04-05-2021 10:59 AM
Good Morning.
I have two SVIs configured on my switch. One IP address on VLAN 1 Default (192.168.0.15) and another on VLAN 50 (10.50.50.15), but web and telnet access is only taking place via the IP address of VLAN 1.
From my station I can ping the IP of VLAN 50.
I would be grateful if someone could help me.
Solved! Go to Solution.
04-07-2021 11:18 AM - edited 04-07-2021 11:19 AM
Guys, I continued to investigate further and analyzed the packets in the 3850. As you can see in the image below, the 3850 even sent a syn-ack, but did not get the station's ack.
So, at first I thought it could be something in the configuration of the route between the VLANs on the router, but as I was able to normally access all the other devices on the VLAN 50, I insisted that the problem was really with the 3850.
And it is with joy that I come to share with you that I managed to solve the problem. I simply removed the IP address from VLAN 1 and deactivated it:
interface Vlan1
no ip address
shutdown
!
Now I can access and manage the 3850 normally via VLAN 50.
Thank you all so much!
04-05-2021 11:01 AM
Hi,
Is "ip routing" enabled on the switch?
HTH
04-05-2021 11:13 AM
Thanks for the reply, Reza.
Yes, ip routing is enabled
04-05-2021 12:39 PM
Hi,
interface Vlan1
ip address 192.168.0.15 255.255.0.0
!
interface Vlan50
ip address 10.50.50.15 255.255.255.0
Make sure you are NATing vlan 50 IP segment.
HTH
04-05-2021 12:53 PM
hello, could you guide me on how to do this?
04-05-2021 12:59 PM - edited 04-05-2021 12:59 PM
What device is doing the NAT for you? Is that a firewall or a router? Can you post the configuration?
HTH
04-05-2021 05:43 PM
My station is on VLAN 1 and our firewall is responsible for routing between VLAN 1 and VLAN 50. I can easily access the 2960x switches that have a VLAN 50 with their 10.50.50.x IPs.
04-05-2021 06:23 PM
Ok, so you have internal connectivity between vlan 1 and 50 but vlan 50 is not able to access the Internet correct?
If this is the case, then make sure the firewall is configured to NAT 10.50.50.x subnet.
HTH
04-06-2021 05:01 AM - edited 04-06-2021 01:19 PM
But I just need to manage the switch (on the management vlan 50) through my internal workstation.
04-05-2021 11:13 AM
if no device connected on VLAN 50 or added any switch port to vlan 50, the SVI interface is not come up.
show ip interface brief - post the output
04-05-2021 12:52 PM - edited 04-06-2021 01:43 PM
Hi, balaji
My others 2960 switches are normally managed by VLAN 50 and are connected to the 3850 trunk ports. This 3850 does not have any other devices connected as access, as it is playing the role of core.
#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.0.15 YES NVRAM up up
Vlan50 10.50.50.15 YES NVRAM up up
GigabitEthernet0/0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset up up
GigabitEthernet1/0/5 unassigned YES unset up up
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset up down
GigabitEthernet1/0/9 unassigned YES unset up up
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset up up
GigabitEthernet1/0/12 unassigned YES unset up up
GigabitEthernet1/0/13 unassigned YES unset up down
GigabitEthernet1/0/14 unassigned YES unset up down
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up
GigabitEthernet1/0/17 unassigned YES unset up up
GigabitEthernet1/0/18 unassigned YES unset up up
GigabitEthernet1/0/19 unassigned YES unset up down
GigabitEthernet1/0/20 unassigned YES unset up down
GigabitEthernet1/0/21 unassigned YES unset up up
GigabitEthernet1/0/22 unassigned YES unset up up
GigabitEthernet1/0/23 unassigned YES unset up up
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
Te1/1/3 unassigned YES unset down down
Te1/1/4 unassigned YES unset down down
GigabitEthernet2/0/1 unassigned YES unset down down
GigabitEthernet2/0/2 unassigned YES unset up up
GigabitEthernet2/0/3 unassigned YES unset up up
GigabitEthernet2/0/4 unassigned YES unset up up
GigabitEthernet2/0/5 unassigned YES unset up up
GigabitEthernet2/0/6 unassigned YES unset down down
GigabitEthernet2/0/7 unassigned YES unset down down
GigabitEthernet2/0/8 unassigned YES unset up down
GigabitEthernet2/0/9 unassigned YES unset up up
GigabitEthernet2/0/10 unassigned YES unset up up
GigabitEthernet2/0/11 unassigned YES unset up up
GigabitEthernet2/0/12 unassigned YES unset up up
GigabitEthernet2/0/13 unassigned YES unset up down
GigabitEthernet2/0/14 unassigned YES unset up down
GigabitEthernet2/0/15 unassigned YES unset up up
GigabitEthernet2/0/16 unassigned YES unset up up
GigabitEthernet2/0/17 unassigned YES unset up up
GigabitEthernet2/0/18 unassigned YES unset up up
GigabitEthernet2/0/19 unassigned YES unset up down
GigabitEthernet2/0/20 unassigned YES unset up down
GigabitEthernet2/0/21 unassigned YES unset up up
GigabitEthernet2/0/22 unassigned YES unset up up
GigabitEthernet2/0/23 unassigned YES unset up up
GigabitEthernet2/0/24 unassigned YES unset up up
GigabitEthernet2/1/1 unassigned YES unset down down
GigabitEthernet2/1/2 unassigned YES unset down down
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset down down
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Te2/1/3 unassigned YES unset down down
Te2/1/4 unassigned YES unset down down
Port-channel1 unassigned YES unset down down
Port-channel2 unassigned YES unset up up
Port-channel3 unassigned YES unset up up
Port-channel4 unassigned YES unset up up
Port-channel5 unassigned YES unset up up
Port-channel8 unassigned YES unset up up
Port-channel13 unassigned YES unset up up
Port-channel19 unassigned YES unset up up
04-06-2021 01:15 AM
Hello
You have two L3 SVis on that switch stack but it looks like ip routing is NOT enabled, please confirm
show ip route
04-06-2021 04:57 AM - edited 04-06-2021 01:43 PM
Hi,
#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
ia - IS-IS inter area, * - candidate default, U - per-user
static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 10.50.50.254 to network 0.0.0.0
S* 0.0.0.0/0 [1/0] via 10.50.50.254
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.50.50.0/24 is directly connected, Vlan50
L 10.50.50.15/32 is directly connected, Vlan50
C 192.168.0.0/16 is directly connected, Vlan1
192.168.0.0/32 is subnetted, 1 subnets
L 192.168.0.15 is directly connected, Vlan1
04-06-2021 11:44 AM
ok SVI up and you have static route, what port-channel you using to connect uplink device and is VLAN 50 allowed,
make sure you created VLAN 50
show vlan
show spanning brief
show run interace port-channel X (x is the number you connected to uplink router)
04-06-2021 01:05 PM - edited 04-06-2021 01:45 PM
The 3850 uplink is on Port-channel4, which is connected to the Po1 of a 2960x (10.50.50.41), both configured as trunk, allowing "All".
The 2960x uplink for the router is on the Gi2/0/19 interface, configured as trunk, allowing VLANs 1 and 50.
From my station I can manage (webui and telnet) this 2960x normally at its IP address 10.50.50.41. My station is connected to another edge switch that has an uplink for the 3850 and consequently for the 10.50.50.41.
Sorry for the long information below:
#### 3850:
CoreTelecomSwitchStack#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/8, Gi1/0/13, Gi1/0/14, Gi1/0/19, Gi1/0/20, Gi2/0/1, Gi2/0/8, Gi2/0/13, Gi2/0/14, Gi2/0/19, Gi2/0/20
10 SUPERVSCADA active
30 WIFIGUEST active
50 INFRAMGMT active Gi1/0/6, Gi1/0/7, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4, Gi2/0/6, Gi2/0/7, Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4
60 SUPERVMGMT active
90 DMZ active
91 DMZ-PVLAN-ISOLATED active
92 DMZ-PVLAN-COMMUNITY active
210 IPCFTV active
250 INFRADR active
1001 NATIVECUSTOM active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
91 enet 100091 1500 - - - - - 0 0
92 enet 100092 1500 - - - - - 0 0
210 enet 100210 1500 - - - - - 0 0
250 enet 100250 1500 - - - - - 0 0
1001 enet 101001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
90 91 isolated
90 92 community
CoreTelecomSwitchStack#show spanning-tree vlan 50
VLAN0050
Spanning tree enabled protocol ieee
Root ID Priority 50
Address f8a5.c5e2.1d00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 50 (priority 0 sys-id-ext 50)
Address f8a5.c5e2.1d00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 3 128.2378 P2p
Po3 Desg FWD 3 128.2379 P2p
Po4 Desg FWD 3 128.2380 P2p
Po5 Desg FWD 3 128.2381 P2p
Po8 Desg FWD 3 128.2384 P2p
Po13 Desg FWD 3 128.2389 P2p
Po19 Desg FWD 3 128.2395 P2p
CoreTelecomSwitchStack#show run interface port-channel 4
Building configuration...
Current configuration : 93 bytes
!
interface Port-channel4
description downlink_cisco_tortelecom
switchport mode trunk
end
#### 2960x (10.50.50.41):
TORTelecomSwitch#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/13, Gi2/0/14, Gi2/0/15
Gi2/0/16, Gi2/0/17, Gi2/0/18, Gi2/0/21, Gi2/0/22, Gi2/0/25, Gi2/0/26
10 SUPERVSCADA active
30 WIFIGUEST active
50 INFRAMGMT active
60 SUPERVMGMT active
90 DMZ active
91 DMZ-PVLAN-ISOLATED active
92 DMZ-PVLAN-COMMUNITY active
210 IPCFTV active
250 INFRADR active
1001 NATIVECUSTOM active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
91 enet 100091 1500 - - - - - 0 0
92 enet 100092 1500 - - - - - 0 0
210 enet 100210 1500 - - - - - 0 0
250 enet 100250 1500 - - - - - 0 0
1001 enet 101001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
90 91 isolated Gi2/0/20
90 92 community Gi2/0/20
TORTelecomSwitch#show spanning vlan 50
VLAN0050
Spanning tree enabled protocol ieee
Root ID Priority 50
Address f8a5.c5e2.1d00
Cost 3
Port 456 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32818 (priority 32768 sys-id-ext 50)
Address 0059.dc31.f400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi2/0/12 Desg FWD 4 128.68 P2p
Gi2/0/19 Desg FWD 4 128.75 P2p Edge
Po1 Root FWD 3 128.456 P2p
TORTelecomSwitch#show run interface po1
Building configuration...
Current configuration : 85 bytes
!
interface Port-channel1
description UPLINK-CORE-C3850
switchport mode trunk
end
TORTelecomSwitch#show run interface Gi 2/0/19
Building configuration...
Current configuration : 287 bytes
!
interface GigabitEthernet2/0/19
description cisco-router
switchport access vlan 50
switchport trunk allowed vlan 1,50
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos trust
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
end
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide