Buy or Renew
Buy or Renew
COMING SOON: Umbrella and Secure Access release notes are coming to Cisco Community. The community will be in read-only August 16 – 19. Learn more.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4442
Views
5
Helpful
17
Replies

Inter vlan routing not working Cisco 3850

jrodriguezpr
Level 1
Level 1

‎01-18-2020 07:20 AM

Hi, I am having some trouble with intervlan routing on this Cisco 3850 switch. 2 PCs connected directly to switch cannot ping each other but can ping their respective default gateway. Am I missing something on this configuration?

PC on vlan 2020 has an ip of 10.20.30.10 Gi1/0/46 (can ping 10.20.30.1)

PC on vlan 2021 has an ip of 10.20.40.10 Gi1/0/47 (can ping 10.20.40.1)

 

!
version 16.6
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
!
hostname Switch
!
!
vrf definition Mgmt-vrf
!
address-family ipv4
exit-address-family
!
address-family ipv6
exit-address-family
!
!
no aaa new-model
switch 1 provision ws-c3850-48p
!
!
!
!
ip routing
!
!
!
!
no login on-success log
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-2852547312
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2852547312
revocation-check none
rsakeypair TP-self-signed-2852547312
!
!
crypto pki certificate chain TP-self-signed-2852547312
!
!
!
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
redundancy
mode sso
!
!
transceiver type all
monitoring
!
vlan 2020
name TEST2020
!
vlan 2021
name TEST2021
!
!
class-map match-any system-cpp-police-topology-control
description Topology control
class-map match-any system-cpp-police-sw-forward
description Sw forwarding, L2 LVX data, LOGGING
class-map match-any system-cpp-default
description DHCP Snooping, EWLC control, EWCL data
class-map match-any system-cpp-police-sys-data
description Learning cache ovfl, Crypto Control, Exception, EGR Exception, NFL SAMPLED DATA, RPF Failed
class-map match-any system-cpp-police-punt-webauth
description Punt Webauth
class-map match-any system-cpp-police-l2lvx-control
description L2 LVX control packets
class-map match-any system-cpp-police-forus
description Forus Address resolution and Forus traffic
class-map match-any system-cpp-police-multicast-end-station
description MCAST END STATION
class-map match-any system-cpp-police-multicast
description Transit Traffic and MCAST Data
class-map match-any system-cpp-police-l2-control
description L2 control
class-map match-any system-cpp-police-dot1x-auth
description DOT1X Auth
class-map match-any system-cpp-police-data
description ICMP redirect, ICMP_GEN and BROADCAST
class-map match-any system-cpp-police-stackwise-virt-control
description Stackwise Virtual
class-map match-any non-client-nrt-class
class-map match-any system-cpp-police-routing-control
description Routing control
class-map match-any system-cpp-police-protocol-snooping
description Protocol snooping
class-map match-any system-cpp-police-system-critical
description System Critical and Gold
!
policy-map system-cpp-policy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
no ip address
shutdown
negotiation auto
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
!
interface GigabitEthernet1/0/10
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
!
interface GigabitEthernet1/0/24
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface GigabitEthernet1/0/29
!
interface GigabitEthernet1/0/30
!
interface GigabitEthernet1/0/31
!
interface GigabitEthernet1/0/32
!
interface GigabitEthernet1/0/33
!
interface GigabitEthernet1/0/34
!
interface GigabitEthernet1/0/35
!
interface GigabitEthernet1/0/36
!
interface GigabitEthernet1/0/37
!
interface GigabitEthernet1/0/38
!
interface GigabitEthernet1/0/39
!
interface GigabitEthernet1/0/40
!
interface GigabitEthernet1/0/41
!
interface GigabitEthernet1/0/42
!
interface GigabitEthernet1/0/43
!
interface GigabitEthernet1/0/44
!
interface GigabitEthernet1/0/45
!
interface GigabitEthernet1/0/46
switchport access vlan 2020
switchport mode access
!
interface GigabitEthernet1/0/47
switchport access vlan 2021
switchport mode access
!
interface Vlan1
no ip address
shutdown
!
interface Vlan2020
ip address 10.20.30.1 255.255.255.0
!
interface Vlan2021
ip address 10.20.40.1 255.255.255.0
!
ip forward-protocol nd
no ip http server
ip http authentication local
no ip http secure-server
!
!
!
!

1 person had this problem
Labels:
0 Helpful
17 Replies 17

Mark Malone
VIP Alumni
VIP Alumni

‎01-18-2020 09:14 AM

hi
no looks ok both svis up ye ? can you ping between 10.20.30.1 and 10.20.40.1 interface if you source the ping from both that will confirm whether intervlan is broke in sw
0 Helpful

Mark Malone
VIP Alumni
VIP Alumni

‎01-18-2020 09:21 AM

also wheres the default gateway in the switch
0 Helpful

jrodriguezpr
Level 1
Level 1
In response to Mark Malone

‎01-18-2020 09:24 AM

Hi Mark, thank you for your reply. I have not added a default gateway yet. I have nothing else connected to the switch. Should I have a default gateway be one of the SVI IP Addresses? Also both SVIs are up/up.

0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to jrodriguezpr

‎01-18-2020 10:02 AM

if nothing else connected no , do the pcs have a gateway of the svi
run show ip arp and show mac address table make sure , ips to macs are resolved ,if not no pings as l2 cant tale at l3 , mac to ip

can you ping vlan 2020 to 2021 ? thats important , if not its switch issue if svis are up/up
0 Helpful

jrodriguezpr
Level 1
Level 1
In response to Mark Malone

‎01-18-2020 10:28 AM

Hi Mark,

 

Both windows 10 laptops have their respective SVI IP as the gateway IP. I can ping from 10.20.40.10 to 10.20.30.1 and from 10.20.30.10 to 10.20.40.1 but still cannot ping each other unfortunately. I have also rebooted the switch, erase config entirely and it still the same. Any other ideas?

0 Helpful

jrodriguezpr
Level 1
Level 1
In response to Mark Malone

‎01-18-2020 10:34 AM

Switch#show ip arp vlan 2020
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.20.30.1 - dca5.xxxx.xxxx ARPA Vlan2020
Internet 10.20.30.10 0 e4b9.xxxx.xxxx ARPA Vlan2020


Switch#show ip arp vlan 2021
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.20.40.1 - dca5.xxxx.xxxx ARPA Vlan2021
Internet 10.20.40.10 0 a08c.xxxx.xxxx ARPA Vlan2021

0 Helpful

Georg Pauwen
VIP
VIP

‎01-18-2020 09:42 AM

Hello,

 

can 10.20.30.10 ping 10.20.40.1, and can 10.20.40.10 ping 10.20.30.1 ? Which clients are you using, Windows ?

0 Helpful

Georg Pauwen
VIP
VIP

‎01-18-2020 09:48 AM

Hello,

 

you also might want to try and set the advanced template:

 

Switch(config)# sdm prefer advanced

jrodriguezpr
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2020 10:26 AM

Georg thank you for your reply,

 

I have set the advanced sdm template. I can ping from 10.20.30.10 to the 10.20.40.1 SVI and from 10.20.40.10 to 10.20.30.1 but I still cannot ping from 10.20.40.10 to 10.20.30.10 and vice versa. These are windows 10 machines and I have completely disabled the firewall.

0 Helpful

Georg Pauwen
VIP
VIP
In response to jrodriguezpr

‎01-18-2020 11:02 AM

Hello,

 

I wonder if this has to do with the fact that you are using extended Vlans...can you, for the sake of testing, use e.g. Vlan 20 and Vlan 21 (you obviously need to change the entire configuration for that)...?

0 Helpful

jrodriguezpr
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2020 11:39 AM

Unfortunately that isn't the issue it appears. I have made the changes but it still same results. 

 

 

This is the tracert  from 10.20.30.10 to 10.20.40.10

 

Tracing route to 10.20.40.10 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.20.30.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
......

tracert from 10.20.30.10 to 10.20.40.1

 

tracert 10.20.40.1

Tracing route to 10.20.40.1 over a maximum of 30 hops

1 1 ms 1 ms 1 ms 10.20.40.1

0 Helpful

jrodriguezpr
Level 1
Level 1
In response to Georg Pauwen

‎01-18-2020 11:40 AM

!
interface Vlan20
ip address 10.20.30.1 255.255.255.0

!
interface Vlan21
ip address 10.20.40.1 255.255.255.0
end

0 Helpful

jrodriguezpr
Level 1
Level 1
In response to jrodriguezpr

‎01-18-2020 12:14 PM

I also just tried on another layer 3 switch same config, same results. Wonder what I am missing...
0 Helpful

Mark Malone
VIP Alumni
VIP Alumni
In response to jrodriguezpr

‎01-19-2020 11:33 AM

hi
what image version is this , if its an older one it may be a bit buggy , the fact you can ping gateways and ping between svis but not vice versa sounds odd , as ip routing enabled in config , if arps and macs are all complete for machines and devices involved i would try a different image as an option
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card