[SOLVED] I am missing something fundamental w/VLANs

[wjalex4]

I admit it. VLANs kick my butt. I've been doing "networking" in some form or fashion snice 1989. Anyone else remember ARCnet or LANtastic?

Anyway, I now have a job where I am the "networking guy." They have VLANs... a lot of them. I am trying to get hold of all this, but I am missing something fundamental.

On switch ABC_TEAHALL_AS1, I have connected a device called MyDevice to port GigabitEthernet 0/12. That device successfully receives a DHCP address from an upstream DHCP server. It gets IP address 10.10.34.47. It can get to the Internet, no problem.
Why can't I ping the IP address of MyDevice from the switch console on the very switch to which MyDevice is connected? I know from documentation here that 10.10.34.0 is part of VLAN_302.

What fundamental concept am I missing? Thank you all... here is my config of that switch.... Please note that Adtran AOS is extremely close to Cisco IOS.

! ADTRAN, Inc. OS version R12.3.1
! Boot ROM version BVS1.0
! Platform: NetVanta 1550-24P, part number 17101524PF1
! Serial number LBADTN1716AC383
!
hostname "ABC_TEAHALL_AS1"
enable password MyPassword09
!
ip subnet-zero
ip classless
ip default-gateway 100.100.32.1
no ip routing
!
!
ip route-cache express
!
no auto-config
!
event-history on
no logging forwarding
no logging email
!
no service password-encryption
!
username "admin" password "MyPassword09"
!
no dot11ap access-point-control

no dos-protection

no desktop-auditing dhcp

no network-forensics ip dhcp
!
qos cos-map 1 0 1
qos cos-map 2 2 4
qos cos-map 3 3 6
qos cos-map 4 5 7
qos queue-type wrr 25 25 25 expedite
!
vlan 1
name "Default"
!
vlan 82
name "VLAN00082"
!
vlan 84
name "VLAN084"
!
vlan 301
name "VLAN0301"
!
vlan 302
name "VLAN0302"
!
vlan 303
name "VLAN0303"
!
vlan 304
name "VLAN0304"
!
vlan 305
name "VLAN0305"
!
vlan 306
name "VLAN0306"
!
vlan 902
name "VLAN0902"
!
vlan 2016
name "VLAN2016"
!
interface gigabit-switchport 0/1
description Meraki
spanning-tree edgeport
no shutdown
switchport mode trunk
switchport trunk native vlan 301
!
interface gigabit-switchport 0/2
no shutdown
switchport mode trunk
switchport trunk native vlan 301
!
!REMOVED OTHER INTERFACES TO MAKE POST NOT SO HUGE
!
interface gigabit-switchport 0/12
description Connection to MyDevice
spanning-tree edgeport
no shutdown
switchport access vlan 302
switchport voice vlan 304
!
!REMOVED OTHER INTERFACES TO MAKE POST NOT SO HUGE
!
interface gigabit-switchport 0/24
description JAG Room
no shutdown
switchport mode trunk
qos trust cos
!
!
interface xgigabit-switchport 0/1
no shutdown
switchport mode trunk
speed 1000
!
interface xgigabit-switchport 0/2
no shutdown
switchport mode trunk
speed 1000
!
interface xgigabit-switchport 0/3
no shutdown
switchport mode trunk
speed 1000
!
interface xgigabit-switchport 0/4
no shutdown
switchport mode trunk
speed 1000
!
interface vlan 1
no ip address
ip route-cache express
shutdown
!
interface vlan 902
description MGMT VLAN
ip address 100.100.32.55 255.255.255.0
ip route-cache express
no shutdown
!
tftp server
no tftp server overwrite
http server
http secure-server
snmp agent
no ip ftp server
no ip scp server
no ip sntp server
!
line con 0
login local-userlist
password MyPassword09
line-timeout 30
!
line telnet 0 4
login local-userlist
password MyPassword09
line-timeout 30
no shutdown
line ssh 0 4
login local-userlist
line-timeout 30
no shutdown
!
sntp server 0.us.pool.ntp.org
!
end

 

[SamirD]

Yep, never played with arcnet but remember Lantastic well, and it was fantanstic for setting up full peer-to-peer networking on windows 3.1. 😀

The only thing that I can think of is there is something blocking or a missing rule/route for the ping. A lot of enterprise stuff is typically locked down hard so even simple things like ping won't work unless there are specific functions/features/routes/rules enabled/disabled.

Hopefully this will help guide you in the right direction as I don't have specifics even though the Adtran headquarters was down the street from me years ago near one of the best street racing spots in town, lol.

 

[bill001g]

So I will assume all your trunks actually work, I remember some cisco switches did not add all vlans by default you had to add them all manually.

So I assume you are trying to ping the switch management IP of 100.100.32.55.

Your PC is going to send that request to its default gateway which is some router. That router needs to have a path to 100.100.32.55. In general you have a trunk port to a router that has the gateway for each vlan. Unless you restrict it in some way the router will allow traffic to flow between the different subnets/vlans.

You can not directly ping the switch because it does not have a layer 3 interface (ie a ip address) on vlan 302. Most simple switches only have 1 ip and that is on their management interface.

What makes this very messy is some cisco switches have different levels of router/layer3 support. Some you can actually put ip on all the vlans but the switch itself can not route between them. Others are full routers.

 

[SamirD]

I've seen intervlan routing off by default as well as on by default, so ymmv.