Inter Vlan routing problem on 4507

mujeeburahman · ‎01-23-2011

Hi,

The 4507 is configured with 4 Vlans, Vlan1 (default),
vlan10, vlan50 and vlan100, and IP routing is enabled on the switch. Vlan100 is
used for Switch management.

My problem is that, when I connect a PC to vlan50 (or
vlan100), I am able to ping vlan50, vlan100, and vlan10 interface, but NOT
vlan1 interface IP?. Also when I ping
from hosts that are connected to Vlan1, some of them are able to ping switches
in vlan100, some of them are NOT. (edge switches are 2950, and 3560). The “s
hip routing” is below .

10.0.0.0/8 is variably subnetted, 3 subnets, 2 masks

C 10.10.0.0/19 is directly connected, Vlan1

C 10.10.32.0/19 is directly connected, Vlan50

C 10.10.100.0/24 is directly connected, Vlan100

S* 0.0.0.0/0 [1/0] via 10.10.0.211 (PIX firewall)

Is the firewall got anything to do with this?. I believe the
vlan routing will take place in the switch itself?.

Thank you in advance for your help.

Federico Coto Fajardo · ‎01-23-2011

Hi,

If the 4507 is configured for inter-vlan routing, then it should have an IP on those VLANs (Interface VLAN or SVI in up/up state).

When you do ''sh ip int brief | ex un'' do you see those interfaces up/up?

I believe that the 4507 will not route unless having ''ip routing'' enabled also.

Please check those two things.

Federico.

glen.grant · ‎01-23-2011

Ip routing is turned otherwise there wouldn't be anything in the routing table. Is the correct default gateway assigned to the switches that won';t ping. We won't get into using a /19 as a mask (very bad idea) . My guess your clients aren't using the correct default gateway on their nics or the masking is wrong on some clients.

Jigar Dave · ‎01-23-2011

Hi,

if intervlan routing is configured properly, can you provide ip default gateway or default route configured for the switches who are in vlan 100?

from that exact clue of your question can be find out.

also check in firewall ICMP echo-request and ICMP echo-reply is allowed or not ?

Thanks&Regards,

Jigar

Latchum Naidu · ‎01-24-2011

Hi Mujee,

It seems problem from your clients end.

Please check the default gateway and subnet mask cofnfg at clients end and also default route in your edge switches.

As you said, *******Vlan1, some of them are able to ping switches in vlan100, some of them are NOT. (edge switches are 2950, and 3560)*

If still you are not able to ping, please send us the related config of 4507 and your edge switches.

Regards,

Naidu.

mujeeburahman · ‎01-25-2011

Thanks everyone,

I have checked and found the following,

IP routing is enabled, and the defualt route on the core (4507) is to PIX

some of the edge switches doesnt have a default gateway defined? the once defined are 10.10.100.1 (that is VLAN100) is it a must to have DG on evey edge switch?

Why would you say /19 is a "bad idea", please let me know.

cleints are getting their IP from Windows DHCP server.

thanks again

Mahesh Gohil · ‎01-25-2011

Hello Mujeeb,

is it a must to have DG on evey edge switch?

It depends on the end stations..I mean if you have end station which want to talk to the IP's for which switch is not having mac address where

with help of DG switch can throw frames to router to find the final destination. I assume DG is required in this scenario.

Why would you say /19 is a "bad idea", please let me know.

You can better explain as in what scenario you are using /19 ip where customer is connected their 8190 stations to this single switch. Does switch really perform well to cater traffic for these many hosts.

I am sure there must be some scenario where customer insisted to use /19.

Regards

Mahesh