Nexus Routing between vlans

knadin · ‎05-22-2017

I am new to Nexus and I have a basic routing question. I have a trunk connection between a 3750 and Nexus 3172T switch. I can pass vlans between the switches with no issues. I can also ping between the vlans on the Nexus switch. What I cannot do is ping the client machines that are connected to the Nexus switch from the network "beyond" the Nexus switch. Likewise, from the client PC's, I cannot ping out to the network. The very basic config looks something like this:

The PC I cannot ping is configured with IP address 10.108.50.10/24 connected to port Ethernet 1/1

Any help would be appreciated!

.

vlan 1

vlan 12
name IS
vlan 21
name Admin
vlan 50-51

interface Vlan1
no shutdown
management
ip address 10.108.10.200/20

interface Vlan50
no shutdown
ip address 10.108.50.1/24

interface Vlan51
no shutdown
ip address 10.108.51.1/24

interface Ethernet1/1
no cdp enable
switchport access vlan 50

interface Ethernet1/2
no cdp enable
switchport access vlan 50

interface Ethernet1/3
switchport access vlan 50

interface Ethernet1/4

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8

interface Ethernet1/9

interface Ethernet1/10

interface Ethernet1/11

interface Ethernet1/12

interface Ethernet1/13

interface Ethernet1/14

interface Ethernet1/15

interface Ethernet1/16

Desc Trunk port to Cisco 3750 switch
switchport mode trunk
switchport trunk allowed vlan 1,50-51

.

interface mgmt0
vrf member management
clock timezone PST -8 0
clock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
line console
line vty
boot nxos bootflash:/nxos.7.0.3.I2.2b.bin
ip route 0.0.0.0/0 10.108.50.2
router eigrp 1

Georg Pauwen · ‎05-22-2017

Hello,

"What I cannot do is ping the client machines that are connected to the Nexus switch from the network "beyond" the Nexus switch. Likewise, from the client PC's, I cannot ping out to the network"

It is unclear what you mean by that. Can you provide a brief schematic drawing indicating what is connected to what, and which IP addresses are not reachable from where ?

knadin · ‎05-23-2017

Sorry, adding more documentation, see the attached PDF document. Never have this type of issue with IOS based switches. Essentially, routing from VLAN 1 to the PC's in VLAN 50 & 51 is the issue.

knadin · ‎05-23-2017

1. PC3 is my PC, it is VLAN 21. My switch config did not include that, I do have the following configured:

interface Vlan21
no shutdown
ip address 10.108.21.25/26

and I can ping the gateway of 10.108.21.25

P:\>ping 10.108.21.25 -t

Pinging 10.108.21.25 with 32 bytes of data:
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255

2. VLAN 21

3. That is the VLAN1 IP for both of those switch's:

interface Vlan1
ip address 10.108.1.165 255.255.240.0

interface Vlan1
ip address 10.108.1.254 255.255.240.0

4. They do not, but I can ssh and ping the nexus switch (10.108.10.200) from my desktop which is PC3

P:\>ping 10.108.10.200

Pinging 10.108.10.200 with 32 bytes of data:
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255

P:\>tracert 10.108.10.200

Tracing route to 10.108.10.200 over a maximum of 30 hops

1 13 ms 8 ms 3 ms 10.108.21.1 (vlan 21 gateway IP)
2 <1 ms <1 ms <1 ms 10.108.10.200

knadin · ‎05-23-2017

Think we have it figured out, being new to these switches, did not realize that you actually had to configure the "class-maps" associated with the access lists. The class maps cannot be deleted. Adding the permit icmp ACL solved the issue.

Thanks to everyone who took a look at this post!

ip access-list copp-system-acl-icmp
10 permit icmp any any

class-map type control-plane match-any copp-icmp
match access-group name copp-system-acl-icmp

Reza Sharifi · ‎05-23-2017

Looking at the diagram and the config you posted, can you answer the following questions?

1-Is PC3 supposed to be in vlan 1 or 21 as it says 21? If it is 21, than there is no SVI on the Nexus

2-If it is supposed to be in vlan 1, is the mask for that vlan supposed to be /20?

3-On the 3750, you have one IP for each (.165 and .254) are these IPs configured on the management interface (OOB) or there is just one SVI for vlan1 per switch?

4-Does each 3750 stack have a default-gateway pointing to 10.200 (Nexus SVI)?

BTW, nice diagram

HTH