Re: Inter vlan routing - Page 2

bobson143 · ‎04-27-2023

Im trying to have inter vlan routing using layer 3 switch but failed. Below is the routing table of layer 3 switch. Any help is highly appreciated.

Gateway of last resort is 192.168.0.251 to network 0.0.0.0

C 192.168.120.0/24 is directly connected, Vlan120
C 192.168.210.0/24 is directly connected, Vlan210
C 192.168.150.0/24 is directly connected, Vlan150
C 192.168.180.0/24 is directly connected, Vlan180
C 192.168.110.0/24 is directly connected, Vlan110
C 192.168.130.0/24 is directly connected, Vlan130
C 192.168.160.0/24 is directly connected, Vlan160
C 192.168.200.0/24 is directly connected, Vlan200
C 192.168.140.0/24 is directly connected, Vlan140
C 192.168.250.0/24 is directly connected, Vlan250
C 192.168.190.0/24 is directly connected, Vlan190
C 192.168.170.0/24 is directly connected, Vlan170
C 192.168.0.0/24 is directly connected, Vlan10
C 192.168.50.0/24 is directly connected, Vlan50
C 192.168.1.0/24 is directly connected, Vlan1
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.0.251

Richard Burts · ‎05-20-2023

It is an interesting observation about the default gateway when tracert 192.168.150.63. The information that was provided for the vlan 10 PC does have the correct gateway. So the first hop being the firewall is certainly not expected. But I am not sure that this is the fundamental problem.

I am thinking about the fact that the vlan 10 PC is able to ping some remote IP addresses. So it's IP, mask, and gateway seem to be correct. I am wondering about the 2 remote PC and whether it is possible that they have some security policy/firewall that is preventing ping. Are other devices in the network able to ping 192.168.50.65 and 192.168.150.63?

HTH

Rick

bobson143 · ‎05-24-2023

192.168.50.65 can be ping if the device I am using is in Vlan50 192.168.50.** same with 192.168.150.63 can be ping if I am using devices under Vlan150 192.168.150.**. Its very weird because the 2 Vlan 50 and 150 can ping PCs in Vlan10.

Richard Burts · ‎05-25-2023

We do have a puzzling situation here. Would you post a fresh copy of the output of the command show ip route.

One thing that I am wondering about is that when you traceroute to one of those hosts the first response comes from the firewall. Why is the firewall seeing that traffic? You are attempting to ping a locally connected subnet so why does it go to the firewall? Can you tell us where those devices are physically connected (Which switch) and logically connected (which vlan). Perhaps the output of ipconfig (or other appropriate command depending on OS) from the devices.

The other thing I am wondering about is that in the output of show arp I see numerous devices in both subnets (so they are working) but I do not see entries for either 192.168.150.63 or 192.168.50.65.

HTH

Rick

bobson143 · ‎05-25-2023

Gateway of last resort is 192.168.0.251 to network 0.0.0.0

C 192.168.120.0/24 is directly connected, Vlan120
C 192.168.210.0/24 is directly connected, Vlan210
C 192.168.150.0/24 is directly connected, Vlan150
C 192.168.180.0/24 is directly connected, Vlan180
C 192.168.110.0/24 is directly connected, Vlan110
C 192.168.130.0/24 is directly connected, Vlan130
C 192.168.160.0/24 is directly connected, Vlan160
C 192.168.200.0/24 is directly connected, Vlan200
C 192.168.140.0/24 is directly connected, Vlan140
C 192.168.250.0/24 is directly connected, Vlan250
C 192.168.190.0/24 is directly connected, Vlan190
C 192.168.170.0/24 is directly connected, Vlan170
C 192.168.0.0/24 is directly connected, Vlan10
C 192.168.50.0/24 is directly connected, Vlan50
C 192.168.1.0/24 is directly connected, Vlan1
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.0.251

- Firewall(192.168.0.251) is physically connected to L3 switch (Core)
- 192.168.150.63 or 192.168.50.65 following host was newly added PC to respective Vlan(Vlan150 and Vlan50). I used them to ping because when I use the PC already connected it doesn't reply from vlan10. Unfortunately I have the same issue even with the new PC.

MHM Cisco World · ‎04-27-2023

your routing is correct, NOW two point to check
1- are the host have GW IP same as SVI of VLAN ?
2- are the host connect to port with correct VLAN ?

bobson143 · ‎05-01-2023

Hi,

GW of PC is correct for example in Vlan 50 (vlan 50 IP =192.168.50.1) L3 will provide DHCP IP from its DHCP pool (192.168.50.51 subnet 255.255.255.0 gateway 192.168.50.1) The port is connected to switchport access vlan 50.

Richard Burts · ‎05-02-2023

From a host connected in one of the vlans:

- can it ping its default gateway?

- can it ping the vlan interface IP of other vlans?

- what does traceroute (or tracert) to an Internet IP do?

HTH

Rick

MHM Cisco World · ‎05-02-2023

C 192.168.50.0/24 is directly connected, Vlan50 <<- this weird
the VLAN subnet is add but the VLAN IP /32 is not show in table
can you show interface VLAN 50 <<- check if interface is UP if not
add
VLAN 1,50...... and all other VLAN's to SW DataBase,
I think you connect this SW via trunk to L2 SW that have these VLAN and in this SW (l3SW) these VLAN is missing from db that why.
thanks
MHM

Flavio Miranda · ‎05-02-2023

Hi

All you need to do is run the command "ip routing" on the switch.

conf t

ip routing