cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1799
Views
0
Helpful
9
Replies

Cannot Ping LAN switch on the other Segment

bipot
Beginner
Beginner

We have two network segments on our network. Assuming the two segments are 2 & 3 networks. I'm on the 2 network, I'm unable to ping the two LAN switches on the 3network. I have VLANs confiugured on all the switches in these two networks. All VLANs are interconnected. What could be wrong?

9 Replies 9

Josef Oduwo
Rising star
Rising star

If you can't talk into another segment it usually means your routing function is down.

How are the VLANs interconnected? Do you have the same set of VLANs on "2" and "3", and hence trunking? Or do you have different VLANs and routing between the VLANS?

A diagram or better still, configs for the two networks would help paint a clearer picture.

Josef.

Hi Josef,

thanks for the info. I have attached a diagram of how the VLANs are configured.

Note that any devices with the 2 subnet are unable to ping any devices with the 3 subnet.

What kind of switches are these? Can you attach outputs of sh ver, sh run from couple of them and your core router? Are you just not able to ping the management address of VLAN 3 or even hosts?

If they are layer 2 only such as 2950, remember that the interface VLAN and the IP address you configure is for management only and only one interface would be up/up.

they are 3550s and 3750 switches. I cant ping from a PC on the 2 network to the switches on 3 network. And vice versa, I cant ping from a PC on 3 network to switches or devices on the 2 network. Why?

Something weird about your topology:

1) If you're using 3550/3750 then why do you still need a router to do the routing?

2) VLAN 1 subnet is having a 22-bit mask which means that it includes 10.1.0.0/24, 10.1.1.0/24, 10.1.2.0/24 and 10.1.3.0/24. This subnets overlap with VLAN 2 (10.1.2.0/24) and VLAN 4 (10.1.1.0/24). I think you should use a 24-bit mask for your VLAN 1 subnet.

3) Make sure the subnet mask is correct on your PC/host also as well as the default gateway.

1) I dont use the router for routing. I included the router just to show the connection of the two network segments, 2 & 3.

2) I use the 22-bit mask for VLAN 1 because it belongs to the 3 network. For the 2 network we use the 24-bit mask, which includes VLAN 2,3 & 4

3) The PC is on the 2 network segment, and so has its bit mask as /24

According to the information you have provided so far, you have a fundamental routing flaw in your network. You have overlapping subnets and it will therefore not work as expected.

Your so-called "2-network", I assume is using the following subnet: 10.1.2.0/24 where every switch has a IP-address in their repsective VLAN 2 interface

Your so-called "3-network", I assume is using the following subnet: 10.1.0.0/22. In your drawing you specify this as 10.1.3.26/22 at one place. This subnet is overlapping with the "2-network" as it includes the 10.1.0.0 to 10.1.3.255 addresses, including the 10.1.2.0/24 addresses.

If you have one router where you try to configure both these VLAN's with the respective 255.255.255.0 and 255.255.252.0 netmasks, you will get an error stating the address overlaps.

If you have configured the gateway-functions on different routers/switches, then you are allowed to do so, but the routing will not work correctly. If you have f.ex configured like this:

Router 1:

int vlan2

ip add 10.1.2.22 255.255.255.0

!

int vlan3

ip add 10.1.5.22 255.255.255.0

!

ip route 10.1.0.0 255.255.252.0 10.1.5.26

!

Router 2:

int vlan 1

ip add 10.1.3.26 255.255.252.0

!

int vlan 3

ip add 10.1.5.26 255.255.255.0

!

ip route 10.1.2.0 255.255.255.0 10.1.5.22

!

This is a valid configuration (but nasty), and the routers will in fact do what you ask them to, but your clients which are connected to Router 2 on Vlan1 will not be able to ping or reach anything on Router 1/Vlan2 because the IP-addresses you have used there belongs to their local broadcast domain. The clients will try to resolve the addresses locally via ARP.

The clients on Router 1/Vlan2 will be able to send packets over to Router 2/Vlan1, but the answers won't get back...

You could also potentially use the same addresses at both locations... which would make even more havoc.

Guys, please remember I dont use the router to do the routing. The VLANs are configured on the switches. The router was included to show the connection of the two network connections.

lets forget about the 2 and 3 as assumed. Say the two subnets are 10 and 32. The 10 subnet uses the 24-bit mask and the 32 subnet uses the 22 bit mask.

Please remember the VLANs are configured on the switches.

So

Your major issue is the overlapping subnets.

Say you have the following topology:

LAN-A: 10.0.1.0/24

PC-A: 10.0.1.100/24

LAN-B: 10.0.0.0/22

PC-B: 10.0.0.100/22

A router is used to provide routing between these 2 subnets and the IP address on the 2 interfaces are 10.0.1.1/24 and 10.0.0.1/22.

When PC-A ping PC-B:

1) PC-A knows that PC-B is NOT on the same subnet as itself, so it needs to forward the ICMP request to its default gateway 10.0.1.1. It sends out an ARP request broadcast first and 10.0.1.1 replies with its MAC.

2) PC-A then send the ICMP request to the router, and according to the routing table, the router forwards the ICMP request to another interface since it knows that PC-B should be on the other interface. It sends out an ARP request broadcast first, Then PC-B replies with its MAC.

3) The router forwards the ICMP request to PC-B. PC-B wants to send the ICMP reply to PC-A. Since PC-B subnet is 10.0.0.0/22, it also includes 10.0.1.0/24. So it thinks that PC-A is on the same subnet as PC-B and thus it sends an ARP request broadcast first. However PC-A is actually NOT on the same subnet and the router will not forward broadcast by default. Thus no one answers the ARP request and PC-B fails to get a layer-3 to layer-2 address resolution for PC-A. So it fails to send the ICMP reply to PC-A and so on PC-A you'll see "request timeout".

When PC-B pings PC-A:

1) PC-B sends an ICMP request to PC-A. Again since it thinks that PC-A is on the same subnet as itself, it sends an ARP request broadcast and again no one answers the ARP and PC-B fails to get the address resolution again. Thus it fails to send the ICMP request to PC-A and on PC-B you'll see "request timeout".

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers