Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1109
Views
0
Helpful
8
Replies

Cisco 4948 switch. Cannot ping a host on a VLan assigned interface

kelvin4
Level 1
Level 1

‎09-10-2016 08:54 AM - edited ‎03-05-2019 04:40 AM

I am trying to learn my way around switches.

This is the running config on a cisco 4948 switch.

I think I have set up the vlans correctly.

Vlan 100 is assigned to G1/10 and I have a pc connected to that port with the correct ip address.

I cannot ping that pc.

What am I doing wrong?

version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname CoreSwitch
!
boot-start-marker
boot system bootflash:cat4500-entservicesk9-mz.150-2.SG10.bin
boot-end-marker
!
!
username controller privilege 15 secret 5 $1$fz65$AR0IXL1iQnLpB0amVgXck/
!
!
aaa new-model
!
!
!
!
!
aaa session-id common
ip subnet-zero
ip domain-lookup source-interface GigabitEthernet1/1
ip domain-name inashed.com
ip vrf mgmtVrf
!
!
!
!
!
!
power redundancy-mode redundant
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1
ip vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!
interface GigabitEthernet1/1
no switchport
ip address 192.168.1.250 255.255.255.0
!
interface GigabitEthernet1/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface GigabitEthernet1/5
!
interface GigabitEthernet1/6
!
interface GigabitEthernet1/7
!
interface GigabitEthernet1/8
!
interface GigabitEthernet1/9
!
interface GigabitEthernet1/10
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/11
!
interface GigabitEthernet1/12
!
interface GigabitEthernet1/13
!
interface GigabitEthernet1/14
!
interface GigabitEthernet1/15
switchport access vlan 150
switchport mode access
!
interface GigabitEthernet1/16
!
interface GigabitEthernet1/17
!
interface GigabitEthernet1/18
!
interface GigabitEthernet1/19
!
interface GigabitEthernet1/20
!
interface GigabitEthernet1/21
!
interface GigabitEthernet1/22
!
interface GigabitEthernet1/23
!
interface GigabitEthernet1/24
!
interface GigabitEthernet1/25
!
interface GigabitEthernet1/26
!
interface GigabitEthernet1/27
!
interface GigabitEthernet1/28
!
interface GigabitEthernet1/29
!
interface GigabitEthernet1/30
!
interface GigabitEthernet1/31
!
interface GigabitEthernet1/32
!
interface GigabitEthernet1/33
!
interface GigabitEthernet1/34
!
interface GigabitEthernet1/35
!
interface GigabitEthernet1/36
!
interface GigabitEthernet1/37
!
interface GigabitEthernet1/38
!
interface GigabitEthernet1/39
!
interface GigabitEthernet1/40
!
interface GigabitEthernet1/41
!
interface GigabitEthernet1/42
!
interface GigabitEthernet1/43
!
interface GigabitEthernet1/44
!
interface GigabitEthernet1/45
!
interface GigabitEthernet1/46
!
interface GigabitEthernet1/47
!
interface GigabitEthernet1/48
!
interface TenGigabitEthernet1/49
!
interface TenGigabitEthernet1/50
!
interface Vlan1
description Shutdown for Security
no ip address
shutdown
!
interface Vlan2
ip address 192.168.2.10 255.255.255.0
!
interface Vlan100
ip address 192.168.100.10 255.255.255.0
!
interface Vlan150
ip address 192.168.150.20 255.255.255.0
!
ip route 0.0.0.0 0.0.0.0 192.168.1.254
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
transport input ssh
line vty 5 16
transport input ssh
!
end

Labels:
0 Helpful
8 Replies 8

Iulian Vaideanu
Level 4
Level 4

‎09-10-2016 11:34 AM

Unless you trimmed the config before posting it, between "vlan internal allocation policy ascending" and "interface FastEthernet1" there should be Vlan definitions - what does "show vlan id 100" output?

0 Helpful

kelvin4
Level 1
Level 1
In response to Iulian Vaideanu

‎09-10-2016 12:02 PM

Thank you for taking the time to look at this for me.

As requested, see below.

CoreSwitch#sh vlan id 100

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
100 Core active Gi1/10

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
100 enet 100100 1500 - - - - - 0 0

Remote SPAN VLAN
----------------
Disabled

Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------

0 Helpful

Iulian Vaideanu
Level 4
Level 4
In response to kelvin4

‎09-10-2016 12:14 PM

Maybe the PC is firewalled - do you see any mac address on the interface (show mac address-table dynamic interface gi1/10) and, if so, does it have any IP address associated (show ip arp <mac-address>)?  If so, can the PC ping 192.168.100.10?

0 Helpful

kelvin4
Level 1
Level 1
In response to Iulian Vaideanu

‎09-10-2016 12:19 PM

Please see below.

CoreSwitch#show mac address-table dynamic interface gi1/10
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
100 0026.b91b.1643 dynamic ip,ipx GigabitEthernet1/10

0 Helpful

kelvin4
Level 1
Level 1
In response to kelvin4

‎09-11-2016 12:43 AM

Hi Lulian,

Thank you for looking into this for me.

The switch knows that the ip address exists as per the arp table (see below) but will not ping it. 

I will check the firewall on the pc also.

CoreSwitch#show mac address-table dynamic interface gi1/10
Unicast Entries
vlan mac address type protocols port
-------+---------------+--------+---------------------+--------------------
100 0026.b91b.1643 dynamic ip,ipx GigabitEthernet1/10

CoreSwitch#sh ip arp 0026.b91b.1643
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.100 0 0026.b91b.1643 ARPA Vlan100
CoreSwitch#ping 192.168.100.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.100.100, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

0 Helpful

kelvin4
Level 1
Level 1
In response to kelvin4

‎09-11-2016 01:02 AM

Hello,

By way of an update.

I have removed (temporarily) the firewall from the PC connected to the port in question.

The pc can now ping the switch and the switch can ping the pc so we are a step further! :-)

Internet Access.

The Switch can ping 4.2.2.2

The PC cannot. Is this some sort of NAT issue?

0 Helpful

kelvin4
Level 1
Level 1
In response to kelvin4

‎09-11-2016 01:19 AM

Below is the routing table.

CoreSwitch#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

C 192.168.1.0/24 is directly connected, GigabitEthernet1/1
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.1.254

0 Helpful

Iulian Vaideanu
Level 4
Level 4
In response to kelvin4

‎09-11-2016 03:16 AM

Yes, it's a NAT issue (which, as far as I know, the 4948 can't do).

0 Helpful
Customers Also Viewed These Support Documents