cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
748
Views
0
Helpful
6
Replies

Intra L3 switch VLAN Routing not working.

Vavamoose
Level 1
Level 1

I have an old ws-c3750g-24ts-1u switch that was formerly part of a stack and  a non production device to test 802.1x

Switch was updated to 15.0(2)SE11  using image C3750-IPBASEK9-M

I have a simply setup that i have simulated on PT without issues. Just a good ol L3 switch with 2 clients.

I am simply trying to achieve inter vlan routing between new vlans 100  and 80, but for some unknown reason(s), the workstations connected to each Vlan cannot reach each other.  I was expecting this to be a breeze, but i cant figure out why it wont work on the L3 switch.

VLANs 80 and 100 are defined and active

Vavamoose_2-1666351565668.png

VLAN SVIs are configured and UP

Vavamoose_5-1666352178517.png  

 

Vavamoose_1-1666351486792.png

Below are the Interface switchport parameters

Vavamoose_3-1666351788463.png

Ip Routing is enabled

Vavamoose_4-1666351944204.png

Sh mac add table

Vavamoose_6-1666353108744.png

Ip Route

Vavamoose_7-1666353195787.png

Funny thing, sh arp shows the clients connected to each vlan 10.1.84.20 @ vlan 100 and 10.1.84.35 @ vlan 80

Vavamoose_8-1666353303582.png

I have attached the full running config file in link below.

 

Any help would be very much appreciated.

 

 

 

 

 

6 Replies 6

Hello,

the first thing that comes to mind is that your clients are somehow configured with the wrong subnet masks, can you check that ?

I can confirm the clients are on the right mask for the subnets

Vlan 80 – Support

IP range: 10.1.84.33 to 10.1.84.46

Mask: /28 255.255.255.240

Network address: 10.1.84.32

SVI: 10.1.84.33/28

client 0: 10.1.84.35/28

 

Vlan 100 – Test_Untrusted_Group

IP range: 10.1.84.17 to 10.1.84.30

Mask: /28 255.255.255.240

Network address: 10.1.84.16

SVI: 10.1.84.17/28

client 1: 10.1.84.20/28

Hi

Can you ping the clients from the switch?
Can the clients ping their DG.
Also, do the clients have an OS firewall enabled?

hth
Andy

so i cannot ping the clients from the switch, i can ofcourse ping the VLAN interfaces,

The clients can ping their DGs. The clients can also ping the other VLAN gateways. beyond that, cannot ping the other client behind the gateway

Our organization has some complex GPO enforced firewall rules still cached in the clients. I have created inbound rules on the local clients that allow ICMP4 and Network discovery.

Before now, clients can ping and receive pings hence why I am not entirely worried about OS firewall rules.

As these are new vlans/subnets you have created, on the clients, which network under Control Panel\System and Security\Windows Defender Firewall is listed as being connected? Is it Domain?

hth
Andy

They are grouped under private network. The new rules apply to all networks

Review Cisco Networking for a $25 gift card