Solved: 3850 management not working on SVI IP VLAN

tiadmin · ‎04-05-2021

Good Morning.

I have two SVIs configured on my switch. One IP address on VLAN 1 Default (192.168.0.15) and another on VLAN 50 (10.50.50.15), but web and telnet access is only taking place via the IP address of VLAN 1.

From my station I can ping the IP of VLAN 50.

I would be grateful if someone could help me.

tiadmin · ‎04-07-2021

Guys, I continued to investigate further and analyzed the packets in the 3850. As you can see in the image below, the 3850 even sent a syn-ack, but did not get the station's ack.

So, at first I thought it could be something in the configuration of the route between the VLANs on the router, but as I was able to normally access all the other devices on the VLAN 50, I insisted that the problem was really with the 3850.

And it is with joy that I come to share with you that I managed to solve the problem. I simply removed the IP address from VLAN 1 and deactivated it:

interface Vlan1
no ip address
shutdown
!

Now I can access and manage the 3850 normally via VLAN 50.

Thank you all so much!

View solution in original post

Reza Sharifi · ‎04-05-2021

Hi,

Is "ip routing" enabled on the switch?

HTH

tiadmin · ‎04-05-2021

Thanks for the reply, Reza.
Yes, ip routing is enabled

Reza Sharifi · ‎04-05-2021

Hi,

interface Vlan1
ip address 192.168.0.15 255.255.0.0
!
interface Vlan50
ip address 10.50.50.15 255.255.255.0

Make sure you are NATing vlan 50 IP segment.

HTH

tiadmin · ‎04-05-2021

hello, could you guide me on how to do this?

Reza Sharifi · ‎04-05-2021

What device is doing the NAT for you? Is that a firewall or a router? Can you post the configuration?

HTH

tiadmin · ‎04-05-2021

My station is on VLAN 1 and our firewall is responsible for routing between VLAN 1 and VLAN 50. I can easily access the 2960x switches that have a VLAN 50 with their 10.50.50.x IPs.

Reza Sharifi · ‎04-05-2021

Ok, so you have internal connectivity between vlan 1 and 50 but vlan 50 is not able to access the Internet correct?

If this is the case, then make sure the firewall is configured to NAT 10.50.50.x subnet.

HTH

tiadmin · ‎04-06-2021

But I just need to manage the switch (on the management vlan 50) through my internal workstation.

balaji.bandi · ‎04-05-2021

if no device connected on VLAN 50 or added any switch port to vlan 50, the SVI interface is not come up.

show ip interface brief - post the output

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tiadmin · ‎04-05-2021

Hi, balaji

My others 2960 switches are normally managed by VLAN 50 and are connected to the 3850 trunk ports. This 3850 does not have any other devices connected as access, as it is playing the role of core.

#show ip interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.0.15 YES NVRAM up up
Vlan50 10.50.50.15 YES NVRAM up up
GigabitEthernet0/0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset up up
GigabitEthernet1/0/5 unassigned YES unset up up
GigabitEthernet1/0/6 unassigned YES unset down down
GigabitEthernet1/0/7 unassigned YES unset down down
GigabitEthernet1/0/8 unassigned YES unset up down
GigabitEthernet1/0/9 unassigned YES unset up up
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset up up
GigabitEthernet1/0/12 unassigned YES unset up up
GigabitEthernet1/0/13 unassigned YES unset up down
GigabitEthernet1/0/14 unassigned YES unset up down
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up
GigabitEthernet1/0/17 unassigned YES unset up up
GigabitEthernet1/0/18 unassigned YES unset up up
GigabitEthernet1/0/19 unassigned YES unset up down
GigabitEthernet1/0/20 unassigned YES unset up down
GigabitEthernet1/0/21 unassigned YES unset up up
GigabitEthernet1/0/22 unassigned YES unset up up
GigabitEthernet1/0/23 unassigned YES unset up up
GigabitEthernet1/0/24 unassigned YES unset up up
GigabitEthernet1/1/1 unassigned YES unset down down
GigabitEthernet1/1/2 unassigned YES unset down down
GigabitEthernet1/1/3 unassigned YES unset down down
GigabitEthernet1/1/4 unassigned YES unset down down
Te1/1/1 unassigned YES unset down down
Te1/1/2 unassigned YES unset down down
Te1/1/3 unassigned YES unset down down
Te1/1/4 unassigned YES unset down down
GigabitEthernet2/0/1 unassigned YES unset down down
GigabitEthernet2/0/2 unassigned YES unset up up
GigabitEthernet2/0/3 unassigned YES unset up up
GigabitEthernet2/0/4 unassigned YES unset up up
GigabitEthernet2/0/5 unassigned YES unset up up
GigabitEthernet2/0/6 unassigned YES unset down down
GigabitEthernet2/0/7 unassigned YES unset down down
GigabitEthernet2/0/8 unassigned YES unset up down
GigabitEthernet2/0/9 unassigned YES unset up up
GigabitEthernet2/0/10 unassigned YES unset up up
GigabitEthernet2/0/11 unassigned YES unset up up
GigabitEthernet2/0/12 unassigned YES unset up up
GigabitEthernet2/0/13 unassigned YES unset up down
GigabitEthernet2/0/14 unassigned YES unset up down
GigabitEthernet2/0/15 unassigned YES unset up up
GigabitEthernet2/0/16 unassigned YES unset up up
GigabitEthernet2/0/17 unassigned YES unset up up
GigabitEthernet2/0/18 unassigned YES unset up up
GigabitEthernet2/0/19 unassigned YES unset up down
GigabitEthernet2/0/20 unassigned YES unset up down
GigabitEthernet2/0/21 unassigned YES unset up up
GigabitEthernet2/0/22 unassigned YES unset up up
GigabitEthernet2/0/23 unassigned YES unset up up
GigabitEthernet2/0/24 unassigned YES unset up up
GigabitEthernet2/1/1 unassigned YES unset down down
GigabitEthernet2/1/2 unassigned YES unset down down
GigabitEthernet2/1/3 unassigned YES unset down down
GigabitEthernet2/1/4 unassigned YES unset down down
Te2/1/1 unassigned YES unset down down
Te2/1/2 unassigned YES unset down down
Te2/1/3 unassigned YES unset down down
Te2/1/4 unassigned YES unset down down
Port-channel1 unassigned YES unset down down
Port-channel2 unassigned YES unset up up
Port-channel3 unassigned YES unset up up
Port-channel4 unassigned YES unset up up
Port-channel5 unassigned YES unset up up
Port-channel8 unassigned YES unset up up
Port-channel13 unassigned YES unset up up
Port-channel19 unassigned YES unset up up

paul driver · ‎04-06-2021

Hello

You have two L3 SVis on that switch stack but it looks like ip routing is NOT enabled, please confirm

show ip route

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

tiadmin · ‎04-06-2021

Hi,

#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
       n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS
level-2
       ia - IS-IS inter area, * - candidate default, U - per-user
static route
       H - NHRP, G - NHRP registered, g - NHRP registration summary
       o - ODR, P - periodic downloaded static route, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 10.50.50.254 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.50.50.254
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.50.50.0/24 is directly connected, Vlan50
L        10.50.50.15/32 is directly connected, Vlan50
C     192.168.0.0/16 is directly connected, Vlan1
      192.168.0.0/32 is subnetted, 1 subnets
L        192.168.0.15 is directly connected, Vlan1

balaji.bandi · ‎04-06-2021

ok SVI up and you have static route, what port-channel you using to connect uplink device and is VLAN 50 allowed,

make sure you created VLAN 50

show vlan

show spanning brief

show run interace port-channel X (x is the number you connected to uplink router)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

tiadmin · ‎04-06-2021

The 3850 uplink is on Port-channel4, which is connected to the Po1 of a 2960x (10.50.50.41), both configured as trunk, allowing "All".

The 2960x uplink for the router is on the Gi2/0/19 interface, configured as trunk, allowing VLANs 1 and 50.

From my station I can manage (webui and telnet) this 2960x normally at its IP address 10.50.50.41. My station is connected to another edge switch that has an uplink for the 3850 and consequently for the 10.50.50.41.

Sorry for the long information below:

#### 3850:

CoreTelecomSwitchStack#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/1, Gi1/0/8, Gi1/0/13, Gi1/0/14, Gi1/0/19, Gi1/0/20, Gi2/0/1, Gi2/0/8, Gi2/0/13, Gi2/0/14, Gi2/0/19, Gi2/0/20
10 SUPERVSCADA active
30 WIFIGUEST active
50 INFRAMGMT active Gi1/0/6, Gi1/0/7, Gi1/1/1, Gi1/1/2, Gi1/1/3, Gi1/1/4, Gi2/0/6, Gi2/0/7, Gi2/1/1, Gi2/1/2, Gi2/1/3, Gi2/1/4
60 SUPERVMGMT active
90 DMZ active
91 DMZ-PVLAN-ISOLATED active
92 DMZ-PVLAN-COMMUNITY active
210 IPCFTV active
250 INFRADR active
1001 NATIVECUSTOM active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
91 enet 100091 1500 - - - - - 0 0
92 enet 100092 1500 - - - - - 0 0
210 enet 100210 1500 - - - - - 0 0
250 enet 100250 1500 - - - - - 0 0
1001 enet 101001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
90 91 isolated
90 92 community

CoreTelecomSwitchStack#show spanning-tree vlan 50

VLAN0050
Spanning tree enabled protocol ieee
Root ID Priority 50
Address f8a5.c5e2.1d00
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 50 (priority 0 sys-id-ext 50)
Address f8a5.c5e2.1d00
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po2 Desg FWD 3 128.2378 P2p
Po3 Desg FWD 3 128.2379 P2p
Po4 Desg FWD 3 128.2380 P2p
Po5 Desg FWD 3 128.2381 P2p
Po8 Desg FWD 3 128.2384 P2p
Po13 Desg FWD 3 128.2389 P2p
Po19 Desg FWD 3 128.2395 P2p

CoreTelecomSwitchStack#show run interface port-channel 4
Building configuration...

Current configuration : 93 bytes
!
interface Port-channel4
description downlink_cisco_tortelecom
switchport mode trunk
end

#### 2960x (10.50.50.41):

TORTelecomSwitch#show vlan

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi2/0/2, Gi2/0/3, Gi2/0/4, Gi2/0/5, Gi2/0/6, Gi2/0/7, Gi2/0/8, Gi2/0/9, Gi2/0/10, Gi2/0/11, Gi2/0/13, Gi2/0/14, Gi2/0/15
Gi2/0/16, Gi2/0/17, Gi2/0/18, Gi2/0/21, Gi2/0/22, Gi2/0/25, Gi2/0/26
10 SUPERVSCADA active
30 WIFIGUEST active
50 INFRAMGMT active
60 SUPERVMGMT active
90 DMZ active
91 DMZ-PVLAN-ISOLATED active
92 DMZ-PVLAN-COMMUNITY active
210 IPCFTV active
250 INFRADR active
1001 NATIVECUSTOM active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
30 enet 100030 1500 - - - - - 0 0
50 enet 100050 1500 - - - - - 0 0
60 enet 100060 1500 - - - - - 0 0
90 enet 100090 1500 - - - - - 0 0
91 enet 100091 1500 - - - - - 0 0
92 enet 100092 1500 - - - - - 0 0
210 enet 100210 1500 - - - - - 0 0
250 enet 100250 1500 - - - - - 0 0
1001 enet 101001 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 trcrf 101003 4472 1005 3276 - - srb 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trbrf 101005 4472 - - 15 ibm - 0 0


VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 7 7 off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
90 91 isolated Gi2/0/20
90 92 community Gi2/0/20

TORTelecomSwitch#show spanning vlan 50

VLAN0050
Spanning tree enabled protocol ieee
Root ID Priority 50
Address f8a5.c5e2.1d00
Cost 3
Port 456 (Port-channel1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority 32818 (priority 32768 sys-id-ext 50)
Address 0059.dc31.f400
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Aging Time 300 sec

Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi2/0/12 Desg FWD 4 128.68 P2p
Gi2/0/19 Desg FWD 4 128.75 P2p Edge
Po1 Root FWD 3 128.456 P2p

TORTelecomSwitch#show run interface po1
Building configuration...

Current configuration : 85 bytes
!
interface Port-channel1
description UPLINK-CORE-C3850
switchport mode trunk
end

TORTelecomSwitch#show run interface Gi 2/0/19
Building configuration...

Current configuration : 287 bytes
!
interface GigabitEthernet2/0/19
description cisco-router
switchport access vlan 50
switchport trunk allowed vlan 1,50
switchport mode trunk
mls qos trust dscp
macro description cisco-router
auto qos trust
spanning-tree portfast edge trunk
spanning-tree bpduguard enable
end