Solved: Accessing vlan 12 and vlan 13 from vlan 1

fbeye · ‎01-30-2021

I seem to have something configured wrong. I have 3 vlans on my L3 Switch and all 3 are configured as L2.

vlan 12 can ping vlan 1,12 and 13

vlan 12 can ping vlan 1, 12 and 13

vlan 1 can ping 12 but not 13.

Here is my IP Route, then the error message then my config.

Gateway of last resort is 10.0.2.1 to network 0.0.0.0

S* 0.0.0.0/0 [254/0] via 10.0.2.1
[254/0] via 10.0.1.1
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.1.0/24 is directly connected, Vlan12
L 10.0.1.161/32 is directly connected, Vlan12
C 10.0.2.0/24 is directly connected, Vlan13
L 10.0.2.124/32 is directly connected, Vlan13
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.5/32 is directly connected, Vlan1

Switch#ping 10.0.1.1 source vlan 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping 10.0.1.1 source vlan 12

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.161
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
Switch#ping 10.0.1.1 source vlan 13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.2.124
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Switch#ping 10.0.2.1 source vlan 1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.5
.....
Success rate is 0 percent (0/5)
Switch#ping 10.0.2.1 source vlan 12

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.1.161
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
Switch#ping 10.0.2.1 source vlan 13

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.2.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.2.124
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms.

My Switch is configured;

Current configuration : 4881 bytes
!
! Last configuration change at 02:45:17 UTC Mon Mar 1 1993
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
username **** privilege 15 password 0 ****
no aaa new-model
switch 1 provision ws-c3750g-24ps
system mtu routing 1500
no ip subnet-zero
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-29955072
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-29955072
revocation-check none
rsakeypair TP-self-signed-29955072
!
!
crypto pki certificate chain TP-self-signed-29955072
certificate self-signed 01
3082023A 308201A3 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 32393935 35303732 301E170D 39333033 30313030 30323334
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D323939 35353037
3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 81008C88
CF06F23D 7A03F34C CD677D99 3CB4F6C4 32979254 6941E31B E0B8131D EDDD68A2
A5DEE51B CA5403B3 A11068F7 1C8475E2 AF8151C9 F7F68564 1DE41DFD 8D698C60
8937E5E8 9369F3E5 4BCEC188 91BB8B17 47B1A5B9 9807CDC2 535DB70A 953FDC26
CFDF8B35 9907E9AA 5E0ED6A0 56B27834 B29E836B 90413F72 3FF5F0FF 13B70203
010001A3 66306430 0F060355 1D130101 FF040530 030101FF 30110603 551D1104
0A300882 06537769 74636830 1F060355 1D230418 30168014 6AF085C3 A45F54E4
06E468C0 8062FA83 6D3DF995 301D0603 551D0E04 1604146A F085C3A4 5F54E406
E468C080 62FA836D 3DF99530 0D06092A 864886F7 0D010104 05000381 81004022
F5666C61 1EB181EB 6B8D24C8 70164803 28FC6FED 9D4CC778 4EBA567E 71B8ED32
9E28DE70 1FA3F6A6 C9506462 72C9D5EE 2787244C 5173980D 97C40D80 3793819C
A96AADAC C97764CA 709BAA37 B4513392 A09E21EF D59DA1CA D508C14A 1CA0B0EF
7CF7D5A4 D5AEC645 EBB905EA 3871D583 6697950F D24CEAC1 543D7116 4AF3
quit
!
!
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/5
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/6
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/7
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/8
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/9
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/10
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/11
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/12
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 11
switchport mode access
!
interface GigabitEthernet1/0/21
description TPLink
switchport access vlan 12
switchport mode access
!
interface GigabitEthernet1/0/22
description VPN
switchport access vlan 13
switchport mode access
!
interface GigabitEthernet1/0/23
switchport mode access
!
interface GigabitEthernet1/0/24
switchport mode access
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
description ASA
ip address 192.168.1.5 255.255.255.0
ip directed-broadcast
!
interface Vlan10
description Home Lan
no ip address
!
interface Vlan11
description Home VPN
no ip address
!
interface Vlan12
description TPLink
ip address dhcp
ip directed-broadcast
!
interface Vlan13
description VPN
ip address dhcp
ip directed-broadcast
!
no ip classless
ip http server
ip http authentication local
ip http secure-server
!
!
logging esm config
no cdp run
!
!
line con 0
line vty 0 4
no login
line vty 5 15
no login
!
end

TJ-20933766 · ‎01-31-2021

I'm willing to bet that the device configured as 10.0.2.1 doesn't have a route for 192.168.1.0/24 in its routing table. It likely has a route for 10.0.1.0/24 (VLAN 12) reachable via the L3 switch & 10.0.2.0/24 (VLAN 13) is local to the device but I'm betting 192.168.1.0/24 (VLAN 1) is missing so it's using it's default route (if it even has one). Can you verify 10.0.2.1's configuration?

View solution in original post

MHM Cisco World · ‎01-30-2021

it complicated to explain but I think that

the 0.0.0.0 have two next hop

10.0.1.1

10.0.2.1

and your packet is take wrong path 10.0.1.1

fbeye · ‎01-30-2021

I have changed my vlan ip configurations to static opposed to DHCP and wiped all of my IP Routes and same results with this new "show ip route".

Gateway of last resort is not set

10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.0.1.0/24 is directly connected, Vlan12
L 10.0.1.161/32 is directly connected, Vlan12
C 10.0.2.0/24 is directly connected, Vlan13
L 10.0.2.124/32 is directly connected, Vlan13
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.5/32 is directly connected, Vlan1

balaji.bandi · ‎01-31-2021

As per the information below, the IP address getting from DHCP, is the Gateway for all VLAN is FW. - then you need to check on Firewall also what security level - check the logs? also, you do not have a default route? this switch acting as layer 2, uplink device control all your routings.

interface Vlan13
description VPN
ip address dhcp
ip directed-broadcast
!

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Georg Pauwen · ‎01-31-2021

Hello,

Where exactly is IP address 10.0.2.1 configured ?

Switch#ping 10.0.2.1 source vlan 1

Can you ping that IP address from Vlan 13 ?

Switch#ping 10.0.2.1 source vlan 13

TJ-20933766 · ‎01-31-2021

I'm willing to bet that the device configured as 10.0.2.1 doesn't have a route for 192.168.1.0/24 in its routing table. It likely has a route for 10.0.1.0/24 (VLAN 12) reachable via the L3 switch & 10.0.2.0/24 (VLAN 13) is local to the device but I'm betting 192.168.1.0/24 (VLAN 1) is missing so it's using it's default route (if it even has one). Can you verify 10.0.2.1's configuration?

fbeye · ‎01-31-2021

Interesting.. That made it work. It makes sense being L2 configuration it would need its routing from the individual uplink devices as BB had mentioned but even then I did not put it together. I read what you said and it clicked. I had just assumed it would find its routing via the Switch but I am not understanding L2 won't do that, which it shouldn't.

I thank you.