cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1259
Views
3
Helpful
3
Replies

InterVLAN Issue , HELP !

Anup Sasikumar
Level 1
Level 1

Hello , 

Two networks

172.26.10.X /24  - Vlan 10 

172.16.10.X/24   - Vlan 20

They both have interface vlan configured on Core Switch

172.26.10.1 /24 - Interface vlan 10

172.16.10.1 /24 - Interface vlan 20

Trunking configured correctly

I am not able to acheive connectvitiy between PCs in both vlans

But if I change the vlan 20 to 172.26.20.X /24 and make corresponding change in Interface Vlan on Core Switch to 172.26.20.1  , There exists connectvity !

Is there anyway I can acheive connectivity without changing the IP ranges ?

Regards,
Anup

Regards,
Anup
3 Replies 3

Marvin Rhoads
Hall of Fame
Hall of Fame

The switch should work either way. Assuming both SVIs are up/up on the core, it sounds more like a default gateway or similar setup issue on the end hosts.

With switch in "non-working" mode, can you show us the output of:

show run int vlan 10

show run int vlan 20

and

show int vlan 10

show int vlan 20

Hello Marvin

Thanks for your reply

I dont have access to the infra right now but I do have a saved running config

SVIs are up and running , Default gateway on the end hosts is also configured to be the corresponding SVIs

But what puzzles me is a VLAN access list configured , I could not see its been applied to any vlans using " vlan filter " command

vlan access-map block 10
 action forward
 match ip address block
vlan internal allocation policy ascending

ip access-list extended block
 permit tcp 172.26.100.0 0.0.0.255 host 172.16.20.167 eq 22
 permit tcp host 172.16.20.167 172.26.100.0 0.0.0.255 eq 22
 permit tcp 172.26.100.0 0.0.0.255 host 172.16.20.148 eq 22
 permit tcp 172.26.100.0 0.0.0.255 host 172.16.20.172 eq 22
 permit tcp host 172.16.20.172 172.26.100.0 0.0.0.255 eq 22
 permit ip 172.26.100.0 0.0.0.255 host 172.26.20.101
 permit ip host 172.26.20.101 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.110.12
 permit ip host 172.16.110.12 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.110.51
 permit ip host 172.16.110.51 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.10.52
 permit ip host 172.16.10.52 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.10.53
 permit ip host 172.16.10.53 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.10.62
 permit ip host 172.16.10.62 172.26.100.0 0.0.0.255
 permit ip 172.26.100.0 0.0.0.255 host 172.16.10.64
 permit ip host 172.16.10.64 172.26.100.0 0.0.0.255
 permit ip host 172.26.100.101 any
 permit ip any host 172.26.100.101
 permit ip host 172.26.100.105 any
 permit ip any host 172.26.100.105
 permit ip host 172.26.100.102 any
 permit ip any host 172.26.100.102
 deny   ip any any

Also  " deny ip any any " counter does not increment when " show access-list " is checked

So I dont think the traffic hits the access list statement too .

Could you please share your feedback ?

Regards,
Anup

Regards,
Anup

Hmm OK. I haven't worked with VACLs much and seldom (well almost never) see them in customer networks. I imagine "show vlan filter" confirms there are no VACLs affecting your flow.

Are both hosts plugged directly into the core? If not, have you confirmed the downstream switches' setup and that the trunks in between are passing the VLANs?

Review Cisco Networking for a $25 gift card