Can't Ping Hosts In a Different VLAN from a Host Machine In Another VLAN

sxiong1111 · ‎05-05-2018

I did quite a bit of searching, but I can't exactly find something that matches my issue and I've been scratching my head trying to figure this out for almost the entire day. On the router (C1111-8P), I have a physical switch connected to gi 0/1/2 and this port is assigned to VLAN 6 with an IP of 192.168.1.254.

xio-1-br01#show ip interface brief
Interface              IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0/0   174.74.104.136  YES DHCP   up                    up
GigabitEthernet0/0/1   10.240.8.1      YES NVRAM  up                    up
GigabitEthernet0/1/0   unassigned      YES unset  down                  down
GigabitEthernet0/1/1   unassigned      YES unset  down                  down
GigabitEthernet0/1/2   unassigned      YES unset  up                    up
GigabitEthernet0/1/3   unassigned      YES unset  down                  down
GigabitEthernet0/1/4   unassigned      YES unset  up                    up
GigabitEthernet0/1/5   unassigned      YES unset  down                  down
GigabitEthernet0/1/6   unassigned      YES unset  down                  down
GigabitEthernet0/1/7   unassigned      YES unset  up                    up
Loopback0              10.240.9.1      YES NVRAM  up                    up
Vlan1                  10.1.255.254    YES NVRAM  up                    up
Vlan2                  10.2.255.254    YES NVRAM  up                    up
Vlan3                  10.3.255.254    YES NVRAM  up                    up
Vlan4                  10.4.255.254    YES NVRAM  up                    up
Vlan5                  10.5.255.254    YES NVRAM  up                    up
Vlan6                  192.168.1.254   YES manual up                    up

On the router itself, I can ping various hosts (192.168.1.0/16) that's connected to the switch that's connected to VLAN 6, but from a PC host machine on VLAN 2, I can't ping say for instance the switch's IP (192.168.1.1 255.255.255.0). Can someone help and point me where or how to fix this?

From the Router:

Ping to 192.168.1.254 works (IP of VLAN 6)

Ping to 192.168.1.1 works (IP of the physical switch that's connected to gi 0/1/2 on the router)

From the PC Host (on VLAN 2 with an IP of 10.2.0.2 255.255.0.0):

Ping to 192.168.1.254 works (IP of VLAN 6)

Ping to 192.168.1.1 fails (IP of the physical switch that's connected to gi 0/1/2 on the router)

Here's my running configuration:

xio-1-br01#show running-config
Building configuration...


Current configuration : 4326 bytes
!
! Last configuration change at 22:34:48 cdt Sat May 5 2018
! NVRAM config last updated at 22:11:53 cdt Sat May 5 2018
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
!
hostname xio-1-br01
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
clock timezone CST -6 0
clock summer-time cdt recurring
!
ip dhcp excluded-address 10.2.255.1 10.2.255.254
ip dhcp excluded-address 10.1.255.1 10.1.255.254
ip dhcp excluded-address 10.4.255.1 10.4.255.254
ip dhcp excluded-address 10.3.255.1 10.3.255.254
ip dhcp excluded-address 10.5.255.1 10.5.255.254
!
ip dhcp pool p2
 import all
 network 10.2.0.0 255.255.0.0
 default-router 10.2.255.254
 dns-server 68.1.16.107 68.1.16.108 68.111.106.68 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 91.239.100.100
 lease 3
!
ip dhcp pool p1
 import all
 network 10.1.0.0 255.255.0.0
 default-router 10.1.255.254
 dns-server 68.1.16.107 68.1.16.108 68.111.106.68 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 91.239.100.100
 lease 3
!
ip dhcp pool p3
 import all
 network 10.3.0.0 255.255.0.0
 default-router 10.3.255.254
 dns-server 68.1.16.107 68.1.16.108 68.111.106.68 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 91.239.100.100
 lease 3
!
ip dhcp pool p4
 import all
 network 10.4.0.0 255.255.0.0
 default-router 10.4.255.254
 dns-server 68.1.16.107 68.1.16.108 68.111.106.68 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 91.239.100.100
 lease 3
!
ip dhcp pool p5
 import all
 network 10.5.0.0 255.255.0.0
 default-router 10.5.255.254
 dns-server 68.1.16.107 68.1.16.108 68.111.106.68 8.8.8.8 8.8.4.4 208.67.222.222 208.67.220.220 91.239.100.100
 lease 3
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
multilink bundle-name authenticated
!
!
!
crypto pki trustpoint TP-self-signed-3932058017
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-3932058017
 revocation-check none
 rsakeypair TP-self-signed-3932058017
!
!
crypto pki certificate chain TP-self-signed-3932058017
!
!
license udi pid C1111-8P sn FGL2204923K
!
diagnostic bootup level minimal
spanning-tree extend system-id
!
!
!
redundancy
 mode none
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
interface Loopback0
 ip address 10.240.9.1 255.255.255.0
!
interface GigabitEthernet0/0/0
 ip address dhcp
 ip nat outside
 negotiation auto
 no cdp enable
 ip virtual-reassembly
!
interface GigabitEthernet0/0/1
 ip address 10.240.8.1 255.255.255.0
 ip nat inside
 negotiation auto
!
interface GigabitEthernet0/1/0
!
interface GigabitEthernet0/1/1
!
interface GigabitEthernet0/1/2
 switchport access vlan 6
!
interface GigabitEthernet0/1/3
 switchport access vlan 6
!
interface GigabitEthernet0/1/4
 switchport access vlan 5
!
interface GigabitEthernet0/1/5
 switchport access vlan 5
!
interface GigabitEthernet0/1/6
!
interface GigabitEthernet0/1/7
 switchport mode trunk
!
interface Vlan1
 ip address 10.1.255.254 255.255.0.0
 ip nat inside
!
interface Vlan2
 ip address 10.2.255.254 255.255.0.0
 ip nat inside
!
interface Vlan3
 ip address 10.3.255.254 255.255.0.0
 ip nat inside
!
interface Vlan4
 ip address 10.4.255.254 255.255.0.0
 ip nat inside
!
interface Vlan5
 ip address 10.5.255.254 255.255.0.0
 ip nat inside
!
interface Vlan6
 ip address 192.168.1.254 255.255.255.0
 ip nat inside
!
ip nat inside source list 1 interface GigabitEthernet0/0/0 overload
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip dns server
ip route 10.1.0.0 255.255.0.0 Vlan1
ip route 10.2.0.0 255.255.0.0 Vlan2
ip route 10.3.0.0 255.255.0.0 Vlan3
ip route 10.4.0.0 255.255.0.0 Vlan4
ip route 10.5.0.0 255.255.0.0 Vlan5
ip route 10.140.8.0 255.255.255.0 GigabitEthernet0/0/1
ip route 10.140.9.0 255.255.255.0 GigabitEthernet0/0/1
ip route 192.168.1.0 255.255.255.0 Vlan6
ip route 0.0.0.0 0.0.0.0 GigabitEthernet0/0/0 dhcp
!
!
access-list 1 permit 10.0.0.0 0.255.255.255
access-list 1 permit 192.168.0.0 0.0.255.255
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 password pass
 logging synchronous
 login
 transport input none
 stopbits 1
line vty 0
 exec-timeout 0 0
 password pass
 logging synchronous
 login
line vty 1 4
 login
!
wsma agent exec
!
wsma agent config
!
wsma agent filesys
!
wsma agent notify
!
!
end

Here's my IP route:

xio-1-br01#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       a - application route
       + - replicated route, % - next hop override, p - overrides from PfR

Gateway of last resort is 174.74.104.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 174.74.104.1, GigabitEthernet0/0/0
      10.0.0.0/8 is variably subnetted, 16 subnets, 3 masks
C        10.1.0.0/16 is directly connected, Vlan1
L        10.1.255.254/32 is directly connected, Vlan1
C        10.2.0.0/16 is directly connected, Vlan2
L        10.2.255.254/32 is directly connected, Vlan2
C        10.3.0.0/16 is directly connected, Vlan3
L        10.3.255.254/32 is directly connected, Vlan3
C        10.4.0.0/16 is directly connected, Vlan4
L        10.4.255.254/32 is directly connected, Vlan4
C        10.5.0.0/16 is directly connected, Vlan5
L        10.5.255.254/32 is directly connected, Vlan5
S        10.140.8.0/24 is directly connected, GigabitEthernet0/0/1
S        10.140.9.0/24 is directly connected, GigabitEthernet0/0/1
C        10.240.8.0/24 is directly connected, GigabitEthernet0/0/1
L        10.240.8.1/32 is directly connected, GigabitEthernet0/0/1
C        10.240.9.0/24 is directly connected, Loopback0
L        10.240.9.1/32 is directly connected, Loopback0
      172.19.0.0/32 is subnetted, 1 subnets
S        172.19.81.117 [254/0] via 174.74.104.1, GigabitEthernet0/0/0
      174.74.0.0/16 is variably subnetted, 2 subnets, 2 masks
C        174.74.104.0/21 is directly connected, GigabitEthernet0/0/0
L        174.74.104.136/32 is directly connected, GigabitEthernet0/0/0
      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.1.0/24 is directly connected, Vlan6
L        192.168.1.254/32 is directly connected, Vlan6

Result of Ping Success from the Router (not the PC Host):

xio-1-br01#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

Leo Laohoo · ‎05-05-2018

sh vlan-switching

mohammed01701 · ‎05-06-2018

Hi!

Can you ping from router to the 192.168.1.1 source vlan 2. I think you are missing mybe default-gateway on the switch. Please post out put of the ping from the router:

Are you using /24 or /16 on the subnet 192.168.1.0/? "you post 192.168.1.0/16" and vlan 6 interface has 192.168.1.254/24, which are you trying to use /24 or /16?

xio-1-br01#ping 192.168.1.1 source (vlan 2 IP address).

If that does not work try to ping, source (vlan 6 IP address), i think you will see a difference...

Have you default-gateway on the switch? it has to bee 192.168.1.254.....

HTH

/Mohammed

sxiong1111 · ‎05-06-2018

So I drew a picture above to help visualize the physical layout of things. The problem is where Host C (10.2.0.1) or Host D (10.2.0.2) needs to ping Host A (192.168.1.25) or Host B (192.168.1.10) and vice versa. There's no issues pinging to reaching any host from either the router or the Catalyst switch to Host A or Host B. When attempting to ping all of the VLAN gateways from the SG300 switch, it works, but not the hosts inside each VLAN. I'm speculating the issue is with a configuration issue with the SG300 switch itself.

Here's the running configuration from the SG300 switch:

xio-1-as02#show run
config-file-header
xio-1-as02
v1.3.0.62 / R750_NIK_1_3_647_260
CLI v1.0
set system mode switch

file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
vlan database
default-vlan vlan 6
exit
vlan database
vlan 1
exit
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
hostname xio-1-as02
line console
exec-timeout 0
exit
line ssh
exec-timeout 0
exit
line telnet
exec-timeout 0
exit
enable password level 15 encrypted d033e22ae348aeb5660fc2140aec35850c4da997
no passwords complexity enable
username cisco password encrypted d033e22ae348aeb5660fc2140aec35850c4da997 privilege 15
ip ssh server
snmp-server server
ip http timeout-policy 0
ip telnet server
!
interface vlan 1
 no ip address dhcp
!
interface vlan 6
 ip address 192.168.1.252 255.255.255.0
!
interface gigabitethernet1
 switchport mode access
!
interface gigabitethernet2
 switchport mode access
!
interface gigabitethernet3
 switchport mode access
!
interface gigabitethernet4
 switchport mode access
!
interface gigabitethernet5
 switchport mode access
!
interface gigabitethernet6
 switchport mode access
!
interface gigabitethernet7
 switchport mode access
!
interface gigabitethernet8
 switchport mode access
!
interface gigabitethernet9
 switchport mode access
!
interface gigabitethernet10
 switchport mode access
!
exit
ip default-gateway 192.168.1.254

Here's the ping results from the SG300 switch:

xio-1-as02#ping 10.2.0.2
Pinging 10.2.0.2 with 18 bytes of data:

PING: no reply from 10.2.0.2
PING: timeout
PING: no reply from 10.2.0.2
PING: timeout
PING: no reply from 10.2.0.2
PING: timeout
PING: no reply from 10.2.0.2
PING: timeout

----10.2.0.2 PING Statistics----
4 packets transmitted, 0 packets received, 100% packet loss

xio-1-as02#ping 10.2.255.254
Pinging 10.2.255.254 with 18 bytes of data:

18 bytes from 10.2.255.254: icmp_seq=1. time=0 ms
18 bytes from 10.2.255.254: icmp_seq=2. time=0 ms
18 bytes from 10.2.255.254: icmp_seq=3. time=0 ms
18 bytes from 10.2.255.254: icmp_seq=4. time=0 ms

----10.2.255.254 PING Statistics----
4 packets transmitted, 4 packets received, 0% packet loss
round-trip (ms) min/avg/max = 0/0/0

Here's the ping results from the router (C1111-8P):

xio-1-br01#ping 192.168.1.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
xio-1-br01#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Here's the ping results from the Catalyst 2930-XR switch:

xio-1-as01#ping 192.168.1.25
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.25, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/7 ms
xio-1-as01#ping 192.168.1.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/11 ms

As you can see from above, seems like something is being blocked or not able to get to/from hosts directly connected to the SG300 switch.