Re: InterVlan not reponding

denilson.mota · ‎07-11-2018

Hi folks,

I have a WS-C3750G-48TS switch and I have a vlan configured on it, Vlan 101,103,104,105. The default route of the switch is ASA firewall connected on Vlan 101. From the switch if I try to ping a host on vlan101 using vlan104 as a source the packet is dropped. In the firewall all access rules from this vlan subnets is configured on the interface connected to vlan 101 and the same is connected to the switch.

I have a static route in the ASA firewall for all vlans(103,104,105) point to switch on vlan 101 IP.

Any idea why I not able to communicate with host on vlan101 from vlan 103,104 and 105?

Thank you in advance,

DM

Seb Rupik · ‎07-11-2018

Hi there,

Have you enabled ip routing on the 3750?

!
ip routing
!

If you have already, please share the running connfig of the switch.

cheers

Seb.

denilson.mota · ‎07-12-2018

Yes I already enabled the ip routing

find the running config of the switch and gave your inputs.

Cheers,

denilson.mota · ‎07-13-2018

Anyone help on this please!

Cheers,

DM

Seb Rupik · ‎07-13-2018

Hi there,
With your two devices connected to the switch, in VLANs 101 and 104, please provide the following information:

sh ip arp
sh mac-address table
sh spanning-tree vlan 101
sh spanning-tree vlan 104

What are the MAC addresses of the devices involved? What does their interface config look like, IP, subnet mask and GW?

cheers,
Seb.

denilson.mota · ‎07-13-2018

Hi Seb,

Thanks for you reply. As I said all vlans (101,103,104,105) is configured on the same switch, and the switch is connected to ASA FW on vlan 101. The default gateway of the switch is ASAFW IP on VLAN 101. All vlans on the switch going out tru same ASAFW interface, from ASAFW have a static route from vlan 101,103,104,105 network point to the switch were is connected to. From a host in the vlan 101 I can reach all others host in vlan 103,104,105 but from those vlans i cant reach vlan 101.

Christopher Bell · ‎07-13-2018

Check your firewall logs for the IP addresses of the two sources. Assuming there is no host based firewall on your two sources for vlan 101 and 104 right?

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Seb Rupik · ‎07-13-2018

You keep mentioning the ASA, but in your topology the inter-VLAN routing will should be occurring on the switch as that is where the SVIs are located, unless there is something mis-configured on the clients as a result of DHCP handed out by 10.0.2.11 . This is why I asked for the output above. To that end it would help to know what the routing table looks like on the two example clients too.

cheers,

Seb.

adarodri · ‎07-13-2018

Are the Vlans defined in the Vlan database? Routing across SVIs won't work unless IP routing is on, Vlans are created in Vlan database, and there are access / trunk ports defined for each Vlan.

denilson.mota · ‎07-16-2018

denilson.mota · ‎07-16-2018

Hi,
As you can see on the attached picture I have configured the following?
- Vlan as configured and are enabled
- Ip routing is configured for SVI communication
- From Vlan 101 I can reach all other vlans
- From vlan 103-105 I can't reach vlan 101

Thank you,