Devices in the same vlan cannot communicate

ysu · ‎03-13-2024

I have a 2960X 24 ports switch, ports 1-12 are divided to vlan41, ports 13-20 are vlan42. PC1 is in vlan41, PC2 and PC3 are in vlan42. PC2 and PC3 are both able to communicate with PC1, but PC2 cannot communicate with PC3. If plug PC2 and PC3 into ports in vlan41 then all three PCs can communicate with each other. If plug all three PCs into vlan42, all of them cannot communicate with each other.
In short, the issue is that PCs in vlan42 cannot communicate with each other, when trying to ping, it returns "Destination host unreachable", but PCs in vlan42 can communicate with PCs in vlan41 correctly.

David Ruess · ‎03-13-2024

Can you provide the config. It sounds something like Private VLANs configured.

-David

ysu · ‎03-13-2024

interface GigabitEthernet1/0/1
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/2
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/3
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/4
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/5
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/6
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/7
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/8
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/9
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/10
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/11
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/12
switchport access vlan 41
spanning-tree portfast edge
!
interface GigabitEthernet1/0/13
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/14
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/15
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/16
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/17
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/18
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/19
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/20
switchport access vlan 42
spanning-tree portfast edge
!
interface GigabitEthernet1/0/21
switchport access vlan 43
spanning-tree portfast edge
!
interface GigabitEthernet1/0/22
switchport access vlan 43
spanning-tree portfast edge
!
interface GigabitEthernet1/0/23
description to_firewall_edge_device
switchport access vlan 40
spanning-tree portfast edge
!
interface GigabitEthernet1/0/24
switchport access vlan 43
spanning-tree portfast edge
!
interface GigabitEthernet1/0/25
switchport trunk allowed vlan 41,43
switchport mode trunk
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/26
switchport trunk allowed vlan 41,43
switchport mode trunk
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/27
switchport trunk allowed vlan 41,43
switchport mode trunk
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/28
switchport trunk allowed vlan 41,43
switchport mode trunk
spanning-tree link-type point-to-point
!
interface Vlan1
no ip address
!
interface Vlan40
ip address 192.168.191.1 255.255.255.252
!
interface Vlan41
ip address 192.168.192.254 255.255.255.0
ip helper-address 192.168.193.24
!
interface Vlan42
ip address 192.168.193.254 255.255.255.0
ip helper-address 192.168.193.24
!
interface Vlan43
ip address 192.168.194.254 255.255.255.0
ip helper-address 192.168.193.24
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.191.2

here is the config, "show vlan private-vlan" command indicates no vlan is configured as private vlan

RAdamWilliams · ‎03-13-2024

How are you IPing the devices in these networks?

ysu · ‎03-14-2024

PC1 in port, PC2 in port 13 and PC3 in port 16, pc1 can ping pc2 and pc3, pc2 and pc3 can ping 1. PC2 cannot ping pc3, vice versa.

liviu.gheorghe · ‎03-14-2024

Hello @ysu ,

how do the PC's obtain IP addresses? DHCP or static?

Can you share the DHCP config if it's running on a IOS switch or router? In case of static asignment, please share the output of ipconfig /all from the PC's.

Regards, LG
*** Please Rate All Helpful Responses ***

ysu · ‎03-14-2024

It's static

PC1 IP: 192.168.192.1 Subnet mask: 255.255.255.0 Gateway: 192.168.192.254 DNS: 192.168.193.11

PC2 IP: 192.168.193.10 Subnet mask: 255.255.255.0 Gateway: 192.168.193.254 DNS: 192.168.193.11

PC3 IP: 192.168.193.3 Subnet mask: 255.255.255.0 Gateway: 192.168.193.254 DNS: 192.168.193.11

liviu.gheorghe · ‎03-14-2024

Can you also share the arp -a from PC2 & PC3 and also a show mac address-table | i Gi1/0/13|Gi1/0/16 from the switch?

Regards, LG
*** Please Rate All Helpful Responses ***

ysu · ‎03-14-2024

show mac address-table | i Gi1/0/13|Gi1/0/16 rerun
42 0015.5dc1.0a00 DYNAMIC Gi1/0/13
42 0015.5dc1.0a01 DYNAMIC Gi1/0/13
42 0015.5dc1.0a02 DYNAMIC Gi1/0/13
42 a4bf.0156.3488 DYNAMIC Gi1/0/13

arp -a command in PC2 and PC3 cannot found each other, i.e. arp -a command in PC2 doesn't find IP and mac address of PC3, vice versa

liviu.gheorghe · ‎03-14-2024

From the output you provided, your switch is not learning any mac address on port Gi1/0/16. Can you share the output of show interface Gi1/0/16 as well?

Also, have you tried changing the cable connecting PC3 and/or moving it to another port in vlan 42 and see if the switch learns it's mac address?

Regards, LG
*** Please Rate All Helpful Responses ***

ysu · ‎03-15-2024

Hi,

I tried to move it to another port, it keeps the same, devices in the same vlan cannot communicate and and devices in different are able to. And the switch can learn the MAC,

show mac address-table | i Gi1/0/13 returns:

42 0015.5dc1.0a00 DYNAMIC Gi1/0/13
42 0015.5dc1.0a01 DYNAMIC Gi1/0/13
42 0015.5dc1.0a02 DYNAMIC Gi1/0/13
42 a4bf.0156.3488 DYNAMIC Gi1/0/13

show mac address-table | i Gi1/0/16 returns:

42 a4bf.014e.7111 DYNAMIC Gi1/0/16

arp -a command results in PC2 and PC3 are similar returns:

Interface: 192.168.193.3 --- 0x4
Internet Address Physical Address Type
192.168.193.254 00-7e-95-12-5c-43 dynamic
192.168.193.255 ff-ff-ff-ff-ff-ff static

It can found the gateway but cannot found PC2.

MHM Cisco World · ‎03-15-2024

can you check the Firewall in PC,

MHM

ysu · ‎03-15-2024

It's not relate to PC firewall, I tried shutdown the firewall, they are unable to communicate. Also, If I move PC3 into vlan41 then it can communicate with PC2, then move it back to vlan42, it cannot communicate with PC2.

nict · ‎03-15-2024

Did you reboot the switch?

What firmware are you using on the switch?

ysu · ‎03-18-2024

Yes, it's rebooted. Firmware version is 152-7.E7