cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1736
Views
0
Helpful
11
Replies

layer3 switch not routing

Joli Martinez
Level 1
Level 1

I have a 3550 l3 switch configured as follows:

vlan 10 ports 1-10

vlan 21 ports 11-20

vlan 30 port 21-30

vlan 40 ports 31-40

default vlan should be vlan 21

I have the servers, switch and router connected to vlan 21.  Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19

[code]

Building configuration...

Current configuration : 4833 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname L3Switch

!

!

username admin privilege 15 password 7 03554A0A1C5D365F56

no aaa new-model

ip subnet-zero

ip routing

no ip domain-lookup

!

!

!

!

!

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/25

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/26

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/27

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/28

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/29

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/30

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/31

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/32

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/33

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/34

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/35

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/36

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/37

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/38

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/39

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/40

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/41

switchport mode access

!

interface FastEthernet0/42

switchport mode access

!

interface FastEthernet0/43

switchport mode access

!

interface FastEthernet0/44

switchport mode access

!

interface FastEthernet0/45

switchport mode access

!

interface FastEthernet0/46

switchport mode access

!

interface FastEthernet0/47

switchport mode access

!

interface FastEthernet0/48

description TRUNK TO L3 ROUTER

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 10.105.10.254 255.255.255.0

ip helper-address 10.105.21.1

!

interface Vlan21

ip address 10.105.21.251 255.255.255.0

!

interface Vlan30

ip address 10.105.30.254 255.255.255.0

ip helper-address 10.105.21.1

!

interface Vlan40

ip address 10.105.40.254 255.255.255.0

ip helper-address 10.105.21.1

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.105.21.254

ip http server

ip http secure-server

!

!

control-plane

!

!

line con 0

logging synchronous

line vty 0 4

logging synchronous

login local

transport input telnet

line vty 5 15

no login

!

!

end

[/code]

1 Accepted Solution

Accepted Solutions

Access-list 1permit on the router defines nat for only the .21 subnet. That is your problem.

Sent from Cisco Technical Support iPad App

View solution in original post

11 Replies 11

Reza Sharifi
Hall of Fame
Hall of Fame

I am assuming 10.105.21.254 is the router's IP address.  Can you post the router's config?

Jeff Van Houten
Level 5
Level 5

Are the remaining Vlans defined in the vlan database?

Sent from Cisco Technical Support iPad App

Hi,

Kindly provide ouput of

1/ sh int trunk

2/ sh vlans

3/ sh mac-address-table

4/ sh int vlan10 (vlan21, vlan30, vlan40)

Regards # Mahesh

Joli Martinez
Level 1
Level 1

here is the config to the router, but vlan 21 works and I have internet access, the problem is the routing between the vlans.

[code]

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname p_router

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

!

resource policy

!

ip cef

!

!

!

!        

no ip domain lookup

ip domain name joli.local

!

!

!

username admin privilege 15 password 7 03554A0A1C5D365F56

!

!

!

!

!

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 10.105.21.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 dhcp

!

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.105.21.1 21 interface FastEthernet4 21

ip nat inside source static tcp 10.105.21.1 158 interface FastEthernet4 158

ip nat inside source static tcp 10.105.21.254 22 interface FastEthernet4 22

ip nat inside source static tcp 10.105.21.1 80 interface FastEthernet4 80

ip nat inside source static tcp 10.105.21.2 3389 interface FastEthernet4 3389

ip nat inside source static tcp 10.105.21.250 23 interface FastEthernet4 23

!

access-list 1 permit 10.105.21.0 0.0.0.255

access-list 23 permit any

access-list 100 remark WAN

access-list 100 deny   ip host 255.255.255.255 any

access-list 100 deny   ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 permit udp any eq domain any

access-list 101 remark ADD PORT FORWARDING STATEMENT HERE

access-list 101 remark permit tcp any any eq port

access-list 101 permit tcp any any eq 22

access-list 101 permit tcp any any eq telnet

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq 158

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 permit tcp any eq domain any

!

!

!

!

control-plane

!

line con 0

logging synchronous

no modem enable

line aux 0

line vty 0 4

access-class 23 in

login local

transport input ssh

!        

scheduler max-task-time 5000

end

[/code]

Joli Martinez
Level 1
Level 1

here are all outputs.  sh int trunk is empty and right now there are only two active vlans 21 and 30

[code]

L3Switch#sh vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa0/41, Fa0/42, Fa0/43, Fa0/44

                                                Fa0/45, Fa0/46, Fa0/47, Fa0/48

                                                Gi0/1, Gi0/2

10   VOICE                            active    Fa0/1, Fa0/2, Fa0/3, Fa0/4

                                                Fa0/5, Fa0/6, Fa0/7, Fa0/8

                                                Fa0/9, Fa0/10

21   NETWORK/SERVERS                  active    Fa0/11, Fa0/12, Fa0/13, Fa0/14

                                                Fa0/15, Fa0/16, Fa0/17, Fa0/18

                                                Fa0/19, Fa0/20

30   WORKSTATIONS                     active    Fa0/21, Fa0/22, Fa0/23, Fa0/24

                                                Fa0/25, Fa0/26, Fa0/27, Fa0/28

                                                Fa0/29, Fa0/30

40   QA                               active    Fa0/31, Fa0/32, Fa0/33, Fa0/34

                                                Fa0/35, Fa0/36, Fa0/37, Fa0/38

                                                Fa0/39, Fa0/40

L3Switch#sh mac-ad

L3Switch#sh mac-address-table

          Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

All    0016.c755.7c80    STATIC      CPU

All    0016.c755.7c81    STATIC      CPU

All    0016.c755.7c82    STATIC      CPU

All    0016.c755.7c83    STATIC      CPU

All    0016.c755.7c84    STATIC      CPU

All    0016.c755.7c85    STATIC      CPU

All    0016.c755.7c86    STATIC      CPU

All    0016.c755.7c87    STATIC      CPU

All    0016.c755.7c88    STATIC      CPU

All    0016.c755.7c89    STATIC      CPU

All    0016.c755.7c8a    STATIC      CPU

All    0016.c755.7c8b    STATIC      CPU

All    0016.c755.7c8c    STATIC      CPU

All    0016.c755.7c8d    STATIC      CPU

All    0016.c755.7c8e    STATIC      CPU

All    0016.c755.7c8f    STATIC      CPU

All    0016.c755.7c90    STATIC      CPU

All    0016.c755.7c91    STATIC      CPU

All    0016.c755.7c92    STATIC      CPU

All    0016.c755.7c93    STATIC      CPU

All    0016.c755.7c94    STATIC      CPU

All    0016.c755.7c95    STATIC      CPU

All    0016.c755.7c96    STATIC      CPU

All    0016.c755.7c97    STATIC      CPU

All    0016.c755.7c98    STATIC      CPU

All    0016.c755.7c99    STATIC      CPU

All    0016.c755.7c9a    STATIC      CPU

All    0016.c755.7c9b    STATIC      CPU

All    0016.c755.7c9c    STATIC      CPU

All    0016.c755.7c9d    STATIC      CPU

All    0016.c755.7c9e    STATIC      CPU

All    0016.c755.7c9f    STATIC      CPU

All    0016.c755.7ca0    STATIC      CPU

All    0016.c755.7ca1    STATIC      CPU

All    0016.c755.7ca2    STATIC      CPU

All    0016.c755.7ca3    STATIC      CPU

All    0016.c755.7ca4    STATIC      CPU

All    0016.c755.7ca5    STATIC      CPU

All    0016.c755.7ca6    STATIC      CPU

All    0016.c755.7ca7    STATIC      CPU

All    0016.c755.7ca8    STATIC      CPU

All    0016.c755.7ca9    STATIC      CPU

All    0016.c755.7caa    STATIC      CPU

All    0016.c755.7cab    STATIC      CPU

All    0016.c755.7cac    STATIC      CPU

All    0016.c755.7cad    STATIC      CPU

All    0016.c755.7cae    STATIC      CPU

All    0016.c755.7caf    STATIC      CPU

All    0016.c755.7cb0    STATIC      CPU

All    0016.c755.7cb1    STATIC      CPU

All    0016.c755.7cb2    STATIC      CPU

All    0100.0c00.0000    STATIC      CPU

All    0100.0ccc.cccc    STATIC      CPU

All    0100.0ccc.cccd    STATIC      CPU

All    0180.c200.0000    STATIC      CPU

All    0180.c200.0001    STATIC      CPU

All    0180.c200.0002    STATIC      CPU

All    0180.c200.0003    STATIC      CPU

All    0180.c200.0004    STATIC      CPU

All    0180.c200.0005    STATIC      CPU

All    0180.c200.0006    STATIC      CPU

All    0180.c200.0007    STATIC      CPU

All    0180.c200.0008    STATIC      CPU

All    0180.c200.0009    STATIC      CPU

All    0180.c200.000a    STATIC      CPU

All    0180.c200.000b    STATIC      CPU

All    0180.c200.000c    STATIC      CPU

All    0180.c200.000d    STATIC      CPU

All    0180.c200.000e    STATIC      CPU

All    0180.c200.000f    STATIC      CPU

All    0180.c200.0010    STATIC      CPU

  21    000c.29b9.cde4    DYNAMIC     Fa0/15

  21    000c.29cf.915a    DYNAMIC     Fa0/11

  21    001d.7187.5ed4    DYNAMIC     Fa0/19

  21    c42c.0319.730c    DYNAMIC     Fa0/14

  30    0023.69f6.d24d    DYNAMIC     Fa0/24

  30    0024.be63.bb26    DYNAMIC     Fa0/24

  30    d485.6415.2599    DYNAMIC     Fa0/25

  30    f81e.dfec.ce18    DYNAMIC     Fa0/24

Total Mac Addresses for this criterion: 79

L3Switch#sh int vlan 21

Vlan21 is up, line protocol is up

  Hardware is EtherSVI, address is 0016.c755.7c80 (bia 0016.c755.7c80)

  Internet address is 10.105.21.251/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:13, output 00:00:13, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     1442 packets input, 251369 bytes, 0 no buffer

     Received 0 broadcasts (200 IP multicast)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     1835 packets output, 464959 bytes, 0 underruns

     0 output errors, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

L3Switch#sh int vlan 30

Vlan30 is up, line protocol is up

  Hardware is EtherSVI, address is 0016.c755.7c80 (bia 0016.c755.7c80)

  Internet address is 10.105.30.254/24

  MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

     reliability 255/255, txload 1/255, rxload 1/255

  Encapsulation ARPA, loopback not set

  ARP type: ARPA, ARP Timeout 04:00:00

  Last input 00:00:04, output 01:28:45, output hang never

  Last clearing of "show interface" counters never

  Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4

  Queueing strategy: fifo

  Output queue: 0/40 (size/max)

  5 minute input rate 0 bits/sec, 0 packets/sec

  5 minute output rate 0 bits/sec, 0 packets/sec

     4796 packets input, 1476249 bytes, 0 no buffer

     Received 0 broadcasts (337 IP multicast)

     0 runts, 0 giants, 0 throttles

     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

     33 packets output, 2589 bytes, 0 underruns

     0 output errors, 0 interface resets

     0 output buffer failures, 0 output buffers swapped out

[/code]

Can you enable "ip routing" on the switch and test again?

no i can not ping 10.105.30.254 from the 21 vlan

added the route to the router and everything is working.

thx

Access-list 1permit on the router defines nat for only the .21 subnet. That is your problem.

Sent from Cisco Technical Support iPad App

You are also going to have to define static routes on the router for the switch subnets using the switch ip address as the gateway.

Sent from Cisco Technical Support iPad App

fb_webuser
Level 6
Level 6

Look at the routing table. "show ip route" Are you using a routing protocol? "show ip protocols"

---

Posted by WebUser Robert Hastings from Cisco Support Community App

Review Cisco Networking for a $25 gift card