Buy or Renew
Buy or Renew
NOTICE: The community will be in READ-ONLY Sept. 6 – 9 to add Umbrella release notes and announcements. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2324
Views
0
Helpful
5
Replies

Nexus Routing between vlans

knadin
Level 1
Level 1

‎05-22-2017 04:41 PM - edited ‎03-05-2019 08:34 AM

I am new to Nexus and I have a basic routing question. I have a trunk connection between a 3750 and Nexus 3172T switch. I can pass vlans between the switches with no issues. I can also ping between the vlans on the Nexus switch. What I cannot do is ping the client machines that are connected to the Nexus switch from the network "beyond" the Nexus switch. Likewise, from the client PC's, I cannot ping out to the network. The very basic config looks something like this:

The PC I cannot ping is configured with IP address 10.108.50.10/24 connected to port Ethernet 1/1

Any help would be appreciated!

.

.

.

vlan 1

vlan 12
name IS
vlan 21
name Admin
vlan 50-51

interface Vlan1
no shutdown
management
ip address 10.108.10.200/20

interface Vlan50
no shutdown
ip address 10.108.50.1/24

interface Vlan51
no shutdown
ip address 10.108.51.1/24

interface Ethernet1/1
no cdp enable
switchport access vlan 50

interface Ethernet1/2
no cdp enable
switchport access vlan 50

interface Ethernet1/3
switchport access vlan 50

interface Ethernet1/4

interface Ethernet1/5

interface Ethernet1/6

interface Ethernet1/7

interface Ethernet1/8

interface Ethernet1/9

interface Ethernet1/10

interface Ethernet1/11

interface Ethernet1/12

interface Ethernet1/13

interface Ethernet1/14

interface Ethernet1/15

interface Ethernet1/16

Desc Trunk port to Cisco 3750 switch
switchport mode trunk
switchport trunk allowed vlan 1,50-51

.

.

.

interface mgmt0
vrf member management
clock timezone PST -8 0
clock summer-time PDT 2 Sun Mar 02:00 1 Sun Nov 02:00 60
line console
line vty
boot nxos bootflash:/nxos.7.0.3.I2.2b.bin
ip route 0.0.0.0/0 10.108.50.2
router eigrp 1

Labels:
0 Helpful
5 Replies 5

Georg Pauwen
VIP
VIP

‎05-22-2017 11:38 PM

Hello,

"What I cannot do is ping the client machines that are connected to the Nexus switch from the network "beyond" the Nexus switch. Likewise, from the client PC's, I cannot ping out to the network"

It is unclear what you mean by that. Can you provide a brief schematic drawing indicating what is connected to what, and which IP addresses are not reachable from where ?

0 Helpful

knadin
Level 1
Level 1
In response to Georg Pauwen

‎05-23-2017 11:26 AM

Sorry, adding more documentation, see the attached PDF document. Never have this type of issue with IOS based switches. Essentially, routing from VLAN 1 to the PC's in VLAN 50 & 51 is the issue.

Preview file
207 KB
0 Helpful

knadin
Level 1
Level 1
In response to knadin

‎05-23-2017 02:02 PM

1. PC3 is my PC, it is VLAN 21. My switch config did not include that, I do have the following configured:

interface Vlan21
no shutdown
ip address 10.108.21.25/26

and I can ping the gateway of 10.108.21.25

P:\>ping 10.108.21.25 -t

Pinging 10.108.21.25 with 32 bytes of data:
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255
Reply from 10.108.21.25: bytes=32 time<1ms TTL=255

2. VLAN 21

3. That is the VLAN1 IP for both of those switch's:

interface Vlan1
ip address 10.108.1.165 255.255.240.0

interface Vlan1
ip address 10.108.1.254 255.255.240.0

4. They do not, but I can ssh and ping the nexus switch (10.108.10.200) from my desktop which is PC3

P:\>ping 10.108.10.200

Pinging 10.108.10.200 with 32 bytes of data:
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255
Reply from 10.108.10.200: bytes=32 time<1ms TTL=255

P:\>tracert 10.108.10.200

Tracing route to 10.108.10.200 over a maximum of 30 hops

1 13 ms 8 ms 3 ms 10.108.21.1          (vlan 21 gateway IP)
2 <1 ms <1 ms <1 ms 10.108.10.200

0 Helpful

knadin
Level 1
Level 1
In response to knadin

‎05-23-2017 02:40 PM

Think we have it figured out, being new to these switches, did not realize that you actually had to configure the "class-maps" associated with the access lists.  The class maps cannot be deleted.  Adding the permit icmp ACL solved the issue.

Thanks to everyone who took a look at this post!

ip access-list copp-system-acl-icmp
10 permit icmp any any

class-map type control-plane match-any copp-icmp
match access-group name copp-system-acl-icmp

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame

‎05-23-2017 12:45 PM

Looking at the diagram and the config you posted, can you answer the following questions?

1-Is PC3 supposed to be in vlan 1 or 21 as it says 21?  If it is 21, than there is no SVI on the Nexus

2-If it is supposed to be in vlan 1, is the mask for that vlan supposed to be /20? 

3-On the 3750, you have one IP for each (.165 and .254) are these IPs configured on the management interface (OOB) or there is just one SVI for vlan1 per switch?

4-Does each 3750 stack have a default-gateway pointing to 10.200 (Nexus SVI)?

BTW, nice diagram

HTH

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card