cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4136
Views
0
Helpful
13
Replies

Intervlan Routing Issues - Cannot Ping

icrjbilliau93
Level 1
Level 1

I'm at a loss here folks and really need some help.

Looking for some obvious things I may be overseeing?  Here is the situation quite simply.  Turning up a new site in Mexico to connect to our network.  They have their own carrier, modem, and we use one switch and a Sonicwall TZ215 with vpn tunnel.  I configured it all in the US here and shipped it down there with a console cable.  Now I'm finishing up some additional config. I'll post the config below.

Physical Layout:
Sonicwall XO  --> Port 24 on Cisco 2960-X
Avaya IP Appliance --> Port 22 on Cisco 2960-X
Test Laptop --> Port 2 on Cisco 2960-X

I had them down there plug in the Avaya (10.30.21.253) to port 22 because I need to access it and check its config.  The problem is, I can ping that IP from the switch itself, but from my laptop I can't ping it.  Nor can I ping it over the WAN here in the US.  The screwed up part is I can ping that gateway fine from any node on the network  (10.30.21.254).  I can also ping any of the vlan gateways ending in .245 on the switch. The tunnel networks work fine.

 

Now..if I put my laptop on vlan 121, I can ping the avaya appliance just fine.  On the vlan111 network, I cannot.  IP routing is enabled.  I've also got the correct return route configured on the sonicwall (if that matters in this test scenario)

 

!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SWMEXICO
!
boot-start-marker
boot-end-marker
!
enable secret 5
!
no aaa new-model
clock timezone UTC -6 0
clock summer-time UTC recurring
switch 1 provision ws-c2960x-24ps-l
ip routing
ip dhcp excluded-address 10.30.11.1 10.30.11.10
ip dhcp excluded-address 10.30.21.250 10.30.21.253
!
ip dhcp pool PC's
 network 10.30.11.0 255.255.255.0
 default-router 10.30.11.254
 dns-server 200.33.148.202 200.33.148.196
 lease 6
!
ip dhcp pool Phones
 network 10.30.21.0 255.255.255.0
 default-router 10.30.21.254
 option 176 ascii "mcipadd=10.30.21.253,mcport=1719,tftpsrvr=10.30.21.253"
 lease 6
!
!
vtp mode transparent
!
!
crypto pki trustpoint TP-self-signed-768520448
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-768520448
 revocation-check none
 rsakeypair TP-self-signed-768520448
!
!
crypto pki certificate chain TP-self-signed-768520448
 certificate self-signed 01
  30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 37363835 32303434 38301E17 0D313530 32303330 39303833
  315A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3736 38353230
  34343830 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  BBC0766E B4096302 C78534E0 B696E915 E16F419D 87089157 FD46E78D A024F11A
  4B1F887B AB5907A7 36E924C2 D82B0992 0FE5E50D F924CBE3 00CC022C 5FB171BF
  44333CD4 294CB9B6 CB817BAF 96319C2D F39A0862 587B2D93 D0FE1164 803AEBA5
  E6272B11 205E7B9B 4966617F D3C85B85 1AE6A4B8 5F4AB109 EE588E95 D1F9838B
  02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
  23041830 1680141A 266167F1 91A7542E 44F9E2C8 EE876903 9EAB1330 1D060355
  1D0E0416 04141A26 6167F191 A7542E44 F9E2C8EE 8769039E AB13300D 06092A86
  4886F70D 01010505 00038181 00B1B665 621AD0DA D837ED5F 95B58666 3FBF57F9
  FFE660DE 3CD3332B 666B3445 1657898A E733D56F 18A93549 73F4CFD4 B6EA6A0C
  E89EF404 4BDA652D 103DFA54 527A31A8 0DC44B59 1E3F61EA 55912C4C ECB24619
  BD56A7EA 97A82939 7CFA329A BD72CA6B 1865DE28 FD511C8D 57574351 F53772B7
  8B3A39DF 4A5690A1 DCAEA37B AF
        quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
!
!
vlan internal allocation policy ascending
!
vlan 30
 name Servers
!
vlan 99
 name Sonicwall
!
vlan 101
 name Management
!
vlan 111
 name PC's
!
vlan 121
 name Phones
!
vlan 145
 name Printers
!
!
!
!
!
!
interface FastEthernet0
 no ip address
 no ip route-cache
!
interface GigabitEthernet1/0/1
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport access vlan 111
 switchport mode access
 switchport voice vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 description Avaya IP04
 switchport access vlan 121
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 description Server
 switchport access vlan 30
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 description Link to Sonicwall
 switchport trunk native vlan 99
 switchport trunk allowed vlan 30,99,101,111,121,145
 switchport mode trunk
!
interface GigabitEthernet1/0/25
!
interface GigabitEthernet1/0/26
!
interface GigabitEthernet1/0/27
!
interface GigabitEthernet1/0/28
!
interface Vlan1
 no ip address
 shutdown
!
interface Vlan30
 description Servers
 ip address 10.30.0.254 255.255.255.0
!
interface Vlan99
 description Sonicwall
 ip address 10.30.99.253 255.255.255.0
!
interface Vlan101
 description Management
 ip address 10.30.1.254 255.255.255.0
!
interface Vlan111
 description PC's
 ip address 10.30.11.254 255.255.255.0
!
interface Vlan121
 description Phones
 ip address 10.30.21.254 255.255.255.0
!
interface Vlan145
 description Printers
 ip address 10.30.45.254 255.255.255.0
!
ip http server
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 10.30.99.254
!
!
*********************************************************^C
!
line con 0
line vty 0 4
 password
 login
line vty 5 15
 login
!
end
 
SWMEXICO#

 

 

Also, on the side, when I ping from a host for example, how does the traffic go..does it goto the sonicwall first because of the ip route statement, then the sonicwall returns the traffic back to the switch and the ping traffic to the host?  Or does local traffic not even traverse the sonicwall

13 Replies 13

Jon Marshall
Hall of Fame
Hall of Fame

Are absolutely sure you have the default gateway on the Avaya set correctly ?

Jon

no I guess I'm not 100% sure the gateway on the avaya is set correctly.  I havnt been able to log into it, but that is why I'm trying to get it connected.  Its from the previous network guy and he might have jacked it up.  However, I don't think so, because like I said...if I change my laptops vlan to 121 and it grabs a 10.30.21.* DHCP address, I can actually ping the avaya(10.30.21.253) fine from that laptop.  Wouldnt this tell me that the gateway is probably right?

 

Good idea on the exclude gateway. I will change that on Monday for sure.  What else can we think of or do that I can troubleshoot?  I gotta get this up and running monday/tuesday.

 

Thanks Jon!!

if I change my laptops vlan to 121 and it grabs a 10.30.21.* DHCP address, I can actually ping the avaya(10.30.21.253) fine from that laptop.  Wouldnt this tell me that the gateway is probably right?

No because if you are in the same subnet the Avaya doesn't use it's gateway.

If you can ping it when you are in the same vlan can you not log in to it ?

On the off chance the gateway has not been set can you post the output of "sh ip interface vlan 121".

I doubt this will help but it is worth checking.

Jon

Well, I'm remoted into a laptop at our mexico site from Michigan, and I lost the join me session after I changed the vlan..so I can't even do anything until Monday at this point (sux).  As far remoting into the avaya to check it, I would have to download the 1gigabyte avaya IP manager installer to the laptop to install it first which would take some time (considering their connection),Then I can probably do that, which it sounds like I'm gonna need to either way.

 

I'm sure your just as confused as me considering you really havnt said anything about the switch config yet, so you must think besides a few things (dhcp exlcudes) that it looks ok.

 

I guess I will have to reply back to this thread come Monday.

I can't see anything obviously wrong with the switch configuration.

If you can ping it on the same vlan but not from another vlan it sounds like the Avaya does not have the correct default gateway.

Especially as you can ping the vlan 121 SVI IP from any device on any vlan.

Can you just run "sh ip int vlan 121" and make sure proxy arp is enabled ?

Jon

ya I'll run it on Monday since I no longer can access the switch from the join.me session.  I can do a sh arp (I think it is) and I see 10.30.21.253 assigned to vlan 121.  So that is good...

Hey Jon,

 

Here is the sh int vlan121 that you asked about.

 

 

SWME01#sh ip interface vlan 121
Vlan121 is up, line protocol is up
  Internet address is 10.30.21.254/24
  Broadcast address is 255.255.255.255
  Address determined by non-volatile memory
  MTU is 1500 bytes
  Helper address is not set
  Directed broadcast forwarding is disabled
  Outgoing access list is not set
  Inbound  access list is not set
  Proxy ARP is enabled
  Local Proxy ARP is disabled
  Security level is default
  Split horizon is enabled
  ICMP redirects are always sent
  ICMP unreachables are always sent
  ICMP mask replies are never sent
  IP fast switching is enabled
  IP Flow switching is disabled
  IP CEF switching is enabled
  IP CEF switching turbo vector
  IP Null turbo vector
  IP multicast fast switching is disabled
  IP multicast distributed fast switching is disabled
  IP route-cache flags are Fast, CEF
  Router Discovery is disabled
  IP output packet accounting is disabled
  IP access violation accounting is disabled
  TCP/IP header compression is disabled
  RTP/IP header compression is disabled
  Probe proxy name replies are disabled
  Policy routing is disabled
  Network address translation is disabled
  BGP Policy Mapping is disabled
  Input features: MCI Check
  Output features: Input interface drop, Check hwidb
SWME01#

Thanks.

I just wanted to check proxy arp was enabled which it is.

So that must mean if you cannot connect to the Avaya from a different subnet on the 2960 that the Avaya has a gateway set but it is not from any of those subnets.

If it had no default gateway set then you should have been able to connect.

Unless it is not the Avaya's gateway that is the problem but from the symptoms you described it does sound that way.

Jon

So you were right...wrong gateway. changed it but still cant ping from 111...wtf...so odd

Also this is a newer 2960x in case that matters (config wise)

 

I did noticed that if I have port 22 (avaya appliance) configured for switchport voice vlan 121  I can't ping it from the host nor the switch itself. If I remove that and just make it switchport access vlan 121, pings works from the switch, but still can't ping from data vlan 111

NM, I figured it out!

Jon Marshall
Hall of Fame
Hall of Fame

By the way, I haven't done DHCP on IOS for a while but I think you might want to exclude the default gateway address you are handing out per pool.

Jon

Jon Marshall
Hall of Fame
Hall of Fame

Sorry I didn't answer your last question.

The default route on the 2960 will only be used for subnets not in the routing table.

If you mean when you ping between devices on different vlans but all these vlans are routed on the 2960 then no traffic doesn't have to go to the firewall  because the routing table on the switch will show all those subnets as locally connected.

Jon