The default gateway doesn't respond to ping if I do that from VLAN, but I can ping that If I do that from console of the switch.

Note: I cannot see the IP configuration of the default gateway, I know only IP adderess and Netmask

10.10.10.1 255.255.0.0.

Thanks a lot.

Alberto

Yes I confirm that.

Thanks a lot.

Alberto

Hi,

Is the router having a route back to your VLAN2  subnet?

Can you do this:

ip access-list extended 101

permit icmp any any

debug ip packet detail 101

Regards.

Alain.

Here my configuration and ping results

Switch#sh conf
Using 1819 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$AcgB$WQuC0Tjc1Tr1cDSRAqoYW0
enable password cisco
!
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
no switchport
ip address 10.10.113.2 255.255.0.0
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.1.1.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.113.1
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end

Switch#ping 10.10.113.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.113.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

Switch#ping
Protocol [ip]:
Target IP address: 10.10.113.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.113.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)

thanks for support.

Alberto

Hi,

Can you do this while pinging the router from Vlan2 ip address:

If you are connected via telnet/ssh first issue terminal monitor in privileged mode  and in config issue logging monitor debug command.

then enter these commands:

ip access-list extended 101

permit icmp any any

debug ip packet detail 101( privileged mode)

post output here.

Regards.

alain.

Hi again,

waiting my opportunity to try your last command suggested, I would reply to your question

"Is the router having a route back to your VLAN2  subnet?"

No I can't modify configuration of router (non CISCO), and I'm sure about 10.10.113.1 and netmask 255.255.0.0, no gateway is setted (I think).

That's could be a problem?

Best regards.

Alberto

Hi,

if the router hasn't got a route to a no directly connected subnet then he can't reply to the pings.

Regards.

Alain.

Ok, I understand.

You mean If I cannot ping the router, I cannot obtain any connection to the router from VLANs, right?

Best regards.

Alberto

Hi,

It could be ACL on router blocking this traffic but indeed if the router doesn't have a route to VLAN2 how can he reply to any traffic from VLAN2

(including pings).

Regards.

Alain.

Can you do a trace route from the switch using the VLAN2 interface as the source IP to the GW IP and post back the results please?

Do you have a copy of the routing table from the default GW?

Here my routing table,

Switch#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.1.1 to network 0.0.0.0

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.1.0 is directly connected, Vlan2
C    192.168.1.0/24 is directly connected, GigabitEthernet1/0/24
S*   0.0.0.0/0 [1/0] via 192.168.1.1
Switch#

What I can't understand is, why I can't pig the defautl gateway if I make a icmp packet from VLAN?

Switch#ping 192.168.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
Switch#

Hi Alberto,

How do you want us to try to solve your problem if you don't at least try some of the commands we're asking you to issue?

As I said before the router you are pinging doesn't know about VLAN2 because it is not directly connected  so how can he reply.

That is the most probable cause of your ping failure in my opinion,, the other one is an ACL blocking pings on the router,

to put away this last cause I asked you the debug in the post above because if it is an ACL you should receive an icmp message telling you

it is administratively prohibited( if ip unreachables are not disabled) and if it is a route problem then you won't get no replies.

But anyway even if it is what I think, if you can't put a route on this router then you'll have to do with it or change your way of doing things.

What is your topology and what do you want to achieve?

Regards.

Alain.