Re: Inter VLAN routing problem!! Help needed

mmozanen · ‎07-24-2004

Dears,

I configuring a remote site switches to making up and running and make it able to connect to my central site through a router.

The site is like a following:

I have two buildings,

Building#1:

Two 2950 swith (as access switch for users)

Two 3550 L3 switches (distribution and L3 redundancy)

One 2600 rouoter.

Building#2

One 2950 switch(access switch for users)

The design like a following:

Vlan1:for managment

Vlan2:VLAN for Building#1 users

Vlan3:Vlan for building#2 users

The configuration I've implemented:

-In bldg#1

For the two access switches

Buld#1 2950 access switchs

Vlan1 :port 25,26 (trunk dot1q)

Vlan2:port 1-24 (switchport access) 25,26 (trunk dot1q)

In the 3550 L3 siwtch;

Vlan1: port 1-10 (trunk dot1q) àto bldg#1 1st access switch

Vlan2:port 1, 2 (trunk dot1q)àto bldg#1 2nd access switch

Vlan3:port 3 (trunk dot1q) à to bldg#2 access switch

And the same port assignment for the second 3550.

-In bldg#2 switch

Vlan1:port 25,26 (trunk dot1q)

Vlan3:port 1-24 (switchport access) 25,26 (trunk dot1q)

-L3 configuration is like following:

Vlan1 ip address 10.1.1.252/24

Vlan2 ip address 10.1.2.252/24

Vlan3 ip address 10.1.3.252/24

And ip routing is enabled and the interfaces is up , and I can communicate in each vlan, but the problem when I’m trying to ping from host 10.1.3.100 (vlan3) to any ip in the Vlan2 (i.e 10.1.2.254) it gives time out, in the same time I can ping 10.1.2.252 from my 10.1.3.100 host !!!!! do you believe that,?!!! I tied the extended ping using the source 10.1.3.252 and destination 10.1.2.252 and I failed which means the intervlan routing is not okay, or I have a problem related to that. !!! so I need advises.

With regards

Georg Pauwen · ‎07-24-2004

Hello,

when you say your 3550 switches are redundant, does that mean that you run HSRP between them ?

Regards,

Georg

mmozanen · ‎07-24-2004

No, not yet implemented the HSRP, but it will be after I finished the basic connectivity.

Georg Pauwen · ‎07-24-2004

Hello,

so the Layer 3 configuration where the routing takes place is only configured on one of the 3550s ? Can you post the configuration of the 3550 where the L3 routing is occurring ?

Regards,

Georg

mmozanen · ‎07-25-2004

Dear,

Honstly the other L3 switch is configured also, but with different IP address for the vlan interfaces( I mean, instead of using 10.1.1.252 for VLAN1 10.1.1.253 is used and so on), is there a problem to configure the two L3 with out implementing the HSRP???

And the configuration in the following:

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

Building configuration...

Current configuration : 2227 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname

!

ip subnet-zero

ip routing

!

ip dhcp-server 10.1.2.201

!

spanning-tree mode pvst

spanning-tree extend system-id

!

interface GigabitEthernet0/1

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2,4-4094

switchport mode trunk

no ip address

!

interface GigabitEthernet0/2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2

switchport mode trunk

no ip address

!

interface GigabitEthernet0/3

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,3

switchport mode trunk

no ip address

!

interface GigabitEthernet0/4

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/5

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/6

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/7

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/8

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/9

switchport trunk encapsulation dot1q

no ip address

!

interface GigabitEthernet0/10

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1-3,10

no ip address

!

interface GigabitEthernet0/11

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2

no ip address

spanning-tree portfast

!

interface GigabitEthernet0/12

switchport access vlan 2

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,2

no ip address

spanning-tree portfast

!

interface Vlan1

ip address 10.1.1.252 255.255.255.0

!

interface Vlan2

ip address 10.1.2.252 255.255.255.0

!

interface Vlan3

ip address 10.1.3.252 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.1.2.254

ip http server

!

Georg Pauwen · ‎07-25-2004

Hello,

can you post the following from the 3550 and one of the 2950 switches:

show vtp status

show interfaces trunk

Regards,

Georg

mmozanen · ‎07-25-2004

note that I have two buildings

building#1 (dis1,dis2,bldg1sw1 and bldg1sw2)

building#2 (bldg2sw)

and the physcial connections

(bldg1sw1: gi0/1-->dis1 gi0/1 and gi0/2 --> dis2 gi0/1)

(bldg1sw2: gi0/1-->dis1 gi0/2 and gi0/2 --> dis2 gi0/2)

(bldg2sw1: gi0/1-->dis1 gi0/3 and gi0/2 --> dis2 gi0/3)

dis1#sh vtp status

VTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 1005

Number of existing VLANs : 7

VTP Operating Mode : Server

VTP Domain Name : xyz

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x90 0x4F 0xD0 0x9D 0x57 0x77 0x97 0x9C

Configuration last modified by 0.0.0.0 at 3-1-93 00:38:08

Local updater ID is 10.1.1.252 on interface Vl1 (lowest numbered VLAN interface

found)

dis1#sh int tru

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/2 on 802.1q trunking 1

Gi0/3 on 802.1q trunking 1

Gi0/10 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-2,4-4094

Gi0/2 1-2

Gi0/3 1,3

Gi0/10 1-3,10

Port Vlans allowed and active in management domain

Gi0/1 1-2

Gi0/2 1-2

Gi0/3 1,3

Gi0/10 1-3

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2

Gi0/2 1-2

Gi0/3 1,3

Gi0/10 1-3

dis2#sh vtp sta

VTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 1005

Number of existing VLANs : 7

VTP Operating Mode : Server

VTP Domain Name : xyz

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x90 0x4F 0xD0 0x9D 0x57 0x77 0x97 0x9C

Configuration last modified by 0.0.0.0 at 3-1-93 00:38:08

Local updater ID is 10.1.1.253 on interface Vl1 (lowest numbered VLAN interface

found)

Dis2#sh int tr

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/3 on 802.1q trunking 1

Gi0/10 desirable 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-2,10

Gi0/3 1,3

Gi0/10 1-3,10

Port Vlans allowed and active in management domain

Gi0/1 1-2

Gi0/3 1,3

Gi0/10 1-3

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 none

Gi0/3 3

Gi0/10 1-2

bldg1sw1#sh vtp st

TP Version : 2

onfiguration Revision : 1

aximum VLANs supported locally : 250

umber of existing VLANs : 7

TP Operating Mode : Client

TP Domain Name : xyz

TP Pruning Mode : Disabled

TP V2 Mode : Disabled

TP Traps Generation : Disabled

D5 digest : 0x90 0x4F 0xD0 0x9D 0x57 0x77 0x97 0x9C

onfiguration last modified by 0.0.0.0 at 3-1-93 00:38:08

bldg1sw1#sh interfaces tr

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-2

Gi0/2 1-2

Port Vlans allowed and active in management domain

Gi0/1 1-2

Gi0/2 1-2

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2

Gi0/2 1-2

mmozanen · ‎07-25-2004

bldg1sw2#sh vtp sta

VTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 250

Number of existing VLANs : 7

VTP Operating Mode : Client

VTP Domain Name : xyz

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x90 0x4F 0xD0 0x9D 0x57 0x77 0x97 0x9C

Configuration last modified by 0.0.0.0 at 3-1-93 00:38:08

bldg1sw2#sh int tr

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1-2

Port Vlans allowed and active in management domain

Gi0/1 1-2

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1-2

bldg2sw1#sh vtp stat

VTP Version : 2

Configuration Revision : 1

Maximum VLANs supported locally : 250

Number of existing VLANs : 7

VTP Operating Mode : Client

VTP Domain Name : xyz

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x90 0x4F 0xD0 0x9D 0x57 0x77 0x97 0x9C

Configuration last modified by 0.0.0.0 at 3-1-93 00:38:08

bldg1sw1#sh int tr

Port Mode Encapsulation Status Native vlan

Gi0/1 on 802.1q trunking 1

Gi0/2 on 802.1q trunking 1

Port Vlans allowed on trunk

Gi0/1 1,3

Gi0/2 1,3

Port Vlans allowed and active in management domain

Gi0/1 1,3

Gi0/2 1,3

Port Vlans in spanning tree forwarding state and not pruned

Gi0/1 1,3

Gi0/2 1,3

Georg Pauwen · ‎07-25-2004

Hello,

the configs look ok, as far a I can see. Stupid question maybe, but can your hosts ping their default gateways, which should be the IP addresses of their respective VLAN interfaces ?

Regards,

Georg

mmozanen · ‎07-25-2004

Dear Goerge,

Let me explain, I have to access VLANs,

Vlan2:10.1.2.0/24 with gateway 10.1.2.252/24

Vlan3:10.1.3.0/24 with gateway 10.1.3.252/24

I have a server on vlan2 with 10.1.2.130/24 and host 10.1.2.10/24 , the router f0/1 I tried to connect it once to “bldg1sw1” and another “dis1” in vlan2 port. And having the ip 10.1.2.254/24.

The users in the vlan2 has no problem with their gateways , the local server, the 10.1.3.252/24 –vlan3 gateway-!!! even they connecting to my central network.

But the problem with vlan3 user, if I connect a Pc , e.g. 10.1.3.100 and tried to ping the router interface –which is in different vlan=vlan2-, I counter request time out,

The strange it can ping the vlan2 gateway 10.1.2.252 ????!!!! do you believe that!! But can’t ping any ip in vlan2 10.1.2.x ??

I make extended ping in “dis1” using the source 10.1.3.252 and dest. 10.1.2.252, and it didn’t work, which make me believe I’m countering inter-vlan issues problem,

Please when replaying , I would like you to explain and discuss.

With regards

srajkuma · ‎07-25-2004

Pinging vlan 2 GW from host in vlan 3 is ok since vlan 3 GW IP is also hosted by the same GW(3550).

But the problem may not be even on your 3550..., It could be on the server you are trying to access from Vlan 3. Make sure whether the server has a default GW configured pointing to the vlan 2 GW.

If you still have issues..,

Please send follwing o/p from your Both 3550`s.

show ip route

show spanning-tree

traceroute from vlan 3 host to vlan 2 host/server

traceroute from vlan 2 host/server to vlan 3 host

Thanks

Solomon

mmozanen · ‎07-26-2004

Dear Goerge & Solomon

Thanks for being interested and for the help you gave, I solved my problem today (thanks god ;) )

I tried to ping from vlan3 to the server and it is working today, I think yesterday and the days b4 I did many changes in the same time in routing and port configuration which made me confused.

Today I fall back and make a check up in all configuration, and found that I can ping to my server in the vlan2 , but the problem I countered that can’t ping my router Ethernet interface 10.1.2.254/24 I checked the routing table, and traced and tested all the routed starting from my central location through my site, which use eigrp routing to connect to my central site). And discovered the I should add a route to my vla3 10.1.3.0/24 to make it routed. And I got a replay and all my access vlan (2,3) from the remote site can reach my central network. And all done.

Thanks for you all gentlemen. And hope to keep in touch, because I learned a lot from you. And we can change the knowledge all the times.

With regards

Mohammed Al-mozanen