cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1767
Views
0
Helpful
4
Replies

Catalyst 3560 SVI - VMs cannot access Internet

Hello everyone,

I have 5 SVIs configured for VLAN Interfaces 121-125 for my vSphere environment.

All VMs can ping IPs on all the VLANs (VMs on VLAN 124 can ping VMs on VLAN121)

All VMs, except those on VLAN 124, can access the Internet or even ping my router IP.

If I change one of the VLAN 124 VMs to use a different VLAN, and update the addressing appropriately, it can access the Internet.

The problem is exhibited with Windows and Linux VMs.  So, I believe something in my switch setup is the problem with VLAN 124 in particular.

If i do a show vlan brief, VLAN 124 is listed.

If I do a show ip int brief, VLAN 124 is listed as up\up.  I also tried to shut\no shut the VLAN 124 interface.

Has anyone encountered a similar problem where one specific VLAN has connectivity problems?

My topology is Catalyst 3560 to home router to Internet.

Here is my IOS image: c3560-ipservicesk9-mz.122-55.SE6.bin

Here is my show run output:

3560_02#sh run

Building configuration...

Current configuration : 5900 bytes

!

version 12.2

service config

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3560_02

!

boot-start-marker

boot-end-marker

aaa new-model

!

!

aaa session-id common

system mtu routing 1600

vtp interface lo0 only

authentication mac-move permit

ip routing

ip domain-name test.com

!

!

ip multicast-routing distributed

ip igmp snooping querier address 192.168.120.254

!

!

interface Loopback0

ip address 11.1.1.11 255.255.255.0

!

interface Port-channel1

switchport access vlan 121

switchport mode access

!

interface FastEthernet0/17

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/18

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/19

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/20

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/29

switchport access vlan 122

switchport mode access

!

interface FastEthernet0/30

switchport access vlan 122

switchport mode access

!

interface FastEthernet0/31

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,121-125

switchport mode trunk

!

interface FastEthernet0/33

switchport access vlan 121

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

interface FastEthernet0/34

switchport access vlan 121

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet0/4

no switchport

ip address 10.66.95.254 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

interface Vlan120

ip address 192.168.120.254 255.255.255.0

ip pim sparse-dense-mode

!        

interface Vlan121

ip address 192.168.121.254 255.255.255.0

!

interface Vlan122

ip address 192.168.122.254 255.255.255.0

!

interface Vlan123

ip address 192.168.123.254 255.255.255.0

!

interface Vlan124

ip address 192.168.124.254 255.255.255.0

!

interface Vlan125

ip address 192.168.125.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.66.95.194

ip http server

ip http secure-server

!

ip pim ssm default

!

ip sla enable reaction-alerts

!

end

====================================================================================== If my answers have been helpful in any way, please rate accordingly. Check out my blog for useful vSphere & UCS tips: www.vmtrooper.com
2 Accepted Solutions

Accepted Solutions

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can any of the VMs in vlan 124 ping  10.66.95.254 ?

Can you also provide the config from the router

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

View solution in original post

rsimoni
Cisco Employee
Cisco Employee

Hi Trevor,

what you describe does not seem to be a switch issue.

Check first of all your default gateway routing (if it knows the route back to vlan 124) on 10.66.95.194.

If you have firewalls in between make sure they have the correct configuration.

Also, can the switch ping any address in the Internet sourcing from SVI 124 - 192.168.124.254?

Riccardo

View solution in original post

4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

Hi,

Can any of the VMs in vlan 124 ping  10.66.95.254 ?

Can you also provide the config from the router

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.

rsimoni
Cisco Employee
Cisco Employee

Hi Trevor,

what you describe does not seem to be a switch issue.

Check first of all your default gateway routing (if it knows the route back to vlan 124) on 10.66.95.194.

If you have firewalls in between make sure they have the correct configuration.

Also, can the switch ping any address in the Internet sourcing from SVI 124 - 192.168.124.254?

Riccardo

Thank you gentlemen!

I forgot to go back to the basics.

Since the home router is Linksys and there's no routing protocol, I forgot that I had to manually add static routes for the earlier VLANs that I had setup.

After adding the static route for this VLAN, I am able to get out.

Best regards,

Trevor

====================================================================================== If my answers have been helpful in any way, please rate accordingly. Check out my blog for useful vSphere & UCS tips: www.vmtrooper.com

sometime that happens...

this is what the forum can be useful for: help identify what has been overlooked.

Riccardo

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco