09-29-2017 11:50 AM - edited 03-08-2019 12:13 PM
Hello, I am teaching a networking class with some old 2620XM routers, C3550, and C2960 switches.
In the lab I have them create on SW1 an access port to Sw2 vlan 5 on both sides. Also on SW1 they create an interface vlan 5 and assigna 192.168.5.x /24 IP to allow pings to and from the switch as we have no hosts.
On switch 2 they setup access 5 to SW1, a trunk to a 2620XM router, and a access vlan 10 to SW 3.
On switch 3 they setup access vlan 10 and an interface vlan 10 with an ip 192.168.10.x /24
on the router we setup subinterfaces 0/0.x for each vlan. Setup encapulation and an IP for each Vlan.
At this point everything works we can ping from switch 1 to switch 3 etc.
Here is the problem we face. Since we reuse these switches over and over again some of the students leave interface vlans on the switches. So on Sw1 and 3 they have interface vlan 5 and 10 with IPs.
When they have both sets of interface vlans this stops pings between the switches. It still allow pings to the router 10.x or 5.x IP address.
The question I have is why does having the additional interface vlan break the ping?
There is some switch logic I am missing.
09-29-2017 12:06 PM
09-29-2017 12:15 PM
yes this is a layer 2 interface.
So some more details.
config example:
Sw1
interface vlan 5
ip address 192.168.5.1 255.255.255.0
no shut
interface vlan 10
ip address 192.168.10.1 255.255.255.0
no shut
int fa0/10
switchport mode access
switchport access vlan 10
desc link to sw2
no shut
sw2
int fa0/4
switchport mode trunk
desc link to router
no shut
int fa0/10
switchport mode access
switchport access vlan 10
desc link to sw1
no shut
int fa0/20
switchport mode access
switchport access vlan 5
desc link to sw3
no shut
sw3
int vlan 5
ip address 192.168.5.3 255.255.255.0
no shut
int vlan 10
ip addresss 192.168.10.3 255.255.255.0
no shut
int fa0/20
switchport mode access
switchport access vlan 5
router IPs
192.168.5.10
192.168.10.10
so ping from sw3 to router
192.168.5.10 !!!!!
192.168.10.10 !!!!!!
sw3 to sw1
192.168.10.1 ..... timeout
if we setup a vlan interface on sw2 in vlan 5 or 10 sw3 can ping either IP on sw2.
So based on that I can tell that the router is routing the pings but pings dont make it to the either switch 1 or 3.
09-29-2017 01:34 PM - edited 09-29-2017 01:37 PM
Hi,
You are making a mistake on your topology. There´s no limitation on how many vlans can work at same time.
You create Interface vlan 5 and 10 on SW1, but the interface that connects SW1 to SW2 is in the VLAN 10 only.
You can not reach Vlan 5 on SW1 if Interfac 0/10 can carrie only VLAN 10 traffic. On this case, a trunk between SW1 and SW2 would be required.
Keep in mind that Port in Access can carrie traffic to only one VLAN at a time. To carrie traffic to more then one VLAN, you need trunk.
Hope I could explain clearly.
Try setup trunk and let me know if you need any more help.
09-29-2017 01:52 PM
Thanks for the reply. I do understand that a trunk would save this, but since this is for a lab of how intervlan routing works, that would defeat the purpose. A trunk would allow all vlan 5 traffic to reach all other switches on vlan 5 and would not have to go to the router. Same with vlan 10.
Again what I'm asking here is with interface vlan's of 5 and 10 on both end switches why does having them both setup stop intervlan router to complete when either end can ping the routers vlan 5 or 10 IP's.
09-29-2017 02:11 PM - edited 09-29-2017 02:18 PM
Hi Adamabel,
Could you please provide more details about this:
Again what I'm asking here is with interface vlan's of 5 and 10 on both end switches why does having them both setup stop intervlan router to complete when either end can ping the routers vlan 5 or 10 IP's.
There are 2 ways to make intervlan routing.
Having a Router and use different networks configured on its interfaces, remember the IP configured on the Router's interfaces will be the gateway for each network. Other way using Router is creating the scheme: router in a stick, where you are going to use encapsulation dot1q.
The other way is using a Multilayer switch, this kind of switch basically can work over Layer 3 as well, enabling the command: IP Routing. You can use the SVI's (Interface vlan) in order to assign the default gateway for each VLAN.
09-29-2017 03:13 PM - edited 09-29-2017 03:14 PM
I think I got your point. I simulated your environment on the PackeTracer and I got the same situation.
The problem is as follow. As you create two Interface Vlan on the Switch but you have only one interface either Vlan 5 or Vlan 10, the other Vlan stay in Down status.
Run the command "show ip int br" on both ends and confirm that:
Vlan5 192.168.5.2 YES manual up up
Vlan10 192.168.10.2 YES manual down
I am attaching my Lab for your reference. You need to rename it with .pkt extension.
The conclusion is that this setup wont work,
10-09-2017 11:53 AM
Thanks for the reply. This explains how to fix it but not why the behavior happens. While in class I believe I found one possible explaination, but it doesn't quite work with what you found in the show ip int bri. But here it is anyways.
1. SW1 sends a ping to SW3 and the packet will look like this.
Dest MAC R1
Src MAC SW1
Dest IP 192.168.5.3
Src IP 192.168.5 or 10.1 (since we have two interface vlans that could be the source)
for this explaination lets use 192.168.5.1
1. So packet goes to SW 2 and shows up in the vlan 10 mac table of the switch.
2. it checks the dest mac and sends the packet to the router.
3. packet is tagged vlan 10 going to the router
4. router gets it checks SRC IP and Dest IP and send it down its vlan 5 interface and tags it.
5. Packet gets to Sw2 tagged vlan 5. It then adds this to its vlan 5 mac table and sends it to SW3 the only other port on vlan 5.
6. SW3 gets it and sends a reply. So far so good, but what does the reply look like.
dest MAC Router
src mac SW3
dest IP 192.168.5.1
src 192.168.5.3
7. Sw3 sends this out its vlan 5 interfaces
8. sw2 gets it adds it to the vlan 5 mac table and sends it up the trunk to the router.
9. Here is where things break. the router gets it sees the dest is 192.168.5.1 which is on the vlan 5 tagged interfaces. so it sends it back down the same interface that SW2 sent the packet tagged vlan 5.
10. SW 2 gets it tagged vlan 5 so the only place it could send it is back to Sw3 not to SW1 and the packet eventually dies here because of either TTL or switch filtering rules.
10-09-2017 12:48 PM
Well elaborated but I think the explanation is way more simple.
If you create a Int VLAN in IOS but does not attribure any interface to it, the status will be down and no communitation will be possible on this vlan, simple like that.
I just create this Interface vlan on my switch right now:
Switch(config)#int vlan 10
Switch(config-if)#
Switch(config-if)#
Switch(config-if)#ip add 10.10.10.9 255.255.255.0
Then I run :
sh ip int br
FastEthernet2/15 unassigned YES unset up up
Vlan1 unassigned YES unset up up
Vlan10 10.10.10.9 YES manual up down
As soon as I added an Interface to it, the status now is up:
FastEthernet2/14 unassigned YES unset up up
FastEthernet2/15 unassigned YES unset up up
Vlan1 unassigned YES unset up up
Vlan10 10.10.10.9 YES manual up up
The proper way to play with Intervan routing is create independent connection with router and switches and done!
The switch in between is increasing complexity and does not help on the Intervlan routing at all.
10-09-2017 02:09 PM
11-05-2017 01:12 PM
Hello
In your OP you state that:
sw2 is connected to sw 1 via access port vlan 5 and a trunk ( why both?)
sw2 is connect to sw3 via access port vlan 10
But then in the config you posted its the other away around?
However - if you have multiple SVI on a switch then you need to enable ip routing and in your scenario you have "routing on a stick" with the router providing inter-vlan routing but at the same time both sw1& sw3 have multiple SVIs. ( do they have ip routing enabled?)
I am thinking even if this two switches have multiple SVis applied if the ip routing being enabled that could be causing the problem.
Correct topology regards your setup (with the rtr performing inter-vlan routing):
rtr
subinterfaces with dot1q enacp for each vlan
sw2
trunk to rtr
access port to each sw1 & sw3 on specific vlan
ip routing disabled
sw1-sw3
svi for the specific vlan the access port is connected to sw 2 is in ( for mgt purposes ONLY)
ip routing disabled
res
Paul
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide