07-04-2013 07:50 PM - edited 03-07-2019 02:14 PM
hi guys, can anyone please help me
i have Cisco 3750G stack of 5 configured with three vlans, one for Data Vlan, second for Voip and third is Test. the problem is i can not ping anything from Test vlan to Data or Voip vlan and vice versa, although i can ping VLan interfaces. even switch can not ping a machine in test vlan. other two vlans are directly connected to the firewall via Access ports (and firewall is acting as gateway)
Vlan Data 10 IP 10.0.1.5 -------subnet 10.0.0.0/23 ------ directly connected to firewall via access port gig1/1 without IP (firewall interface 10.0.1.1)
Vlan Voip 11 IP 10.0.11.2 -------subnet 10.0.11.0/24 ------ directly connected to firewall via access port gig 1/4 without IP (firewall interface 10.0.11.1)
Vlan Test 12 IP 192.168.10.1 -------subnet 192.168.1.0/24
as this is the layer 3 switch, i want to remove the firewall and let the switch to the intervlan routing. ip routing is enabled can't ping from test vlan network to other vlan network and not even switch can ping machines within the test vlan
Any help would be highly appreciated
_ regards!
San
07-04-2013 08:40 PM
Kumar,
Basic things needs to be check for the intervlan routing:
1- Configure the IP routing
2- Configure the VLan interfaces and make sure that vlan exist in the vlan database.
3- Assign the respective access port to the respective vlan.
4- Ping the vlan interfaces fromt he switch and see that switch is able to ping.
5-Show ip route, and show ip int brief -- to make sure we see the vlan infomration and status as up up.
6- If possible try to reload the switch once if this is not in production.
7- I just tested in my lab and its working fine for me.
Setup:
(10.0.0.2 )PC1 Vlan 10-----------Switch---------------------Vlan20 -PC2(192.168.0.2)
ip routing
interface Vlan10
ip address 10.0.0.1 255.255.255.0
!
interface Vlan20
ip address 192.168.0.1 255.255.255.0
interface FastEthernet0/1
switchport access vlan 10
!
interface FastEthernet0/2
switchport access vlan 20
Switch#ping 192.168.0.2>>> Switch to PC2.
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 3/6/12 ms
PC:
PC>ping 10.0.0.1
Reply from 10.0.0.1: bytes=32 time=13ms TTL=255
Reply from 10.0.0.1: bytes=32 time=3ms TTL=255
Reply from 10.0.0.1: bytes=32 time=6ms TTL=255
Reply from 10.0.0.1: bytes=32 time=1ms TTL=255
Follow these instructions:
HTH
REgards
Inayath
*PLz rate all usefull posts.
07-04-2013 09:46 PM
Thanks Inayath
I checked the following:
1- Configure the IP routing
Done
2- Configure the VLan interfaces and make sure that vlan exist in the vlan database.
confirmed - please see the attached config above
3- Assign the respective access port to the respective vlan.
All host ports are trunked with native vlan 10, and allow all vlan. only port 1-8 are in access mode in respective vlan
4- Ping the vlan interfaces fromt he switch and see that switch is able to ping.
Switch can ping all interfaces
5-Show ip route, and show ip int brief -- to make sure we see the vlan infomration and status as up up.
IP Route
Gateway of last resort is 10.0.1.1 to network 0.0.0.0
C 192.168.10.0/24 is directly connected, Vlan12
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.0.11.0/24 is directly connected, Vlan11
C 10.0.0.0/23 is directly connected, Vlan10
S* 0.0.0.0/0 [1/0] via 10.0.1.1
All vlan interfaces are up
6- If possible try to reload the switch once if this is not in production.
unfartunatly can't reload the switch as this is in production and all VOIP POE phones are connected to it
would you please check the attached config and try uploading in a lab envoirement and see the outcome :-)
Regards!
07-04-2013 10:07 PM
Kumar,
I see you have Native vlan 10 configured on all the interfaces. Thats the reason you are not able to ping any other device of different vlan. If you have native vlan you cannot ping any other vlan other than the vlan which is native at other side.
Eg: If you want make one of the port to belong to native vlan 12 then you will be able to ping. But again this we called it as vlan leaking and this should be avoided.
Hence kindly consider reconfiguring the setup.
HTH
Regards
Inayath
07-04-2013 10:21 PM
thanks for the quick reply Inayath
the reason i have all the ports in native vlan 10 because we are using shortel IP phones and all computers connected to the phones for the internet, see the below recomended post
https://supportforums.cisco.com/thread/303218
so phones boots up in data vlan 10, get their config from dhcp, reconfigure themselves and switch them in voip vlan 11 and computers remains in data vlan
07-05-2013 02:29 AM
Kumar,
Kindly understand the concept of Native vlan here, If you configure the native vlan the data goes as untagged hence when you try to ping different network it will not do.
HTH
Regards
Inayath
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide