Ben, * The port on the 3560, going to the firewall, has the following config: no switchport ip address 192.168.1.2 255.255.255.0
* I agree on the link lights, which is why the original MDI-X comment wasn't a concern for me. * There shouldn't be any VLAN issues with the port to the firewall, since there aren't any at that point. The VLANS are on the HP 4108 only, and communicated to the LAN port of the router, which will soon be port 24 on the Cisco. * I've also tried to ping the Cisco from my desktop, which should qualify as external equipment, with no joy. * "The way they were" in this instance means my 2651 router's LAN port connected to the "Trunk" port of the HP. (Meaning the port that is TAGGED for all the VLANS, no port aggregation taking place - no HP "trunks" involved). And the external port of the router plugged into the firewall. As far as the other details, I'm not changing anything right now, I just want the 3560 switch to act exactly like the 2651 router acts now. There are no VLAN changes, no IP changes, nothing. All of that will come down the road when I get rid of all the public IP subnets we're currently using inside our network, and along with that, get rid of all the VLANS. * As far as the ping responses, my thoughts are that as soon as the Cisco switch and the HP switch start talking to each other, all of that will go away. I am greatly concerned that the HP switch does not detect the MAC address of the Cisco switch when they are connected. That is telling me that the HP does not see any device connected to that port. I've tried multiple, brand new patch cables, so it's not that. As mentioned before, I'm more than happy to send all 3 config files to anyone that is willing to take a look at them to see if there's something that I've missed. I'm in no way an expert on configuring Cisco, as this is the first layer 3 from them that I've played with. Thanks again, and if there's any other info you need, just let me know. As far as the unmanaged switch, and testing stuff, I will make note of it, and possibly try that the next time I can bring the network down for this. Joe Heaton -----Original Message----- From: Ben Scott [mailto:[EMAIL PROTECTED] Sent: Monday, February 11, 2008 12:20 PM To: NT System Admin Issues Subject: Re: Help with HP/Cisco switch communication [responses inline; quotes re-ordered for editorial purposes] On Feb 11, 2008 11:20 AM, Joe Heaton <[EMAIL PROTECTED]> wrote: > * I get green link lights on all ports. (Except firewall, which gives > me a yellow Gig link light) If you're getting link lights, then the MDI polarity is not your problem. (If there was an MDI polarity mismatch, the ports wouldn't link at all.) > I cannot ping the Cisco from inside the HP. > I log into the firewall, and cannot ping the 192 address of the Cisco port. > I console into the Cisco, and cannot ping in either direction. Keep in mind that the switch's internal IP addresses are also subject to VLANs. If your firewall is plugged into a port configured to be just VLAN 5, but the IP address of the Cisco is associated with just VLAN 2, the firewall will not be able to ping the switch's IP address. VLANs work just like physical LANs -- if they're not connected, no traffic will flow. You may want to use external equipment (i.e., an independent computer) for the ping tests. That saves you the trouble of having to figure out how to configure the switch's management IP addresses and VLANs to work together all at once. > * I put things back the way they were, and everything works. We don't know what "the way they were" means here. Describe physical topology, any link aggregation, VLAN assignments, IP address assignments, and IP routing plan. Do likewise for "the way you want things to be". Post both descriptions here. It is entirely likely that, once you get done writing out all the above for us, you'll see the problem and won't need our help anymore. :-) > * From my desk, the persistent pings I've had going to the remote > site servers are now alternating between Destination Host Unreachable, > and Request timed out. It sounds like you've got multiple issues. You've certainly got multiple points where problems could be. You need to isolate the trouble. One possible plan of attack: If you're not using VLAN tagging on the Ethernet link to the firewall, get a small unmanaged switch and put it between the firewall and whatever the firewall is normally plugged into. (You'll see why in a minute.) Make sure that doesn't disrupt things. (If the firewall is VLAN aware and expecting to add/decode VLAN tags in its Ethernet frames, this whole idea is invalid. Yell if that's the case.) Configure a test computer with appropriate manual IP address, route, etc. Plug it into the unmanaged switch. See if if you can ping the firewall. If you can, see if you can ping the next hop beyond the firewall. This gives us a known-good to start testing with. Next, configure a port on the Cisco to be on the same VLAN as the port for the firewall. Plug that unmanaged switch into firewall's port on the Cisco, as if it was the firewall itself. Plug the test computer into the other port we just configured. Run those tests again. If this doesn't work, there is a problem with the config on the Cisco. Get that sorted out before moving on. Next, configure a likewise test port on the HP, connect the HP to the Cisco, and plug the test computer into the HP and test. If that doesn't work, the problem is either on the HP, or between the HP and the Cisco. If you get to that, try plugging that unmanaged switch into a third port on the HP, all configured with appropriate VLANs, and see if you can ping through just the HP. If that works, you know the issue is with the inter-switch link. -- Ben ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~ ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
