Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
678
Views
0
Helpful
6
Replies

Inter-vlan not working for new added vlan on WS-C3650-48FS-S

la.pm
Level 1
Level 1

‎02-14-2022 08:10 PM

Hi,

We encountered this weird issue with our WS-C3650-48FS-S which is acting as our Layer 3 Core switch. We have about 7 SVIs configured on it (gateways) and it is all working fine. each Vlan can communicate with each other until we created a new VLAN 200 that we will be using for a new project deployment. All existing VLANs are unable to ping the host on the new VLAN 200 but the host on VLAN 200 is able to ping its own gateway and all other VLANs gateway (SVIs) including the hosts on each vlans.

In other words, it seems like the "inter-vlan" is only working one way with the new vlan.

 

Here is what we have done:

 

- created the new VLAN database for VLAN 200

- assigned 1 access port for 1 host for testing with the below config. Interface is UP/UP

   interface GigabitEthernet3/0/43
   switchport access vlan 200
   switchport mode access
   switchport voice vlan 828
   spanning-tree portfast
   end

- created SVI for vlan 200 with below config (vlan interface is UP/UP)

   interface Vlan200
   ip address 192.168.1.253 255.255.255.0
   no ip redirects
   no ip unreachables
   no ip proxy-arp

- assigned static IP address 192.168.1.95/24 with gateway 192.168.1.253 to the PC (test host). Windows firewall disabled.

- VLAN 200 is for static IP address assignment only.

- Test PC is connected directly to the core switch (gateway)

- IP routing is already enabled (existing VLANs are able to communicate prior to this)

- IP route to Test PC 192.168.1.95 shows directly connected via VLAN 200

- no conflicting route or IP address

- STP is ok.

- normal Ping to 192.168.1.95 (source VLAN 200) from core switch is working.

- ping to 192.168.1.95 with source from other vlan is unreachable.

- ping to VLAN 200 SVI 192.168.1.253 with source from other vlans SVI is working. (issue is only to VLAN 200 specific host)

- All test host are directly connected to Core. No down link switch in between.

- We have tried to reset the host access port and reconfigure it again as well as the vlan 200 SVI but same result.

- we have also reload the core but still the same result.

- the other weird part is if i were to connect the test host to other VLANs via Wireless connection and to VLAN 200 via LAN. All pings work. The other vlan can ping the VLAN 200 ip address. Even from the core, it can ping vlan 200 host ip with source from other vlans SVI.

- there are no ACL configured for the VLANs or in the interface.

 

could this be bug issue?

 

Thank you

 

 

 

Labels:
0 Helpful
6 Replies 6

paul driver
VIP
VIP

‎02-15-2022 12:38 AM

Hello

@la.pm wrote:

 (issue is only to VLAN 200 specific host)

Is this new vlan actually created in the vtp database of the switches  and allowed to traverse the trunk of the switch its connected to
sh vlan brief
sh int trunk


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

la.pm
Level 1
Level 1
In response to paul driver

‎02-15-2022 08:23 AM

Hi Paul,

 

Thanks for the response.

 

Yes, it is created in the vtp database and allowed on the trunk ports. But for testing purposes we actually connected the test PC directly to the core switch where the SVIs are configured.

 

 

Preview file
8 KB
0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to la.pm

‎02-15-2022 08:43 AM

Hi,

In the config you posted, you have port Gi3/0/38 in vlan 200 but in your first post you noted that this port

(3/0/43) is in vlan 200. So, which one is correct?

HTH

0 Helpful

la.pm
Level 1
Level 1
In response to Reza Sharifi

‎02-15-2022 11:49 PM

Hi Reza,

 

I tested on both switch port. configured both as access port with below config. both port on the same core switch.

 

switchport mode access

switchport access vlan 200

spanning-tree portfast

 

These ports are only for the test host (192.168.1.95)

0 Helpful

Leonardo Pena Davila
Spotlight
Spotlight

‎02-15-2022 09:00 AM

Hi, 

Based on this:

 

- normal Ping to 192.168.1.95 (source VLAN 200) from core switch is working.

- ping to 192.168.1.95 with source from other vlan is unreachable.

- ping to VLAN 200 SVI 192.168.1.253 with source from other vlans SVI is working. (issue is only to VLAN 200 specific host)

 

You should double check the network settings in your endpoint, If you are able to ping sourcing vlan 200 but not able to ping sourcing any other vlan, It could probably be related to a misconfiguration at the endpoint network settings. 

0 Helpful

la.pm
Level 1
Level 1
In response to Leonardo Pena Davila

‎02-15-2022 11:55 PM

Hi Leonardo,

 

Thanks for the response.

 

I also thought that it might be an endpoint issue. However, i have already checked several times the static configuration of the end point and it has the correct subnet and gateway.

 

192.168.1.95

255.255.255.0

192.168.1.253

 

It can also ping to its gateway and all other VLAN gateways as well as their specific host IP address. I have also disabled the windows FW to ensure ping is not drop/block by the windows FW.

 

Also, as i have mentioned, my vlan 200 IP address 192.168.1.95 somehow becomes "reachable" if i also connect my laptop to one of the other vlan via wifi.

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card