Re: CISCO 3850 INTER-VLAN ROUTING ISSUE

milhouse · ‎02-19-2025

I have a scenario where the gateway of my networks is on my core 3850 switch that is in stack, I have a management network in vlan 10 where all my manageable switches in the network are, I am facing inter-vlan communication problems with some random IPs in the vlan 10 network, for example, I have 3 other networks on this switch that cannot communicate with some devices in vlan 10, as I said, these devices in vlan 10 that lose communication with other networks are random, the problem is not related to just one device in vlan 10. This problem of some random IPs in vlan 10 stopping responding to requests coming from other networks started a few months ago, there was no change in the environment, communication between devices in the same vlan (10) occurs normally, for example today the IP 10.10.10.20/24 of vlan 10 is not responding to requests coming from other networks and all routing occurs on the switch itself because it is the gateway for all networks. In a week, another IP in vlan 10 presents the same problem and so on, the problem is only solved when I execute a clear ip arp 10.10.10.20 or a shut/no shut on the vlan 10 interface.

I have already executed the following troubleshooting:

span to see the traffic passing through vlan 10, and the strangest thing is that the packets do not seem to reach the switch, or maybe they do arrive and it discards them.

If I execute a tracert for example from vlan 20 172.16.20.0/24 to the IP 10.10.10.20/24 in vlan 10, it (device in vlan 20) does not even show the hop to its gateway as if the packet was not sent, but in a packet capture with wireshark I see that it sends the packet to the switch.

I also created an ACL to log traffic to 10.10.10.20, which was having problems today, and applied it to int vlan 10. The traffic is not logged.

I checked the logs and found nothing. The switch processing is normal, there are no duplicate IPs on the network, there are no drops or errors on the vlan interface... in short, I found no problems.

There are no other devices in the path other than switches until it reaches the core switch.

The current version of my switch is 16.3.6.

Below is the configuration for vlan 10

interface Vlan10
description MGMT
ip address 10.10.10.254 255.255.255.0
no ip redirects
no ip unreachables
no shut
!

Does anyone have any idea what this could be?

paul driver · ‎02-23-2025

Hello

@milhouse wrote:

Ihe problem is not related to just one device in vlan 10, This problem random IPs in vlan 10 stopping responding to requests coming from other networks started a few months ago, there was no change in the environment,

Have you checked for duplicating ip addressing for vlan 10, possibly rouge dhcp servers servicing vlan 10?

Suggest if you haven't already then to apply dhcp snooping on all L2 access switches and maybe even some port security for mac -limitation also globally spanning-tree bpdu-guard/filter/portfast to negate unauthorised attachments of unmanaged hub/switches

As/when this happens again for a particular host, try to isolate that host and see if the same ip is then still reachable

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Georg Pauwen · ‎02-23-2025

Hello,

in addition to what Paul is suggesting (and I know this sounds very basic), what is the uptime of your switch(es) ? Sometimes a reboot can help (don't forget to save the running config before rebooting)...