Solved: I cannot route between SVI's on a 3750. No Inter-vlan Routing.Pl

fixitrodd · ‎11-20-2012

I have a 3750 stack with several vlans and svi's. We have had no need to route between them until now. Here is what I have done...

Created the vlans.. vlan 1 and vlan 25

Given each vlan an ip address vlan 1 10.0.0.2 and vlan 25 is 192.168.5.250

no shut on everything

ip routing

sdm routing preferred

default route 0.0.0.0 0.0.0.0 (isp)

If I'm on the switch I can ping anything on vlan 1 and anything on vlan 25 (the device I'm pinging on vlan25 is the svi and a dsl router 192.168.5.1)

From a computer on vlan 1 I can ping the gateway/svi for vlan 1 and the svi for vlan 25 but no devices including the dsl router which pinged fine.

If I put the computer on an access port for vlan 25 I can ping everything just fine on vlan 25 but not vlan 1 (gateway set correctly)

as a test I put in a static route ip route 195.113.20.11 255.255.255.255 192.168.5.1

I did a traceroute from the switch and it comes through great.

I did a traceroute from the computer and it hits my gateway of 10.0.0.2 vlan 1 and stops.

It's like the routing between vlans doesn't work.

Please Help!!!!

Abzal · ‎11-20-2012

Hi,

Network diagram will be helpful.

As I understood devices on VLAN 25 behind DSL router? Is router connected to switch or just it's switched ports?

1. Have you added ip route on DSL router to subnet 10.0.0.0/24(put here correct mask)?

2. How DSL router and 3750 are connected?

3. Are you able to ping 192.168.5.1 from 3750?

Abzal

Best regards,
Abzal

View solution in original post

fixitrodd · ‎11-20-2012

Some more information. I have tried also connecting the dsl router to port gi1/0/52 and using no switchport, and giving the port ip address 192.168.5.250 instead of using svi and vlan. Same result. My goal is to send specific traffic to this router but if I can't even ping it, I'm in trouble!!!

Some show version info....

Cisco IOS Software, C3750 Software (C3750-IPBASEK9-M), Version 12.2(53)SE2, RELEASE SOFTWARE (fc3)

Technical Support: http://www.cisco.com/techsupport

Compiled Wed 21-Apr-10 04:49 by prod_rel_team

Image text-base: 0x01000000, data-base: 0x02C00000

ROM: Bootstrap program is C3750 boot loader

BOOTLDR: C3750 Boot Loader (C3750-HBOOT-M) Version 12.2(44)SE5, RELEASE SOFTWARE (fc1)

Admin_MDF uptime is 3 hours, 9 minutes

System returned to ROM by power-on

System restarted at 06:22:38 EST Tue Nov 20 2012

System image file is "flash:c3750-ipbasek9-mz.122-53.SE2.bin"

Here is a show run modified. I removed unrealevan ports, crypto maps, qos maps, ntp info, and some static routes, that's it.

!

! NVRAM config last updated at 08:44:07 EST Tue Nov 20 2012 by ladmin

!

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime localtime show-timezone

service timestamps log datetime localtime show-timezone

service password-encryption

service sequence-numbers

!

hostname Admin_MDF

!

boot-start-marker

boot-end-marker

!

logging buffered 51200

enable secret 5

!

username ladmin privilege 15 secret 5

!

aaa new-model

!

aaa authentication fail-message Authentication Failed; Try again.

aaa authentication login default local

aaa authentication login local_auth local

aaa authentication ppp default local

aaa authorization exec default local

aaa authorization network default local

!

aaa session-id common

clock timezone EST -5

clock summer-time EDT recurring

switch 1 provision ws-c3750g-48ts

switch 2 provision ws-c3750g-48ts

switch 3 provision ws-c3750g-48ts

system mtu routing 1500

authentication mac-move permit

udld aggressive

ip subnet-zero

no ip source-route

ip routing

ip domain-name ourdomain.com

ip name-server 10.0.9.30

!

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

spanning-tree uplinkfast

spanning-tree backbonefast

spanning-tree vlan 1-500 priority 4096

!

vlan internal allocation policy ascending

!

interface Port-channel1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Port-channel2

description SAN

switchport access vlan 4

switchport mode access

!

interface Port-channel3

switchport access vlan 4

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/20

switchport mode access

spanning-tree portfast

!

interface GigabitEthernet1/0/52

switchport access vlan 25

switchport trunk native vlan 25

!

interface Vlan1

description Data Traffic

ip address 10.0.0.2 255.255.0.0

ip helper-address 10.0.9.30

!

interface Vlan25

ip address 192.168.5.250 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.100.0.2

ip route 195.113.20.11 255.255.255.255 192.168.5.1

ip http server

ip http authentication local

ip http secure-server

ip pim rp-address 10.0.0.2

!

ip sla enable reaction-alerts

access-list 130 permit ip any 195.113.20.0 0.0.0.255

!

line con 0

line vty 0 4

exec-timeout 5 0

timeout login response 15

password 7

logging synchronous

transport input telnet ssh

line vty 5 15

transport input none

!

mac address-table aging-time 60

end

Abzal · ‎11-20-2012

Hi,

Network diagram will be helpful.

As I understood devices on VLAN 25 behind DSL router? Is router connected to switch or just it's switched ports?

1. Have you added ip route on DSL router to subnet 10.0.0.0/24(put here correct mask)?

2. How DSL router and 3750 are connected?

3. Are you able to ping 192.168.5.1 from 3750?

Abzal

Best regards,
Abzal

fixitrodd · ‎11-20-2012

1. The only device I'm trying to ping on vlan 25 is the dsl router lan interface.192.168.5.1. It's connected to fiber port 1/0/52 on 3750. Fiberport on 3750 is in vlan 25. Vlan 25 svi is 192.168.5.250. I have also tried making the port 1/0/52 no switchport with ip address 192.168.5.250 instead of an svi. Same result.

2. Fiber connection from a layer 2 default hp switch. The dsl is plugged into it. The HP switch has nothing else on it. It's being used to convert the coper to fiber.

3. I am able to ping 192.168.5.1 just fine with the vlan25 config or putting 192.168.5.250 direclty on the 3750 port. If I source my ping from any other vlan on the switch it fails like IP Routing is turned off, but it isn't.

And, thank you for replying so quickly. I've got 12 hours in this project and nothing to show for it.

cadet alain · ‎11-20-2012

Hi,

if you can ping the other svi from a host in a different vlan then it means routing is ok and as you've got no ACL configured

on the switch, I can only think of either an ACL or firewall feature on the router and/or firewall problem on the host.

Regards.

Alain

Don't forget to rate helpful posts.

fixitrodd · ‎11-20-2012

Here's a quick drawing I just did. If this isn't enough please let me know and I'll add more.

glen.grant · ‎11-20-2012

I assume you put a default gateway on your test pc pointing to the SVI address of the vlan you are on. If your pc is on vlan 25 the nic default gateway has to be 192.168.5.250 .Check that the L2 vlans are created , "show vlan" . Do all your vlans show active? Make sure on all test pc's that all windows or software firewalls are turned off for the testing. Beside that there isn't a whole lot that should stop routing from working. Do a show ip route , what does that indicate , you should see all your defined subnets as connected routes.

fixitrodd · ‎11-20-2012

I've set this situation up 100's of times. I just can't believe I'm having this much trouble. This is basic CCNP Switching.

I have triple checked gateways. If I set a port to vlan 25 and plug in my laptop it works great. I need for vlan 1 to get to that network.

show vlan show the interfaces in the correct vlans

show ip int brief show up up on all ports and vlans

I disabled my firewall service completly

I see the 192.168.5.0 / 24 directly connect in show ip route.

This is strange. I was wondering of the ios version could be the cause but my research shows that it doesn't matter on a 3750 with 12.2. I'm scratching the hair off of my head with this one.

fixitrodd · ‎11-20-2012

So, I have no tried removing vlan 25. Removed int vlan 25 svi. I have now put the ip address 192.168.5.250 directly on port int 1/0/52. That seems to be an even simpler way. Exact same results in pinging...

Show IP Route

C 192.168.5.0/24 is directly connected, GigabitEthernet1/0/52

Ping

ping 192.168.5.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms

Ping 2 as 10.0.0.2 vlan 1 gateway

Admin_MDF#ping 192.168.5.1 source 10.0.0.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.5.1, timeout is 2 seconds:

Packet sent with a source address of 10.0.0.2

.....

Success rate is 0 percent (0/5)

cadet alain · ‎11-20-2012

Hi,

I don't see any 10.x routes in the sh ip route output.

Regards.

Alain

Don't forget to rate helpful posts.

fixitrodd · ‎11-20-2012

Sorry, I stripped it out.

Gateway of last resort is 10.100.0.2 to network 0.0.0.0

C 192.168.5.0/24 is directly connected, Vlan25

195.113.20.0/32 is subnetted, 1 subnets

S 195.113.20.11 [1/0] via 192.168.5.1

10.0.0.0/8 is variably subnetted, 29 subnets, 3 masks

C 10.10.0.0/16 is directly connected, Vlan10

C 10.11.0.0/16 is directly connected, Vlan11

S 10.10.1.0/24 [1/0] via 10.100.0.6

C 10.8.0.0/16 is directly connected, Vlan8

C 10.9.0.0/16 is directly connected, Vlan9

S 10.2.0.0/16 [1/0] via 10.100.0.6

S 10.3.0.0/16 [1/0] via 10.100.0.6

C 10.0.0.0/16 is directly connected, Vlan1

C 10.1.0.0/16 is directly connected, Vlan4

C 10.6.0.0/16 is directly connected, Vlan6

C 10.7.0.0/16 is directly connected, Vlan7

S 10.5.0.0/16 [1/0] via 10.100.0.6

S 10.26.0.0/16 [1/0] via 10.100.0.6

S 10.27.0.0/16 [1/0] via 10.100.0.6

S 10.30.0.0/16 [1/0] via 10.100.0.6

S 10.31.0.0/16 [1/0] via 10.100.0.6

S 10.28.0.0/16 [1/0] via 10.100.0.6

S 10.29.0.0/16 [1/0] via 10.100.0.6

S 10.20.0.0/16 [1/0] via 10.100.0.6

S 10.46.0.0/16 [1/0] via 10.100.0.6

S 10.47.0.0/16 [1/0] via 10.100.0.6

S 10.50.0.0/16 [1/0] via 10.100.0.6

S 10.51.0.0/16 [1/0] via 10.100.0.6

S 10.48.0.0/16 [1/0] via 10.100.0.6

S 10.49.0.0/16 [1/0] via 10.100.0.6

C 10.100.0.4/30 is directly connected, GigabitEthernet1/0/2

S 10.100.2.0/30 [1/0] via 10.100.0.6

C 10.100.0.0/30 is directly connected, GigabitEthernet3/0/1

S 10.100.1.0/30 [1/0] via 10.100.0.6

S* 0.0.0.0/0 [1/0] via 10.100.0.2

Abzal · ‎11-20-2012

Perhaps you something missing. Check with this simple configuration. Make sure that both VLANs on database.

int vlan 1

ip add 10.0.0.2 255.255.0.0

ip helper-address 10.0.9.30

int vlan 25

ip add 192.168.5.250 255.255.255.0

Configure one access port for VLAN 1 second VLAN 25.

Then configure IP addresses on hosts. Masks and Gateway need to be same like on 3750.

Host 1:

IP: 10.0.0.3

Mask: 255.255.0.0

GW: 10.0.0.2

Host 2:

IP: 192.168.5.100

Mask: 255.255.255.0

GW: 19.168.5.250

Then try to check connectivity with ping.

Hope it will help.

Best regards,
Abzal

fixitrodd · ‎11-20-2012

I'm very embarrased here. My dsl router did NOT keep my route back. You were both correct. I appologize for wasting your time. At least I'm not crazy! I really really appreciate your help. Going through your posts DID make me go back and check so thank you!!!

Rodney

Abzal · ‎11-20-2012

You're welcome! I'm glad that helped you.

Best regards,
Abzal

I cannot route between SVI's on a 3750. No Inter-vlan Routing.Please Help!