06-11-2014 11:03 AM - edited 03-07-2019 07:42 PM
Hi everyone, I wonder if anyone can help me out here. I have attached a screenshot that provides the topology and ip addresses etc..
Basically I am not able to ping host from switch if I source it from another SVI. Similarly, From host I can only ping its default SVI. All the other SVIs wont' respond to ping. However I am able to ping all SVIs from my access layer switch.
IP addresses etc can be found in the attached image.. In this instance, I am able to ping the server ip from my MLS 3850 switch but if I source it from another SVI then ping fails. It seems like 3850 switch is not routing between vlans.. I have manually typed IP routing several times.
Then again it seems that it is routing properly as I am able to ping all SVIs from my access layer switch.. However my PC and server are not able to ping anything beyond their SVI addresses.
Hope all that makes sense.. If not I will try and upload the configs when I can be by the switches.. Please kindly point me in right direction. Thanks in advance.
p.s. on MLS 3850 - default route is set using command - IP route 0.0.0.0 0.0.0.0 10.205.55.1
Solved! Go to Solution.
06-11-2014 05:02 PM
Hello
" eventhough SVI 30 is showing as UP I don't have any live interfaces in that vlan. I find that quite strange. I always"
Thats ts because vlan 30 is included in the trunk so this will activate vlan 30 if you removed it from the trunk and didn't assigned any access port to it it will gone down
res
paul
06-11-2014 11:29 AM
Hello
Is the 3560 running as access switch (no ip routing enabled) and all trunk encapsulation and vlans are being propergated across the trunks?
Both switches
Sh run - Sh int trunk - sh vlan brief
Sh sdm prefer
red
paul
06-11-2014 12:55 PM
Hi Paul, Thank you for your reply. I may perhaps have "ip routing" enabled on 3560. I will check it tomorrow morning.. Should that make a difference when I ping the Server IP (vlan 20 ) from my 3850 switch and I provide the source address of vlan 10 SVI.
Also I can confirm that trunks had all vlans allowed.. and vlans 10, 20 and 30 were active. All SVIs on 3850 were showing as up and up.
Whilst researching this issue, I have come across another thread..
https://supportforums.cisco.com/discussion/11916571/inter-vlan-routing-not-working-c3750x-layer-3-switch-help
That user had almost identical issue..
06-11-2014 01:11 PM
Hello
"may perhaps have "ip routing" enabled on 3560. I will check it tomorrow morning.. Should that make a difference when I ping the Server IP (vlan 20 ) from my 3850 switch and I provide the source address of vlan 10 SVI."
Yes because if you have ip default-gateway and ip routing enabled then the gateway won't be used as the switch is looking for a next hop address via a static route or from a routing protocol. Ip default-gateway = L2 switch (host switch) --- Ip routing = L3 switch-
res
paul
06-11-2014 01:11 PM
Great that makes sense. I will check that..
Any idea why my 3850 not able to ping the server if the ping is sourced from different SVI (ie.. int vlan 10 ip on the 3850 switch).
Thanks.
06-11-2014 01:25 PM
Hello
does the server have the correct mask and d/g applied.
res
paul
06-11-2014 02:36 PM
06-11-2014 01:08 PM
Also. I have nothing plugged into int g0/24 on cisco 3850 switch.. ie. eventhough SVI 30 is showing as UP I don't have any live interfaces in that vlan. I find that quite strange. I always thought that one has to have an active interface in the associated vlan before SVI would come up.
My other concern is the SVI on access switch 3560. I only have one SVI - int vlan 30 setup on 3560. It then carries all its traffic via trunk to 3850 and it has a ip default-gateway set to Int vlan 30 ip address of switch 3850.
I wonder if I should setup layer 3 port-channel between access layer switch and 3850 switch and set it as a point to point link with /30 ip address range.
What would be the benefits of layer 3 port channel vs. layer 2 port channel in this scenario.
06-11-2014 05:02 PM
Hello
" eventhough SVI 30 is showing as UP I don't have any live interfaces in that vlan. I find that quite strange. I always"
Thats ts because vlan 30 is included in the trunk so this will activate vlan 30 if you removed it from the trunk and didn't assigned any access port to it it will gone down
res
paul
06-12-2014 02:41 AM
Hi Paul, This is now working.. It looks like there was some sort of issue with Windows 7 image that I was using as a server (this is a test network at this stage). As soon as I swapped the windows 7 machine with xp machine, inter vlan routing started working. I did try swapping the machine earlier on but I had replaced it with another windows 7 machine and shut down the windows firewall service.
It appears that windows 7 firewall stays on even after the firewall service has been stopped and it would only allow ping from the same subnet. I have now put another windows 7 machine there with firewall turned off completely and everything is working as I intended.
So the design was correct all along, I spent few hours just going over everything to find any errors. :-)
Thank you very much for all your help Paul. It certainly cleared few things for me. Regards.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide
Thanks for your answer,
Yes the PCs are able to ping their respective default gateways.
for now all VLANs are allowed on the trunk, as I am receiving all of them through VTP v3 on the access switches.
The access switches are able to ping all SVIs but the devices connected to them are not. Only their default gateways.