Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
747
Views
0
Helpful
6
Replies

Intra L3 switch VLAN Routing not working.

Vavamoose
Level 1
Level 1

‎10-21-2022 05:05 AM

I have an old ws-c3750g-24ts-1u switch that was formerly part of a stack and  a non production device to test 802.1x

Switch was updated to 15.0(2)SE11  using image C3750-IPBASEK9-M

I have a simply setup that i have simulated on PT without issues. Just a good ol L3 switch with 2 clients.

I am simply trying to achieve inter vlan routing between new vlans 100  and 80, but for some unknown reason(s), the workstations connected to each Vlan cannot reach each other.  I was expecting this to be a breeze, but i cant figure out why it wont work on the L3 switch.

VLANs 80 and 100 are defined and active

Vavamoose_2-1666351565668.png

VLAN SVIs are configured and UP

Vavamoose_5-1666352178517.png  

 

Vavamoose_1-1666351486792.png

Below are the Interface switchport parameters

Vavamoose_3-1666351788463.png

Ip Routing is enabled

Vavamoose_4-1666351944204.png

Sh mac add table

Vavamoose_6-1666353108744.png

Ip Route

Vavamoose_7-1666353195787.png

Funny thing, sh arp shows the clients connected to each vlan 10.1.84.20 @ vlan 100 and 10.1.84.35 @ vlan 80

Vavamoose_8-1666353303582.png

I have attached the full running config file in link below.

 

Any help would be very much appreciated.

 

 

 

 

 

Labels:
Preview file
25 KB
0 Helpful
6 Replies 6

Georg Pauwen
VIP
VIP

‎10-21-2022 05:28 AM

Hello,

the first thing that comes to mind is that your clients are somehow configured with the wrong subnet masks, can you check that ?

0 Helpful

Vavamoose
Level 1
Level 1
In response to Georg Pauwen

‎10-21-2022 05:38 AM

I can confirm the clients are on the right mask for the subnets

Vlan 80 – Support

IP range: 10.1.84.33 to 10.1.84.46

Mask: /28 255.255.255.240

Network address: 10.1.84.32

SVI: 10.1.84.33/28

client 0: 10.1.84.35/28

 

Vlan 100 – Test_Untrusted_Group

IP range: 10.1.84.17 to 10.1.84.30

Mask: /28 255.255.255.240

Network address: 10.1.84.16

SVI: 10.1.84.17/28

client 1: 10.1.84.20/28

0 Helpful

andrewswanson
Level 7
Level 7
In response to Vavamoose

‎10-21-2022 05:43 AM

Hi

Can you ping the clients from the switch?
Can the clients ping their DG.
Also, do the clients have an OS firewall enabled?

hth
Andy

0 Helpful

Vavamoose
Level 1
Level 1
In response to andrewswanson

‎10-21-2022 07:07 AM

so i cannot ping the clients from the switch, i can ofcourse ping the VLAN interfaces,

The clients can ping their DGs. The clients can also ping the other VLAN gateways. beyond that, cannot ping the other client behind the gateway

Our organization has some complex GPO enforced firewall rules still cached in the clients. I have created inbound rules on the local clients that allow ICMP4 and Network discovery.

Before now, clients can ping and receive pings hence why I am not entirely worried about OS firewall rules.

0 Helpful

andrewswanson
Level 7
Level 7
In response to Vavamoose

‎10-21-2022 07:25 AM

As these are new vlans/subnets you have created, on the clients, which network under Control Panel\System and Security\Windows Defender Firewall is listed as being connected? Is it Domain?

hth
Andy

0 Helpful

Vavamoose
Level 1
Level 1
In response to andrewswanson

‎10-21-2022 07:34 AM

They are grouped under private network. The new rules apply to all networks

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card