07-25-2013 11:58 AM - edited 03-07-2019 02:35 PM
I am trying to setup intervlan routing with 2 vlans on a 3550 switch.
I have done the standard commands:
enabled ip routing
setup vlan interfaces w/ ip add & netmasks
made sure all end devices have the right IP, netmask and gateway pointing to vlan interface IP addresses
checked to make sure switchports are assisned to the right vlans and the devices are plugged into the right ports to match vlan/subnet
Here is my issue:
I have two subnets/vlans
vlan 3 = 10.3.0.0/16 vlan 1 int = 10.3.1.1
vlan 10 = 10.1.10.0/24 lan 10 int = 10.1.10.1
When I am on an end device int he vlan 10 10.1.10.0/24 network I can ping other end users on local vlan but cannot ping gateway of vlan 3 or beyond.
When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can ping gateway for vlan 10 but I cannot ping end users on vlan 10.
I have copied the config below and would appreciate any assistance. Thanks
Building configuration...
Current configuration : 2291 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CapeNet_Switch
!
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
ip address 10.3.1.1 255.255.0.0
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
07-25-2013 12:17 PM
Hi,
Are the vlan interface in up and up mode?
sh ip int bri vlan 3
sh ip int bri vlan 10
sh ip int bri fa10
sh ip int bri fa3
What is the output of sh vlan id 3 and
sh vlan is 10
interface FastEthernet0/10
HTH
07-25-2013 12:18 PM
Hi,
May be a typo while posting, bu can you check on Vla10 information?
Your posting says..
vlan 10 = 10.1.10.0/25 lan 10 int = 10.1.10.1
Config:
interface Vlan10
ip address 10.1.10.1 255.255.255.0 --> /24
Thx
MS
07-25-2013 12:25 PM
It was a typo on the netmask, should have been 24. I corrected.
All interfaces are up.
sh vlan id output is below
CapeNet_Switch> sh vlan id 3
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
3 VLAN0003 active Fa0/3, Fa0/12
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
3 enet 100003 1500 - - - - - 0 0
Remote SPAN VLAN
----------------
Disabled
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
CapeNet_Switch>sh vlan id 10
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
10 VLAN0010 active Fa0/10
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
10 enet 100010 1500 - - - - - 0 0
07-25-2013 12:34 PM
Hi,
What is the default gateway for devices on vlan 3 ?
Regards,
Alex.
Please rate useful posts.
07-25-2013 12:39 PM
Hello,
When you are able to ping inside the subnet but not outside the subnet. Check whether the PC is configured with correct Gateway IP .
All the Hosts under vlan3 the gateway ip should be 10.3.1.1
All the Hosts under vlan10 the gateway ip should be 10.1.10.1
Example:
PC1
ip address: 10.3.1.10
subnet mask: 255.255.255.0
Gateway ip: 10.3.1.1
If it helps you, please rate the post.
Thanks,
Srikanth
07-25-2013 12:45 PM
As I stated in my original post. The ip address, netmask and gateway on the end user devices on both vlans is one of the first things i checked.
All devices on vlan 3 have netmask of /16 and dg of 10.3.1.1
All devices on vlan 10 have netmask of /24 and dg of 10.1.10.1
Thansk guys
07-25-2013 12:51 PM
When I am on an end device int he vlan 10 10.1.10.0/24 network I can ping other end users on local vlan but cannot ping gateway of vlan 3 or beyond.
Have you double checked that the host device on vlan 10 has the correct defeault gateway?
When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can ping gateway for vlan 10 but I cannot ping end users on vlan3 (I assume you mean vlan 10 right?)
If this is the case that that takes me back to my point above. When the packet from vlan comes over with the IP address that is outside the VLAN 10 network, the device doesn't have a working default gateway to send it back. The reason why you can ping the SVI for VLAN 10 from vlan 3 is because they are directly connected ( you can see this by doing a show ip route 10.3.0.0 or show ip route 10.1.10.0). However your end devices in vlan 10 have no clue how to leav vlan 10.
HTH
07-25-2013 01:11 PM
Yes barweiss that was a typo. I meant to say
When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can ping gateway for vlan 10 but I cannot ping end users on vlan 10
Sorry for the mistake.
I have triple checked the IP addresses, subnet masks and default gateways configured on the end devices on both vlans. they are correct. I have also checked the port assisgnments on the 3550 and cabling to make sure I don't have a layer 1 issue of an end device being plugged into a port that has the wrong vlan assigned to it.
Configuring intervlan routing with two vlans on alayer 3 switch is pretty straightforward. That is why I am so perplexed.
07-25-2013 01:11 PM
Sorry just saw you last post that you verified your DG on the hosts. In that case I'm not sure what it could be, because everythig else looks right to me. Can ping the hosts on vlan 10 by soruce it from vlan 3 on the switch?
i.e. ping 10.1.10.x source 10.3.1.1
07-25-2013 12:54 PM
this is my configuration for my 3560 layer 3 with intervlan and i am able to ping and send packets between 2 vlans on two different switches. maybe you'll find something in here.
!
hostname Switch
ip routing
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport access vlan 10
switchport mode trunk
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode trunk
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
.
.
!
interface Vlan1
no ip address
shutdown
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
!
interface Vlan20
ip address 10.10.20.1 255.255.255.0
!
ip classless
Switch#
07-25-2013 04:27 PM
Hello
Have you created the vlans in the L2 database?
conf t
vlan3,10
exit
also on the trunk interfaces,
default int fa0/1
default int fa0/2
int ran fa0/1 -2
switchport trunk enacp dot
switchport mode trunk
no shut
ip subnet-zero
res
Paul
Please don't forget to rate any posts that have been helpful.
Thanks.
07-25-2013 02:02 PM
What replies do you get from the pings?
Destination host unreachable or request timed out?
can you post the output from the various ping scenarios?
also what's show ip route look like?
07-25-2013 04:09 PM
If the above is the config of the switch where L3 vlan's 10 & 20 created.
Are the Hosts connected to Fa0/1 and Fa0/2. if so do configure the ports as access ports as like below
interface FastEthernet0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/2
switchport access vlan 20
switchport mode access
If the ports Fa0/1 and 0/2 is connected with the other switches, configure them as trunk port with the specific vlans you want to allow on that trunk port.
interface FastEthernet0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 10
!
interface FastEthernet0/2
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 20
************
Provide me the below output from the switch.
sh interface vlan 10
sh interface vlan 20
sh interface fastethernet0/1
sh interface fastethernet0/2
Thanks
Srikanth
07-26-2013 11:25 AM
There are no other switches connected to the 3550. The setup conists of a single 3550 switch with two vlans on it and two host devices on each vlan. That's it. There is no need to trunk any interfaces.
Currently I can ping from host device to another host device on same subnet. I can ping from host device on either vlan to both defalt gateways. What I cannot due is ping from a host device on one vlan to a host device on the other vlan. I have quadrupled checked the ip settings (ip, netmask and dg) on all host dvices and they are set correctly.
I have ip routing enabled.
If I run show ip route both networks are in the routing table.
Firewallsare not the issue nor Av or anything like that.
When I try to ping from a host device on one vlan to a host device on the other vlan I see "request timed out."
The only other thing that is odd is that when I setup continuous pings I see latecny jumping up and down and packets being dropped when I ping from host on vlan 3 to vlan 10 gateway. But there are no errors on the interface in the switch that the host I am pinging from is using.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide