Solved: 3825 inter-vlan routing issue

hxmengmetro · ‎01-12-2011

Hi All,

We just got a new 3825 (C3825-ADVIPSERVICESK9-M), Version 15.0(1)M3). It connects to one 3560 switch. As usual, there are 2 vlans (vlan 1 and 2) in 3560, one for data, one for voice. Configure the trunk (Fa 0/23) in switch which allow all vlans. In the 3825, created Gi 0/1.2 for vlan 2, leave Gi 0/1 for vlan 1. "ip routing" and "ip cef" are all configured. For some reason, the vlan 1 just can't communicate to vlan 2. I even compared to another similar router 2851, the setup is same although they have different IOS version. I'm really not sure is there any bug with this 15.0(1) M3 version? Here is my part of setup in 3825:

!
dot11 syslog
no ip source-route
!
!
ip cef
!
ip multicast-routing
no ipv6 cef
!
multilink bundle-name authenticated
!
!
redundancy
!
!
ip tftp source-interface GigabitEthernet0/1
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
description uplink router
ip address 10.99.155.14 255.255.255.252
duplex auto
speed auto
media-type sfp
negotiation auto
!
!
interface GigabitEthernet0/1

description data to 3560
ip address 10.2.111.254 255.255.255.0

ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
duplex full
speed 100
media-type rj45
!
!
interface GigabitEthernet0/1.2
description voice
encapsulation dot1Q 2
ip address 10.102.111.254 255.255.255.0
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
ip pim sparse-mode
h323-gateway voip interface
h323-gateway voip bind srcaddr 10.102.111.254
!
ip forward-protocol nd
!
!

ip http server
ip http authentication aaa
ip http secure-server
ip http timeout-policy idle 60 life 86400 requests 10000
ip route 0.0.0.0 0.0.0.0 10.99.155.13
ip tacacs source-interface GigabitEthernet0/1

The part of configruation of 3560:

interface FastEthernet0/21
switchport mode access
switchport voice vlan 2
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust device cisco-phone
mls qos trust cos
auto qos voip cisco-phone
spanning-tree portfast
service-policy input AutoQoS-Police-CiscoPhone

interface FastEthernet0/23
description To 3825
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust
!
interface FastEthernet0/24
description 2nd switch
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
srr-queue bandwidth share 10 10 60 20
priority-queue out
mls qos trust cos
auto qos voip trust

interface Vlan1
ip address 10.2.111.245 255.255.255.0
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
no ip route-cache
no ip mroute-cache
!
ip default-gateway 10.2.111.254

Any help will be greatly appreciated. Thank you!!!

Lou

lgijssel · ‎01-13-2011

The original config should be fine. This is the most elegant way to configure the native vlan.

Still, I would like to come back to my earlier question:

What method are you using to test whether this is working or not?

Where are the various devices connected, what is their config?

Could it be an issue with the switch?

It may be as simple as that you are missing a def-gw setting somewhere.

Probably it isn't but one must first eliminate the simple issues to tackle the complex ones.

regards,

Leo

View solution in original post

lgijssel · ‎01-12-2011

Did you test this from the 3560 or from other devices also?

The command: ip default gateway on the switch does not work when ip routing is turned on.

You need to set a default route for this to work. Please check how ip routing is configured on the switch.

Otherwise your config looks ok to me.

Perhaps you could provide us the output of show ip route on the router?

regards,

Leo

hxmengmetro · ‎01-13-2011

3825 routes:

Gateway of last resort is 10.99.155.13 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.99.155.13
      10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C        10.2.111.0/24 is directly connected, GigabitEthernet0/1
L        10.2.111.254/32 is directly connected, GigabitEthernet0/1
C        10.99.155.12/30 is directly connected, GigabitEthernet0/0
L        10.99.155.14/32 is directly connected, GigabitEthernet0/0
C        10.102.1111.0/24 is directly connected, GigabitEthernet0/1.2
L        10.102.111.254/32 is directly connected, GigabitEthernet0/1.2

Routes seem ok to me.

johnlloyd_13 · ‎01-12-2011

try to do the below and test again:

3825:

int g0/1
no ip add

int g0/1.1
description data to 3560
encapsulation dot1Q 1
ip address 10.2.111.254 255.255.255.0
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14

3560:

no int vlan1
no ip default-gateway 10.2.111.254

ACCESS PORTS:

int range f0/1 - x
switchport mode access
switchport access vlan 1
switchport voice vlan 2

glen.grant · ‎01-13-2011

I agree with John put vlan 1 under a subinterface also and that will fix it . The way you have it

right now it's not being encapsulated on vlan 1 for the trunk . If you are using the address on the 3560 to manage the switch then I would "not" remove it .

hxmengmetro · ‎01-13-2011

We setup this way in many routers and didn't have any issue. But I will give it try. Put vlan 1 on .1 subinterface. I will let you know. Thanks a lot for the help.

Lou

hxmengmetro · ‎01-13-2011

I put data ip on gi 0/1.1 and remove ip from gi 0/1. Still the same thing. I even upgrade the IOS to 15.1 version. Still same. This is really weird. Any thought, guys?

Really appreciated.

Lou

hxmengmetro · ‎01-13-2011

I just tried another vlan 3 for data. Configured gi 0/1.3 and encapulation command under this subinterface. But still the same thing. I still can't ping the phone in vlan 2 through the switch. I really don't have any idea why this doesn't work. Please help!

Thanks.

Amit Singh · ‎01-13-2011

Can you please the new config on the router? Also the config for the switch as well.

Please paste only the relevant portion of the config.

Cheers,

-amit singh

hxmengmetro · ‎01-13-2011

Amit,

Thanks. Here are the new configuration. As you requested, I just post the related config:

3825 ((C3825-ADVENTERPRISEK9-M), Version 15.1(3)T). I wiped out the old configureation and start from scratch. So didn't put all the voice related config. Just want to see if the intervlan routing works or not.

dot11 syslog
ip source-route
!
ip cef
!
!
!
!
no ipv6 cef
!
multilink bundle-name authent
!
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default remo
!
!
!
!
license udi pid CISCO3825 sn
!
redundancy
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
ip address 10.99.155.14 255.255.255.252
duplex full
speed 1000
media-type sfp
negotiation auto
!
interface GigabitEthernet0/1
no ip address
duplex full
speed 1000
media-type rj45
!
interface GigabitEthernet0/1.2
encapsulation dot1Q 2
ip address 10.102.111.254 255
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
!
interface GigabitEthernet0/1.3
encapsulation dot1Q 3
ip address 10.2.111.254 255.255.255.0
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip route 0.0.0.0 0.0.0.0 10.99.155.13
!
logging esm config
!
!
!
!
!
!
control-plane
!
!
voice-port 0/0/0
!
voice-port 0/0/1

!
voice-port 0/0/2
!
voice-port 0/0/3
!
!
!
mgcp profile default
!
!

3560G switch config:

interface GigabitEthernet0/21
switchport access vlan 3
switchport mode access
switchport voice vlan 2
spanning-tree portfast
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23

description data to Router
switchport trunk encapsulation dot1q
switchport mode trunk
speed 1000
duplex full
!
interface GigabitEthernet0/24

description To 2nd switch
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface GigabitEthernet0/25
!
interface GigabitEthernet0/26
!
interface GigabitEthernet0/27
!
interface GigabitEthernet0/28
!
interface Vlan1
no ip address
!
interface Vlan3
ip address 10.2.111.245 255.255.255.0
ip helper-address 10.200.11.14
ip helper-address 10.11.11.14
!
ip classless
ip http server

Here are more information about the routes and trunk:

In 3825 router:

Gateway of last resort is 10.99.155.13 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.99.155.13
      10.0.0.0/8 is variably subnetted, 6 subnets, 3 masks
C        10.2.1111.0/24 is directly connected, GigabitEthernet0/1.3
L        10.2.111.254/32 is directly connected, GigabitEthernet0/1.3
C        10.99.155.12/30 is directly connected, GigabitEthernet0/0
L        10.99.155.14/32 is directly connected, GigabitEthernet0/0
C        10.102.111.0/24 is directly connected, GigabitEthernet0/1.2
L        10.102.111.254/32 is directly connected, GigabitEthernet0/1.2

In 3560G switch:

Port        Mode             Encapsulation Status        Native vlan
Gi0/23      on               802.1q         trunking      1
Gi0/24      on               802.1q         trunking      1

Port        Vlans allowed on trunk
Gi0/23      1-4094
Gi0/24      1-4094

Port        Vlans allowed and active in management domain
Gi0/23      1-3
Gi0/24      1-3

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/23      1-3
Gi0/24      1-3

Thanks a lot for the help!

Lou

Amit Singh · ‎01-13-2011

Lou,

The configuration looks fine to me both on the router and switch side.

Here is what I would try :

1. Connect another PC on the switch in Vlan 2.

2. Configure the PC with respective IP address and gateway address.

3. Check if you can ping the PC. If not, try doing a trace route and see where it breaks.

4. Also try adding " ip default- gateway" and disable IP routing on 3560G switch.

Why do you want to do Intervlan-routing on the router when you have the 3560G a L3 capable switch? You could create SVI's for Vlan2 and Vlan3 on 3560G with IP routing enabled and use the " IP helper" command on the SVI interfaces to reach the DHCP server.

Cheers,

-amit singh

lgijssel · ‎01-13-2011

The original config should be fine. This is the most elegant way to configure the native vlan.

Still, I would like to come back to my earlier question:

What method are you using to test whether this is working or not?

Where are the various devices connected, what is their config?

Could it be an issue with the switch?

It may be as simple as that you are missing a def-gw setting somewhere.

Probably it isn't but one must first eliminate the simple issues to tackle the complex ones.

regards,

Leo

hxmengmetro · ‎01-14-2011

I'm really sorry guys. Finally I found this issue was caused by incorrect DHCP server configuration. I jumped into the DHCP server yesterday and found out the server guy didn't put the gateway for vlan 2. After he added, everything works like charm. I stick to my previous config, just use Gi 0/1 for native vlan 1.

Thanks a lot guys for your help. Really appreciated.

Have a good weekend!

Lou