Cannot ping two host using SVIs?

petey1984 · ‎11-03-2012

Hello I have setup two ports with two host conencted to them one with address 10.1.70.2/24 and the other is 10.1.80.2/24. I created two SVIs(VLAN70 = 10.1.70.1/24 and VLAN80 = 10.1.80.1/24).

However I am unable to ping the two hosts. Each host can ping each of the SVIs but cannot ping each other.

Please help, the following are my configs:

Current configuration : 1637 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname SW1

!

no aaa new-model

no ip subnet-zero

ip routing

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

shutdown

!

interface FastEthernet0/2

shutdown

!

interface FastEthernet0/3

switchport access vlan 70

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 80

switchport mode access

!

interface FastEthernet0/5

!

interface Vlan70

ip address 10.1.70.1 255.255.255.0

!

interface Vlan80

ip address 10.1.80.1 255.255.255.0

!

ip classless

ip http server

ip http secure-server

!

control-plane

!

line con 0

line vty 0 4

privilege level 15

password password

no login

line vty 5 15

privilege level 15

password password

no login

!

end

Have I configured it correctly? Ip routing is enable but am still unable to get the hosts to ping each other.

All host are configured correctly with their ip add and default gateway.

Please help??

Reza Sharifi · ‎11-03-2012

Hi,

Did you also create the layer-2 vlan for each one

config t

vlan 70

name test vlan

vlan 80

name test1 vlan

one more thing

do the hosts have firewall software on them that could be blocking ping?

HTH

Richard Burts · ‎11-03-2012

I wonder why the original poster has this in the config

no ip subnet-zero

I believe that modern Best Practice is to enable subnet zero.

But I do not believe that this has anything to do with the problem that is asked about in this thread.

I believe that Reza makes a good point in asking about whether the layer 2 vlan was actually created.

It the original poster confirms that the vlans are correctly created, then I would suggest that a very common source of this kind of problem is that the PCs may have a firewall enabled that does not permit ping to the PC. So I would suggest a test in which the original poster goes into both PCs and disables any firewall that may be running.

HTH

Rick

HTH

Rick

petey1984 · ‎11-03-2012

Hi Reza,

Yes I have configured the layer 2 vlans, as you can see:

SW1#show vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/1, Fa0/2, Fa0/5, Fa0/6

Fa0/7, Fa0/8, Fa0/9, Fa0/10

Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20, Fa0/21, Fa0/22

Fa0/23, Fa0/24, Gi0/1, Gi0/2

2 VLAN0002 active

3 VLAN0003 active

10 management active

70 testsvi70 active Fa0/3

80 testsvi80 active Fa0/4

1002 fddi-default act/unsup

1003 token-ring-default act/unsup

1004 fddinet-default act/unsup

1005 trnet-default act/unsup

Hey Richard I will check the hosts and try disabling the firewall to see if that resolves the issue....

Reza Sharifi · ‎11-03-2012

Hi Peter,

Window 7 has firewall enabled by default. You would need to go and disable the services for it.

see below link:

http://windows.microsoft.com/is-IS/windows7/Turn-Windows-Firewall-on-or-off

HTH

Jeff Van Houten · ‎11-03-2012

What model switch is it?

Sent from Cisco Technical Support iPad App

Sebastian Hughes · ‎11-04-2012

If you debug ICMP are the pings leaving the switch? Also have you tried to Wireshark the PCs to see if they are recovering the ping?

Sent from Cisco Technical Support iPad App

glen.grant · ‎11-04-2012

I agree with Reza , if you ping the default gateways from the clients but just not to the client , this is most likely a windows firewall or any other type of software FW that it needs to be turned off.

eLiAsAn41 · ‎11-05-2012

Hi Peter,

I suggest for troubleshooting this you need another L2 Switch. Then make a Trunk connection from your L2 Switch to your L3 Switch. Then try to ping the hosts. You should have the VLANs also on the L2 Switch.

Make sure to disable firewall on the hosts

Thanks,

Eli