Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2063
Views
1
Helpful
23
Replies

Inter vlan routing

bobson143
Level 1
Level 1

‎04-27-2023 01:14 AM

Im trying to have inter vlan routing using layer 3 switch but failed. Below is the routing table of layer 3 switch. Any help is highly appreciated.

 

Gateway of last resort is 192.168.0.251 to network 0.0.0.0

C 192.168.120.0/24 is directly connected, Vlan120
C 192.168.210.0/24 is directly connected, Vlan210
C 192.168.150.0/24 is directly connected, Vlan150
C 192.168.180.0/24 is directly connected, Vlan180
C 192.168.110.0/24 is directly connected, Vlan110
C 192.168.130.0/24 is directly connected, Vlan130
C 192.168.160.0/24 is directly connected, Vlan160
C 192.168.200.0/24 is directly connected, Vlan200
C 192.168.140.0/24 is directly connected, Vlan140
C 192.168.250.0/24 is directly connected, Vlan250
C 192.168.190.0/24 is directly connected, Vlan190
C 192.168.170.0/24 is directly connected, Vlan170
C 192.168.0.0/24 is directly connected, Vlan10
C 192.168.50.0/24 is directly connected, Vlan50
C 192.168.1.0/24 is directly connected, Vlan1
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.0.251

 

Labels:
23 Replies 23

Flavio Miranda
VIP
VIP

‎04-27-2023 02:55 AM

Hello

 You need to run the command "ip routing"

conf t

 ip routing 

0 Helpful

bobson143
Level 1
Level 1
In response to Flavio Miranda

‎05-01-2023 10:35 PM

Yes IP routing is enabled.

0 Helpful

Martin L
VIP
VIP

‎04-27-2023 02:57 AM

need more info like topology setup, PCs IPs that fail. this table does not tell us why it failed? and what has failed?  are PCs directly connected to that switch and have correct default gateways set (pointing to interface vlan x)?  Are PCs on correct vlans and in access vlan xyz ?

 

Regards, ML
**Please Rate All Helpful Responses **

0 Helpful

bobson143
Level 1
Level 1
In response to Martin L

‎05-01-2023 10:45 PM

The scenario is we have 1 core switch L3 and 2 L2 switch. Switch IP is under Vlan 10 (IP L3=192.168.0.10, L2=192.168.0.11, L2=192.168.0.12) All pc connected to layer 2 switch, with each switch have an uplink going to L3 switch. In each PC I can ping Vlan IP interface regardless what Vlan is the PC. But Once I ping PC IP address in other VLAN it reply Request timed out. All Vlan can ping PC under Vlan 10. PC under VLAN 10 cannot ping PC on different VLAN. 

 

switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
vtp domain TESTVTP
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.250.1 192.168.250.20
ip dhcp excluded-address 192.168.50.1 192.168.50.50
ip dhcp excluded-address 192.168.100.1 192.168.100.50
ip dhcp excluded-address 192.168.110.1 192.168.110.50
ip dhcp excluded-address 192.168.120.1 192.168.120.50
ip dhcp excluded-address 192.168.130.1 192.168.130.50
ip dhcp excluded-address 192.168.140.1 192.168.140.50
ip dhcp excluded-address 192.168.150.1 192.168.150.50
ip dhcp excluded-address 192.168.160.1 192.168.160.50
ip dhcp excluded-address 192.168.170.1 192.168.170.50
ip dhcp excluded-address 192.168.180.1 192.168.180.50
ip dhcp excluded-address 192.168.190.1 192.168.190.50
ip dhcp excluded-address 192.168.200.1 192.168.200.50
ip dhcp excluded-address 192.168.210.1 192.168.210.50
!
ip dhcp pool vlan250
network 192.168.250.0 255.255.255.0
default-router 192.168.250.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan110
network 192.168.110.0 255.255.255.0
default-router 192.168.110.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan120
network 192.168.120.0 255.255.255.0
default-router 192.168.120.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan130
network 192.168.130.0 255.255.255.0
default-router 192.168.130.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan140
network 192.168.140.0 255.255.255.0
default-router 192.168.140.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan150
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan160
network 192.168.160.0 255.255.255.0
default-router 192.168.160.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan170
network 192.168.170.0 255.255.255.0
default-router 192.168.170.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan180
network 192.168.180.0 255.255.255.0
default-router 192.168.180.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan190
network 192.168.190.0 255.255.255.0
default-router 192.168.190.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan200
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan210
network 192.168.210.0 255.255.255.0
default-router 192.168.210.1
dns-server 192.168.0.98
lease 30

0 Helpful

bobson143
Level 1
Level 1
In response to Martin L

‎05-11-2023 11:31 PM

Dear,

please see running-config below

 


switch 1 provision ws-c3750g-24ts-1u
system mtu routing 1500
vtp domain TESTVTP
vtp mode transparent
ip subnet-zero
ip routing
no ip domain-lookup
ip dhcp excluded-address 192.168.250.1 192.168.250.20
ip dhcp excluded-address 192.168.50.1 192.168.50.50
ip dhcp excluded-address 192.168.100.1 192.168.100.50
ip dhcp excluded-address 192.168.110.1 192.168.110.50
ip dhcp excluded-address 192.168.120.1 192.168.120.50
ip dhcp excluded-address 192.168.130.1 192.168.130.50
ip dhcp excluded-address 192.168.140.1 192.168.140.50
ip dhcp excluded-address 192.168.150.1 192.168.150.50
ip dhcp excluded-address 192.168.160.1 192.168.160.50
ip dhcp excluded-address 192.168.170.1 192.168.170.50
ip dhcp excluded-address 192.168.180.1 192.168.180.50
ip dhcp excluded-address 192.168.190.1 192.168.190.50
ip dhcp excluded-address 192.168.200.1 192.168.200.50
ip dhcp excluded-address 192.168.210.1 192.168.210.50
!
ip dhcp pool vlan250
network 192.168.250.0 255.255.255.0
default-router 192.168.250.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan50
network 192.168.50.0 255.255.255.0
default-router 192.168.50.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan100
network 192.168.100.0 255.255.255.0
default-router 192.168.100.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan110
network 192.168.110.0 255.255.255.0
default-router 192.168.110.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan120
network 192.168.120.0 255.255.255.0
default-router 192.168.120.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan130
network 192.168.130.0 255.255.255.0
default-router 192.168.130.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan140
network 192.168.140.0 255.255.255.0
default-router 192.168.140.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan150
network 192.168.150.0 255.255.255.0
default-router 192.168.150.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan160
network 192.168.160.0 255.255.255.0
default-router 192.168.160.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan170
network 192.168.170.0 255.255.255.0
default-router 192.168.170.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan180
network 192.168.180.0 255.255.255.0
default-router 192.168.180.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan190
network 192.168.190.0 255.255.255.0
default-router 192.168.190.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan200
network 192.168.200.0 255.255.255.0
default-router 192.168.200.1
dns-server 192.168.0.98
lease 30
!
ip dhcp pool vlan210
network 192.168.210.0 255.255.255.0
default-router 192.168.210.1
dns-server 192.168.0.98
lease 30
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
name MANAGEMENT
!
vlan 50
name MIS
!
vlan 100
name ICT
!
vlan 110
name SP
!
vlan 120
name GENOFFICE
!
vlan 130
name BUDGET
!
vlan 140
name ACCOUNTANT
!
vlan 150
name TREASURER
!
vlan 160
name FRANCHISING
!
vlan 170
name ENGINEERING
!
vlan 180
name BLDGPERM&LICENSING
!
vlan 190
name ASSESSOR
!
vlan 200
name PLANNING&DEVT
!
vlan 210
name HR&MGT
!
vlan 250
name OneStopShop
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/3
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/6
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/7
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet1/0/8
switchport access vlan 10
spanning-tree portfast
!
interface GigabitEthernet1/0/9
switchport trunk encapsulation dot1q
switchport trunk native vlan 180
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/10
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/11
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/12
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/13
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/14
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/15
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/16
switchport access vlan 10
switchport mode access
switchport port-security
switchport port-security aging time 2
switchport port-security violation restrict
switchport port-security aging type inactivity
macro description cisco-desktop
spanning-tree portfast
spanning-tree bpduguard enable
!
interface GigabitEthernet1/0/17
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/18
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/19
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/20
switchport trunk encapsulation dot1q
switchport trunk native vlan 10
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/21
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/22
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/23
switchport trunk encapsulation dot1q
switchport trunk native vlan 180
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/24
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface GigabitEthernet1/0/25
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/26
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/27
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/28
switchport trunk encapsulation dot1q
switchport mode trunk
macro description cisco-switch
auto qos voip trust
spanning-tree link-type point-to-point
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
interface Vlan10
ip address 192.168.0.10 255.255.255.0
!
interface Vlan50
ip address 192.168.50.1 255.255.255.0
!
interface Vlan100
ip address 192.168.100.1 255.255.255.0
!
interface Vlan110
ip address 192.168.110.1 255.255.255.0
!
interface Vlan120
ip address 192.168.120.1 255.255.255.0
!
interface Vlan130
ip address 192.168.130.1 255.255.255.0
!
interface Vlan140
ip address 192.168.140.1 255.255.255.0
!
interface Vlan150
ip address 192.168.150.1 255.255.255.0
!
interface Vlan160
ip address 192.168.160.1 255.255.255.0
!
interface Vlan170
ip address 192.168.170.1 255.255.255.0
!
interface Vlan180
ip address 192.168.180.1 255.255.255.0
!
interface Vlan190
ip address 192.168.190.1 255.255.255.0
!
interface Vlan200
ip address 192.168.200.1 255.255.255.0
ip access-group INTER_VLAN out
!
interface Vlan210
ip address 192.168.210.1 255.255.255.0
!
interface Vlan250
ip address 192.168.250.1 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.0.251
ip http server
ip http authentication local
!
!
control-plane
!
banner motd 


--------------------------------------
THIS IS A PRIVATE SYSTEM

Unauthorized access is punishable
by law!
--------------------------------------



!
line con 0
exec-timeout 20 0
logging synchronous
login local
line vty 0 4
logging synchronous
login local
length 0
line vty 5 15
login
!
end

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to bobson143

‎05-12-2023 06:46 PM

Thanks for posting the running config. Would you post the output of the command show ip interface brief? Also please post the output of the command show arp (or show ip arp depending on the version of code).

I notice that interface vlan 200 has access list INTER_VLAN applied but I do not see that access list in the config. Depending on the version of code running the result could be that all traffic is denied (if older code) or that all traffic is permitted (newer code). I suggest that either you configure the access list or that you remove it from the interface.

HTH

Rick
0 Helpful

bobson143
Level 1
Level 1
In response to Richard Burts

‎05-14-2023 07:23 PM

Hello Rick thank you for helping. See below Show arp  and IP int brief out put.

Interface IP-Address OK? Method Status Protocol
Vlan1 192.168.1.1 YES NVRAM up up
Vlan10 192.168.0.10 YES NVRAM up up
Vlan50 192.168.50.1 YES NVRAM up up
Vlan100 192.168.100.1 YES NVRAM up up
Vlan110 192.168.110.1 YES NVRAM up up
Vlan120 192.168.120.1 YES NVRAM up up
Vlan130 192.168.130.1 YES NVRAM up up
Vlan140 192.168.140.1 YES NVRAM up up
Vlan150 192.168.150.1 YES NVRAM up up
Vlan160 192.168.160.1 YES NVRAM up up
Vlan170 192.168.170.1 YES NVRAM up up
Vlan180 192.168.180.1 YES NVRAM up up
Vlan190 192.168.190.1 YES NVRAM up up
Vlan200 192.168.200.1 YES NVRAM up up
Vlan210 192.168.210.1 YES NVRAM up up
Vlan250 192.168.250.1 YES NVRAM up up
GigabitEthernet1/0/1 unassigned YES unset down down
GigabitEthernet1/0/2 unassigned YES unset down down
GigabitEthernet1/0/3 unassigned YES unset up up
GigabitEthernet1/0/4 unassigned YES unset down down
GigabitEthernet1/0/5 unassigned YES unset down down
GigabitEthernet1/0/6 unassigned YES unset up up
GigabitEthernet1/0/7 unassigned YES unset up up
GigabitEthernet1/0/8 unassigned YES unset down down
GigabitEthernet1/0/9 unassigned YES unset down down
GigabitEthernet1/0/10 unassigned YES unset up up
GigabitEthernet1/0/11 unassigned YES unset up up
GigabitEthernet1/0/12 unassigned YES unset up up
GigabitEthernet1/0/13 unassigned YES unset down down
GigabitEthernet1/0/14 unassigned YES unset up up
GigabitEthernet1/0/15 unassigned YES unset up up
GigabitEthernet1/0/16 unassigned YES unset up up
GigabitEthernet1/0/17 unassigned YES unset down down
GigabitEthernet1/0/18 unassigned YES unset up up
GigabitEthernet1/0/19 unassigned YES unset down down
GigabitEthernet1/0/20 unassigned YES unset down down
GigabitEthernet1/0/21 unassigned YES unset up up
GigabitEthernet1/0/22 unassigned YES unset up up
GigabitEthernet1/0/23 unassigned YES unset down down
GigabitEthernet1/0/24 unassigned YES unset down down
GigabitEthernet1/0/25 unassigned YES unset down down
GigabitEthernet1/0/26 unassigned YES unset up up
GigabitEthernet1/0/27 unassigned YES unset down down
GigabitEthernet1/0/28 unassigned YES unset down down

Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.104 0 Incomplete ARPA
Internet 192.168.1.105 0 Incomplete ARPA
Internet 192.168.110.6 113 d8bb.c1d5.271c ARPA Vlan110
Internet 192.168.0.105 0 Incomplete ARPA
Internet 192.168.110.7 1 d8bb.c1d5.1441 ARPA Vlan110
Internet 192.168.0.106 0 Incomplete ARPA
Internet 192.168.180.222 0 18c0.4d71.15ff ARPA Vlan180
Internet 192.168.200.162 19 3860.7773.067a ARPA Vlan200
Internet 192.168.110.4 0 d8bb.c1d5.2713 ARPA Vlan110
Internet 192.168.120.19 3 d8bb.c1d5.2718 ARPA Vlan120
Internet 192.168.110.5 28 d8bb.c1d5.1433 ARPA Vlan110
Internet 192.168.0.108 0 Incomplete ARPA
Internet 192.168.1.109 0 Incomplete ARPA
Internet 192.168.120.20 25 d8bb.c1d5.2485 ARPA Vlan120
Internet 192.168.150.250 27 107b.444d.5227 ARPA Vlan150
Internet 192.168.110.3 0 d8bb.c1d5.1410 ARPA Vlan110
Internet 192.168.120.21 2 18c0.4ddc.fd46 ARPA Vlan120
Internet 192.168.150.249 49 0c9a.42b5.b5ac ARPA Vlan150
Internet 192.168.110.1 - 108c.cf48.b6c4 ARPA Vlan110
Internet 192.168.190.222 140 2271.1f93.16a6 ARPA Vlan190
Internet 192.168.190.223 0 d027.886a.5734 ARPA Vlan190
Internet 192.168.0.98 2 dcfe.071a.507d ARPA Vlan10
Internet 192.168.0.100 216 2cea.7f4f.8718 ARPA Vlan10
Internet 192.168.0.101 0 Incomplete ARPA
Internet 192.168.100.1 - 108c.cf48.b6c3 ARPA Vlan100
Internet 192.168.0.102 0 Incomplete ARPA
Internet 192.168.190.198 0 1c1b.0d4c.eb2f ARPA Vlan190
Internet 192.168.190.199 0 20cf.30f2.a39a ARPA Vlan190
Internet 192.168.120.1 - 108c.cf48.b6c5 ARPA Vlan120
Internet 192.168.200.178 0 485b.39ee.ede3 ARPA Vlan200
Internet 192.168.190.197 30 a877.e55f.e890 ARPA Vlan190
Internet 192.168.210.169 1 d8bb.c1d5.2723 ARPA Vlan210
Internet 192.168.0.123 0 dcfe.071a.4f82 ARPA Vlan10
Internet 192.168.130.254 0 d8bb.c1d5.143f ARPA Vlan130
Internet 192.168.50.78 0 b0a7.b923.f9f9 ARPA Vlan50
Internet 192.168.210.172 39 a6b9.0d03.94c8 ARPA Vlan210
Internet 192.168.1.113 0 Incomplete ARPA
Internet 192.168.210.162 0 d85e.d3c1.70ee ARPA Vlan210
Internet 192.168.190.206 133 c67e.0f0f.e013 ARPA Vlan190
Internet 192.168.1.112 0 Incomplete ARPA
Internet 192.168.150.231 0 38d5.4718.c937 ARPA Vlan150
Internet 192.168.50.64 0 503e.aa07.226a ARPA Vlan50
Internet 192.168.210.155 29 7260.b680.93f1 ARPA Vlan210
Internet 192.168.110.36 0 d8bb.c1d5.143e ARPA Vlan110
Internet 192.168.190.242 0 d85e.d3c1.6cdc ARPA Vlan190
Internet 192.168.150.219 0 708b.cd59.086f ARPA Vlan150
Internet 192.168.150.216 1 0c9d.9278.7fee ARPA Vlan150
Internet 192.168.150.217 50 0025.f269.9bbf ARPA Vlan150
Internet 192.168.190.254 0 d85e.d3c1.70f0 ARPA Vlan190
Internet 192.168.110.44 0 d8bb.c1d5.12c1 ARPA Vlan110
Internet 192.168.190.230 0 18c0.4dd7.952b ARPA Vlan190
Internet 192.168.150.207 0 94de.80bb.a28d ARPA Vlan150
Internet 192.168.190.226 134 4284.0719.a46a ARPA Vlan190
Internet 192.168.190.227 30 0831.8b25.e2ad ARPA Vlan190
Internet 192.168.190.224 137 4275.0427.ad93 ARPA Vlan190
Internet 192.168.190.225 135 0831.8b25.e2ad ARPA Vlan190
Internet 192.168.0.95 166 005f.671c.6deb ARPA Vlan10
Internet 192.168.130.211 0 50eb.f624.47ed ARPA Vlan130
Internet 192.168.190.239 0 1c1b.0dd6.b3a6 ARPA Vlan190
Internet 192.168.50.102 0 b0a7.b98e.95c7 ARPA Vlan50
Internet 192.168.190.232 0 38d5.4719.f476 ARPA Vlan190
Internet 192.168.190.233 0 d85e.d3a9.f07a ARPA Vlan190
Internet 192.168.210.251 0 402c.f4ed.483b ARPA Vlan210
Internet 192.168.50.24 0 d8bb.c1d5.1432 ARPA Vlan50
Internet 192.168.150.188 2 e0d5.5e35.6ceb ARPA Vlan150
Internet 192.168.180.152 0 18c0.4d71.160b ARPA Vlan180
Internet 192.168.110.66 0 d8bb.c1d5.1442 ARPA Vlan110
Internet 192.168.110.67 13 d8bb.c1d5.2735 ARPA Vlan110
Internet 192.168.180.154 0 f832.e48c.3658 ARPA Vlan180
Internet 192.168.190.144 132 2274.d09e.c9c1 ARPA Vlan190
Internet 192.168.180.155 22 d8bb.c195.2052 ARPA Vlan180
Internet 192.168.110.65 2 0023.54e2.5186 ARPA Vlan110
Internet 192.168.50.18 0 60a4.b734.c84f ARPA Vlan50
Internet 192.168.50.19 1 d8bb.c1d5.1449 ARPA Vlan50
Internet 192.168.180.151 0 2cfd.a174.0d11 ARPA Vlan180
Internet 192.168.210.246 17 408d.5c6f.ef12 ARPA Vlan210
Internet 192.168.210.247 2 5046.5d4c.848b ARPA Vlan210
Internet 192.168.210.234 0 d027.88ae.f70a ARPA Vlan210
Internet 192.168.50.11 62 18c0.4d9f.cb12 ARPA Vlan50
Internet 192.168.150.172 43 d85e.d355.e2a3 ARPA Vlan150
Internet 192.168.0.59 0 000c.2950.3d54 ARPA Vlan10
Internet 192.168.0.60 9 000c.2935.71ea ARPA Vlan10
Internet 192.168.150.171 0 d85e.d355.e2a5 ARPA Vlan150
Internet 192.168.50.12 3 d8bb.c1d5.271f ARPA Vlan50
Internet 192.168.190.129 3 54ef.33f2.30ee ARPA Vlan190
Internet 192.168.50.13 3 ac15.a2b0.d3e3 ARPA Vlan50
Internet 192.168.210.226 102 366c.79f5.aa16 ARPA Vlan210
Internet 192.168.180.132 92 d8cb.8aea.947e ARPA Vlan180
Internet 192.168.210.224 184 b40f.b3f9.d49d ARPA Vlan210
Internet 192.168.0.50 162 000c.29da.5e0e ARPA Vlan10
Internet 192.168.210.225 111 ba21.14f7.2a47 ARPA Vlan210
Internet 192.168.50.1 - 108c.cf48.b6c2 ARPA Vlan50
Internet 192.168.210.230 6 6af9.6699.73ba ARPA Vlan210
Internet 192.168.210.228 86 366c.79f5.aa16 ARPA Vlan210
Internet 192.168.210.218 0 b42e.990a.ffde ARPA Vlan210
Internet 192.168.0.8 20 000c.2984.6462 ARPA Vlan10
Internet 192.168.0.9 4 5cd9.98f9.45cf ARPA Vlan10
Internet 192.168.50.56 109 0c9d.9278.f80b ARPA Vlan50
Internet 192.168.0.10 - 108c.cf48.b6c1 ARPA Vlan10
Internet 192.168.1.10 0 Incomplete ARPA
Internet 192.168.0.11 89 8cb6.4f2d.7ec1 ARPA Vlan10
Internet 192.168.0.12 88 8cb6.4f2d.7341 ARPA Vlan10
Internet 192.168.50.63 4 0026.18d1.0210 ARPA Vlan50
Internet 192.168.210.223 223 6af9.6699.73ba ARPA Vlan210
Internet 192.168.0.14 173 8cb6.4f21.c042 ARPA Vlan10
Internet 192.168.0.15 173 8cb6.4f21.bec1 ARPA Vlan10
Internet 192.168.1.1 - 108c.cf48.b6c0 ARPA Vlan1
Internet 192.168.0.1 0 Incomplete ARPA
Internet 192.168.120.123 44 00d8.61db.00d0 ARPA Vlan120
Internet 192.168.0.3 0 5cf3.fcb2.52f1 ARPA Vlan10
Internet 192.168.50.54 0 382c.4ae8.95df ARPA Vlan50
Internet 192.168.190.186 0 d027.886a.5714 ARPA Vlan190
Internet 192.168.0.4 11 000c.2922.f562 ARPA Vlan10
Internet 192.168.0.5 1 000c.2949.5f5f ARPA Vlan10
Internet 192.168.0.6 18 000c.2956.8a33 ARPA Vlan10
Internet 192.168.50.53 0 0492.2648.d219 ARPA Vlan50
Internet 192.168.0.7 14 000c.29e5.43ff ARPA Vlan10
Internet 192.168.50.42 2 d8bb.c1d5.1443 ARPA Vlan50
Internet 192.168.190.165 11 5a46.6b39.09ea ARPA Vlan190
Internet 192.168.50.41 0 c441.1ecd.0878 ARPA Vlan50
Internet 192.168.50.34 0 d8bb.c1d5.24a1 ARPA Vlan50
Internet 192.168.0.16 173 8cb6.4f2d.7bc1 ARPA Vlan10
Internet 192.168.50.35 0 b04e.267f.da6d ARPA Vlan50
Internet 192.168.0.17 6 000c.29c7.2224 ARPA Vlan10
Internet 192.168.1.23 0 Incomplete ARPA
Internet 192.168.210.59 0 b42e.996c.631a ARPA Vlan210
Internet 192.168.0.234 5 e0d5.5eec.81d3 ARPA Vlan10
Internet 192.168.180.95 7 00e0.b600.fd98 ARPA Vlan180
Internet 192.168.150.125 0 38d5.4719.f368 ARPA Vlan150
Internet 192.168.0.236 3 b42e.99cd.2989 ARPA Vlan10
Internet 192.168.180.88 6 0016.e673.b258 ARPA Vlan180
Internet 192.168.0.237 12 b42e.99cd.2957 ARPA Vlan10
Internet 192.168.0.238 14 d8bb.c1d5.2733 ARPA Vlan10
Internet 192.168.0.239 0 b42e.995d.cd05 ARPA Vlan10
Internet 192.168.50.210 0 f4b5.201b.682e ARPA Vlan50
Internet 192.168.130.96 0 0492.264b.e36a ARPA Vlan130
Internet 192.168.0.227 174 0017.6111.8538 ARPA Vlan10
Internet 192.168.210.54 0 d85e.d3a9.29bd ARPA Vlan210
Internet 192.168.210.55 0 3497.f637.2a11 ARPA Vlan210
Internet 192.168.180.81 0 fc34.97b8.3429 ARPA Vlan180
Internet 192.168.210.52 0 9c5c.8ec2.f968 ARPA Vlan210
Internet 192.168.210.53 0 38d5.4718.c9a9 ARPA Vlan210
Internet 192.168.0.231 12 1c39.47eb.0f52 ARPA Vlan10
Internet 192.168.120.129 2 10bf.48b8.12ca ARPA Vlan120
Internet 192.168.50.201 0 2887.bac3.e690 ARPA Vlan50
Internet 192.168.200.51 0 b42e.996c.5a7b ARPA Vlan200
Internet 192.168.0.251 0 ecd6.8aa2.8a58 ARPA Vlan10
Internet 192.168.250.1 - 108c.cf48.b6cf ARPA Vlan250
Internet 192.168.200.52 0 d85e.d34c.4d44 ARPA Vlan200
Internet 192.168.200.53 0 0019.66fc.a53b ARPA Vlan200
Internet 192.168.200.54 0 b42e.99cd.296a ARPA Vlan200
Internet 192.168.210.45 0 3497.f637.89cb ARPA Vlan210
Internet 192.168.0.240 1 000c.295e.c6c6 ARPA Vlan10
Internet 192.168.190.77 0 d027.886a.5746 ARPA Vlan190
Internet 192.168.190.74 0 1c1b.0dd6.b3a8 ARPA Vlan190
Internet 192.168.170.92 0 c8ee.a647.7d2d ARPA Vlan170
Internet 192.168.0.247 0 b42e.99ca.9329 ARPA Vlan10
Internet 192.168.190.73 0 d85e.d3a9.2c67 ARPA Vlan190
Internet 192.168.170.99 113 bcee.7b8a.27df ARPA Vlan170
Internet 192.168.200.1 - 108c.cf48.b6cd ARPA Vlan200
Internet 192.168.150.92 0 94de.80bb.a298 ARPA Vlan150
Internet 192.168.150.91 0 e0cb.1d00.de25 ARPA Vlan150
Internet 192.168.150.88 0 d027.88ae.f6c8 ARPA Vlan150
Internet 192.168.130.77 7 5811.22a0.7754 ARPA Vlan130
Internet 192.168.110.161 0 d8bb.c1d5.1438 ARPA Vlan110
Internet 192.168.150.89 0 68ff.7b5b.347d ARPA Vlan150
Internet 192.168.150.84 0 b42e.99b5.df53 ARPA Vlan150
Internet 192.168.140.79 0 d8bb.c1d5.270b ARPA Vlan140
Internet 192.168.150.82 0 84e0.58b0.b10b ARPA Vlan150
Internet 192.168.150.78 46 e0d5.5e7d.a60e ARPA Vlan150
Internet 192.168.200.19 0 e069.9546.3327 ARPA Vlan200
Internet 192.168.120.164 44 d85e.d392.5dc7 ARPA Vlan120
Internet 192.168.140.80 0 d8bb.c1d5.24a2 ARPA Vlan140
Internet 192.168.0.220 197 000c.2980.9475 ARPA Vlan10
Internet 192.168.190.99 0 d85e.d397.028b ARPA Vlan190
Internet 192.168.50.239 0 7844.76f4.06cd ARPA Vlan50
Internet 192.168.130.92 1 d45d.647d.5b76 ARPA Vlan130
Internet 192.168.150.70 31 0025.f26c.3d96 ARPA Vlan150
Internet 192.168.0.210 167 0017.6110.5074 ARPA Vlan10
Internet 192.168.0.211 58 0017.6110.22b5 ARPA Vlan10
Internet 192.168.210.1 - 108c.cf48.b6ce ARPA Vlan210
Internet 192.168.0.212 167 0017.6110.50c1 ARPA Vlan10
Internet 192.168.200.30 0 3460.f9a7.547d ARPA Vlan200
Internet 192.168.150.62 0 7456.3c1a.1948 ARPA Vlan150
Internet 192.168.210.120 0 d8bb.c1d5.1448 ARPA Vlan210
Internet 192.168.170.1 - 108c.cf48.b6ca ARPA Vlan170
Internet 192.168.150.58 0 d85e.d356.060b ARPA Vlan150
Internet 192.168.190.19 0 04d9.f584.6f86 ARPA Vlan190
Internet 192.168.150.56 2 f46d.04ec.87ee ARPA Vlan150
Internet 192.168.150.54 27 d45d.643a.5f0e ARPA Vlan150
Internet 192.168.150.55 0 d85e.d368.b73c ARPA Vlan150
Internet 192.168.160.1 - 108c.cf48.b6c9 ARPA Vlan160
Internet 192.168.150.52 0 d027.8857.3faa ARPA Vlan150
Internet 192.168.150.53 1 00e0.4c5f.7c5b ARPA Vlan150
Internet 192.168.130.38 4 0025.228e.ab29 ARPA Vlan130
Internet 192.168.180.17 0 fc34.97b8.342f ARPA Vlan180
Internet 192.168.180.12 0 708b.cd56.cee3 ARPA Vlan180
Internet 192.168.150.46 0 00e0.66f4.5e28 ARPA Vlan150
Internet 192.168.180.14 0 e0d5.5e06.5d08 ARPA Vlan180
Internet 192.168.210.108 35 da5a.7929.7176 ARPA Vlan210
Internet 192.168.130.60 4 4ced.fbc5.32f7 ARPA Vlan130
Internet 192.168.150.41 31 0025.f26c.3bf0 ARPA Vlan150
Internet 192.168.190.1 - 108c.cf48.b6cc ARPA Vlan190
Internet 192.168.210.98 45 8a94.8154.8306 ARPA Vlan210
Internet 192.168.180.6 0 fcaa.14ed.7ff9 ARPA Vlan180
Internet 192.168.0.181 9 0011.32f9.6edb ARPA Vlan10
Internet 192.168.180.1 - 108c.cf48.b6cb ARPA Vlan180
Internet 192.168.50.186 0 6cf0.49c7.e10e ARPA Vlan50
Internet 192.168.150.30 23 d85e.d355.e2a1 ARPA Vlan150
Internet 192.168.190.55 0 d85e.d3a9.2c68 ARPA Vlan190
Internet 192.168.210.91 24 b42e.99c9.86eb ARPA Vlan210
Internet 192.168.150.31 0 d85e.d356.09c0 ARPA Vlan150
Internet 192.168.210.89 84 74d4.3575.72f8 ARPA Vlan210
Internet 192.168.160.43 18 408d.5c6f.1b0a ARPA Vlan160
Internet 192.168.0.140 44 000c.29b6.2113 ARPA Vlan10
Internet 192.168.140.1 - 108c.cf48.b6c7 ARPA Vlan140
Internet 192.168.200.70 0 3460.f9a7.5487 ARPA Vlan200
Internet 192.168.140.2 0 2887.ba03.bcc6 ARPA Vlan140
Internet 192.168.150.22 0 402c.f4ed.472c ARPA Vlan150
Internet 192.168.210.82 2 b42e.99c9.8ae5 ARPA Vlan210
Internet 192.168.180.53 31 18c0.4ddc.efeb ARPA Vlan180
Internet 192.168.210.80 0 b42e.99ca.9439 ARPA Vlan210
Internet 192.168.180.54 74 d8bb.c1d5.1437 ARPA Vlan180
Internet 192.168.190.61 116 18c0.4dd7.920f ARPA Vlan190
Internet 192.168.130.1 - 108c.cf48.b6c6 ARPA Vlan130
Internet 192.168.190.57 0 d85e.d3d5.fa18 ARPA Vlan190
Internet 192.168.180.51 0 047c.1611.dd9d ARPA Vlan180
Internet 192.168.210.85 0 402c.f4ed.498a ARPA Vlan210
Internet 192.168.1.157 0 Incomplete ARPA
Internet 192.168.180.40 0 3497.f69d.8b28 ARPA Vlan180
Internet 192.168.150.10 0 408d.5c4b.0a64 ARPA Vlan150
Internet 192.168.150.11 31 b42e.99b5.df7f ARPA Vlan150
Internet 192.168.190.35 0 38d5.4718.b85a ARPA Vlan190
Internet 192.168.160.62 7 305a.3a55.4972 ARPA Vlan160
Internet 192.168.210.77 3 1c1b.0dd6.2b7f ARPA Vlan210
Internet 192.168.50.160 3 6c5a.b001.8fab ARPA Vlan50
Internet 192.168.160.52 0 d85e.d369.5ae8 ARPA Vlan160
Internet 192.168.160.53 0 bcee.7b9d.3262 ARPA Vlan160
Internet 192.168.190.43 0 bcee.7b5a.b305 ARPA Vlan190
Internet 192.168.160.54 0 38d5.4718.c906 ARPA Vlan160
Internet 192.168.150.1 - 108c.cf48.b6c8 ARPA Vlan150

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to bobson143

‎05-15-2023 07:04 AM

Here is what I see so far: I do not see any particular issues about routing in the config. ip routing is enabled, the vlan interfaces are up/up, the vlan subnets appear in the routing table. But I do see some indications of problems, particularly in looking at the arp table I see a number of "incomplete" entries for addresses in vlan 1 and 10. All other subnets appear to have no issue but these 2 subnets (192.168.0.0/24 and 192.168.1.0/24) some hosts are reachable and some are not.

In looking at the config I notice that most of the vlans get their IP addressing from DHCP configured on the layer 3 switch. But the 2 vlans where there are issues do not get their addresses from DHCP on the layer 3 switch. Where do the hosts in these vlans get their IP address? 

In reading the original post again I focused on this statement " PC under VLAN 10 cannot ping PC on different VLAN" and I suspect that some of the PC in those vlans do not have correct gateway information (and/or perhaps incorrect mask for the IP address).

HTH

Rick
0 Helpful

bobson143
Level 1
Level 1
In response to Richard Burts

‎05-15-2023 08:00 PM

Hello Rick thank you for your patience helping me, just want you to know that the switch configuration was done by previous staff which no longer connected to the company I am working right now. What advice can you give? I am planning to reset the switch to factory settings to reconfigure it. Because right now I cannot setup my Domain directory. My plan is to have a windows DHCP server. For the meantime since I have problem with intervlan routing what I've done is to make the L3 switch as DHCP server base on the Vlan setup created in the existing switches.   

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to bobson143

‎05-16-2023 08:45 AM

You are welcome. If someone else configured this switch you are certainly able to start over and configure it. But I am not sure what you would do differently. Other than the access-group on vlan 200 I am not seeing things in the config that look like problems.

Up to this point we have been looking at issues about some PCs not being able to ping some devices. Based on what we know so far it is my opinion that this issue is something external to this switch. So I am not confident that a new/fresh configuration of the switch will fix this issue. Now you describe a different aspect about setting up your Domain directory. I am not clear what is involved/not working. But I would suggest that it might be better/easier to fix that issue in the current config rather than start over with a fresh config.

HTH

Rick
0 Helpful

bobson143
Level 1
Level 1
In response to Richard Burts

‎05-16-2023 05:10 PM

Hi Rick,

Is it possible that the firewall is responsible of blocking the inter vlan-routing? see below IP route, 192.168.0.251 is the IP of the firewall.

Gateway of last resort is 192.168.0.251 to network 0.0.0.0

C 192.168.120.0/24 is directly connected, Vlan120
C 192.168.210.0/24 is directly connected, Vlan210
C 192.168.150.0/24 is directly connected, Vlan150
C 192.168.180.0/24 is directly connected, Vlan180
C 192.168.110.0/24 is directly connected, Vlan110
C 192.168.130.0/24 is directly connected, Vlan130
C 192.168.160.0/24 is directly connected, Vlan160
C 192.168.200.0/24 is directly connected, Vlan200
C 192.168.140.0/24 is directly connected, Vlan140
C 192.168.250.0/24 is directly connected, Vlan250
C 192.168.190.0/24 is directly connected, Vlan190
C 192.168.170.0/24 is directly connected, Vlan170
C 192.168.0.0/24 is directly connected, Vlan10
C 192.168.50.0/24 is directly connected, Vlan50
C 192.168.1.0/24 is directly connected, Vlan1
C 192.168.100.0/24 is directly connected, Vlan100
S* 0.0.0.0/0 [1/0] via 192.168.0.251 

For now I will not reset the switch, I will try to fix the issue as you said it is external and not on the L3 switch. I will check other devices connected to switch specially the firewall.

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to bobson143

‎05-18-2023 11:06 AM

It is highly unlikely that the firewall is affecting inter vlan traffic. Packets to an outside/remote network would go through the firewall and could be affected. But packets from a device in one local vlan/subnet to a device in another local vlan/subnet should flow directly and I do not see how the firewall could be involved.

In a prior post I suggested that you use these steps in investigating the issue. On a PC that is having problems try these steps

- check its IP address, mask, and default gateway. are they what you expect?

- can it ping its default gateway?

- can it ping the vlan interface IP of other vlans?

- what does traceroute (or tracert) to an IP in another connected subnet do?

- what does traceroute (or tracert) to an Internet IP do?

HTH

Rick
0 Helpful

bobson143
Level 1
Level 1
In response to Richard Burts

‎05-19-2023 01:31 AM

Hi Rick,

See below ping and trace route from different Vlans

 
Vlan 10 - 192.168.0.10 (L3 Core Switch IP)
- 192.168.0.11 (L2 IP)
 
PC Host under Vlan 10
IP -192.168.0.98
Subnet Mask -255.255.255.0
Default Gateway -192.168.0.10
Can ping Vlan 150 interface - YES
Can ping Vlan 150 host - NO
 
Can ping Vlan 50 interface - YES
Can ping Vlan 50 host - NO
 
============================================
192.168.150.1 - Vlan 150 interface IP 
 
Host under Vlan 150
IP -192.168.150.63
Subnet Mask -255.255.255.0
Default Gateway -192.168.150.1
Can ping Vlan 10 interface - YES
Can ping gateway of vlan 10 - YES
Can ping host in Vlan 10 -YES
Can ping Vlan 50 interface - YES
Can ping Vlan 50 host - NO
 
============================================
192.168.50.1 - Vlan 50 interface IP 
 
Host under Vlan 50
IP -192.168.50.65
Subnet Mask -255.255.255.0
Default Gateway -192.168.50.1
Can ping Vlan 10 interface - YES
Can ping gateway of vlan 10 - YES
Can ping host in Vlan 10 -YES
Can ping Vlan 150 interface - YES
Can ping Vlan 150 host - NO
 
============================================
Ping From Vlan 10 PC
 
C:\Users\Administrator>ping 192.168.150.1
 
Pinging 192.168.150.1 with 32 bytes of data:
Reply from 192.168.150.1: bytes=32 time=1ms TTL=255
Reply from 192.168.150.1: bytes=32 time<1ms TTL=255
Reply from 192.168.150.1: bytes=32 time<1ms TTL=255
Reply from 192.168.150.1: bytes=32 time<1ms TTL=255
 
Ping statistics for 192.168.150.1:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 1ms, Average = 0ms
 
C:\Users\Administrator>ping 192.168.150.63
 
Pinging 192.168.150.63 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
 
Ping statistics for 192.168.150.63:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
 
C:\Users\Administrator>tracert 192.168.0.10
 
Tracing route to 192.168.0.10 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  192.168.0.10
 
Trace complete.
 
C:\Users\Administrator>tracert 192.168.150.1
 
Tracing route to 192.168.150.1 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  192.168.150.1
 
Trace complete.
 
C:\Users\Administrator>tracert 192.168.150.63
 
Tracing route to 192.168.150.63 over a maximum of 30 hops
 
  1    <1 ms    <1 ms    <1 ms  192.168.0.251
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
 
C:\Users\Administrator>tracert www.google.com
 
Tracing route to www.google.com [172.217.27.36]
over a maximum of 30 hops:
 
  1    <1 ms    <1 ms    <1 ms  192.168.0.251
  2    <1 ms     *        *     ***.***.***.***
  3     9 ms     9 ms     9 ms  ***.***.***.***
  4    24 ms    24 ms    24 ms  ***.***.***.***.static.****.net [***.***.***.***]
  5    50 ms    49 ms    49 ms  ***.***.***.***.static.****.net [***.***.***.***]
  6    48 ms    48 ms    48 ms  ***.***.***.***
  7    50 ms    62 ms    51 ms  ***.***.***.***
  8    67 ms    66 ms    66 ms  ***.***.***.***
  9    49 ms    49 ms    49 ms  ********-**-***.*****.*** [***.***.***.***]
 
Trace complete.

 

0 Helpful

MHM Cisco World
VIP
VIP
In response to bobson143

‎05-19-2023 11:08 AM

Hi why always the first hope is the FW ?
I see your DHCP config the default router is VLAN not FW.
can you check see what is GW for all host 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card