02-14-2022 08:10 PM
Hi,
We encountered this weird issue with our WS-C3650-48FS-S which is acting as our Layer 3 Core switch. We have about 7 SVIs configured on it (gateways) and it is all working fine. each Vlan can communicate with each other until we created a new VLAN 200 that we will be using for a new project deployment. All existing VLANs are unable to ping the host on the new VLAN 200 but the host on VLAN 200 is able to ping its own gateway and all other VLANs gateway (SVIs) including the hosts on each vlans.
In other words, it seems like the "inter-vlan" is only working one way with the new vlan.
Here is what we have done:
- created the new VLAN database for VLAN 200
- assigned 1 access port for 1 host for testing with the below config. Interface is UP/UP
interface GigabitEthernet3/0/43
switchport access vlan 200
switchport mode access
switchport voice vlan 828
spanning-tree portfast
end
- created SVI for vlan 200 with below config (vlan interface is UP/UP)
interface Vlan200
ip address 192.168.1.253 255.255.255.0
no ip redirects
no ip unreachables
no ip proxy-arp
- assigned static IP address 192.168.1.95/24 with gateway 192.168.1.253 to the PC (test host). Windows firewall disabled.
- VLAN 200 is for static IP address assignment only.
- Test PC is connected directly to the core switch (gateway)
- IP routing is already enabled (existing VLANs are able to communicate prior to this)
- IP route to Test PC 192.168.1.95 shows directly connected via VLAN 200
- no conflicting route or IP address
- STP is ok.
- normal Ping to 192.168.1.95 (source VLAN 200) from core switch is working.
- ping to 192.168.1.95 with source from other vlan is unreachable.
- ping to VLAN 200 SVI 192.168.1.253 with source from other vlans SVI is working. (issue is only to VLAN 200 specific host)
- All test host are directly connected to Core. No down link switch in between.
- We have tried to reset the host access port and reconfigure it again as well as the vlan 200 SVI but same result.
- we have also reload the core but still the same result.
- the other weird part is if i were to connect the test host to other VLANs via Wireless connection and to VLAN 200 via LAN. All pings work. The other vlan can ping the VLAN 200 ip address. Even from the core, it can ping vlan 200 host ip with source from other vlans SVI.
- there are no ACL configured for the VLANs or in the interface.
could this be bug issue?
Thank you
02-15-2022 12:38 AM
Hello
@la.pm wrote:
(issue is only to VLAN 200 specific host)
Is this new vlan actually created in the vtp database of the switches and allowed to traverse the trunk of the switch its connected to
sh vlan brief
sh int trunk
02-15-2022 08:23 AM
02-15-2022 08:43 AM
Hi,
In the config you posted, you have port Gi3/0/38 in vlan 200 but in your first post you noted that this port
(3/0/43) is in vlan 200. So, which one is correct?
HTH
02-15-2022 11:49 PM
Hi Reza,
I tested on both switch port. configured both as access port with below config. both port on the same core switch.
switchport mode access
switchport access vlan 200
spanning-tree portfast
These ports are only for the test host (192.168.1.95)
02-15-2022 09:00 AM
Hi,
Based on this:
- normal Ping to 192.168.1.95 (source VLAN 200) from core switch is working.
- ping to 192.168.1.95 with source from other vlan is unreachable.
- ping to VLAN 200 SVI 192.168.1.253 with source from other vlans SVI is working. (issue is only to VLAN 200 specific host)
You should double check the network settings in your endpoint, If you are able to ping sourcing vlan 200 but not able to ping sourcing any other vlan, It could probably be related to a misconfiguration at the endpoint network settings.
02-15-2022 11:55 PM
Hi Leonardo,
Thanks for the response.
I also thought that it might be an endpoint issue. However, i have already checked several times the static configuration of the end point and it has the correct subnet and gateway.
192.168.1.95
255.255.255.0
192.168.1.253
It can also ping to its gateway and all other VLAN gateways as well as their specific host IP address. I have also disabled the windows FW to ensure ping is not drop/block by the windows FW.
Also, as i have mentioned, my vlan 200 IP address 192.168.1.95 somehow becomes "reachable" if i also connect my laptop to one of the other vlan via wifi.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide