Solved: layer3 switch not routing

Joli Martinez · ‎04-27-2012

I have a 3550 l3 switch configured as follows:

vlan 10 ports 1-10

vlan 21 ports 11-20

vlan 30 port 21-30

vlan 40 ports 31-40

default vlan should be vlan 21

I have the servers, switch and router connected to vlan 21. Vlan 21 works great I can browse the internet, but I cannot ping any other vlans. router is connected to fa0/19

[code]

Building configuration...

Current configuration : 4833 bytes

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

service password-encryption

!

hostname L3Switch

!

username admin privilege 15 password 7 03554A0A1C5D365F56

no aaa new-model

ip subnet-zero

ip routing

no ip domain-lookup

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

interface FastEthernet0/1

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/2

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/4

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/7

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/8

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/9

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/12

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/13

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/14

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/15

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/16

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/17

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/18

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/19

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/20

switchport access vlan 21

switchport mode access

!

interface FastEthernet0/21

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/22

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/23

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/24

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/25

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/26

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/27

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/28

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/29

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/30

switchport access vlan 30

switchport mode access

!

interface FastEthernet0/31

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/32

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/33

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/34

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/35

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/36

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/37

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/38

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/39

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/40

switchport access vlan 40

switchport mode access

!

interface FastEthernet0/41

switchport mode access

!

interface FastEthernet0/42

switchport mode access

!

interface FastEthernet0/43

switchport mode access

!

interface FastEthernet0/44

switchport mode access

!

interface FastEthernet0/45

switchport mode access

!

interface FastEthernet0/46

switchport mode access

!

interface FastEthernet0/47

switchport mode access

!

interface FastEthernet0/48

description TRUNK TO L3 ROUTER

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet0/1

switchport mode dynamic desirable

!

interface GigabitEthernet0/2

switchport mode dynamic desirable

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip address 10.105.10.254 255.255.255.0

ip helper-address 10.105.21.1

!

interface Vlan21

ip address 10.105.21.251 255.255.255.0

!

interface Vlan30

ip address 10.105.30.254 255.255.255.0

ip helper-address 10.105.21.1

!

interface Vlan40

ip address 10.105.40.254 255.255.255.0

ip helper-address 10.105.21.1

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.105.21.254

ip http server

ip http secure-server

!

control-plane

!

line con 0

logging synchronous

line vty 0 4

logging synchronous

login local

transport input telnet

line vty 5 15

no login

!

end

[/code]

Jeff Van Houten · ‎04-27-2012

Access-list 1permit on the router defines nat for only the .21 subnet. That is your problem.

Sent from Cisco Technical Support iPad App

View solution in original post

Reza Sharifi · ‎04-27-2012

I am assuming 10.105.21.254 is the router's IP address. Can you post the router's config?

Jeff Van Houten · ‎04-27-2012

Are the remaining Vlans defined in the vlan database?

Sent from Cisco Technical Support iPad App

Mahesh Gohil · ‎04-27-2012

Hi,

Kindly provide ouput of

1/ sh int trunk

2/ sh vlans

3/ sh mac-address-table

4/ sh int vlan10 (vlan21, vlan30, vlan40)

Regards # Mahesh

Joli Martinez · ‎04-27-2012

here is the config to the router, but vlan 21 works and I have internet access, the problem is the routing between the vlans.

[code]

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname p_router

!

boot-start-marker

boot-end-marker

!

no aaa new-model

!

resource policy

!

ip cef

!

no ip domain lookup

ip domain name joli.local

!

username admin privilege 15 password 7 03554A0A1C5D365F56

!

interface FastEthernet0

!

interface FastEthernet1

!

interface FastEthernet2

!

interface FastEthernet3

!

interface FastEthernet4

ip address dhcp

ip nat outside

ip virtual-reassembly

duplex auto

speed auto

!

interface Vlan1

ip address 10.105.21.254 255.255.255.0

ip nat inside

ip virtual-reassembly

!

ip route 0.0.0.0 0.0.0.0 dhcp

!

no ip http server

no ip http secure-server

ip nat inside source list 1 interface FastEthernet4 overload

ip nat inside source static tcp 10.105.21.1 21 interface FastEthernet4 21

ip nat inside source static tcp 10.105.21.1 158 interface FastEthernet4 158

ip nat inside source static tcp 10.105.21.254 22 interface FastEthernet4 22

ip nat inside source static tcp 10.105.21.1 80 interface FastEthernet4 80

ip nat inside source static tcp 10.105.21.2 3389 interface FastEthernet4 3389

ip nat inside source static tcp 10.105.21.250 23 interface FastEthernet4 23

!

access-list 1 permit 10.105.21.0 0.0.0.255

access-list 23 permit any

access-list 100 remark WAN

access-list 100 deny ip host 255.255.255.255 any

access-list 100 deny ip 127.0.0.0 0.255.255.255 any

access-list 100 permit ip any any

access-list 101 permit udp any eq domain any

access-list 101 remark ADD PORT FORWARDING STATEMENT HERE

access-list 101 remark permit tcp any any eq port

access-list 101 permit tcp any any eq 22

access-list 101 permit tcp any any eq telnet

access-list 101 permit tcp any any eq ftp

access-list 101 permit tcp any any eq 158

access-list 101 permit icmp any any echo-reply

access-list 101 permit icmp any any time-exceeded

access-list 101 permit icmp any any unreachable

access-list 101 permit tcp any eq domain any

!

control-plane

!

line con 0

logging synchronous

no modem enable

line aux 0

line vty 0 4

access-class 23 in

login local

transport input ssh

!

scheduler max-task-time 5000

end

[/code]

Joli Martinez · ‎04-27-2012

here are all outputs. sh int trunk is empty and right now there are only two active vlans 21 and 30

[code]

L3Switch#sh vlan

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/41, Fa0/42, Fa0/43, Fa0/44

Fa0/45, Fa0/46, Fa0/47, Fa0/48

Gi0/1, Gi0/2

10 VOICE active Fa0/1, Fa0/2, Fa0/3, Fa0/4

Fa0/5, Fa0/6, Fa0/7, Fa0/8

Fa0/9, Fa0/10

21 NETWORK/SERVERS active Fa0/11, Fa0/12, Fa0/13, Fa0/14

Fa0/15, Fa0/16, Fa0/17, Fa0/18

Fa0/19, Fa0/20

30 WORKSTATIONS active Fa0/21, Fa0/22, Fa0/23, Fa0/24

Fa0/25, Fa0/26, Fa0/27, Fa0/28

Fa0/29, Fa0/30

40 QA active Fa0/31, Fa0/32, Fa0/33, Fa0/34

Fa0/35, Fa0/36, Fa0/37, Fa0/38

Fa0/39, Fa0/40

L3Switch#sh mac-ad

L3Switch#sh mac-address-table

Mac Address Table

-------------------------------------------

Vlan Mac Address Type Ports

---- ----------- -------- -----

All 0016.c755.7c80 STATIC CPU

All 0016.c755.7c81 STATIC CPU

All 0016.c755.7c82 STATIC CPU

All 0016.c755.7c83 STATIC CPU

All 0016.c755.7c84 STATIC CPU

All 0016.c755.7c85 STATIC CPU

All 0016.c755.7c86 STATIC CPU

All 0016.c755.7c87 STATIC CPU

All 0016.c755.7c88 STATIC CPU

All 0016.c755.7c89 STATIC CPU

All 0016.c755.7c8a STATIC CPU

All 0016.c755.7c8b STATIC CPU

All 0016.c755.7c8c STATIC CPU

All 0016.c755.7c8d STATIC CPU

All 0016.c755.7c8e STATIC CPU

All 0016.c755.7c8f STATIC CPU

All 0016.c755.7c90 STATIC CPU

All 0016.c755.7c91 STATIC CPU

All 0016.c755.7c92 STATIC CPU

All 0016.c755.7c93 STATIC CPU

All 0016.c755.7c94 STATIC CPU

All 0016.c755.7c95 STATIC CPU

All 0016.c755.7c96 STATIC CPU

All 0016.c755.7c97 STATIC CPU

All 0016.c755.7c98 STATIC CPU

All 0016.c755.7c99 STATIC CPU

All 0016.c755.7c9a STATIC CPU

All 0016.c755.7c9b STATIC CPU

All 0016.c755.7c9c STATIC CPU

All 0016.c755.7c9d STATIC CPU

All 0016.c755.7c9e STATIC CPU

All 0016.c755.7c9f STATIC CPU

All 0016.c755.7ca0 STATIC CPU

All 0016.c755.7ca1 STATIC CPU

All 0016.c755.7ca2 STATIC CPU

All 0016.c755.7ca3 STATIC CPU

All 0016.c755.7ca4 STATIC CPU

All 0016.c755.7ca5 STATIC CPU

All 0016.c755.7ca6 STATIC CPU

All 0016.c755.7ca7 STATIC CPU

All 0016.c755.7ca8 STATIC CPU

All 0016.c755.7ca9 STATIC CPU

All 0016.c755.7caa STATIC CPU

All 0016.c755.7cab STATIC CPU

All 0016.c755.7cac STATIC CPU

All 0016.c755.7cad STATIC CPU

All 0016.c755.7cae STATIC CPU

All 0016.c755.7caf STATIC CPU

All 0016.c755.7cb0 STATIC CPU

All 0016.c755.7cb1 STATIC CPU

All 0016.c755.7cb2 STATIC CPU

All 0100.0c00.0000 STATIC CPU

All 0100.0ccc.cccc STATIC CPU

All 0100.0ccc.cccd STATIC CPU

All 0180.c200.0000 STATIC CPU

All 0180.c200.0001 STATIC CPU

All 0180.c200.0002 STATIC CPU

All 0180.c200.0003 STATIC CPU

All 0180.c200.0004 STATIC CPU

All 0180.c200.0005 STATIC CPU

All 0180.c200.0006 STATIC CPU

All 0180.c200.0007 STATIC CPU

All 0180.c200.0008 STATIC CPU

All 0180.c200.0009 STATIC CPU

All 0180.c200.000a STATIC CPU

All 0180.c200.000b STATIC CPU

All 0180.c200.000c STATIC CPU

All 0180.c200.000d STATIC CPU

All 0180.c200.000e STATIC CPU

All 0180.c200.000f STATIC CPU

All 0180.c200.0010 STATIC CPU

21 000c.29b9.cde4 DYNAMIC Fa0/15

21 000c.29cf.915a DYNAMIC Fa0/11

21 001d.7187.5ed4 DYNAMIC Fa0/19

21 c42c.0319.730c DYNAMIC Fa0/14

30 0023.69f6.d24d DYNAMIC Fa0/24

30 0024.be63.bb26 DYNAMIC Fa0/24

30 d485.6415.2599 DYNAMIC Fa0/25

30 f81e.dfec.ce18 DYNAMIC Fa0/24

Total Mac Addresses for this criterion: 79

L3Switch#sh int vlan 21

Vlan21 is up, line protocol is up

Hardware is EtherSVI, address is 0016.c755.7c80 (bia 0016.c755.7c80)

Internet address is 10.105.21.251/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:13, output 00:00:13, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

1442 packets input, 251369 bytes, 0 no buffer

Received 0 broadcasts (200 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

1835 packets output, 464959 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

L3Switch#sh int vlan 30

Vlan30 is up, line protocol is up

Hardware is EtherSVI, address is 0016.c755.7c80 (bia 0016.c755.7c80)

Internet address is 10.105.30.254/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:04, output 01:28:45, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 4

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

4796 packets input, 1476249 bytes, 0 no buffer

Received 0 broadcasts (337 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

33 packets output, 2589 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

[/code]

Reza Sharifi · ‎04-27-2012

Can you enable "ip routing" on the switch and test again?

Joli Martinez · ‎04-27-2012

no i can not ping 10.105.30.254 from the 21 vlan

Joli Martinez · ‎04-27-2012

added the route to the router and everything is working.

thx

Jeff Van Houten · ‎04-27-2012

Access-list 1permit on the router defines nat for only the .21 subnet. That is your problem.

Sent from Cisco Technical Support iPad App

Jeff Van Houten · ‎04-27-2012

You are also going to have to define static routes on the router for the switch subnets using the switch ip address as the gateway.

Sent from Cisco Technical Support iPad App

fb_webuser · ‎04-27-2012

Look at the routing table. "show ip route" Are you using a routing protocol? "show ip protocols"

---

Posted by WebUser Robert Hastings from Cisco Support Community App