07-25-2013 11:58 AM - edited 03-07-2019 02:35 PM
I am trying to setup intervlan routing with 2 vlans on a 3550 switch.
I have done the standard commands:
enabled ip routing
setup vlan interfaces w/ ip add & netmasks
made sure all end devices have the right IP, netmask and gateway pointing to vlan interface IP addresses
checked to make sure switchports are assisned to the right vlans and the devices are plugged into the right ports to match vlan/subnet
Here is my issue:
I have two subnets/vlans
vlan 3 = 10.3.0.0/16 vlan 1 int = 10.3.1.1
vlan 10 = 10.1.10.0/24 lan 10 int = 10.1.10.1
When I am on an end device int he vlan 10 10.1.10.0/24 network I can ping other end users on local vlan but cannot ping gateway of vlan 3 or beyond.
When I am on an end device on vlan 3 10.3.0.0/16 network I can ping other end users on same vlan and I can ping gateway for vlan 10 but I cannot ping end users on vlan 10.
I have copied the config below and would appreciate any assistance. Thanks
Building configuration...
Current configuration : 2291 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname CapeNet_Switch
!
!
no aaa new-model
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface FastEthernet0/1
switchport mode dynamic desirable
!
interface FastEthernet0/2
switchport mode dynamic desirable
!
interface FastEthernet0/3
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/4
switchport mode dynamic desirable
!
interface FastEthernet0/5
switchport mode dynamic desirable
!
interface FastEthernet0/6
switchport mode dynamic desirable
!
interface FastEthernet0/7
switchport mode dynamic desirable
!
interface FastEthernet0/8
switchport mode dynamic desirable
!
interface FastEthernet0/9
switchport mode dynamic desirable
!
interface FastEthernet0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/11
switchport mode dynamic desirable
!
interface FastEthernet0/12
switchport access vlan 3
switchport mode access
!
interface FastEthernet0/13
switchport mode dynamic desirable
!
interface FastEthernet0/14
switchport mode dynamic desirable
!
interface FastEthernet0/15
switchport mode dynamic desirable
!
interface FastEthernet0/16
switchport mode dynamic desirable
!
interface FastEthernet0/17
switchport mode dynamic desirable
!
interface FastEthernet0/18
switchport mode dynamic desirable
!
interface FastEthernet0/19
switchport mode dynamic desirable
!
interface FastEthernet0/20
switchport mode dynamic desirable
!
interface FastEthernet0/21
switchport mode dynamic desirable
!
interface FastEthernet0/22
switchport mode dynamic desirable
!
interface FastEthernet0/23
switchport mode dynamic desirable
!
interface FastEthernet0/24
switchport mode dynamic desirable
!
interface GigabitEthernet0/1
switchport mode dynamic desirable
!
interface GigabitEthernet0/2
switchport mode dynamic desirable
!
interface Vlan1
no ip address
shutdown
!
interface Vlan3
ip address 10.3.1.1 255.255.0.0
!
interface Vlan10
ip address 10.1.10.1 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
07-26-2013 12:06 PM
Very strange. If everything correct from host end, do write mem on switch and reload (if not done already). See if that helps.
Thx
MS
07-26-2013 12:14 PM
Hello
So why do you have trunk mode set on two interfaces
Default those interfaces and make them access ports and assign then to correct vlan (This will by default create the l2 vlans in the DB)
Then create the l3 svi interfaces for these two vlans and apply the ip addresses to the end host as default gateways
Ip routing is already enabled so you should be good to go
FYI - If the end hosts are windows boxes they may have Icmp disabled in their sw fw so you may not be able to ping the other host until this is enabled
Res
Paul
Sent from Cisco Technical Support iPad App
07-26-2013 12:33 PM
I do not have trunking enabled on any of the interfaces!
I know you guys are trying to help and I really appreciate it but it does not help if you don't actually read the previous posts and/or you respond to something that was not stated.
I know it can get confusing with multiple posters offering advice and posting configs but here is a brief summary of my setup and problem:
I have a single 3550 switch on which there are two vlans setup and ip routing is enabled. I have two host devices in each vlan. The ports the host devices are connected to are set to access mode and are not trunked. The ports have been assigned to one of the two vlans. I have setup vlan interfaces with IP addresses as the default gateways for the hosts on the respective vlans. I have checked all of the Ip settings on all of the hosts to make sure that they are correct. I have checked the physical cabling to make sure each host is plugged into a port that is asigned to the right vlan to match it's ip addressing.
From a host on one of the vlans I can ping both gateways. From a host on the other vlan I can ping both gateways. I cannot ping from a host in one vlan to a host in the other vlan. It does not make sense that I can ping from the host to the gateway of a different vlan but not hosts on that different vlan.
There are no firewalls or av issues.
I hope this paints an accurate picture of where I am at. It has me stumped.
Thanks
07-26-2013 02:19 PM
Like you said, "It does not make sense that I can ping from the host to the gateway of a different vlan but not hosts on that different vlan."
It is possible that Windows firewall is causing this issue. For troubleshooting purposes can you disable it and then see if it works or not?
Also like Paul mentioned above did you create the vlan database? If you do "show vlan br" do you see VLAN 3 and VLAN 10.
Also try different ports and see if that works.
You can also run wireshark on the host you are pinging to see if you are even receving any ICMP packets.
07-26-2013 03:29 PM
Hi,
Sounds like most logical options are exhausted and the points made by rest of the guys are all valid.
Try this please. Instead of using ethernet ports 1-12 on the 3550 to connect your hosts into relevant VLANs, configure ports 13 and onwards. Also you may want to try one VLAN on port 1-12 and the second VLAN on port 13-24. Ports 1-12 and 13-24 are on two different ethernet controllers on the 3550 switch, see if that makes a difference. Guessing you've got a stable IOS running.
It will also be good idea to run packet capture in one of the VLANs to check for incoming pings from a host in the other VLAN. Since you can ping the foreign gateway, it implies that routing is happening between SVI's.Check the ARP table on the switch to make sure they are populated correctly and also L2 broadcast or unicast flooding is not blocked.
Hope this helps.
Rgds
04-19-2016 11:07 PM
Buckley, I realize this is a very old post, but did you ever find the solution to this problem? I'm doing the exact same type of setup. A single 3550 switch with 2 vlans doing InterVLAN routing. What did you find that got it to work properly.
I hate to sound desperate, but I REALLY need to know.
Any help would be appreciated!
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide