12-31-2022 09:09 AM
Hello,
Here is a C2960-XR, ip routing is enabled, two SVI are created and IP are given, two vlans are created and are appearing in the vlan database, but still cannot ping a machine in a vlan from a machine in an another vlan. whait is missing?
Any idea would be much appreciated.
12-31-2022 09:51 AM
First thing need to check :
End device have correct gateway and subnet
end device can ping their gateway
end device has any Firewall and it is disabled ?
From the router are you able to ping the end device IP address ?
if all tests and still not working post the below information for us to look into the issue.
you need to post the below information for us to understand the issue :
show version
show run
show IP interface brief
show IP arp
show IP route
12-31-2022 01:17 PM
End device have correct gateway and subnet >>>> YES.
end device can ping their gateway >>>> YES AND THEY CAN PING EACH OTHERS GATEWAY TOO.
end device has any Firewall and it is disabled ?>>>> NO FIREWALL, THEY CAN PING EACH OTHER WHEN THEY ARE IN THE SAME NETWORK.
From the router are you able to ping the end device IP address ? >>>> YES.
if all tests and still not working post the below information for us to look into the issue.
you need to post the below information for us to understand the issue :
*****************************show version*********************************************
cisco WS-C2960XR-24TD-I (APM86XXX) processor (revision Y0) with 524288K bytes of memory.
Processor board ID FDO2349F0GR
Last reset from power-on
3 Virtual Ethernet interfaces
1 FastEthernet interface
26 Gigabit Ethernet interfaces
4 Ten Gigabit Ethernet interfaces
The password-recovery mechanism is enabled.
512K bytes of flash-simulated non-volatile configuration memory.
Base ethernet MAC Address :
Motherboard assembly number : 73-100637-04
Power supply part number : 341-0530-04
Motherboard serial number :
Power supply serial number :
Model revision number : Y0
Motherboard revision number : B0
Model number : WS-C2960XR-24TD-I
Daughterboard assembly number : 73-14200-03
Daughterboard serial number :
System serial number :
Top Assembly Part Number : 68-100314-03
Top Assembly Revision Number : J0
Version ID : V07
CLEI Code Number : CMMK900ARG
Daughterboard revision number : B0
Hardware Board Revision Number : 0x22
Switch Ports Model SW Version SW Image
------ ----- ----- ---------- ----------
* 1 30 WS-C2960XR-24TD-I 15.2(7)E7 C2960X-UNIVERSALK9-M
*******************************************show run*******************************************
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Switch
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
switch 1 provision ws-c2960xr-24td-i
system mtu routing 1500
!
!
ip routing
!
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
vlan internal allocation policy ascending
!
!
interface FastEthernet0
no ip address
no ip route-cache
!
interface GigabitEthernet1/0/1
switchport access vlan 100
switchport mode access
!
interface GigabitEthernet1/0/2
switchport access vlan 200
switchport mode access
!
interface GigabitEthernet1/0/3
!
!
interface GigabitEthernet1/0/26
!
interface TenGigabitEthernet1/0/1
!
interface TenGigabitEthernet1/0/2
!
interface Vlan1
no ip address
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
!
ip forward-protocol nd
!
ip http server
ip http secure-server
!
!
line con 0
line vty 0 4
login
transport input ssh
line vty 5 15
login
transport input ssh
!
!
end
Switch#
************************show IP interface brief**********************
Switch#show IP interface brief
Interface IP-Address OK? Method Status Protocol
Vlan1 unassigned YES NVRAM up down
Vlan100 192.168.100.1 YES NVRAM up up
Vlan200 192.168.200.1 YES NVRAM up up
FastEthernet0 unassigned YES NVRAM down down
GigabitEthernet1/0/1 unassigned YES unset up up
GigabitEthernet1/0/2 unassigned YES unset up up
GigabitEthernet1/0/3 unassigned YES unset down down
GigabitEthernet1/0/26 unassigned YES unset down down
Te1/0/1 unassigned YES unset down down
Te1/0/2 unassigned YES unset down down
Switch#
***************************show IP arp***************************************
Switch#show IP arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.1 - 3c41.0e7d.8e41 ARPA Vlan100
Internet 192.168.100.100 0 8c16.4566.5872 ARPA Vlan100
Internet 192.168.200.1 - 3c41.0e7d.8e42 ARPA Vlan200
Internet 192.168.200.200 1 cc96.e572.e045 ARPA Vlan200
Switch#
***************************show IP route************************************
Switch#show IP route
Gateway of last resort is not set
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, Vlan100
L 192.168.100.1/32 is directly connected, Vlan100
192.168.200.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.200.0/24 is directly connected, Vlan200
L 192.168.200.1/32 is directly connected, Vlan200
Switch#
12-31-2022 11:53 PM
Thanks for the information. Do not see any issue in what is posted so far. Can you post the output from both connected devices to the commands:
arp -a (or other appropriate command depending on OS)
ipconfig (or other appropriate command depending on OS)
Can you confirm that the switch is able to ping each connected device specifying the source address as the SVI of the other vlan?
01-01-2023 01:45 AM
friend can you double check that the PC with right IP is connect to Port assign to right VLAN.
01-01-2023 02:11 AM - edited 01-01-2023 04:45 AM
Hello,
can you check, just to be sure, that the Vlans actually exist in the Vlan database (sh vlan) ? On some switches, you need to manually create the Vlans (config/vlan x)...
Just a thought...
EDIT: my bad, you already checked that:
--> two vlans are created and are appearing in the vlan database
Either way, at this point, it might be worth just erasing the configuration and starting from scratch:
Switch# wr erase
Switch#setup
01-01-2023 03:01 AM - edited 01-01-2023 03:03 AM
As per the output looks good on the switch side. below output confirms that switch can see the end device
Switch#show IP arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.100.1 - 3c41.0e7d.8e41 ARPA Vlan100
Internet 192.168.100.100 0 8c16.4566.5872 ARPA Vlan100
Internet 192.168.200.1 - 3c41.0e7d.8e42 ARPA Vlan200
Internet 192.168.200.200 1 cc96.e572.e045 ARPA Vlan200
Switch#
As suggested others - I would like to see some more output as below :
from switch post vlan
# show vlan (if no vlan create a VLAN)
From end device
ipconfig /all
tracert 192.168.100.100 (from PC having 192.168.200.100)
tracert 192.168.200.100 (from PC having 192.168.100.100)
Another option I am thinking IOS 15.2(7)E7 - this could be bug, try any older version 15.0 and let us know the outcome.
01-01-2023 02:55 AM
End gadget have right passage and subnet >>>> YES.
end gadget can ping their entryway >>>> YES AND THEY CAN PING Every OTHERS Passage As well.
end gadget has any Firewall and it is handicapped ?>>>> NO FIREWALL, THEY CAN PING EACH OTHER WHEN THEY ARE IN A similar Organization.
end gadget can ping their door
end gadget has any Firewall and it is handicapped ?
From the switch are you ready to ping the end gadget IP address ?
in the event that all tests despite everything not working post the beneath data for us to investigate the issue.
you want to post the beneath data for us to figure out the issue :
show variant of cute white roses
01-01-2023 06:44 AM - edited 01-01-2023 08:41 AM
********************************** Show vlan *****************************************
Switch#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi1/0/3, Gi1/0/4, Gi1/0/5
Gi1/0/6, Gi1/0/7, Gi1/0/8
Gi1/0/9, Gi1/0/10, Gi1/0/11
Gi1/0/12, Gi1/0/13, Gi1/0/14
Gi1/0/15, Gi1/0/16, Gi1/0/17
Gi1/0/18, Gi1/0/19, Gi1/0/20
Gi1/0/21, Gi1/0/22, Gi1/0/23
Gi1/0/24, Te1/0/1, Te1/0/2
100 VLAN0100 active Gi1/0/1
200 VLAN0200 active Gi1/0/2
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
100 enet 100100 1500 - - - - - 0 0
200 enet 100200 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
Switch#
****************************************** PC1 *****************************
C:\Users\PC1>arp -a
Interface: 192.168.100.100 --- 0x3
Internet Address Physical Address Type
192.168.100.1 3c-41-0e-7d-8e-41 dynamic
192.168.100.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
C:\Users\PC1>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC1
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (4) I219-V
Physical Address. . . . . . . . . : 8C-16-45-66-58-72
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::385d:1a69:ba4c:b1dc%3(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.100.100(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.100.1
DHCPv6 IAID . . . . . . . . . . . : 59512389
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2B-42-D5-15-8C-16-45-66-58-72
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\PC1>tracert 192.168.200.200
Tracing route to 192.168.200.200 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.100.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * ^C
****************************************** PC2 *****************************
C:\Users\PC2>arp -a
Interface: 192.168.200.200 --- 0xb
Internet Address Physical Address Type
192.168.200.1 3c-41-0e-7d-8e-42 dynamic
192.168.200.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.251 01-00-5e-00-00-fb static
224.0.0.252 01-00-5e-00-00-fc static
239.255.255.250 01-00-5e-7f-ff-fa static
255.255.255.255 ff-ff-ff-ff-ff-ff static
C:\Users\PC2>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : PC2
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
Ethernet adapter Ethernet:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Ethernet Connection (16) I219-LM
Physical Address. . . . . . . . . : CC-96-E5-72-E0-45
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::3311:e62b:ef5:f349%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.200.200(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.200.1
DHCPv6 IAID . . . . . . . . . . . : 114071269
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-2A-E1-06-1D-CC-96-E5-72-E0-45
DNS Servers . . . . . . . . . . . : fec0:0:0:ffff::1%1
fec0:0:0:ffff::2%1
fec0:0:0:ffff::3%1
NetBIOS over Tcpip. . . . . . . . : Enabled
C:\Users\PC2>tracert 192.168.100.100
Tracing route to 192.168.100.100 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.200.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 * * * Request timed out.
10 * * ^C
********************* Both PC1 and PC2 in the same VLAN and Subnet *************************
On PC1:
C:\Users\PC1>ping 192.168.100.200
Pinging 192.168.100.200 with 32 bytes of data:
Reply from 192.168.100.200: bytes=32 time=2ms TTL=128
Reply from 192.168.100.200: bytes=32 time=2ms TTL=128
Reply from 192.168.100.200: bytes=32 time<1ms TTL=128
Reply from 192.168.100.200: bytes=32 time<1ms TTL=128
Ping statistics for 192.168.100.200:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 2ms, Average = 1ms
C:\Users\PC1>tracert 192.168.100.200
Tracing route to 192.168.100.200 over a maximum of 30 hops:
1 1 ms <1 ms <1 ms 192.168.100.200
Trace complete.
On PC2:
C:\Users\PC2>ping 192.168.100.100
Pinging 192.168.100.100 with 32 bytes of data:
Reply from 192.168.100.100: bytes=32 time=1ms TTL=128
Reply from 192.168.100.100: bytes=32 time=1ms TTL=128
Reply from 192.168.100.100: bytes=32 time=1ms TTL=128
Reply from 192.168.100.100: bytes=32 time=1ms TTL=128
Ping statistics for 192.168.100.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 1ms, Average = 1ms
C:\Users\PC2>tracert 192.168.100.100
Tracing route to 192.168.100.100 over a maximum of 30 hops
1 <1 ms 1 ms 1 ms 192.168.100.100
Trace complete.
factory reset performed on the switch, fully emptied flash0, then copied bin from usbflash0 to flash0 then selected it as boot file. so basicly it didn't have any old configuration at all.
each computer can ping gateway of other computer but cant ping the other computer itself.
thatswhy I put both computers in the same vlan and subnet to show you that it is not an OS level firewall issue.
01-01-2023 06:50 AM
on the above I have one mistake so I added this one, anyway this one is also not working
C:\Users\PC1>tracert 192.168.200.200
Tracing route to 192.168.200.200 over a maximum of 30 hops
1 <1 ms <1 ms 7 ms 192.168.100.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * ^C
C:\Users\PC1>
01-01-2023 08:25 AM
C:\Users\PC1>tracert 192.168.200.100
Tracing route to 192.168.200.100 over a maximum of 30 hops
1 1 ms 1 ms 1 ms 192.168.100.1
friend you add wrong GW in PC, the PC have .200 and GW have .100
as I mention before check you connect right PC to right port and check you config the right GW
01-01-2023 08:39 AM
No dear friend it is not wrong, if you check you see that the 192.168.100.1 is the gateway of the machine that is connected to port 1/0/1 that is on vlan 100, vlan 100 SVI is 192.168.100.1
01-01-2023 08:48 AM
ok,
form 192.168.200.100 trceroute other PC and share it here
01-01-2023 09:29 AM
but there is no 192.168.200.100 machine. that 192.168.200.100 I wrote in the past post was wrong and I corrected it.
so
there is PC1 connected to port 1/0/1 on vlan 100 and has ip 192.168.100.100/24 and gateway 192.168.100.1
and
there is PC2 connected to port 1/0/2 on vlan 200 and has ip 192.168.200.200/24 and gateway 192.168.200.1
01-01-2023 09:32 AM
from 192.168.200.200/24 to 192.168.100.100/24 traceroute, please share here.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide