09-27-2019 06:06 AM
Hello community,
I am struggling to get Inter-VLAN-Routing running on a WS-C2960L-48PS-LL, Version 15.2(7)E0a.
For testing-purposes I created two SVIs with IP-addresses, 2 VLANs and enabled "ip routing".
I followed this guide provided by cisco:
"show ip route" outputs:
Sep 27 11:10:40.179: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan3, changed state to upte
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 4 subnets, 2 masks
C 10.10.2.0/24 is directly connected, Vlan2
L 10.10.2.1/32 is directly connected, Vlan2
C 10.10.3.0/24 is directly connected, Vlan3
L 10.10.3.1/32 is directly connected, Vlan3
Unfortunately I can't ping between VLANs. SVIs are up and reachable, but clients in VLAN aren't. Some datasheets state that this switch supports routing others don't.
I am curious if someone got routing running on this switches.
Thanks in advance
Kind regards
Simon
09-27-2019 08:16 AM - edited 09-27-2019 08:18 AM
Hello
Have you also created the L2 vlans associated with the L3 interfaces!
Do the ends hosts have the correct subnet mask and default gateway applied to their ip addressing
Can these host ping their gateway address
Can you ping the hosts from the switch?
09-27-2019 08:31 AM
09-27-2019 09:10 AM
Hi jung357,
The config looks fine, I think that this static routes are not necessary:
ip route 10.10.2.0 255.255.255.0 Vlan2 ip route 10.10.3.0 255.255.255.0 Vlan3
The switch it already have those networks in the RIB as directly connected routes.
If you are testing connectivity between hosts using ping maybe the problem could be the firewall in the hosts, Windows Firewall, Linux IPtables, etc
09-27-2019 10:24 AM
I agree that the config looks appropriate and I do not see anything in it that would prevent pinging between the vlan subnets. It is certainly true that you do not need the 2 static routes. One demonstration of that is that in the output of your routing table that those subnets are shown as "C" for Connected routes and not as "S" for Static routes.
I would suggest that you ping the device connected in vlan 2 from the switch. If the ping fails then it is an indicator that some security policy on the PC is preventing ping. If the ping is successful than do another ping to that PC and this time specify that the source address of the ping should be the address of vlan 3. If that ping fails the most likely reason would be problems with the configuration of the gateway for the PC. Note that it could also be an issue with the security policy which might permit ping from local devices but not from remote devices.
HTH
Rick
09-28-2019 06:58 AM - edited 09-28-2019 06:59 AM
Hello
Remove the static routes as the switch will have connected rib entries for these any way
Make sure your hosts don’t have any software fw negating connectivity
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide