Solved: Curious InterVLAN Routing issue between some VLANs on Cisco 3750

paulwalliman · ‎08-23-2011

Hi all,

I`ve been setting up a test network to try out configuring VLANs and interVLAN routing on a Cisco 3750 in preparation for rolling out to our live network.

I`ve managed to get InterVLAN routing working between two of the VLANs but I`ve a curious problem pinging one way between two new VLANs I`ve setup.

Basically I`ve done the following:

1. Setup 4 VLANs with IPs VLAN1 172.16.80.94, VLAN30 172.30.80.94, VLAN40 172.40.80.94, and VLAN50 172.50.80.94 All subnets 255.255.0.0.

2. Enabled vlan routing

3. I`ve then setup four PCs, one on each VLAN. PC1 172.16.80.80, PC2 172.30.80.81, PC3 172.40.80,83 and PC4 172.50.80.84 with subnets 255.255.0.0 and default gateways to their respective VLAN ip.

While testing the PCs on each VLAN I`ve come across a problem.

The PCs on VLAN1 and VLAN2 can ping all other PCs but the PCs on VLAN40 and VLAN50 can only ping the PC on VLAN1. However, they can ping the VLAN ips of their own and the other VLANs.

I`ve checked that the default gateways are set to their respective VLAN ips and that the VLANs are setup with routing and that routing is enabled. I`ve also swapped the PCs VLAN allocations around and the problem moves with their VLAN rather than the PC

I`m a bit stuck now so any pointers would be greatly appreciated.

Many thanks,

Paul

Peter Paluch · ‎08-23-2011

Paul,

The first thing I would do is temporarily deactivate all firewalls on those PCs, both Windows built-in firewall and all additional firewalls there may be (ESET, Kerio,...). It is my experience that on most Windows installations, the firewalls are configured in a quite haphazard manner, sometimes allowing ourselves to be pinged and sometimes not. So try to verify the settings on the PCs and deactivate the firewall on them for the time being.

What should work even now, however, is pinging all IP addresses of your 3750 Catalyst switch from any PC. If this does not work, neither, then there is some other problem present as well. A glimpse into your current config would be most helpful in that case.

Best regards,

Peter

View solution in original post

Peter Paluch · ‎08-23-2011

Paul,

The first thing I would do is temporarily deactivate all firewalls on those PCs, both Windows built-in firewall and all additional firewalls there may be (ESET, Kerio,...). It is my experience that on most Windows installations, the firewalls are configured in a quite haphazard manner, sometimes allowing ourselves to be pinged and sometimes not. So try to verify the settings on the PCs and deactivate the firewall on them for the time being.

What should work even now, however, is pinging all IP addresses of your 3750 Catalyst switch from any PC. If this does not work, neither, then there is some other problem present as well. A glimpse into your current config would be most helpful in that case.

Best regards,

Peter

paulwalliman · ‎08-23-2011

Hi Peter,

Spot on.

One of the PCs had re-enabled the Windows Firewall somehow, although I`d disabled them all when I set them up. A mix of XP and Vista for my sins so might have done it when changing IP adresses etc.

They all had Kaspersky antivirus on too which I disabled. Lo and behold it`s all working as it should do now.

Next step is to sort out Kaspersky as I`ll be using this on the live LAN too.

Many thanks for your speedy reply.

Cheers,

Paul

Julio Garcia · ‎08-23-2011

can you show us a #sh ip route , also make sure proxy arp is disabled on your vlan interfaces

int vlan x

no ip proxy-arp