cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1941
Views
0
Helpful
5
Replies

intervlan routing within vlans

skumar
Level 1
Level 1

hi guys, can anyone please help me

i have Cisco 3750G stack of 5 configured with three vlans, one for Data Vlan, second for Voip and third is Test. the problem is i can not ping anything from Test vlan to Data or Voip vlan and vice versa, although i can ping VLan interfaces. even switch can not ping a machine in test vlan. other two vlans are directly connected to the firewall via Access ports (and firewall is acting as gateway)

Vlan Data 10 IP 10.0.1.5 -------subnet 10.0.0.0/23 ------ directly connected to firewall via access port gig1/1 without IP (firewall interface 10.0.1.1)

Vlan Voip 11 IP 10.0.11.2 -------subnet 10.0.11.0/24 ------ directly connected to firewall via access port gig 1/4 without IP (firewall interface 10.0.11.1)

Vlan Test 12 IP 192.168.10.1 -------subnet 192.168.1.0/24

as this is the layer 3 switch, i want to remove the firewall and let the switch to the intervlan routing. ip routing is enabled can't ping from test vlan network to other vlan network and not even switch can ping machines within the test vlan

Any help would be highly appreciated

_ regards!

San

5 Replies 5

InayathUlla Sharieff
Cisco Employee
Cisco Employee

Kumar,

Basic things needs to be check for the intervlan routing:

1- Configure the IP routing

2- Configure the VLan interfaces and make sure that vlan exist in the vlan database.

3- Assign the respective access port to the respective vlan.

4- Ping the vlan interfaces fromt he switch and see that switch is able to ping.

5-Show ip route, and show ip int brief -- to make sure we see the vlan infomration and status as up up.

6- If possible try to reload the switch once if this is not in production.

7- I just tested in my lab and its working fine for me.

Setup:

(10.0.0.2 )PC1 Vlan 10-----------Switch---------------------Vlan20 -PC2(192.168.0.2)

ip routing

interface Vlan10

ip address 10.0.0.1 255.255.255.0

!

interface Vlan20

ip address 192.168.0.1 255.255.255.0

interface FastEthernet0/1

switchport access vlan 10

!

interface FastEthernet0/2

switchport access vlan 20

Switch#ping 192.168.0.2>>> Switch to PC2.

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.0.2, timeout is 2 seconds:

.!!!!

Success rate is 80 percent (4/5), round-trip min/avg/max = 3/6/12 ms

PC:

PC>ping 10.0.0.1

Reply from 10.0.0.1: bytes=32 time=13ms TTL=255

Reply from 10.0.0.1: bytes=32 time=3ms TTL=255

Reply from 10.0.0.1: bytes=32 time=6ms TTL=255

Reply from 10.0.0.1: bytes=32 time=1ms TTL=255

Troubleshooting Procedure

Follow these instructions:

  1. If you are not able to ping devices within the same VLAN, check the VLAN assignment of the source and destination ports to make sure that the source and destination are in the same VLAN.In order to check the VLAN assignment, issue the show port mod/port command for CatOS or the show interface statuscommand for Cisco IOS Software.If the source and destination are not in the same switch, make sure that you have configured trunking properly. In order to check the configuration, issue the show trunk command for CatOS or the show interfaces trunk command for Cisco IOS Software. Also, check that the native VLAN matches on either side. Make sure that the subnet mask matches between the source and destination devices.
  2. If you are not able to ping devices in different VLANs, make sure that you can ping the respective default gateway.Note: See Step 1.Also, make sure that the default gateway of the device points to the correct VLAN interface IP address. Make sure that the subnet mask matches.
  3. If you are not able to reach the Internet, make sure that the default route on the 3550 points to the correct IP address, and that the subnet address matches the Internet gateway router.In order to check, issue the show ip interface interface-id command and the show ip route command. Make sure that the Internet gateway router has routes to the Internet and the internal networks.

HTH

REgards

Inayath

*PLz rate all usefull posts.

Thanks Inayath

I checked the following:

1- Configure the IP routing

Done

2- Configure the VLan interfaces and make sure that vlan exist in the vlan database.

confirmed  - please see the attached config above

3- Assign the respective access port to the respective vlan.

All host ports are trunked with native vlan 10, and allow all vlan. only port 1-8 are in access mode in respective vlan

4- Ping the vlan interfaces fromt he switch and see that switch is able to ping.

Switch can ping all interfaces

5-Show ip route, and show ip int brief -- to make sure we see the vlan infomration and status as up up.

IP Route

Gateway of last resort is 10.0.1.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan12

     10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C   10.0.11.0/24 is directly connected, Vlan11

C   10.0.0.0/23 is directly connected, Vlan10

S*   0.0.0.0/0 [1/0] via 10.0.1.1

All vlan interfaces are up

6- If possible try to reload the switch once if this is not in production.

unfartunatly can't reload the switch as this is in production and all VOIP POE phones are connected to it

would you please check the attached config and try uploading in a lab envoirement and see the outcome :-)

Regards!

Kumar,

I see you have Native vlan 10 configured on all the interfaces. Thats the reason you are not able to  ping any other device of different vlan. If you have native vlan you cannot ping any other vlan other than the vlan which is native at other side.

Eg: If you want make one of the port to belong to native vlan 12 then you will be able to ping. But again this we called it as vlan leaking and this should be avoided.

Hence kindly consider reconfiguring the setup.

HTH

Regards

Inayath

thanks for the quick reply Inayath

the reason i have all the ports in native vlan 10 because we are using shortel IP phones and all computers connected to the phones for the internet, see the below recomended post

https://supportforums.cisco.com/thread/303218

so phones boots up in data vlan 10, get their config from dhcp, reconfigure themselves and switch them in voip vlan 11 and computers remains in data vlan

Kumar,

Kindly understand the concept of Native vlan here, If you configure the native vlan the data goes as untagged hence when you try to ping different network it will not do.

HTH

Regards

Inayath

Review Cisco Networking for a $25 gift card