Solved: InterVlan Routing not working on L3 SW's

Kasper Elsborg · ‎02-11-2022

Hi community, I have this problem with intervlan routing on some C3560 Switches. Vlan 2 is working, with internet connection. SW 1 is connected to ISP router 192.168.2.1/24 in VLAN2. PC1 in SW2/Vlan 2 can ping interfaces Vlan1-3 on SW1, and have internet connection. PC2 in SW2/vlan3 can ping SW1 int vlan1-3. PC1 and PC2 cannot ping eachother. I dont ecpect PC2 to have internet connection, as I have no return route to Vlan3 in ISP router. What am I doing wrong? I have listed the output here, as I don't know how to format the output. If I am posting it wrong please tell me

SW1_Core_POE#sh run
Building configuration...

Current configuration : 4200 bytes
!
! Last configuration change at 02:56:12 UTC Mon Jan 2 2006 by kasper
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW1_Core_POE
!
boot-start-marker
boot-end-marker
!
enable password wsdwegre
!
username xxx privilege 15 password 0 yyy
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
!
!
!
!
!
aaa session-id common
system mtu routing 1500
ip routing
!
!
no ip domain-lookup
ip domain-name area51.com
!
!
!
!
!
!
!

!

spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!

!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description VLAN2
switchport access vlan 2
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/2
description VLAN2
switchport access vlan 2
switchport mode access
speed 1000
duplex full
!
interface GigabitEthernet0/3
description VLAN2
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
description VLAN2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/5
description VLAN2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/6
description VLAN2
switchport access vlan 2
switchport mode access
power inline never
!
interface GigabitEthernet0/7
description VLAN2
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/8
description VLAN2
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
speed 100
duplex full
!
interface GigabitEthernet0/9
switchport access vlan 2
switchport mode access
spanning-tree link-type point-to-point
!
interface GigabitEthernet0/10
description TRUNK
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
media-type rj45
!
interface Vlan1
ip address 192.168.1.254 255.255.255.0
!
interface Vlan2
ip address 192.168.2.254 255.255.255.0
!
interface Vlan3
ip address 192.168.3.254 255.255.255.0
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 192.168.2.1
ip ssh version 2
!
!
ip sla enable reaction-alerts
!
!
!
!
!
line con 0
line vty 5 15
!
!
end

SW1_Core_POE#
SW1_Core_POE#
SW1_Core_POE#sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override

Gateway of last resort is 192.168.2.1 to network 0.0.0.0

S* 0.0.0.0/0 [1/0] via 192.168.2.1
192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.1.0/24 is directly connected, Vlan1
L 192.168.1.254/32 is directly connected, Vlan1
192.168.2.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.2.0/24 is directly connected, Vlan2
L 192.168.2.254/32 is directly connected, Vlan2
192.168.3.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.3.0/24 is directly connected, Vlan3
L 192.168.3.254/32 is directly connected, Vlan3
SW1_Core_POE#

SW2_Access#sh run
Building configuration...

Current configuration : 4691 bytes
!
! Last configuration change at 03:44:47 UTC Mon Jan 2 2006 by kasper
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname SW2_Access
!
boot-start-marker
boot-end-marker
!
enable password sdfgreth
!
username xxx privilege 15 password 0 yyy
aaa new-model
!
!
aaa authentication login default local
aaa authorization exec default local
aaa authorization network default local
!
!
!
!
!
!
aaa session-id common
system mtu routing 1500
!
!
no ip domain-lookup
ip domain-name area51.com
!
!
!
!
!
!
!

!

!

!

spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending

lldp run
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/1
description Access port
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/2
description Access port
switchport access vlan 3
switchport mode access
speed 1000
duplex full
spanning-tree portfast
!
interface GigabitEthernet0/3
description Access port
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/4
description Access port
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/5
description Access port
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/6
description Access port
switchport access vlan 2
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet0/7
description Access port
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/8
description TRUNK
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
speed 100
duplex full
spanning-tree portfast
!
interface GigabitEthernet0/9
description TRUNK
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
shutdown
!
interface GigabitEthernet0/10
description TRUNK
switchport trunk encapsulation dot1q
switchport trunk native vlan 999
switchport mode trunk
!
interface Vlan1
no ip address
no ip route-cache
!
interface Vlan2
ip address 192.168.2.253 255.255.255.0
no ip route-cache
!
interface Vlan3
ip address 192.168.3.253 255.255.255.0
no ip route-cache
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
ip http secure-ciphersuite aes-256-cbc-sha
ip http secure-client-auth
ip http secure-trustpoint 192.168.2.253
!
ip ssh version 2
!
!
!
!
!
!
!
line con 0
logging synchronous
stopbits 1
line vty 0 4
password dhrthtr
logging synchronous
transport input ssh
line vty 5 15
password cnbdfhgs
transport input ssh
!
!
end

SW2_Access#
SW2_Access#
SW2_Access#sh ip route
Default gateway is not set

PC1:

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) I211 Gigabit Network Connection
Physical Address. . . . . . . . . : 3C-7C-3F-53-2A-AC
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::d967:119e:cd11:af80%20(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.2.198(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.2.254
DHCPv6 IAID . . . . . . . . . . . : 322731071
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-29-63-64-AD-FC-34-97-A0-75-30
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

PC2:

Ethernet adapter Ethernet:

Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) 82579LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-21-CC-72-70-D9
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::4467:5437:a836:5a0a%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.3.20(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.3.254
DHCPv6 IAID . . . . . . . . . . . : 167780812
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-22-F4-51-54-00-21-CC-72-70-D9
DNS Servers . . . . . . . . . . . : 8.8.8.8
8.8.4.4
NetBIOS over Tcpip. . . . . . . . : Enabled

Jon Marshall · ‎02-11-2022

If each PC can ping all the L3 SVIs on SW1 then your routing is fine.

Check for firewalls on the PCs.

Jon

View solution in original post

Georg Pauwen · ‎02-11-2022

Hello,

snce SW2 is a layer 2 switch only, delete one of the interfaces:

interface Vlan2
ip address 192.168.2.253 255.255.255.0
no ip route-cache
!
interface Vlan3
ip address 192.168.3.253 255.255.255.0
no ip route-cache

Keep just the one you need for management.

View solution in original post

Kasper Elsborg · ‎02-12-2022

yes ofcause. Sometimes you are just focusing to much and leave out the most obvious. allowing icmp through pc firewall, did the trick. Thanks

View solution in original post

Jon Marshall · ‎02-11-2022

If each PC can ping all the L3 SVIs on SW1 then your routing is fine.

Check for firewalls on the PCs.

Jon

Georg Pauwen · ‎02-11-2022

Hello,

snce SW2 is a layer 2 switch only, delete one of the interfaces:

interface Vlan2
ip address 192.168.2.253 255.255.255.0
no ip route-cache
!
interface Vlan3
ip address 192.168.3.253 255.255.255.0
no ip route-cache

Keep just the one you need for management.

Kasper Elsborg · ‎02-12-2022

yes ofcause. Sometimes you are just focusing to much and leave out the most obvious. allowing icmp through pc firewall, did the trick. Thanks