cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2605
Views
5
Helpful
10
Replies

DIfferent VLAN hosts are not communicating

sanoop m
Level 1
Level 1

Hi All,

We have 2 switches(voice switc) interconnected with few SVI( HSRP). Here what is the issue is we are unable to ping from different vlan hosts. We verified ip routing is enabled even we can ping from different SVI but not able communicate from different vlans. These switches are connected with core switches with running eigrp. What we noticed that those hosts are reachablefrom core switches or from outside ofnetworks so its rule out the degault gateway or ip routing issue. Could you please help me to find the issue.

Switch Model: 3560x

    VSW1<------>VSW2

VSW1-----> Vlan 2 ( 192.168.10.2/24), Vlan 3 ( 192.168.100.2/24) --> Both r HSRP primary

VSW2----> Vlan 2 ( 192.168.10.3/24), Vlan 3 ( 192.168.100.3/24) --> Both r HSRP primary

host 192.168.10.10 not able to communicate to 192.168.20.100

Regards

Sanu

10 Replies 10

Philip D'Ath
VIP Alumni
VIP Alumni

Have the switches got routing enabled?

ip routing

Does the default gateway on the hosts with the issues point to the HSRP address of the 3560 in the respective VLAN?

Just correcting ip from core switch.

Hi All,

 I attached the diagram and out put results.

Issue is IP 192.168.10.10(vlan 301) not able to communicate to 192.168.20.100( vlan 210). Not a single Ip issue , any IP belongs to 192.168.10.0/24 except SVI interface vlan 210 and 301 not able to communicate.

VDM01#show ip int brie | ex una
Interface              IP-Address      OK? Method Status                Protocol

Vlan210                192.168.20.3  YES NVRAM  up                    up
Vlan214                165.43.107.3    YES NVRAM  up                    up
Vlan301                192.168.10.2  YES NVRAM  up                    up

VDM01#ping 192.168.20.100 sou 192.168.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.100, timeout is 2 seconds:
Packet sent with a source address of 192.168.10.2
.....
Success rate is 0 percent (0/5)

VDM01#ping 192.168.20.100

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.100, timeout is 2 seconds:
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/6/16 ms

VDM01#show run int gi0/6
Building configuration...

Current configuration : 250 bytes
!
interface GigabitEthernet0/6
 description MUMPT-IPSI-ACM-CTRL-A
 switchport access vlan 210
 switchport mode access
 speed 100
 duplex full
 srr-queue bandwidth share 1 22 33 44
 priority-queue out
 mls qos vlan-based
 spanning-tree portfast
end
VDM01#show run int vlan 210
Building configuration...

Current configuration : 277 bytes
!
interface Vlan210
 description IPSI-A_192.168.20.0/24
 ip address 192.168.20.3 255.255.255.0
 no ip redirects
 no ip proxy-arp
 load-interval 30
 standby 1 ip 192.168.20.1
 standby 1 timers 1 3
 standby 1 authentication baronet2
 service-policy input VOICE.VLAN
end

VDM01#show policy-map

  Policy Map VOICE.VLAN
    Class VOICE.BEARER.ACCESS.LIST
      trust dscp
      service-policy PORT.VOICE.BEARER
    Class VOICE.SETUP.ACCESS.LIST
      trust dscp

Extended IP access list VOICE.BEARER.ACCESS.LIST
    10 permit ip any any dscp ef
Extended IP access list VOICE.SETUP.ACCESS.LIST
    10 permit ip any any dscp af31
    20 permit ip any any dscp cs3

Its reachable from core switch9 (from core to vdm connecting through routing protocol).

cr01#ping 192.168.20.100 so 165.43.114.3

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.100, timeout is 2 seconds:
Packet sent with a source address of 165.43.114.3
!.!.!
Success rate is 60 percent (3/5), round-trip min/avg/max = 1/1/1 ms

Regards

Sanu

Firstly, it seems that whatever switch has the address 192.168.20.100 does not know how to reach vlan 301. It does not know how to route it, or it does not have vlan 301 configured in it.

It would be nice if you could give us the sh vlan br and sh int trunk in the 192.168.20.100 switch.

BR!

JC

Hi JC,

I will provide those soon. But I don't know why show int trunk required?

I noticed that no ip proxy-arp is not configured on vlan 301. Is it creat this type of problem?

Regard

Sanu

I wouldlike to know if vlan exists in its vlan database and if the trunk is permitting the vlans.

Regards!

JC

Hi JC,

Please find the details below.


VDM01#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
5    Switch_Mgmt_BB_Routing           active
210  192.168.20.0/24                  active    Gi0/6, Gi0/7, Gi0/28
214  165.43.107.0/24                  active
301  192.168.10.0/24                  active


VDM01#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP

Vl210       1    100   Standby 192.168.20.3    local           192.168.20.1
Vl214       1    105 P Active  local           165.43.107.2    165.43.107.1
Vl301       1    105 P Active  local           192.168.10.3    192.168.10.1


VDM01#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Po1         on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po1         1-4094

Port        Vlans allowed and active in management domain
Po1         1,5,210,214,301

Port        Vlans in spanning tree forwarding state and not pruned
Po1         1,5,210,214,301

VDM02#show vlan brie

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active
5    Switch_Mgmt_BB_Routing           active
210  192.168.20.0/24                  active
214  165.43.107.0/24                  active    Gi0/5, Gi0/6, Gi0/28, Gi0/29
301  ACM-A_165.43.107.144/29          active    Gi0/21

VDM02#show standby brief
                     P indicates configured to preempt.
                     |
Interface   Grp  Pri P State   Active          Standby         Virtual IP
Vl210       1    105 P Active  local           192.168.20.3    192.168.20.1
Vl214       1    100   Standby 165.43.107.3    local           165.43.107.1
Vl301       1    100   Standby 192.168.10.2    local           192.168.10.1


VDM02#show int trunk

Port        Mode             Encapsulation  Status        Native vlan
Po1         on               802.1q         trunking      1

Port        Vlans allowed on trunk
Po1         1-4094

Port        Vlans allowed and active in management domain
Po1         1,5,210,214,301

Port        Vlans in spanning tree forwarding state and not pruned
Po1         1,5,210,214,301

Regards

Sanu

Carlos Villagran
Cisco Employee
Cisco Employee

Hello Sanoop,

I do not see any SVI in the 192.168.20.0 range so, if you are using SVIs as gateway the you will need a way to reach 20.0 segment in your switch i.e. creating a SVI of a vlan for that segment.

Best Regards!

JC

Hi,

What default Gateway is configured on hosts on Subnet 192.168.10.0/24?

Does this Default Gateway know the Subnet of 192.168.20.0/24?

Take a look at the output from show ip route on the Gateway for 192.168.10.0/24, then the same for other Subnet 192.168.20.0/24 does this Gateway know the way back?

If there is no route for these subnets all packets will redirectet to routers default route, then i think EIGRP isn´t configured corect.

For more information  post a show run output of the devices.

Regards

Marco

Hello

Bit hard to Ts without understanding your topology but if you can ping from the core to any vlan but not from between vlans then it would seem to point the intervlan -routing!

Can you ping from the core switch sourcing from another l3 SVi on the same core switch? if not what does you arp cache show?

Do you have PVLANs or ip routing enabled on any access switches when not applicable, when a default-gateway should be defined

On your L3 svi do you have the correct subnet range for that vlan or any Racls applied

res

Paul


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
Review Cisco Networking for a $25 gift card