Intervlan Routing on SW2960cx

mohamed.eletr.ext · ‎03-07-2018

Hi ,

I tried to configure SVI on switch 2960CX ,but users on Different valns cannot reach each other , I checed that up link interface trunk and allowed required Valns , I checked SVI status that UP UP , i am sure that interface assigned to correct Vlans , also i checked that i enable Ip routing

after all that users not able to reach another valn that go request time out .

Dennis Mink · ‎03-07-2018

have you actually configure multiple IP addrresses for the SVi's and do the clients have the correct default gateway.

check this for inter vlan routing

https://supportforums.cisco.com/t5/lan-switching-and-routing/cisco-2960-x-and-2960-cx-series-switches-as-l3/td-p/3022952

Please remember to rate useful posts, by clicking on the stars below.

mohamed.eletr.ext · ‎03-07-2018

Hello Denis

I already configured 3 SVI and make sure that PCs had right Vlans and GW

-SW-Admin#296SHOW IP INTerface BRief
Interface IP-Address OK? Method Status Protocol
Vlan1 10.231.28.104 YES NVRAM up up
Vlan180 172.17.4.5 YES NVRAM up up
Vlan181 172.16.4.5 YES NVRAM up up
Vlan182 192.168.131.5 YES NVRAM up up
GigabitEthernet0/1 unassigned YES unset down down
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset down down
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down
GigabitEthernet0/11 unassigned YES unset up up
GigabitEthernet0/12 unassigned YES unset down down
2960CX-ASA-SW-Admin#
2960CX-ASA-SW-Admin#show int
2960CX-ASA-SW-Admin#show interfaces tr
2960CX-ASA-SW-Admin#show interfaces trun
2960CX-ASA-SW-Admin#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi0/11 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/11 1-4094

Port Vlans allowed and active in management domain
Gi0/11 1,180-182

Port Vlans in spanning tree forwarding state and not pruned
Gi0/11 1,180-182

SW-Admin#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/1, Gi0/2, Gi0/4, Gi0/5
Gi0/6, Gi0/7, Gi0/8, Gi0/9
Gi0/10, Gi0/12
180 Raw-Mils active
181 Cement-Mils active Gi0/3
182 Crushes-Mils active
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup

Mark Malone · ‎03-07-2018

what happens when you ping from vlan interface to vlan interface , not from user to user , does that work ?

ping 10.231.28.104 source 172.17.4.5

mohamed.eletr.ext · ‎03-07-2018

Hello Mak
It is working
SW-Admin#ping 10.231.28.104 source 172.17.4.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.231.28.104, timeout is 2 seconds:
Packet sent with a source address of 172.17.4.5
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/3 ms
SW-Admin#

Mark Malone · ‎03-07-2018

The intervlan traffic is working then as the svis can ping between each other , you have some other issue
what exactly is happening pings drop when you try ping between users on diff vlans ?
if so turn off any local firewalls on the devices to test see fi they can ping then , either that or something is miss-configured

i only see one physical port up , where the machines connected your pinging between ?

mohamed.eletr.ext · ‎03-07-2018

I have 2 switches one act as access for 3 users and one as core for them , When I try to ping between two users on different vlan i got request time out , I don't think it FW issue , as users on same valn can reach

CCR-SW#show interfaces tru
-CCR-SW#show interfaces trunk

Port Mode Encapsulation Status Native vlan
Gi0/11 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/11 1-4094

Port Vlans allowed and active in management domain
Gi0/11 1,180-182

Port Vlans in spanning tree forwarding state and not pruned
Gi0/11 1,180-182
CCR-SW#show v
CCR-SW#show vl
CCR-SW#show vlan br
CCR-SW#show vlan brief

VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/7, Gi0/8, Gi0/9, Gi0/10
Gi0/12
180 Raw-Mils active Gi0/3, Gi0/4
181 Cement-Mils active Gi0/1, Gi0/2
182 Crushes-Mils active Gi0/5, Gi0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
CCR-SW#

Mark Malone · ‎03-07-2018

the vlan interfaces only need to be on the core switch , the other pure layer 2 access switch only needs the vlans trunked up to it the core where the SVIs would be set , an SVI is only really used for remote access purposes on a layer 2 switch so theres no need to set multiple layer 2 SVI interfaces , all thats required is the vlans are defined correctly in the DB and then allowed up the trunk link

make one switch only doing the ip routing and it should be the core , turn off ip routing on the l2 switch and make sure its only switching

do you have an arp and mac for each of these ips in the core your trying to ping between ?

Mark Malone · ‎03-07-2018

i f you can post the 2 switch running configs it will make it easier to see whats goin on if theres a miss config somewhere that may be causing it , just remove any passwords or use service password encryption first

mohamed.eletr.ext · ‎03-07-2018

mohamed.eletr.ext · ‎03-07-2018

mohamed.eletr.ext · ‎03-07-2018

SVI already exit on Core SW another one i disabled routing , Also You can see I configured uplink port as trunk and all Vlans

CCR-SW#show ip route
Default gateway is 10.231.28.104

Host Gateway Last Use Total Uses Interface
ICMP redirect cache is empty

CCR-SW#
CCR-SW#show int trunk

Port Mode Encapsulation Status Native vlan
Gi0/11 on 802.1q trunking 1

Port Vlans allowed on trunk
Gi0/11 1-4094

Port Vlans allowed and active in management domain
Gi0/11 1,180-182

Port Vlans in spanning tree forwarding state and not pruned
Gi0/11 1,180-182
CCR-SW#