Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
698
Views
0
Helpful
5
Replies

inter vlan routing issue

Tony.Reardon
Level 1
Level 1

‎12-19-2016 11:51 AM - edited ‎03-08-2019 08:38 AM

Hi All! I am hoping i've made a rookie mistake in my switch config.... Essentially i have mutliple vlans, if i ssh to my switch i can ping all devices, if im on a vm i can ping all interfaces on my switch (on different vlans to the vm). My issue is with pinging between vlans, essentially it just seems to stop at the switch. The key thing here is i am trying to get from VLAN 164 to 160
Any suggestions what else to check?? heres some of my config

interface Vlan1
no ip address
shutdown
!
interface Vlan10
no ip address
!
interface Vlan100
ip address 192.168.100.253 255.255.255.0
!
interface Vlan160
ip address 192.168.39.4 255.255.255.248
!
interface Vlan161
no ip address
!
interface Vlan162
ip address 10.136.170.70 255.255.255.248 secondary
ip address 192.168.39.30 255.255.255.240
!
interface Vlan163
ip address 192.168.39.62 255.255.255.224
!
interface Vlan164
ip address 192.168.39.126 255.255.255.192
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.100.254
ip http server

MTPOCASW01# show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is 192.168.100.254 to network 0.0.0.0

192.168.39.0/24 is variably subnetted, 4 subnets, 4 masks
C 192.168.39.64/26 is directly connected, Vlan164
C 192.168.39.0/29 is directly connected, Vlan160
C 192.168.39.16/28 is directly connected, Vlan162
C 192.168.39.32/27 is directly connected, Vlan163
10.0.0.0/29 is subnetted, 1 subnets
C 10.136.170.64 is directly connected, Vlan162
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.100.254

Labels:
0 Helpful
5 Replies 5

Mark Malone
VIP Alumni
VIP Alumni

‎12-19-2016 12:07 PM

Hi

so if you ping between vlans .... ping 192.168.39.126  source 192.168.39.4 

you get no results at all ?

check running config has command .....ip routing

0 Helpful

Tony.Reardon
Level 1
Level 1
In response to Mark Malone

‎12-19-2016 12:26 PM

from the switch is pings fine

MTPOCASW01#ping 192.168.39.126 source 192.168.39.4

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.39.126, timeout is 2 seconds:
Packet sent with a source address of 192.168.39.4
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

MTPOCASW01#ping 192.168.39.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.39.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

the issue seems to be predominantly going to vlan 160 from vlan 164 as clients on vlan 163 can talk to vlan 164 now that i think about it.

ip routing is enabled 

aaa session-id common
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing

from a client on vlan 164

Tracing route to 192.168.39.1 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.39.126
2 * * * Request timed out.
3 * * * Request timed out.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to Tony.Reardon

‎12-19-2016 12:28 PM

Ok can any other vlan speak to vlan 160 ?

Make sure the clients in that vlan have correct gateway/subnet , stp is in fwd mode as well not blocking 

0 Helpful

Tony.Reardon
Level 1
Level 1
In response to Mark Malone

‎12-19-2016 12:38 PM

Havent tried, thats what i need to achieve as it is the management vlan for a pair of ASA's

ports appear to be correctly configured, its not a trunk so stp wouldnt be an issue

interface GigabitEthernet1/0/47
description Link to MTPOCASA01 Mgmt
switchport access vlan 160
switchport mode access
spanning-tree portfast

I wont be able to check the firewall configuration until i get into the DC tomorrow when i will have access to it directly 

0 Helpful

Deepak Kumar
VIP Alumni
VIP Alumni

‎12-19-2016 10:53 PM

As I can understand your question, You may make any one of mistake on your Network

1. If you have more than one switch then you have enabled IP routing on any other switch, You check and disable it. 

2. Systems gateway is not same as your VLAN IP on your core switch.

3. Any Access-list configured on core switch to deny intervlan routing. 

Regards,

Deepak Kumar

Regards,
Deepak Kumar,
Don't forget to vote and accept the solution if this comment will help you!
0 Helpful
Customers Also Viewed These Support Documents