernet0/14
> switchport mode dynamic desirable
> !
> interface FastEthernet0/15
> switchport access vlan 133
> switchport mode access
> !
> interface FastEthernet0/16
> switchport mode dynamic desirable
> !
> interface FastEthernet0/17
> switchport mode dynamic desirable
> !
> interface FastEthernet0/18
> switchport mode dynamic desirable
> !
> interface FastEthernet0/19
> switchport mode dynamic desirable
> !
> interface FastEthernet0/20
> switchport trunk encapsulation dot1q
> switchport mode trunk
> !
> interface FastEthernet0/21
> switchport mode dynamic desirable
> !
> interface FastEthernet0/22
> switchport mode dynamic desirable
> !
> interface FastEthernet0/23
> switchport trunk encapsulation isl
> switchport mode trunk
> !
> interface FastEthernet0/24
> switchport access vlan 113
> switchport mode access
> !
> interface GigabitEthernet0/1
> switchport mode dynamic desirable
> !
> interface GigabitEthernet0/2
> switchport mode dynamic desirable
> !
> interface Vlan1
> no ip address
> shutdown
> !
> interface Vlan133
> ip address 204.12.1.50 255.255.255.0
> !
> interface Vlan137
> ip address 132.1.137.7 255.255.255.0
> !
> interface Vlan170
> ip address 132.1.170.7 255.255.255.0
> !
> router ospf 1
> router-id 150.1.7.7
> log-adjacency-changes
> redistribute connected subnets
> redistribute static subnets
> network 132.1.170.7 0.0.0.0 area 170
> network 150.1.7.7 0.0.0.0 area 170
> !
> router bgp 100
> no synchronization
> bgp router-id 150.1.7.7
> bgp log-neighbor-changes
> neighbor 150.1.2.2 remote-as 100
> neighbor 150.1.2.2 update-source Loopback0
> neighbor 204.12.1.254 remote-as 54
> neighbor 204.12.1.254 ebgp-multihop 255
> no auto-summary
> !
> ip classless
> ip route 132.1.138.0 255.255.255.0 132.1.137.213
> ip route 204.12.1.0 255.255.255.0 132.1.137.113
> ip http server
> ip http secure-server
> !
> !
> !
> !
> !
> control-plane
> !
> !
> line con 0
> exec-timeout 0 0
> privilege level 15
> logging synchronous
> line vty 0 4
> password cisco
> login
> line vty 5 15
> password cisco
> login
> !
> !
> end
>
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

This archive was generated by hypermail 2.1.4 : Tue Jul 01 2008 - 06:23:21 ART