07-08-2012 12:35 AM - edited 03-07-2019 07:39 AM
Hi,
question, i have setup 3 vlans on my network..
servers are configured on vlan 1...
routers are also configured on vlan 1..
problem is i cant ping vlan 1 using vlan 2 or 3 source.. but I can ping directly on vlan 1..
any idea..
07-08-2012 04:36 PM
Hi,
Can you post your config?
Also, what type of routers and switches are you using?
Vlan 1 may need a default route.
07-08-2012 10:42 PM
no aaa new-model
switch 1 provision ws-c3750g-24ts
system mtu routing 1500
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
switchport access vlan 5
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/15
spanning-tree portfast
!
interface Vlan1
ip address 10.0.0.2 255.255.0.0
!
interface Vlan3
ip address 10.3.0.1 255.255.0.0
!
interface Vlan4
ip address 10.4.0.1 255.255.0.0
!
interface Vlan5
ip address 10.5.0.1 255.255.0.0
ip helper-address 10.0.0.4
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.254.137
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
where can i put the default route on VLAN 1
07-09-2012 12:21 AM
can you show your layout please here ??
07-09-2012 01:55 AM
Hi,
you need to plug a device into your vlan access ports otherwise your vlan interface may not be UP/UP and so your pings with the source vlans won't work.
Can you post sh ip int br | i Vlan
Regards.
Alain.
Don't forget to rate helpful posts.
07-09-2012 02:06 AM
Mark June Almosara wrote:
no aaa new-model
switch 1 provision ws-c3750g-24ts
system mtu routing 1500
ip subnet-zero
ip routing
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
switchport nonegotiate
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
switchport access vlan 5
spanning-tree portfast
!
interface GigabitEthernet1/0/14
switchport access vlan 3
spanning-tree portfast
!
interface GigabitEthernet1/0/15
spanning-tree portfast
!
interface Vlan1
ip address 10.0.0.2 255.255.0.0
!
interface Vlan3
ip address 10.3.0.1 255.255.0.0
!
interface Vlan4
ip address 10.4.0.1 255.255.0.0
!
interface Vlan5
ip address 10.5.0.1 255.255.0.0
ip helper-address 10.0.0.4
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.254.137
ip http server
ip http secure-server
!
!
!
control-plane
!
!
line con 0
line vty 5 15
!
end
where can i put the default route on VLAN 1
Hello ,
The default route will be pointing towards the external world , if your segment wants to talk to other subnet extrnl to segment...
Ganeshh Iyer
07-09-2012 07:10 AM
Hi Mark,
As said by Cadet, you have to make sure that all the SVI interfaces are UP. If you are not able ping even though they are up, you have to check the default gateway configured on the machine that you are trying to reach. A default route is not required here as all the three vlan's are in the same device and hence, they should be in directly connected state.
Regards,
Hari
07-09-2012 09:48 PM
yup all my SVI's are up
l
Vlan1 10.0.0.2 YES manual up up
Vlan3 10.3.0.1 YES manual up up
Vlan4 10.4.0.1 YES manual up up
Vlan5 10.5.0.1 YES manual up up
if im on vlan 1 i can ping all SVIs.. but if Im on Vlan 3-5.. i cant ping all members on vlan1..
07-09-2012 10:11 PM
Hi Mark.
You said "i cant ping all members on vlan1" , I would check couple things :-
1> Local Firewall like Windows Firewall or linux IPtables on those devices filtering ICMP.
2> Check port assignment for those for correct VLAN & switchport Mode.
Thanks
Manish
07-09-2012 10:25 PM
anyway i can ping all host on VLAN 1 I set their default gateway to 10.0.0.2...
my problem now is my router connected to VLAN 1.. cant ping the router thru vlan 3-5..
U think i need to add routing table to my router or on my Firewall.. any suggestion?
here is my diagram..
Cisco Router
|
|
SSG 20 (firewall)
|
|
Catalyst 3750 (L3)
07-09-2012 10:56 PM
Depends upon the way you have configured your firewall. If the firewall is configured in routed mode than yes you will need default from your L3 switch to firewall , than from firewall to router. similarly you will need routes at the router & firewall to have routes for your internal network.
for example :-
router ----------------------------------------------------------- Firewall ------------------------------------------------------------------MLS ----|
192.168.10.1/30 192.168.10.2/30 192.168.20.1/30 192.168.20.2/30 |
|
10.10.10.0/24
10.10.20.0/24
MLS : default route 0.0.0.0 0.0.0.0 192.168.20.1
Firewall : Default route 0.0.0.0 0.0.0.0 192.168.10.1
static routes 10.10.10.0/24 points to 192.168.20.2
static routes 10.10.20.0/24 points to 192.168.20.2
Router : default 0.0.0.0 0.0.0.0 ISP-Next-Hop
static routes 10.10.10.0/24 points to 192.168.10.2
static routes 10.10.20.0/24 points to 192.168.10.2
If your firewall is not routed than you you can skip the routes parts on the firewall and adjust next hops as needed.
Manish
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide