Solved: Issue with SVI routing on Nexus 9300

gighouse20 · ‎08-27-2025

Hi All,

Anyone have more information on why the SVI routing on L2 port is not working on a Nexus 9k. Two vlan 20, 30 configured, ping worked on the vlan subnet but will NOT ping to other vlan. The sho route has the correct fib . L3 switch has the default configuration with feature vlan turn on.

Perplexed and thanks in advance for your help.

MHM Cisco World · ‎08-28-2025

Share traceroute from PC to PC

With guess game we can not know issue in PC or Nexus

MHM

View solution in original post

M02@rt37 · ‎08-28-2025

Hello @gighouse20

Double check PC vlan 20 Gw please ; should be 101.0.0.2.

Configre SVI 20 as you did for SVI 30 and modify interface Eth 1/11 as switchport and switchport access vlan 20.

Retry please ping action.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

View solution in original post

MHM Cisco World · ‎08-29-2025

View solution in original post

MHM Cisco World · ‎08-27-2025

Connect PC1 to vlan20 make sure it have IP in same subnet

Connect PC2 to vlan30 make sure it have IP in same subnet

Traceroute from Pc1 to PC2 abd share result here

MHM

gighouse20 · ‎08-28-2025

I will revert to Layer 2 on the ports and restore the config and provide the traceroute info. FYI, I changed the ports to Layer 3 with IPs. Routes show on the sho ip route as connected but still not able to ping either.

M02@rt37 · ‎08-27-2025

Hello @gighouse20

PC on vlan20 ping SVI_30 ?

PC on vlan30 ping SVI_20 ?

If not, check IP configuration of each PC (ip/mask/Gateway)

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

gighouse20 · ‎08-27-2025

thx,

PC on vlan20 ping SVI_30 ? yes,

PC on vlan30 ping SVI_20 ? yes

the gateway on the PCs was configure with the vlan 20 and vlan 30 interfaces. ping works to the respective vlan interfaces from PC but will not the other vlan interfaces or the other PC on the other vlan.

M02@rt37 · ‎08-27-2025

Since from PC 20 you ping remote Gateway 'SVI_30' hosted by the Nexus....

Ensure that Firewall is disabled on PCs and retry.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

gighouse20 · ‎08-28-2025

FW was turned off. Form the PC 20 as ping works to the Nexus gateway int. VLAN 20. Just not work to the int. VLAN 30 or other IP on that subnet.

MHM Cisco World · ‎08-28-2025

Share traceroute from PC to PC

With guess game we can not know issue in PC or Nexus

MHM

gighouse20 · ‎08-28-2025

switch(config)# in
install interface
switch(config)# interface vlan 30
switch(config-if)# ip add 201.0.1.2 255.255.255.0
switch(config-if)# no shut
switch(config-if)# end
switch# sho run

!Command: show running-config
!Running configuration last done at: Thu Aug 28 16:46:04 2025
!Time: Thu Aug 28 17:14:02 2025

version 9.3(7) Bios:version 07.68
vdc switch id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource u4route-mem minimum 248 maximum 248
limit-resource u6route-mem minimum 96 maximum 96
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
cfs eth distribute
feature ospf
feature pim
feature msdp
feature udld
feature interface-vlan
feature hsrp
feature lacp
feature dhcp
feature vpc
feature lldp
clock timezone EST -5 0
clock summer-time EDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
feature sflow

no password strength-check
username
ip domain-lookup
copp profile strict
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO

vlan 1,30

service dhcp
ip dhcp relay
ipv6 dhcp relay
vrf context management

interface Vlan1

interface Vlan30
no shutdown
ip address 201.0.1.2/24

interface Ethernet1/1

interface Ethernet1/2

interface Ethernet1/3

interface Ethernet1/4

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8

interface Ethernet1/9

interface Ethernet1/10

interface Ethernet1/11
ip address 101.0.0.2/24
no shutdown

interface Ethernet1/12

interface Ethernet1/13

interface Ethernet1/14

interface Ethernet1/15
switchport
switchport access vlan 30
no shutdown

interface Ethernet1/16

interface Ethernet1/17
ip address 201.0.0.2/24
no shutdown

interface Ethernet1/18

interface Ethernet1/19

interface Ethernet1/20

interface Ethernet1/21

interface Ethernet1/22

interface Ethernet1/23

interface Ethernet1/24

interface Ethernet1/25

interface Ethernet1/26

interface Ethernet1/27

interface Ethernet1/28

interface Ethernet1/29

interface Ethernet1/30

interface Ethernet1/31

interface Ethernet1/32

interface Ethernet1/33

interface Ethernet1/34

interface Ethernet1/35

interface Ethernet1/36

interface Ethernet1/37

interface Ethernet1/38

interface Ethernet1/39

interface Ethernet1/40

interface Ethernet1/41

interface Ethernet1/42

interface Ethernet1/43

interface Ethernet1/44

interface Ethernet1/45

interface Ethernet1/46

interface Ethernet1/47

interface Ethernet1/48

interface Ethernet1/49

interface Ethernet1/50

interface Ethernet1/51

interface Ethernet1/52

interface Ethernet1/53

interface Ethernet1/54

interface mgmt0
vrf member management
ip address
icam monitor scale

line console
line vty
boot nxos bootflash:/nxos.9.3.7.bin

switch#

switch# sho ip route
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

101.0.0.0/24, ubest/mbest: 1/0, attached
*via 101.0.0.2, Eth1/11, [0/0], 1d00h, direct
101.0.0.2/32, ubest/mbest: 1/0, attached
*via 101.0.0.2, Eth1/11, [0/0], 1d00h, local
201.0.0.0/24, ubest/mbest: 1/0, attached
*via 201.0.0.2, Eth1/17, [0/0], 1d00h, direct
201.0.0.2/32, ubest/mbest: 1/0, attached
*via 201.0.0.2, Eth1/17, [0/0], 1d00h, local
201.0.1.0/24, ubest/mbest: 1/0, attached
*via 201.0.1.2, Vlan30, [0/0], 00:06:45, direct
201.0.1.2/32, ubest/mbest: 1/0, attached
*via 201.0.1.2, Vlan30, [0/0], 00:06:45, local

switch#

C:\Users\zuser>ipconfig

Windows IP Configuration

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
IPv4 Address. . . . . . . . . . . : 201.0.1.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 201.0.1.2

Wireless LAN adapter Wi-Fi:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 15:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Wireless LAN adapter Local Area Connection* 16:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

Ethernet adapter Bluetooth Network Connection:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :

C:\Users\zuser>ping 201.0.1.2

Pinging 201.0.1.2 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Reply from 201.0.1.2: bytes=32 time=1ms TTL=255

Ping statistics for 201.0.1.2:
Packets: Sent = 4, Received = 1, Lost = 3 (75% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\zuser>ping 201.0.1.2

Pinging 201.0.1.2 with 32 bytes of data:
Reply from 201.0.1.2: bytes=32 time=1ms TTL=255
Reply from 201.0.1.2: bytes=32 time=1ms TTL=255
Reply from 201.0.1.2: bytes=32 time=1ms TTL=255
Reply from 201.0.1.2: bytes=32 time=1ms TTL=255

Ping statistics for 201.0.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\zuser>ping 201.0.0.2

Pinging 201.0.0.2 with 32 bytes of data:
Reply from 201.0.0.2: bytes=32 time=1ms TTL=255
Reply from 201.0.0.2: bytes=32 time=1ms TTL=255
Reply from 201.0.0.2: bytes=32 time<1ms TTL=255
Reply from 201.0.0.2: bytes=32 time=1ms TTL=255

Ping statistics for 201.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\zuser>ping 101.0.0.2

Pinging 101.0.0.2 with 32 bytes of data:
Reply from 101.0.0.2: bytes=32 time=1ms TTL=255
Reply from 101.0.0.2: bytes=32 time=1ms TTL=255
Reply from 101.0.0.2: bytes=32 time=1ms TTL=255
Reply from 101.0.0.2: bytes=32 time=1ms TTL=255

Ping statistics for 101.0.0.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms

C:\Users\zuser>ping 101.0.0.1

Pinging 101.0.0.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 101.0.0.1:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Users\zuser>traceroute 101.0.0.1
'traceroute' is not recognized as an internal or external command,
operable program or batch file.

C:\Users\zuser>tracert 101.0.0.1

Tracing route to 101.0.0.1 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 201.0.1.2
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * * Request timed out.
11 * * * Request timed out.
12 * * * Request timed out.
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * * * Request timed out.
25 * * * Request timed out.
26 * * * Request timed out.
27 * * * Request timed out.
28 * * * Request timed out.
29 * * * Request timed out.
30 * * * Request timed out.

Trace complete.

M02@rt37 · ‎08-28-2025

Hello @gighouse20

Double check PC vlan 20 Gw please ; should be 101.0.0.2.

Configre SVI 20 as you did for SVI 30 and modify interface Eth 1/11 as switchport and switchport access vlan 20.

Retry please ping action.

Best regards
.ı|ı.ı|ı. If This Helps, Please Rate .ı|ı.ı|ı.

balaji.bandi · ‎08-28-2025

Trying to understand the issue. "C:\Users\zuser>ping 101.0.0.1" reaching is the issue ?

where is this device connected ? is this device connected back to back of interface ?

interface Ethernet1/11
ip address 101.0.0.2/24
no shutdown

from switch are you able to ping 101.0.0.1 ?

can you post show ip arp from switch to get understand what is the issue.

Last check does end host have any FW which blocking ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MHM Cisco World · ‎08-29-2025

I need to see

Show ip interface breif

MHM

gighouse20 · ‎08-29-2025

interface Ethernet1/11
descripinterface Ethernet1/15
description to pc
lacp port-priority 32768
lacp rate normal
lldp transmit
lldp receive
lldp dcbx version auto
no lldp tlv-set management-address :: ipv6
no lldp tlv-set management-address 0.0.0.0
no lldp tlv-set vlan
cdp enable
switchport
switchport mode access
--More-- no switchport monitor
no switchport dot1q ethertype
no switchport priority extend
switchport access vlan 25
switchport trunk native vlan 1
switchport trunk allow-multi-tag
no switchport vlan mapping enable
priority-flow-control mode auto
priority-flow-control watch-dog-interval off
spanning-tree port-priority 128
spanning-tree cost auto
spanning-tree link-type auto
no spanning-tree bpduguard
no spanning-tree bpdufilter
flowcontrol receive off
flowcontrol send off
delay 1
snmp trap link-status
mtu 1500
link debounce time 100
no beacon
no link transmit reset-skip
link mac-up timer 0
--More-- no media-type
speed auto
duplex auto
fec auto
dfe-tuning-delay 100
link dfe adaptive-tuning
no link loopback
no port-type fabric
negotiate auto
logging event port link-status default
logging event port trunk-status default
storm-control broadcast level 100.00
storm-control multicast level 100.00
storm-control unicast level 100.00
no storm-control action
bandwidth 1000000
no bandwidth inherit
load-interval counter 1 30
load-interval counter 2 300
no load-interval counter 3
no switchport virtual-ethernet-bridge
no switchport block multicast
no switchport block unicast
--More-- no shutdown lan
no udld enable
no switchport autostate exclude
no ip dhcp snooping trust
no ip dhcp option82 suboption circuit-id
no ip dhcp snooping limit rate
no ip arp inspection trust
ip arp inspection limit rate 15 burst interval 5
no ip verify source dhcp-snooping-vlan
no ipv6 nd raguard
no shutdown

interface Ethernet1/17
no description
shutdown
lacp port-priority 32768
lacp rate normal
--More-- lldp transmit
lldp receive
lldp dcbx version auto
no lldp tlv-set management-address :: ipv6
no lldp tlv-set management-address 0.0.0.0
no lldp tlv-set vlan
cdp enable
no switchport
priority-flow-control mode auto
priority-flow-control watch-dog-interval off
flowcontrol receive off
flowcontrol send off
delay 1
snmp trap link-status
mtu 1500
link debounce time 100
no beacon
no link transmit reset-skip
link mac-up timer 0
no media-type
speed auto
duplex auto
fec auto
--More-- dfe-tuning-delay 100
link dfe adaptive-tuning
no link loopback
no port-type fabric
negotiate auto
logging event port link-status default
logging event port trunk-status default
storm-control broadcast level 100.00
storm-control multicast level 100.00
storm-control unicast level 100.00
no storm-control action
bandwidth 25000000
no bandwidth inherit
load-interval counter 1 30
load-interval counter 2 300
no load-interval counter 3
no switchport virtual-ethernet-bridge
no switchport block multicast
no switchport block unicast
no mac-address
medium broadcast
no shutdown lan
no udld enable

if you still need the sho ip int bri, let me know.

tion to pa
lacp port-priority 32768
lacp rate normal
lldp transmit
lldp receive
--More-- lldp dcbx version auto
no lldp tlv-set management-address :: ipv6
no lldp tlv-set management-address 0.0.0.0
no lldp tlv-set vlan
cdp enable
switchport
switchport mode access
no switchport monitor
no switchport dot1q ethertype
no switchport priority extend
switchport access vlan 20
switchport trunk native vlan 1
switchport trunk allow-multi-tag
no switchport vlan mapping enable
priority-flow-control mode auto
priority-flow-control watch-dog-interval off
spanning-tree port-priority 128
spanning-tree cost auto
spanning-tree link-type auto
no spanning-tree bpduguard
no spanning-tree bpdufilter
flowcontrol receive off
flowcontrol send off
--More-- delay 1
snmp trap link-status
mtu 1500
link debounce time 100
no beacon
no link transmit reset-skip
link mac-up timer 0
no media-type
speed auto
duplex auto
fec auto
dfe-tuning-delay 100
link dfe adaptive-tuning
no link loopback
no port-type fabric
negotiate auto
logging event port link-status default
logging event port trunk-status default
storm-control broadcast level 100.00
storm-control multicast level 100.00
storm-control unicast level 100.00
no storm-control action
bandwidth 1000000
--More-- no bandwidth inherit
load-interval counter 1 30
load-interval counter 2 300
no load-interval counter 3
no switchport virtual-ethernet-bridge
no switchport block multicast
no switchport block unicast
no shutdown lan
no udld enable
no switchport autostate exclude
no ip dhcp snooping trust
no ip dhcp option82 suboption circuit-id
no ip dhcp snooping limit rate
no ip arp inspection trust
ip arp inspection limit rate 15 burst interval 5
no ip verify source dhcp-snooping-vlan
no ipv6 nd raguard
no shutdown

MHM Cisco World · ‎08-29-2025

gighouse20 · ‎08-31-2025

Thank you all for the helpful help. It turns out the issue was with my IPsec VPN in my FW.