Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3227
Views
0
Helpful
23
Replies

Can ping all devices on a network except devices in a vlan. Can ping those from the core

blee-advds
Level 1
Level 1

‎03-30-2017 09:23 AM - edited ‎03-08-2019 09:59 AM

I Have a network  that consists of a 3750 48 port  Ethernet (core), 3750 Fiber(layer 2) trunked on gi2/0/25 to gi1/0/1 all vlans 1,10,20,30,40-41,50-51 allowed.

I have had no issues. Added the 8th 2960 created vlan 41 and 51 added to the trunk. VTP is enabled and populates all VLANS in all switches. This issue comes when I add devices to the 2960 change ports to access mode for vlan 51. If Im plugged into the switch ( if on the CLI I cannot ping locally) I can ping and  access devices I can also ping the gateway. There is a default gateway on the layer 2  2960.. If I ping from the core I can reach the devices plugged into the 2960 and ping them. If i'm on another vlan I cannot. SVI for vlan 51 is 172.20.51.1 255.255.255.0 see switch configs below.

~~~~~~~~~~~~~~~~~~~~~~~~Core~~~~~~~~~~~~~~~~~~~~~

Current configuration : 5447 bytes
!
! Last configuration change at 12:30:44 EST Tue Mar 28 2017 by ADS
! NVRAM config last updated at 12:16:50 EST Tue Mar 28 2017 by ADS
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime
no service password-encryption
service sequence-numbers
!
hostname Core-Ethernet
!
switch 2 provision ws-c3750e-24td
system mtu routing 1500
ip subnet-zero
ip routing
no ip domain-lookup
ip name-server 8.8.8.8
!
login on-success
!
!
spanning-tree mode pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
vlan access-map enabe 10
action forward
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
no ip address
no ip mroute-cache
speed 100
duplex full
!
interface GigabitEthernet2/0/1
switchport access vlan 20
switchport trunk allowed vlan 1,10,20,30,40,50
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/2
switchport access vlan 40
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/3
switchport access vlan 40
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/4
switchport access vlan 40
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/5
switchport access vlan 20
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/6
switchport access vlan 40
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/7
switchport access vlan 40
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/8
switchport access vlan 20
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/9
switchport access vlan 40
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/10
switchport access vlan 40
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/11
switchport access vlan 40
switchport mode access
shutdown
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/12
switchport access vlan 40
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/13
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet2/0/14
shutdown
!
interface GigabitEthernet2/0/15
switchport access vlan 20
switchport mode access
shutdown
!
interface GigabitEthernet2/0/16
shutdown
!
interface GigabitEthernet2/0/17
description uplink to firewall
no switchport
ip address 192.168.1.5 255.255.255.0
!
interface GigabitEthernet2/0/18
switchport access vlan 10
switchport mode access
shutdown
!
interface GigabitEthernet2/0/19
switchport access vlan 20
switchport mode access
speed auto 1000
duplex full
spanning-tree portfast
!
interface GigabitEthernet2/0/20
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet2/0/21
description APS-1-2
switchport access vlan 20
spanning-tree portfast
!
interface GigabitEthernet2/0/22
description APS-1-1
switchport access vlan 20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet2/0/23
switchport access vlan 20
switchport mode access
spanning-tree portfast
no ip igmp snooping tcn flood
!
interface GigabitEthernet2/0/24
switchport access vlan 20
switchport mode access
shutdown
spanning-tree portfast
!
interface GigabitEthernet2/0/25
description Connection to SW1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 10,20,30,40,41,50,51
switchport mode trunk
!
interface GigabitEthernet2/0/26
shutdown
!
interface GigabitEthernet2/0/27
switchport mode access
!
interface GigabitEthernet2/0/28
!
interface TenGigabitEthernet2/0/1
!
interface TenGigabitEthernet2/0/2
!
interface Vlan1
no ip address
no ip mroute-cache
!
interface Vlan10
description Management
ip address 172.20.10.1 255.255.255.0
no ip mroute-cache
!
interface Vlan20
description Servers
ip address 172.20.20.1 255.255.255.0
no ip mroute-cache
!
interface Vlan30
description Workstations
ip address 172.20.30.1 255.255.255.0
no ip mroute-cache
!
interface Vlan40
description AccessControl
ip address 172.20.40.1 255.255.255.0
no ip mroute-cache
!
interface Vlan41
ip address 172.20.41.1 255.255.255.0
!
interface Vlan50
description Surveilance
ip address 172.20.50.1 255.255.255.0
no ip mroute-cache
!
interface Vlan51
ip address 172.20.51.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.1.254
ip http server
ip http authentication local
ip http secure-server
ip http path admin
!

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~Fiber switch~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Core-Fiber-SW1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$wzKd$2npFO4UtlTthMi2EgWI.I1
enable password Advanc3d
!
username ******* privilege 15 secret 5 
username ****** privilege 15 nohangup secret 5 
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-c3750x-12s
system mtu routing 1500
!
!
ip domain-lookup source-interface FastEthernet0
ip device tracking
login on-success
vtp interface 172.20.10.1
!
!
crypto pki trustpoint TP-self-signed-1998594304
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1998594304
revocation-check none
rsakeypair TP-self-signed-1998594304
!
!

quit
spanning-tree mode pvst
spanning-tree portfast bpduguard default
spanning-tree extend system-id
!
!
!
diagnostic schedule Switch 1 test 1 daily 0:00 cardindex 3 jobindex 1
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
shutdown
speed 100
duplex full
!
interface GigabitEthernet1/0/1
description to ethernet-core
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,41,50,51
switchport mode trunk
!
interface GigabitEthernet1/0/2
description to fl1-s1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/3
description to llparking
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/4
description to ST-FL4-SW1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/5
shutdown
!
interface GigabitEthernet1/0/6
description to ST-FL8-SW1
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,40,50
switchport mode trunk
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
description NT 1st floor
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51
switchport mode trunk
!
interface GigabitEthernet1/0/9
description NT1stfloor
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51
switchport mode trunk
!
interface GigabitEthernet1/0/10
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51
switchport mode trunk
!
interface GigabitEthernet1/0/11
description NT 1st Floor
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51
switchport mode trunk
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51,1001-1005
switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface TenGigabitEthernet1/1/1
!
interface TenGigabitEthernet1/1/2
!
interface Vlan1
description inet access vlan
no ip address
no ip route-cache cef
no ip route-cache
!
interface Vlan10
description Management
ip address 172.20.10.3 255.255.255.0
no ip route-cache cef
no ip route-cache
!
interface Vlan20
description Servers
no ip address
no ip route-cache cef
no ip route-cache
!
interface Vlan30
description Workstation
no ip address
no ip route-cache cef
no ip route-cache
!
interface Vlan40
description AccessControl
no ip address
no ip route-cache cef
no ip route-cache
!
interface Vlan41
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
!
interface Vlan50
description Surveilance
no ip address
no ip route-cache cef
no ip route-cache
!
interface Vlan51
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache

!

!
ip default-gateway 172.20.10.1
i
ip default-network 172.20.10.0
!

~~~~~~~~~~~~~~~~~~~~2960 Config~~~~~~~~~~~~~~~~~~~~~~~~

NT-FL1-SW1#show run
Building configuration...

Current configuration : 5411 bytes
!
! Last configuration change at 23:05:23 EST Sun Feb 28 1993 by ADS
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service sequence-numbers
!
hostname NT-FL1-SW1
!
boot-start-marker
boot-end-marker
!
enable secret 5 
enable password 
!
username ADS privilege 15 secret 5 
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-c2960s-24ts-l
!
!
login on-success
!
!
crypto pki trustpoint TP-self-signed-1221195648
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1221195648
revocation-check none
rsakeypair TP-self-signed-1221195648
!
!
crypto pki certificate chain TP-self-signed-1221195648
certificate self-signed 01

quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
errdisable recovery interval 30
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface FastEthernet0
no ip address
!
interface GigabitEthernet1/0/1
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/10
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/11
switchport access vlan 51
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 51
switchport mode access
!
interface GigabitEthernet1/0/13
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/14
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/15
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/16
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/17
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/18
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/19
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/20
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/21
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/22
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/23
switchport access vlan 10
switchport mode access
!
interface GigabitEthernet1/0/24
switchport access vlan 41
switchport mode access
!
interface GigabitEthernet1/0/25
switchport trunk allowed vlan 1,10,20,30,40,41,50,51,
switchport mode trunk
!
interface GigabitEthernet1/0/26
switchport mode trunk
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
!
interface Vlan10
ip address 172.20.10.13 255.255.255.0
!
interface Vlan51
no ip address
!
ip default-gateway 172.20.10.1
ip http server
ip http authentication local
ip http secure-server
!
logging esm config
!

Labels:
0 Helpful
23 Replies 23

blee-advds
Level 1
Level 1

‎03-30-2017 09:51 AM

I wanted to mention vlan 10 and vlan 41 both work just fine from this switch.

0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎03-30-2017 10:07 AM

I don't see a routing config (eigrp or ospf) on the core side. In other words, can you please post your layer 3 config? 

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎03-31-2017 06:27 AM

Core-Ethernet#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.254 to network 0.0.0.0

172.20.0.0/24 is subnetted, 7 subnets
C 172.20.50.0 is directly connected, Vlan50
C 172.20.51.0 is directly connected, Vlan51
C 172.20.40.0 is directly connected, Vlan40
C 172.20.41.0 is directly connected, Vlan41
C 172.20.30.0 is directly connected, Vlan30
C 172.20.20.0 is directly connected, Vlan20
C 172.20.10.0 is directly connected, Vlan10
C 192.168.1.0/24 is directly connected, GigabitEthernet2/0/17
S* 0.0.0.0/0 [1/0] via 192.168.1.254
Core-Ethernet#Gateway of last resort is 192.168.1.254 to network 0.0.0.0

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi2/0/14, Gi2/0/16, Gi2/0/26
Te2/0/2
10 Management active Gi2/0/13, Gi2/0/18
20 Servers active Gi2/0/1, Gi2/0/5, Gi2/0/8
Gi2/0/15, Gi2/0/19, Gi2/0/21
Gi2/0/22, Gi2/0/23, Gi2/0/24
30 VLAN0030 active
40 ST-Access-vlan40 active Gi2/0/2, Gi2/0/3, Gi2/0/4
Gi2/0/6, Gi2/0/7, Gi2/0/9
Gi2/0/10, Gi2/0/11, Gi2/0/12
41 NTAccess-VLAN0041 active Gi2/0/20
50 St-video-VLAN0050 active
51 VLAN0051 active
1002 fddi-default act/unsup
1003 trcrf-default act/unsup
1004 fddinet-default act/unsup
1005 trbrf-default act/unsup

VTP Version : running VTP2
Configuration Revision : 13
Maximum VLANs supported locally : 1005
Number of existing VLANs : 12
VTP Operating Mode : Server
VTP Domain Name : SECURITY
VTP Pruning Mode : Disabled
VTP V2 Mode : Enabled
VTP Traps Generation : Disabled
MD5 digest : 0x69 0xA1 0x1B 0x86 0x42 0xC5 0x06 0x02
Configuration last modified by 172.20.10.1 at 3-1-93 00:19:34
Local updater ID is 172.20.10.1 on interface Vl10 (lowest numbered VLAN interface found)

Port Mode Encapsulation Status Native vlan
Gi2/0/25 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi2/0/25 10,20,30,40-41,50-51

Port Vlans allowed and active in management domain
Gi2/0/25 10,20,30,40-41,50-51

Port Vlans in spanning tree forwarding state and not pruned
Gi2/0/25 10,20,30,40-41,50-51

0 Helpful

blee-advds
Level 1
Level 1
In response to blee-advds

‎03-31-2017 08:58 AM

:-( Still having issues anyone got any ideals? 

0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎03-31-2017 12:33 PM

I am sorry I didn't get a chance to respond. Can you please provide further details about your topology just to make it clear (a diagram would be helpful)? From my understanding, there's a communication within same vlan 41/51 or on the core but not from a different vlan. This points out to a routing issue between vlans. 

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎03-31-2017 06:51 PM

it does appear to be a routing issue.

The core plugs into fiber and fibe is run to each floor closet. I can ping from the core and get IPs on the VLAN or when I'm on the switch on NTFL1SW1 I can ping addresses in the 51 vlan.  The VLAN is on all trunks connecting these switches and VTP checks out as well.

Preview file
4 KB
Preview file
119 KB
0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎04-03-2017 01:22 PM

Post show interface trunk+show vtp status+show vlan brief on the core, fiber switch and NT-FL-sw1. Also, try to add "no ip mroute-cache" to SVIs 51 and 41 on the core. Finally, post show log from NT-FL-sw1.

!
interface Vlan51
ip address 172.20.51.1 255.255.255.0
!

!
interface Vlan41
ip address 172.20.41.1 255.255.255.0
!

note: I see VACL applied for mgmt, do you have other VACL applied? 

!
vlan access-map enabe 10
action forward
!

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎04-03-2017 02:46 PM

I am not sure where the ACL came from but attached configs you asked for.

0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎04-03-2017 03:03 PM

No attachments :)

Did you apply "no ip mroute-cache" on SVI 41 and 51 on the core? I am sure this is not related but just in case its a bug. 

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎04-03-2017 03:48 PM

yes sorry not sure what happened. I did do the no ip mroute-cahce on both vlans. Vlan 41 is not a problem only vlan 51

Preview file
138 KB
0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎04-03-2017 03:58 PM

No worries. I don't see "show interface trunk" and "show vlan brief".

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎04-03-2017 04:14 PM

Sorry working from home.

nt1fl.zip
0 Helpful

Austin Sabio
Level 4
Level 4
In response to blee-advds

‎04-03-2017 04:59 PM

You need to configure port Gi1/0/7 on Core-Fiber-SW1 as trunk.

 

Core-Fiber-SW1#show interfaces trunk

Port Mode Encapsulation Status Native vlan

Gi1/0/7     auto             802.1q         trunking      1

and according to above show run for Core-Fiber-SW1

!

interface GigabitEthernet1/0/7
!

and its supposed to be

interface GigabitEthernet1/0/7

description NT-FL1-SW1. 

switchport trunk encapsulation dot1q
switchport trunk allowed vlan 1,10,20,30,41,51
switchport mode trunk
no shutdown

I hope this helps. Good luck!

0 Helpful

blee-advds
Level 1
Level 1
In response to Austin Sabio

‎04-03-2017 05:02 PM

I moved today when tshoot  and have not moved back. Also move nrfl1to port 26. 

0 Helpful
Customers Also Viewed These Support Documents