Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 20 replies
  • Answers 1 answer
  • Subscribers 28 subscribers
  • Views 30727 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Trunk links

King Amodeni

Hi People.

I configure a trunk link between my 3560-CX and the Sophos XG 210 and i know longer can ping/reach the XG's interface. when i change the 3560-CX port to a routed port, i can ping or reach the XG LAN interface. Is this usual?

if it is, how then can i configure my vlans to reach the XG 210?



This thread was automatically locked due to age.
Parents
  • 0

    You would have to create sub interfaces on the Sophos XG for you to be able to reach the lan port

  • 0 in reply to mark2741

    Hello Mark, Thanks. 

    If i create Vlan subinterfaces, i have to trunk the 3560 interface so the vlans can traverse the trunk link.

    however I am unable to reach the XG interface the moment i trunk that 3560 interface. i can only talk to the XG interface when my cisco 3560 equivalent port is a routed port

  • 0 in reply to King Amodeni

    Hi try sourcing the ping from a vlan interface on your switch see if that reaches please?

     

    #ping x.x.x.x source vlanxxx

     

    Thanks Mark

  • 0 in reply to King Amodeni

    I think I see the problem now you have your switch set with vlan 500 with address 172.18.25.2.

    You don't have a vlan 500 trunking from the Sophos xg.

    Try source a ping from vlan 300 and vlan 400 that should work?

    Also turn off ip routing.

     

    Thanks Mark

  • 0 in reply to mark2741


    #ping 172.18.25.2 source vlan300
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.2, timeout is 2 seconds:
    Packet sent with a source address of 10.0.1.1
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms


    ping 172.18.25.2 source vlan400
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.2, timeout is 2 seconds:
    Packet sent with a source address of 10.0.3.1
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


    ping 172.18.25.2 source vlan500
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.2, timeout is 2 seconds:
    Packet sent with a source address of 172.18.25.2
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms


    ping 172.18.25.1 source vlan500
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.1, timeout is 2 seconds:
    Packet sent with a source address of 172.18.25.2
    .....
    Success rate is 0 percent (0/5)


    ping 172.18.25.1 source vlan300
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.1, timeout is 2 seconds:
    Packet sent with a source address of 10.0.1.1
    .....
    Success rate is 0 percent (0/5)


    ping 172.18.25.1 source vlan400
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.18.25.1, timeout is 2 seconds:
    Packet sent with a source address of 10.0.3.1
    .....
    Success rate is 0 percent (0/5)

     

    I still cannot reach the firewall inside interface. i can only reach the switch inside interface

  • 0 in reply to mark2741

    Hi Again Mike

    I have sent the source ping results.

    I initially added vlan 500 on the port 5 vlan sub-interface but the provider support took it out.

    Am i to include the vlan 500?

  • 0 in reply to King Amodeni

    Just create it again with a new address range and add that on to your switch vlan 500 with the new address range and see what happens. Also remove the native vlan off the trunk port for now please, just to make it basic.

  • 0 in reply to mark2741

    Does it matter if i use a /30 or i should use a wider range?

  • 0 in reply to mark2741

    i have deleted vlan 500 and removed ip routing.

    I will restart the switch and reconfigure using a 192.x.x.x /30 range, then revert.

  • 0 in reply to King Amodeni

    Ok I will wait to hear back :)

  • 0 in reply to mark2741


    interface Loopback1
    ip address 172.19.1.1 255.255.255.252
    no ip route-cache
    !
    interface GigabitEthernet0/1
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/2
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/3
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/4
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/5
    switchport access vlan 20
    !
    interface GigabitEthernet0/6
    switchport access vlan 20
    !
    interface GigabitEthernet0/7
    switchport access vlan 400
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/8
    switchport access vlan 400
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/9
    switchport access vlan 500
    switchport trunk allowed vlan 300,400
    switchport trunk native vlan 10
    switchport mode trunk
    switchport nonegotiate
    !
    interface GigabitEthernet0/10
    switchport access vlan 20
    !
    interface GigabitEthernet0/11
    switchport access vlan 20
    !
    interface GigabitEthernet0/12
    switchport access vlan 20
    !
    interface Vlan1
    no ip address
    no ip route-cache
    shutdown
    !
    interface Vlan20
    description Garage Vlan
    no ip address
    no ip route-cache
    !
    interface Vlan300
    ip address 10.0.1.1 255.255.255.0
    no ip route-cache
    !
    interface Vlan400
    ip address 10.0.3.1 255.255.255.0
    no ip route-cache
    !
    interface Vlan500
    description Trunk_link_to_FW
    ip address 192.168.10.2 255.255.255.0
    !
    ip forward-protocol nd
    ip http server
    ip http secure-server
    !
    ip ssh time-out 90
    ip ssh version 2
    !

Reply
  • 0 in reply to mark2741


    interface Loopback1
    ip address 172.19.1.1 255.255.255.252
    no ip route-cache
    !
    interface GigabitEthernet0/1
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/2
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/3
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/4
    switchport access vlan 300
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/5
    switchport access vlan 20
    !
    interface GigabitEthernet0/6
    switchport access vlan 20
    !
    interface GigabitEthernet0/7
    switchport access vlan 400
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/8
    switchport access vlan 400
    switchport mode access
    switchport nonegotiate
    !
    interface GigabitEthernet0/9
    switchport access vlan 500
    switchport trunk allowed vlan 300,400
    switchport trunk native vlan 10
    switchport mode trunk
    switchport nonegotiate
    !
    interface GigabitEthernet0/10
    switchport access vlan 20
    !
    interface GigabitEthernet0/11
    switchport access vlan 20
    !
    interface GigabitEthernet0/12
    switchport access vlan 20
    !
    interface Vlan1
    no ip address
    no ip route-cache
    shutdown
    !
    interface Vlan20
    description Garage Vlan
    no ip address
    no ip route-cache
    !
    interface Vlan300
    ip address 10.0.1.1 255.255.255.0
    no ip route-cache
    !
    interface Vlan400
    ip address 10.0.3.1 255.255.255.0
    no ip route-cache
    !
    interface Vlan500
    description Trunk_link_to_FW
    ip address 192.168.10.2 255.255.255.0
    !
    ip forward-protocol nd
    ip http server
    ip http secure-server
    !
    ip ssh time-out 90
    ip ssh version 2
    !

Children
No Data