ā01-20-2011 12:38 AM - edited ā03-06-2019 03:05 PM
Hi all, I have a question about VLAN routing and Gateway routing.
I configured some VLAN, here you can see VLAN2, consider that all VLAN are reachable from all VLAN
...
ip routing
...
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
switchport access vlan 2
switchport mode access
...
interface Vlan2
ip address 10.1.1.1 255.255.255.0
!
...
After that I configured connection with the default gateway:
interface GigabitEthernet1/0/21
no switchport
ip address 10.10.10.2 255.255.255.252
!
...
and routing:
ip route 0.0.0.0 0.0.0.0 10.10.10.1
from console of the switch I can ping all interfaces (gateway included) and I show you the routing table
Switch3750G#sh ip route
...
Gateway of last resort is 10.10.10.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 8 subnets, 2 masks
...
...
...
C 10.10.10.0/30 is directly connected, GigabitEthernet1/0/21
...
C 10.1.1.0/24 is directly connected, Vlan2
...
S* 0.0.0.0/0 [1/0] via 10.10.10.1
Switch3750G#
but I cannot ping the interface 10.10.10.1 from one of gateway in the VLAN
Please let my know If I wrong something
Thanks a lot
Alberto
Solved! Go to Solution.
ā01-20-2011 01:23 AM
Hi Alberto,
Do you mean that when you source ping from vlan 2 to the gateway you arent able to ping ?
Please calrify.
Regards,
Swati
ā01-20-2011 12:51 AM
Hi,
but I cannot ping the interface 10.10.10.1 from one of gateway in the VLAN
what do you mean: you can't ping the default gateway from one host in VLAN 2?
Regards
.
Alain.
ā01-20-2011 01:01 AM
The default gateway doesn't respond to ping if I do that from VLAN, but I can ping that If I do that from console of the switch.
Note: I cannot see the IP configuration of the default gateway, I know only IP adderess and Netmask
10.10.10.1 255.255.0.0.
Thanks a lot.
Alberto
ā01-20-2011 01:23 AM
Hi Alberto,
Do you mean that when you source ping from vlan 2 to the gateway you arent able to ping ?
Please calrify.
Regards,
Swati
ā01-20-2011 02:33 AM
Yes I confirm that.
Thanks a lot.
Alberto
ā01-20-2011 02:55 AM
Hi,
Is the router having a route back to your VLAN2 subnet?
Can you do this:
ip access-list extended 101
permit icmp any any
debug ip packet detail 101
Regards.
Alain.
ā01-20-2011 10:00 AM
Here my configuration and ping results
Switch#sh conf
Using 1819 out of 524288 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname Switch
!
enable secret 5 $1$AcgB$WQuC0Tjc1Tr1cDSRAqoYW0
enable password cisco
!
no aaa new-model
switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/3
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
no switchport
ip address 10.10.113.2 255.255.0.0
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2
ip address 10.1.1.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.113.1
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password cisco
login
line vty 5 15
password cisco
login
!
end
Switch#ping 10.10.113.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.113.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Switch#ping
Protocol [ip]:
Target IP address: 10.10.113.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.113.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
thanks for support.
Alberto
ā01-20-2011 10:41 AM
Hi,
Can you do this while pinging the router from Vlan2 ip address:
If you are connected via telnet/ssh first issue terminal monitor in privileged mode and in config issue logging monitor debug command.
then enter these commands:
ip access-list extended 101
permit icmp any any
debug ip packet detail 101( privileged mode)
post output here.
Regards.
alain.
ā01-20-2011 01:47 PM
Hi again,
waiting my opportunity to try your last command suggested, I would reply to your question
"Is the router having a route back to your VLAN2 subnet?"
No I can't modify configuration of router (non CISCO), and I'm sure about 10.10.113.1 and netmask 255.255.0.0, no gateway is setted (I think).
That's could be a problem?
Best regards.
Alberto
ā01-20-2011 11:58 PM
Hi,
if the router hasn't got a route to a no directly connected subnet then he can't reply to the pings.
Regards.
Alain.
ā01-21-2011 01:01 AM
Ok, I understand.
You mean If I cannot ping the router, I cannot obtain any connection to the router from VLANs, right?
Best regards.
Alberto
ā01-21-2011 01:24 AM
Hi,
It could be ACL on router blocking this traffic but indeed if the router doesn't have a route to VLAN2 how can he reply to any traffic from VLAN2
(including pings).
Regards.
Alain.
ā01-21-2011 03:21 AM
Can you do a trace route from the switch using the VLAN2 interface as the source IP to the GW IP and post back the results please?
Do you have a copy of the routing table from the default GW?
ā01-21-2011 08:41 AM
Here my routing table,
Switch#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 192.168.1.1 to network 0.0.0.0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.1.0 is directly connected, Vlan2
C 192.168.1.0/24 is directly connected, GigabitEthernet1/0/24
S* 0.0.0.0/0 [1/0] via 192.168.1.1
Switch#
What I can't understand is, why I can't pig the defautl gateway if I make a icmp packet from VLAN?
Switch#ping 192.168.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
Switch#ping
Protocol [ip]:
Target IP address: 192.168.1.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 10.1.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.1, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
.....
Success rate is 0 percent (0/5)
Switch#
ā01-21-2011 09:50 AM
Hi Alberto,
How do you want us to try to solve your problem if you don't at least try some of the commands we're asking you to issue?
As I said before the router you are pinging doesn't know about VLAN2 because it is not directly connected so how can he reply.
That is the most probable cause of your ping failure in my opinion,, the other one is an ACL blocking pings on the router,
to put away this last cause I asked you the debug in the post above because if it is an ACL you should receive an icmp message telling you
it is administratively prohibited( if ip unreachables are not disabled) and if it is a route problem then you won't get no replies.
But anyway even if it is what I think, if you can't put a route on this router then you'll have to do with it or change your way of doing things.
What is your topology and what do you want to achieve?
Regards.
Alain.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide