Can't ping hosts on the same vlan

Orbeck · ‎05-15-2020

So I'm trying to ping hosts within the same vlan across switches and can't seem to get it working properly.

I have set up Vlan 10, 11 and 12 - only hosts in vlan 12 are able to ping each other.

I am very new to networking and especially switching, so I'm not sure if I even have the trunks set up properly.

Hopefully this is enough information, happy to provide more if need be.

Switch 1:

Switch#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
Switch Fas 0/1 96 S 2960 Fas 0/1
Switch Fas 0/6 156 S 2960 Fas 0/6
Switch Fas 0/5 156 S 2960 Fas 0/5
Switch Fas 0/2 156 S 2960 Fas 0/2
Switch#show ip int br
Interface IP-Address OK? Method Status Protocol
FastEthernet0/1 unassigned YES manual up up
FastEthernet0/2 unassigned YES manual up up
FastEthernet0/3 unassigned YES manual down down
FastEthernet0/4 unassigned YES manual down down
FastEthernet0/5 unassigned YES manual up up
FastEthernet0/6 unassigned YES manual up up
FastEthernet0/7 unassigned YES manual down down
FastEthernet0/8 unassigned YES manual down down
FastEthernet0/9 unassigned YES manual down down
FastEthernet0/10 unassigned YES manual down down
FastEthernet0/11 unassigned YES manual down down
FastEthernet0/12 unassigned YES manual down down
FastEthernet0/13 unassigned YES manual down down
FastEthernet0/14 unassigned YES manual down down
FastEthernet0/15 unassigned YES manual up up
FastEthernet0/16 unassigned YES manual down down
FastEthernet0/17 unassigned YES manual down down
FastEthernet0/18 unassigned YES manual down down
FastEthernet0/19 unassigned YES manual down down
FastEthernet0/20 unassigned YES manual down down
FastEthernet0/21 unassigned YES manual down down
FastEthernet0/22 unassigned YES manual down down
FastEthernet0/23 unassigned YES manual down down
FastEthernet0/24 unassigned YES manual down down
GigabitEthernet0/1 unassigned YES manual up up
GigabitEthernet0/2 unassigned YES manual down down
Vlan1 unassigned YES manual administratively down down
Vlan99 172.168.10.1 YES manual down down
Switch#
Switch#show vlan br

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Fa0/3, Fa0/4, Fa0/7, Fa0/8
Fa0/9, Fa0/10, Fa0/11, Fa0/12
Fa0/13, Fa0/14, Fa0/16, Fa0/17
Fa0/18, Fa0/19, Fa0/20, Fa0/21
Fa0/22, Fa0/23, Fa0/24, Gig0/2
10 sales active
11 marketing active Fa0/15
12 production active
1002 fddi-default active
1003 token-ring-default active
1004 fddinet-default active
1005 trnet-default active
Switch#show vtp status
VTP Version : 2
Configuration Revision : 6
Maximum VLANs supported locally : 255
Number of existing VLANs : 8
VTP Operating Mode : Server
VTP Domain Name : logbook
VTP Pruning Mode : Disabled
VTP V2 Mode : Disabled
VTP Traps Generation : Disabled
MD5 digest : 0x93 0xD6 0x0F 0x54 0x89 0x2D 0x48 0xCF
Configuration last modified by 0.0.0.0 at 3-1-93 01:26:26
Local updater ID is 0.0.0.0 (no valid interface found)
Switch#show mac-address-table
Mac Address Table
-------------------------------------------

Vlan Mac Address Type Ports
---- ----------- -------- -----

1 000c.8526.5601 DYNAMIC Fa0/1

Switch 2:

Switch>show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Fas 0/3 169 S 2960 Fas 0/3

Switch Fas 0/4 169 S 2960 Fas 0/4

Switch Fas 0/1 157 S 2960 Fas 0/1

Switch Fas 0/2 157 S 2960 Fas 0/2

Switch>show ip int br

Interface IP-Address OK? Method Status Protocol

FastEthernet0/1 unassigned YES manual up up

FastEthernet0/2 unassigned YES manual up up

FastEthernet0/3 unassigned YES manual up up

FastEthernet0/4 unassigned YES manual up up

FastEthernet0/5 unassigned YES manual down down

FastEthernet0/6 unassigned YES manual down down

FastEthernet0/7 unassigned YES manual down down

FastEthernet0/8 unassigned YES manual down down

FastEthernet0/9 unassigned YES manual down down

FastEthernet0/10 unassigned YES manual down down

FastEthernet0/11 unassigned YES manual down down

FastEthernet0/12 unassigned YES manual down down

FastEthernet0/13 unassigned YES manual down down

FastEthernet0/14 unassigned YES manual down down

FastEthernet0/15 unassigned YES manual up up

FastEthernet0/16 unassigned YES manual down down

FastEthernet0/17 unassigned YES manual down down

FastEthernet0/18 unassigned YES manual down down

FastEthernet0/19 unassigned YES manual down down

FastEthernet0/20 unassigned YES manual down down

FastEthernet0/21 unassigned YES manual down down

FastEthernet0/22 unassigned YES manual down down

FastEthernet0/23 unassigned YES manual down down

FastEthernet0/24 unassigned YES manual down down

GigabitEthernet0/1 unassigned YES manual down down

GigabitEthernet0/2 unassigned YES manual down down

Vlan1 unassigned YES manual administratively down down

Vlan99 172.168.10.2 YES manual down down

Switch>show vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/16, Fa0/17

Fa0/18, Fa0/19, Fa0/20, Fa0/21

Fa0/22, Fa0/23, Fa0/24, Gig0/1

Gig0/2

10 sales active

11 marketing active

12 production active Fa0/15

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

Switch>show vtp status

VTP Version : 2

Configuration Revision : 6

Maximum VLANs supported locally : 255

Number of existing VLANs : 8

VTP Operating Mode : Client

VTP Domain Name : logbook

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x93 0xD6 0x0F 0x54 0x89 0x2D 0x48 0xCF

Configuration last modified by 0.0.0.0 at 3-1-93 01:26:26

Switch>show mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

10 00d0.ff3d.2101 DYNAMIC Fa0/1

11 00d0.ff3d.2101 DYNAMIC Fa0/1

12 00d0.ff3d.2101 DYNAMIC Fa0/1

Switch 3:

Switch#show cdp neighbors

Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge

S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID Local Intrfce Holdtme Capability Platform Port ID

Switch Fas 0/3 144 S 2960 Fas 0/3

Switch Fas 0/4 144 S 2960 Fas 0/4

Switch Fas 0/5 132 S 2960 Fas 0/5

Switch Fas 0/6 132 S 2960 Fas 0/6

Switch#show ip int br

Interface IP-Address OK? Method Status Protocol

FastEthernet0/1 unassigned YES manual down down

FastEthernet0/2 unassigned YES manual down down

FastEthernet0/3 unassigned YES manual up up

FastEthernet0/4 unassigned YES manual up up

FastEthernet0/5 unassigned YES manual up up

FastEthernet0/6 unassigned YES manual up up

FastEthernet0/7 unassigned YES manual down down

FastEthernet0/8 unassigned YES manual down down

FastEthernet0/9 unassigned YES manual down down

FastEthernet0/10 unassigned YES manual down down

FastEthernet0/11 unassigned YES manual down down

FastEthernet0/12 unassigned YES manual down down

FastEthernet0/13 unassigned YES manual down down

FastEthernet0/14 unassigned YES manual down down

FastEthernet0/15 unassigned YES manual up up

FastEthernet0/16 unassigned YES manual up up

FastEthernet0/17 unassigned YES manual up up

FastEthernet0/18 unassigned YES manual up up

FastEthernet0/19 unassigned YES manual down down

FastEthernet0/20 unassigned YES manual down down

FastEthernet0/21 unassigned YES manual down down

FastEthernet0/22 unassigned YES manual down down

FastEthernet0/23 unassigned YES manual down down

FastEthernet0/24 unassigned YES manual down down

GigabitEthernet0/1 unassigned YES manual down down

GigabitEthernet0/2 unassigned YES manual down down

Vlan1 unassigned YES manual administratively down down

Vlan99 172.168.10.3 YES manual down down

Switch#show vlan br

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/7, Fa0/8

Fa0/9, Fa0/10, Fa0/11, Fa0/12

Fa0/13, Fa0/14, Fa0/19, Fa0/20

Fa0/21, Fa0/22, Fa0/23, Fa0/24

Gig0/1, Gig0/2

10 sales active Fa0/15, Fa0/16

11 marketing active Fa0/17

12 production active Fa0/18

1002 fddi-default active

1003 token-ring-default active

1004 fddinet-default active

1005 trnet-default active

Switch#show vtp status

VTP Version : 2

Configuration Revision : 6

Maximum VLANs supported locally : 255

Number of existing VLANs : 8

VTP Operating Mode : Client

VTP Domain Name : logbook

VTP Pruning Mode : Disabled

VTP V2 Mode : Disabled

VTP Traps Generation : Disabled

MD5 digest : 0x93 0xD6 0x0F 0x54 0x89 0x2D 0x48 0xCF

Configuration last modified by 0.0.0.0 at 3-1-93 01:26:26

Switch#show mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

10 00d0.ff3d.2105 DYNAMIC Fa0/5

11 00d0.ff3d.2105 DYNAMIC Fa0/5

12 00d0.ff3d.2105 DYNAMIC Fa0/5

Thank you for looking over my post, let me know if I can provide anymore information.

balaji.bandi · ‎05-15-2020

Look at the config

how is these switches connected each other ? what port they connect( between switches, may be some information or diagram to help you.

where your Layer 3 SVI interface configured for VLAN 10,11,12

Most of the ports on all switches belong to VLAN 1, other 1 or 2 ports configured VLAN 11 or LAN 12

Also give what IP adress of their VLANs

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

Richard Burts · ‎05-15-2020

Looking through the output posted it shows that SW1 has only one access port that is not in the default vlan 1, which is 0/15 in vlan 11. SW2 has only one access port that is not in the default vlan 1 which is 0/15 in vlan 12. SW3 has 4 access port that are not in the default vlan 1 which are 0/15 and 0/16 in vlan 10, 0/17 in vlan 11, and 0/18 in vlan 12.

Am I correct in understanding that devices in vlan 12 can ping each other but that in vlan 11 can not? What about in vlan 10?

it might be helpful if you post the output of show interface trunk from each switch.

Would you test test ping in vlan 11 again (pinging sw1 to sw3 and sw3 to sw1) and then immediately get the output of show arp (arp-a or whatever for the OS).

Have you you checked for the possibility that firewall on one or both may be preventing ping?

HTH

Rick

Orbeck · ‎05-17-2020

Sorry for the late reply, the email notifications got sent to my junk mail for some reason!

Here is the show interface trunk output for each switch.

Switch 1:

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 99

Fa0/2 on 802.1q trunking 99

Fa0/5 on 802.1q trunking 99

Fa0/6 on 802.1q trunking 99

Gig0/1 on 802.1q trunking 99

Port Vlans allowed on trunk

Fa0/1 1-1005

Fa0/2 1-1005

Fa0/5 1-1005

Fa0/6 1-1005

Gig0/1 10-12

Port Vlans allowed and active in management domain

Fa0/1 1,10,11,12

Fa0/2 1,10,11,12

Fa0/5 1,10,11,12

Fa0/6 1,10,11,12

Gig0/1 10,11,12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,10,11,12

Fa0/2 10,11,12

Fa0/5 10,11,12

Fa0/6 10,11,12

Gig0/1 10,11,12

Switch 2:

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 99

Fa0/2 on 802.1q trunking 99

Fa0/3 on 802.1q trunking 99

Fa0/4 on 802.1q trunking 99

Port Vlans allowed on trunk

Fa0/1 10-12,99

Fa0/2 10-12,99

Fa0/3 10-12,99

Fa0/4 10-12,99

Port Vlans allowed and active in management domain

Fa0/1 10,11,12

Fa0/2 10,11,12

Fa0/3 10,11,12

Fa0/4 10,11,12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 10,11,12

Fa0/2 none

Fa0/3 10,11,12

Fa0/4 10,11,12

Switch 3:

Port Mode Encapsulation Status Native vlan

Fa0/3 on 802.1q trunking 99

Fa0/4 on 802.1q trunking 99

Fa0/5 on 802.1q trunking 99

Fa0/6 on 802.1q trunking 99

Port Vlans allowed on trunk

Fa0/3 10-12,99

Fa0/4 10-12,99

Fa0/5 10-12,99

Fa0/6 10-12,99

Port Vlans allowed and active in management domain

Fa0/3 10,11,12

Fa0/4 10,11,12

Fa0/5 10,11,12

Fa0/6 10,11,12

Port Vlans in spanning tree forwarding state and not pruned

Fa0/3 none

Fa0/4 none

Fa0/5 10,11,12

Fa0/6 none

Here is a screenshot of the arp -a output on the vlan 11 host:

The pings between switch 1 to switch 3, and switch 3 to switch 1 both failed.

As I was typing up this reply I was testing pings between vlans 10, 11 and 12 again - previously only vlan 12 could ping each other, but now none of those vlans can ping each other.

I don't think I have any firewalls switch on, they are definitely not turned on within the host machines, and honestly I'm unsure of how to check if they are on within the switches.

Appreciate the help so far, hopefully my further information helps you!

Richard Burts · ‎05-17-2020

No problem about delays responding. I have the experience from time to time that notification emails were in junk folder. Not sure why. Just happens.

It it is difficult to determine what connects to what since all switches have the default name. Might make it easier if each switch had a unique name- perhaps some thing simple like sw1, sw2, sw3. I am assuming that sw1 0/1 and 0/2 connect to sw2 0/1 and 0/2 and sw1 0/5 and 0/6 connect to sw3 0/5 and 0/6 and sw2 0/3 and 0/4 connect to sw3 0/3 and 0/4. Can you verify this is correct?

the output of show interface trunk is interesting. It shows that there is a single interface carrying the vlans between sw1 and sw2 (0/1 but not 0/2) and a single interface carrying the vlans between sw1 and sw3 (0/5 but not 0/6). And there are no interfaces carrying the vlans between sw2 and sw3. This is almost certainly the result of spanning tree blocking potential loops in the network. The good news is that there is an active layer 2 path for each of the vlans between each of the switches.

Based on on this I would expect that any 2 PCs in the same vlan to be able to communicate. I would not expect any PC to be able to communicate with any PC in a different vlan. So taking things one step at a time, you have 2 PCs in vlan 10. Would you post the IP address, mask, and gateway of both of them? The do arp-a, attempt ping, arp-a again and post the outputs?

HTH

Rick

Orbeck · ‎05-18-2020

Yes those connections are correct, sorry I should have posted that already.

For vlan 10 I only have one PC and one server. Each vlan has 1 pc and 1 server, the 3 pc's are connected to switch 3 as well as the vlan 10 server, switch 2 has vlan server 12, and switch 1 has vlan server 11 as well as a router.

Sorry for any confusion, I am frustratingly new to this.

I will post the outputs requested for the vlan 10 PC and the vlan 10 server and hopefully that will provide some sort of helpful output.

Left: PC on Vlan 10. Right: Server on Vlan 10

And their arp outputs.

Left: PC on Vlan 10. Right: Server on Vlan 10.

:

Thank you so much for your help and patience so far.

Richard Burts · ‎05-18-2020

Perhaps I created some confusion when I talked about PCs in your network. I should have been more careful about terminology and said that you have 2 hosts with IP address in each vlan (in this discussion it does not matter whether it is actually a PC or actually a server).

The output from pc and server are quite helpful. When 2 hosts are in the same vlan we expect them to be in the same subnet. It looks like you intended the subnet to be 172.168.10 but the pc address changes the second octet and is 172.165.10.98. Since they aren't in the same subnet they can't arp for each other and can't communicate with each other. Fix the address and see if it works.

If that does work then let us move on to another vlan. Can you send the same outputs for pc and server in another vlan?

HTH

Rick