Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1403
Views
0
Helpful
6
Replies

Cant ping VLAN from same switch

Bab L
Level 1
Level 1

‎02-08-2017 08:57 PM - edited ‎03-08-2019 09:15 AM

Hi.

We have configured a temporary solution to connect to our switches.

Clients on the 192.168.100.x network can ping clients on all the networks but not on the 172.17.1.x.

When doing a ping on the switch with source an 192 address it doesn't work either.

When I do a traceroute it keeps looping on the vlan interface of the core switch. 

What is wrong here??

Switch relative config:


vrf definition mgmtVrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
vrf list mgmtVrf
!


!
ip vrf BMCS-VRF
rd 302:1
route-target export 302:1
route-target import 305:1
!
ip vrf EMGCY-VRF
rd 307:1
!
ip vrf FIRE-VRF
rd 305:1
route-target export 305:1
route-target import 302:1
!
ip vrf LIGHT-VRF
rd 304:1
!
ip vrf MGMT-VRF
rd 301:1
!
ip vrf PASYS-VRF
rd 306:1
!
ip vrf PWRMGMT-VRF
rd 303:1
!

!
!
vtp domain linktonowhere
vtp mode transparent
!
!
!
p
!
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
mode sso
!
!
vlan 100
!
vlan 301
name V301_ESN_MGMT
!

!
interface Loopback0
ip vrf forwarding MGMT-VRF
no ip address
!

switchport mode trunk
!
interface FastEthernet1
vrf forwarding mgmtVrf
no ip address
speed auto
duplex auto
!

!
interface GigabitEthernet1/2/47
description "Temporary"
switchport access vlan 100
switchport mode access
!

!
interface Vlan1
no ip address
!
interface Vlan100
description "Temporary
ip vrf forwarding BMCS-VRF
ip address 192.168.100.211 255.255.255.0
!
interface Vlan301
description MGMT-VRF
ip address 172.17.1.1 255.255.255.0
!
interface Vlan302
ip vrf forwarding BMCS-VRF
ip address 172.17.2.1 255.255.255.0
!
interface Vlan303
ip vrf forwarding BMCS-VRF
ip address 172.17.3.1 255.255.255.0
!
interface Vlan304
ip vrf forwarding BMCS-VRF
ip address 172.17.4.1 255.255.255.0
!
interface Vlan305
no ip address
!
interface Vlan320
ip vrf forwarding FIRE-VRF
ip address 172.17.20.1 255.255.255.0
!
interface Vlan321
ip vrf forwarding FIRE-VRF
ip address 172.17.21.1 255.255.255.0
!
interface Vlan322
ip vrf forwarding FIRE-VRF
ip address 172.17.22.1 255.255.255.0
!
interface Vlan323
ip vrf forwarding FIRE-VRF
ip address 172.17.23.1 255.255.255.0
!
interface Vlan324
ip vrf forwarding FIRE-VRF
ip address 172.17.24.1 255.255.255.0
!
interface Vlan325
ip vrf forwarding FIRE-VRF
ip address 172.17.25.1 255.255.255.0
!
router bgp 1
bgp log-neighbor-changes
!
address-family ipv4 vrf BMCS-VRF
redistribute connected
redistribute static
exit-address-family
!
address-family ipv4 vrf FIRE-VRF
redistribute connected
redistribute static
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
ip route 192.168.100.0 255.255.255.0 Vlan100
ip route vrf BMCS-VRF 0.0.0.0 0.0.0.0 192.168.100.1

Labels:
0 Helpful
6 Replies 6

Philip D'Ath
VIP Alumni
VIP Alumni

‎02-08-2017 10:04 PM

They are in different VRFs.  If you want them to talk place them in the same VRF.

0 Helpful

Bab L
Level 1
Level 1
In response to Philip D'Ath

‎02-12-2017 09:23 PM

Hi all.

I put the in the same VRF but once I do that, then switch cannot ping the 172.17.1.x range which is the management VLAN (MGMT-VRF).

Can someone advise of any command that will allow access from any vrf to any vrf?

Thank you

0 Helpful

Philip D'Ath
VIP Alumni
VIP Alumni
In response to Bab L

‎02-12-2017 09:24 PM

The whole point of VRFs is to prevent that kind of communication.  If that is what you really want, then remove all the VRFs.

0 Helpful

Bab L
Level 1
Level 1
In response to Philip D'Ath

‎02-12-2017 09:27 PM

We need this for temporary access from remote location until all networks are setup. Once networks are up it will be removed. VRF's will need to remain as it's part of the design configuration.

0 Helpful

Alexey Belozerov
Cisco Employee
Cisco Employee

‎02-08-2017 10:42 PM

You configure VRF MGMT-VRF as follows:

ip vrf MGMT-VRF
 rd 301:1
interface Vlan301
 description MGMT-VRF
 ip address 172.17.1.1 255.255.255.0

VRF BMCS-VRF:

ip vrf BMCS-VRF
 rd 302:1
 route-target export 302:1
 route-target import 305:1

interface Vlan100
 description "Temporary
 ip vrf forwarding BMCS-VRF
 ip address 192.168.100.211 255.255.255.0

They belong to different VRFs. It must not work. But why can you reach all other 172.17.x.y/24 networks from VRF FIRE-VRF except 172.17.1.y? Because of the configuration of VRF FIRE-VRF where you're using the same route-targets as for VRF BMCS-VRF:

ip vrf FIRE-VRF
 rd 305:1
 route-target export 305:1
 route-target import 302:1

Why don't you put these SVIs to the same VRF?

0 Helpful

Pawan Raut
Level 4
Level 4

‎02-08-2017 11:24 PM

Change them to same vrf or do the route-leaking between VRFs

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card