cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4557
Views
0
Helpful
20
Replies

InterVLAN routing not working on 3550 switch

dbuckley77
Level 1
Level 1

I am trying to setup intervlan routing with 2 vlans on a 3550 switch.

I have done the standard commands:

enabled ip routing

setup vlan interfaces w/ ip add & netmasks

made sure all end devices have the right IP, netmask and gateway pointing to vlan interface IP addresses

checked to make sure switchports are assisned to the right vlans and the devices are plugged into the right ports to match vlan/subnet

Here is my issue:

I have two subnets/vlans

vlan 3 = 10.3.0.0/16  vlan 1 int = 10.3.1.1

vlan 10 = 10.1.10.0/24 lan 10 int = 10.1.10.1

When I am on an end device int he vlan 10 10.1.10.0/24 network I can ping other end users on local vlan but cannot ping gateway of vlan 3 or beyond.

When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can  ping gateway for vlan 10 but I cannot ping end users on vlan 10.

I have copied the config below and would appreciate any assistance.  Thanks

Building configuration...

Current configuration : 2291 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname CapeNet_Switch

!

!

no aaa new-model

ip subnet-zero

ip routing

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport mode dynamic desirable

!

interface FastEthernet0/2

switchport mode dynamic desirable

!

interface FastEthernet0/3

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/4

switchport mode dynamic desirable

!

interface FastEthernet0/5

switchport mode dynamic desirable

!

interface FastEthernet0/6

switchport mode dynamic desirable

!

interface FastEthernet0/7

switchport mode dynamic desirable

!        

interface FastEthernet0/8

switchport mode dynamic desirable

!

interface FastEthernet0/9

switchport mode dynamic desirable

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport mode dynamic desirable

!

interface FastEthernet0/12

switchport access vlan 3

switchport mode access

!

interface FastEthernet0/13

switchport mode dynamic desirable

!

interface FastEthernet0/14

switchport mode dynamic desirable

!        

interface FastEthernet0/15

switchport mode dynamic desirable

!

interface FastEthernet0/16

switchport mode dynamic desirable

!

interface FastEthernet0/17

switchport mode dynamic desirable

!

interface FastEthernet0/18

switchport mode dynamic desirable

!

interface FastEthernet0/19

switchport mode dynamic desirable

!

interface FastEthernet0/20

switchport mode dynamic desirable

!

interface FastEthernet0/21

switchport mode dynamic desirable

!

interface FastEthernet0/22

switchport mode dynamic desirable

!

interface FastEthernet0/23

switchport mode dynamic desirable

!

interface FastEthernet0/24

switchport mode dynamic desirable

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan3

ip address 10.3.1.1 255.255.0.0

!

interface Vlan10

ip address 10.1.10.1 255.255.255.0

!        

ip classless

ip http server

!

!

control-plane

!

!

line con 0

line vty 5 15

!

end

20 Replies 20

Reza Sharifi
Hall of Fame
Hall of Fame

  Hi,

Are the vlan interface in up and up mode?

sh ip int bri vlan 3

sh ip int bri vlan 10

sh ip int bri fa10

sh ip int bri fa3

What is the output of sh vlan id 3 and

sh vlan is 10

interface FastEthernet0/10

HTH

mvsheik123
Level 7
Level 7

Hi,

May be a typo while posting, bu can you check on Vla10 information?

Your posting says..

vlan 10 = 10.1.10.0/25 lan 10 int = 10.1.10.1

Config:

interface Vlan10

ip address 10.1.10.1 255.255.255.0  --> /24

Thx

MS

It was a typo on the netmask, should have been 24.  I corrected.

All interfaces are up.

sh vlan id output is below

CapeNet_Switch>  sh vlan id 3

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

3    VLAN0003                         active    Fa0/3, Fa0/12

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

3    enet  100003     1500  -      -      -        -    -        0      0  

Remote SPAN VLAN

----------------

Disabled

Primary Secondary Type              Ports

------- --------- ----------------- ------------------------------------------

CapeNet_Switch>sh vlan id 10

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

10   VLAN0010                         active    Fa0/10

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

10   enet  100010     1500  -      -      -        -    -        0      0  

Hi,

What is the default gateway for devices on vlan 3 ?

Regards,
Alex.
Please rate useful posts.

Regards, Alex. Please rate useful posts.

Hello,

When you are able to ping inside the subnet but not outside the subnet. Check whether the PC is configured with correct Gateway IP .

All the Hosts under vlan3 the gateway ip should be 10.3.1.1

All the Hosts under vlan10 the gateway ip should be 10.1.10.1

Example:

PC1

ip address: 10.3.1.10

subnet mask: 255.255.255.0

Gateway ip: 10.3.1.1

If it helps you, please rate the post.

Thanks,

Srikanth

As I stated in my original post.  The ip address, netmask and gateway on the end user devices on both vlans is one of the first things i checked.

All devices on vlan 3 have netmask of /16 and dg of 10.3.1.1

All devices on vlan 10 have netmask of /24 and dg of 10.1.10.1

Thansk guys

barweiss45
Level 1
Level 1

When I am on an end device int he vlan 10 10.1.10.0/24 network I can ping other end users on local vlan but cannot ping gateway of vlan 3 or beyond.

Have you double checked that the host device on vlan 10 has the correct defeault gateway?

When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can ping gateway for vlan 10 but I cannot ping end users on vlan3 (I assume you mean vlan 10 right?)

If this is the case that that takes me back to my point above. When the packet from vlan comes over with the IP address that is outside the VLAN 10 network, the device doesn't have a working default gateway to send it back. The reason why you can ping the SVI for VLAN 10 from vlan 3 is because they are directly connected ( you can see this by doing a show ip route 10.3.0.0 or show ip route 10.1.10.0). However your end devices in vlan 10 have no clue how to leav vlan 10.

HTH

Yes barweiss that was a typo.  I meant to say

When I am on an end device on vlan 3 10.3.0.0/16 network I can ping  other end users on same vlan and I can ping gateway for vlan 10 but I  cannot ping end users on vlan 10

Sorry for the mistake.

I have triple checked the IP addresses, subnet masks and default gateways configured on the end devices on both vlans.  they are correct.  I have also checked the port assisgnments on the 3550 and cabling to make sure I don't have a layer 1 issue of an end device being plugged into a port that has the wrong vlan assigned to it.

Configuring intervlan routing with two vlans on alayer 3 switch is pretty straightforward.  That is why I am so perplexed.

Sorry just saw you last post that you verified your DG on the hosts. In that case I'm not sure what it could be, because everythig else looks right to me. Can ping the hosts on vlan 10 by soruce it from vlan 3 on the switch?

i.e. ping 10.1.10.x source 10.3.1.1

howithink
Level 1
Level 1

this is my configuration for my 3560 layer 3 with intervlan and i am able to ping and send packets between 2 vlans on two different switches. maybe you'll find something in here.

!
hostname Switch

ip routing
!
!

spanning-tree mode pvst
!

interface FastEthernet0/1
switchport access vlan 10
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
.
.

!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
!
interface Vlan20
ip address 10.10.20.1 255.255.255.0
!
ip classless


Switch#

Hello

Have you created the vlans in the L2 database?

conf t

vlan3,10

exit

also on the trunk interfaces,

default int fa0/1

default int fa0/2

int ran    fa0/1 -2

switchport trunk enacp dot

switchport mode trunk

no shut

ip subnet-zero

res

Paul

Please don't forget to rate any posts that have been helpful.

Thanks.


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Robert R
Level 1
Level 1

What replies do you get from the pings?

Destination host unreachable or request timed out?

can you post the output from the various ping scenarios?

also what's show ip route look like?

If the above is the config of the switch where L3 vlan's 10 & 20 created.

Are the Hosts connected to Fa0/1 and Fa0/2. if so do configure the ports as access ports as like below

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 20

switchport mode access

If the ports Fa0/1 and 0/2 is connected with the other switches, configure them as trunk port with the specific vlans you want to allow on that trunk port.

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 10

!

interface FastEthernet0/2

switchport trunk encapsulation dot1q

switchport mode trunk

switchport trunk allowed vlan 20

************

Provide me the below output from the switch.

sh interface vlan 10

sh interface vlan 20

sh interface fastethernet0/1

sh interface fastethernet0/2

Thanks

Srikanth

There are no other switches connected to the 3550.  The setup conists of a single 3550 switch with two vlans on it and two host devices on each vlan.  That's it.  There is no need to trunk any interfaces.

Currently I can ping from host device to another host device on same subnet.  I can ping from host device on either vlan to both defalt gateways.  What I cannot due is ping from a host device on one vlan to a host device on the other vlan.  I have quadrupled checked the ip settings (ip, netmask and dg) on all host dvices and they are set correctly.

I have ip routing enabled.

If I run show ip route both networks are in the routing table.

Firewallsare not the issue nor Av or anything like that.

When I try to ping from a host device on one vlan to a host device on the other vlan I see "request timed out."

The only other thing that is odd is that when I setup continuous pings I see latecny jumping up and down and packets being dropped when I ping from host on vlan 3 to vlan 10 gateway.  But there are no errors on the interface in the switch that the host I am pinging from is using.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco