11-20-2012 06:23 AM - edited 03-07-2019 10:09 AM
I have a 3750 stack with several vlans and svi's. We have had no need to route between them until now. Here is what I have done...
Created the vlans.. vlan 1 and vlan 25
Given each vlan an ip address vlan 1 10.0.0.2 and vlan 25 is 192.168.5.250
no shut on everything
ip routing
sdm routing preferred
default route 0.0.0.0 0.0.0.0 (isp)
If I'm on the switch I can ping anything on vlan 1 and anything on vlan 25 (the device I'm pinging on vlan25 is the svi and a dsl router 192.168.5.1)
From a computer on vlan 1 I can ping the gateway/svi for vlan 1 and the svi for vlan 25 but no devices including the dsl router which pinged fine.
If I put the computer on an access port for vlan 25 I can ping everything just fine on vlan 25 but not vlan 1 (gateway set correctly)
as a test I put in a static route ip route 195.113.20.11 255.255.255.255 192.168.5.1
I did a traceroute from the switch and it comes through great.
I did a traceroute from the computer and it hits my gateway of 10.0.0.2 vlan 1 and stops.
It's like the routing between vlans doesn't work.
Please Help!!!!
Solved! Go to Solution.
11-20-2012 06:35 AM
Hi,
Network diagram will be helpful.
As I understood devices on VLAN 25 behind DSL router? Is router connected to switch or just it's switched ports?
1. Have you added ip route on DSL router to subnet 10.0.0.0/24(put here correct mask)?
2. How DSL router and 3750 are connected?
3. Are you able to ping 192.168.5.1 from 3750?
Abzal
11-20-2012 06:34 AM
Some more information. I have tried also connecting the dsl router to port gi1/0/52 and using no switchport, and giving the port ip address 192.168.5.250 instead of using svi and vlan. Same result. My goal is to send specific traffic to this router but if I can't even ping it, I'm in trouble!!!
Some show version info....
Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)
Technical Support: http://www.cisco.com/techsupport
Copyright (c) 1986-2010 by Cisco Systems, Inc.
Compiled Wed 21-Apr-10 04:49 by prod_rel_team
Image text-base: 0x01000000, data-base: 0x02C00000
ROM: Bootstrap program is C3750 boot loader
BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)
Admin_MDF uptime is 3 hours, 9 minutes
System returned to ROM by power-on
System restarted at 06:22:38 EST Tue Nov 20 2012
System image file is "flash:c3750-ipbasek9-mz.122-53.SE2.bin"
Here is a show run modified. I removed unrealevan ports, crypto maps, qos maps, ntp info, and some static routes, that's it.
!
! NVRAM config last updated at 08:44:07 EST Tue Nov 20 2012 by ladmin
!
version 12.2
no service pad
service tcp-keepalives-in
service tcp-keepalives-out
service timestamps debug datetime localtime show-timezone
service timestamps log datetime localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname Admin_MDF
!
boot-start-marker
boot-end-marker
!
logging buffered 51200
enable secret 5
!
username ladmin privilege 15 secret 5
!
!
aaa new-model
!
!
aaa authentication fail-message Authentication Failed; Try again.
aaa authentication login default local
aaa authentication login local_auth local
aaa authentication ppp default local
aaa authorization exec default local
aaa authorization network default local
!
!
!
aaa session-id common
clock timezone EST -5
clock summer-time EDT recurring
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
switch 3 provision ws-c3750g-48ts
system mtu routing 1500
authentication mac-move permit
udld aggressive
ip subnet-zero
no ip source-route
ip routing
ip domain-name ourdomain.com
ip name-server 10.0.9.30
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree uplinkfast
spanning-tree backbonefast
spanning-tree vlan 1-500 priority 4096
!
vlan internal allocation policy ascending
!
!
!
interface Port-channel1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Port-channel2
description SAN
switchport access vlan 4
switchport mode access
!
interface Port-channel3
switchport access vlan 4
switchport mode access
spanning-tree portfast
!
!
interface GigabitEthernet1/0/20
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/52
switchport access vlan 25
switchport trunk native vlan 25
!
interface Vlan1
description Data Traffic
ip address 10.0.0.2 255.255.0.0
ip helper-address 10.0.9.30
!
interface Vlan25
ip address 192.168.5.250 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.100.0.2
ip route 195.113.20.11 255.255.255.255 192.168.5.1
ip http server
ip http authentication local
ip http secure-server
ip pim rp-address 10.0.0.2
!
!
ip sla enable reaction-alerts
access-list 130 permit ip any 195.113.20.0 0.0.0.255
!
!
line con 0
line vty 0 4
exec-timeout 5 0
timeout login response 15
password 7
logging synchronous
transport input telnet ssh
line vty 5 15
transport input none
!
mac address-table aging-time 60
end
11-20-2012 06:35 AM
Hi,
Network diagram will be helpful.
As I understood devices on VLAN 25 behind DSL router? Is router connected to switch or just it's switched ports?
1. Have you added ip route on DSL router to subnet 10.0.0.0/24(put here correct mask)?
2. How DSL router and 3750 are connected?
3. Are you able to ping 192.168.5.1 from 3750?
Abzal
11-20-2012 06:43 AM
1. The only device I'm trying to ping on vlan 25 is the dsl router lan interface.192.168.5.1. It's connected to fiber port 1/0/52 on 3750. Fiberport on 3750 is in vlan 25. Vlan 25 svi is 192.168.5.250. I have also tried making the port 1/0/52 no switchport with ip address 192.168.5.250 instead of an svi. Same result.
2. Fiber connection from a layer 2 default hp switch. The dsl is plugged into it. The HP switch has nothing else on it. It's being used to convert the coper to fiber.
3. I am able to ping 192.168.5.1 just fine with the vlan25 config or putting 192.168.5.250 direclty on the 3750 port. If I source my ping from any other vlan on the switch it fails like IP Routing is turned off, but it isn't.
And, thank you for replying so quickly. I've got 12 hours in this project and nothing to show for it.
11-20-2012 06:49 AM
Hi,
if you can ping the other svi from a host in a different vlan then it means routing is ok and as you've got no ACL configured
on the switch, I can only think of either an ACL or firewall feature on the router and/or firewall problem on the host.
Regards.
Alain
Don't forget to rate helpful posts.
11-20-2012 06:52 AM
Here's a quick drawing I just did. If this isn't enough please let me know and I'll add more.
11-20-2012 06:47 AM
I assume you put a default gateway on your test pc pointing to the SVI address of the vlan you are on. If your pc is on vlan 25 the nic default gateway has to be 192.168.5.250 .Check that the L2 vlans are created , "show vlan" . Do all your vlans show active? Make sure on all test pc's that all windows or software firewalls are turned off for the testing. Beside that there isn't a whole lot that should stop routing from working. Do a show ip route , what does that indicate , you should see all your defined subnets as connected routes.
11-20-2012 06:58 AM
I've set this situation up 100's of times. I just can't believe I'm having this much trouble. This is basic CCNP Switching.
I have triple checked gateways. If I set a port to vlan 25 and plug in my laptop it works great. I need for vlan 1 to get to that network.
show vlan show the interfaces in the correct vlans
show ip int brief show up up on all ports and vlans
I disabled my firewall service completly
I see the 192.168.5.0 / 24 directly connect in show ip route.
This is strange. I was wondering of the ios version could be the cause but my research shows that it doesn't matter on a 3750 with 12.2. I'm scratching the hair off of my head with this one.
11-20-2012 07:15 AM
So, I have no tried removing vlan 25. Removed int vlan 25 svi. I have now put the ip address 192.168.5.250 directly on port int 1/0/52. That seems to be an even simpler way. Exact same results in pinging...
Show IP Route
C 192.168.5.0/24 is directly connected, GigabitEthernet1/0/52
Ping
ping 192.168.5.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
Ping 2 as 10.0.0.2 vlan 1 gateway
Admin_MDF#ping 192.168.5.1 source 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:
Packet sent with a source address of 10.0.0.2
.....
Success rate is 0 percent (0/5)
11-20-2012 07:24 AM
Hi,
I don't see any 10.x routes in the sh ip route output.
Regards.
Alain
Don't forget to rate helpful posts.
11-20-2012 07:32 AM
Sorry, I stripped it out.
Gateway of last resort is 10.100.0.2 to network 0.0.0.0
C 192.168.5.0/24 is directly connected, Vlan25
195.113.20.0/32 is subnetted, 1 subnets
S 195.113.20.11 [1/0] via 192.168.5.1
10.0.0.0/8 is variably subnetted, 29 subnets, 3 masks
C 10.10.0.0/16 is directly connected, Vlan10
C 10.11.0.0/16 is directly connected, Vlan11
S 10.10.1.0/24 [1/0] via 10.100.0.6
C 10.8.0.0/16 is directly connected, Vlan8
C 10.9.0.0/16 is directly connected, Vlan9
S 10.2.0.0/16 [1/0] via 10.100.0.6
S 10.3.0.0/16 [1/0] via 10.100.0.6
C 10.0.0.0/16 is directly connected, Vlan1
C 10.1.0.0/16 is directly connected, Vlan4
C 10.6.0.0/16 is directly connected, Vlan6
C 10.7.0.0/16 is directly connected, Vlan7
S 10.5.0.0/16 [1/0] via 10.100.0.6
S 10.26.0.0/16 [1/0] via 10.100.0.6
S 10.27.0.0/16 [1/0] via 10.100.0.6
S 10.30.0.0/16 [1/0] via 10.100.0.6
S 10.31.0.0/16 [1/0] via 10.100.0.6
S 10.28.0.0/16 [1/0] via 10.100.0.6
S 10.29.0.0/16 [1/0] via 10.100.0.6
S 10.20.0.0/16 [1/0] via 10.100.0.6
S 10.46.0.0/16 [1/0] via 10.100.0.6
S 10.47.0.0/16 [1/0] via 10.100.0.6
S 10.50.0.0/16 [1/0] via 10.100.0.6
S 10.51.0.0/16 [1/0] via 10.100.0.6
S 10.48.0.0/16 [1/0] via 10.100.0.6
S 10.49.0.0/16 [1/0] via 10.100.0.6
C 10.100.0.4/30 is directly connected, GigabitEthernet1/0/2
S 10.100.2.0/30 [1/0] via 10.100.0.6
C 10.100.0.0/30 is directly connected, GigabitEthernet3/0/1
S 10.100.1.0/30 [1/0] via 10.100.0.6
S* 0.0.0.0/0 [1/0] via 10.100.0.2
11-20-2012 07:33 AM
Perhaps you something missing. Check with this simple configuration. Make sure that both VLANs on database.
int vlan 1
ip add 10.0.0.2 255.255.0.0
ip helper-address 10.0.9.30
int vlan 25
ip add 192.168.5.250 255.255.255.0
Configure one access port for VLAN 1 second VLAN 25.
Then configure IP addresses on hosts. Masks and Gateway need to be same like on 3750.
Host 1:
IP: 10.0.0.3
Mask: 255.255.0.0
GW: 10.0.0.2
Host 2:
IP: 192.168.5.100
Mask: 255.255.255.0
GW: 19.168.5.250
Then try to check connectivity with ping.
Hope it will help.
11-20-2012 07:59 AM
I'm very embarrased here. My dsl router did NOT keep my route back. You were both correct. I appologize for wasting your time. At least I'm not crazy! I really really appreciate your help. Going through your posts DID make me go back and check so thank you!!!
Rodney
11-20-2012 08:16 AM
You're welcome! I'm glad that helped you.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide