Solved: Just double checked and yes,

Joshua Schaeffer · ‎08-15-2016

I'm having an odd problem, that probably has a simple solution, but just can't seem to figure it out. I've setup a VLAN on a Cisco SG300-20 managed switch (in layer 3 mode) with an ID of 90. I've assigned an IP network to the VLAN and machines on the network can route properly. I can ping other VLAN's, and devices behind them from machines in VLAN 90, but I cannot ping devices on VLAN 90 from other VLANs. However those other devices can ping the gateway of VLAN 90 which is 10.1.90.1

My network layout is below.

I can ping VLAN 90's gateway for a machine on VLAN 90 and reach other VLAN's, as well as the internet:

PS C:\Users\jschaeffer> ipconfig

Windows IP Configuration

Wireless LAN adapter Wireless Network Connection:

Connection-specific DNS Suffix . : harmonywave.com
IPv4 Address. . . . . . . . . . . : 10.1.90.3
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.1.90.1

Tunnel adapter isatap.harmonywave.com:

Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : harmonywave.com

PS C:\Users\jschaeffer> ping 10.1.90.1

Pinging 10.1.90.1 with 32 bytes of data:
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=2ms TTL=64
Reply from 10.1.90.1: bytes=32 time=3ms TTL=64

Ping statistics for 10.1.90.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 2ms, Maximum = 3ms, Average = 2ms

PS C:\Users\jschaeffer> ping 10.1.32.2

Pinging 10.1.32.2 with 32 bytes of data:
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=2ms TTL=63
Reply from 10.1.32.2: bytes=32 time=1ms TTL=63

Ping statistics for 10.1.32.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 2ms, Average = 1ms

However when I try to ping 10.1.90.3 from 10.1.32.2 it fails:

jschaeffer@zipmaster07 ~ $ ip addr show | grep 'inet 10.*'
inet 10.1.32.2/24 brd 10.1.32.255 scope global eth0

jschaeffer@zipmaster07 ~ $ ping 10.1.90.3
PING 10.1.90.3 (10.1.90.3) 56(84) bytes of data.
^C
--- 10.1.90.3 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 4030m

But that same machine can reach VLAN 90's gateway address:

jschaeffer@zipmaster07 ~ $ ping 10.1.90.1
PING 10.1.90.1 (10.1.90.1) 56(84) bytes of data.
64 bytes from 10.1.90.1: icmp_seq=1 ttl=64 time=1.32 ms
64 bytes from 10.1.90.1: icmp_seq=2 ttl=64 time=1.20 ms
64 bytes from 10.1.90.1: icmp_seq=3 ttl=64 time=1.30 ms
64 bytes from 10.1.90.1: icmp_seq=4 ttl=64 time=1.24 ms
^C
--- 10.1.90.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 1.204/1.271/1.329/0.055 ms

When I sniff the wire on 10.1.90.3 I can see the ICMP request, but it never generates a reply. I think this is an interface problem put I can't see anything on my switch that is different from other VLAN interfaces. The machines on VLAN 90 that I've been testing with use GE17 and GE18.

adjutant01#show running-config
config-file-header
adjutant01
v1.2.7.76 / R750_NIK_1_2_584_002
CLI v1.0
file SSD indicator encrypted
@
ssd-control-start
ssd config
ssd file passphrase control unrestricted
no ssd file integrity control
ssd-control-end cb0a3fdb1f3a1af4e4430033719968c0
!
port jumbo-frame
vlan database
default-vlan vlan 100
exit
vlan database
vlan 10,20,30-33,50-51,70,90
exit
voice vlan id 100
voice vlan oui-table add 0001e3 Siemens_AG_phone________
voice vlan oui-table add 00036b Cisco_phone_____________
voice vlan oui-table add 00096e Avaya___________________
voice vlan oui-table add 000fe2 H3C_Aolynk______________
voice vlan oui-table add 0060b9 Philips_and_NEC_AG_phone
voice vlan oui-table add 00d01e Pingtel_phone___________
voice vlan oui-table add 00e075 Polycom/Veritel_phone___
voice vlan oui-table add 00e0bb 3Com_phone______________
no ip dhcp snooping verify
ip dhcp relay address 10.1.30.50
ip dhcp relay enable
ip dhcp information option
no boot host auto-config
hostname adjutant01
logging file informational
rmon event 1 log
username cisco password encrypted a86bb3c61e5abaaeccff6898cc4b76b1e9c77e95 privilege 15
ip ssh server
snmp-server location "Server room"
snmp-server contact "Joshua Schaeffer"
no ip http server
clock timezone " " -7
clock summer-time web recurring usa
clock source sntp
ip domain name harmonywave.com
ip name-server 10.1.30.2
!
interface vlan 1
no ip address dhcp
!
interface vlan 10
name Public
ip address 10.1.10.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 20
name Secure
ip address 10.1.20.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 30
name "Internal Managment"
ip address 10.1.30.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 31
name "Internal Server"
ip address 10.1.31.1 255.255.255.0
!
interface vlan 32
name "Internal Client"
ip address 10.1.32.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 33
name Storage
ip address 10.1.33.1 255.255.255.0
!
interface vlan 50
name "Cloud Management"
ip address 10.1.50.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 51
name "External Cloud"
ip address 10.1.51.1 255.255.255.0
ip dhcp relay enable
!
interface vlan 70
name "IPMI Network"
!
interface vlan 90
name Wireless/Printer
ip address 10.1.90.1 255.255.255.0
!
interface vlan 100
ip address 10.1.100.1 255.255.255.0
!
interface 1
switchport forbidden default-vlan
!
interface gigabitethernet1
channel-group 1 mode auto
switchport mode access
!
interface gigabitethernet2
channel-group 2 mode auto
switchport mode access
!
interface gigabitethernet3
channel-group 3 mode auto
switchport mode access
!
interface gigabitethernet4
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet5
switchport mode access
switchport access vlan 31
!
interface gigabitethernet6
switchport mode access
switchport access vlan 33
!
interface gigabitethernet7
switchport mode access
switchport access vlan 32
!
interface gigabitethernet8
switchport mode access
switchport access vlan 70
!
interface gigabitethernet9
channel-group 1 mode auto
switchport mode access
!
interface gigabitethernet10
channel-group 2 mode auto
switchport mode access
!
interface gigabitethernet11
channel-group 3 mode auto
switchport mode access
!
interface gigabitethernet12
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet13
switchport mode access
switchport access vlan 31
!
interface gigabitethernet14
switchport mode access
switchport access vlan 33
!
interface gigabitethernet15
switchport mode access
switchport forbidden default-vlan
!
interface gigabitethernet16
switchport mode access
switchport access vlan 70
!
interface gigabitethernet17
switchport mode access
switchport access vlan 90
!
interface gigabitethernet18
rmon collection stats 1
switchport mode access
switchport access vlan 90
!
interface gigabitethernet19
switchport mode access
!
interface gigabitethernet20
switchport mode access
!
interface Port-channel1
description "LXD range 01"
switchport trunk allowed vlan add 10,20,30-31,50-51,90
switchport forbidden default-vlan
!
interface Port-channel2
description "LXD range 02"
switchport trunk allowed vlan add 10,20,30-31,50-51
switchport forbidden default-vlan
!
interface Port-channel3
description "NAS range 01"
switchport mode access
switchport access vlan 33
switchport forbidden default-vlan
!
interface Port-channel4
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel5
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel6
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel7
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
interface Port-channel8
switchport mode access
switchport general pvid 4095
switchport forbidden default-vlan
!
ip route 0.0.0.0 0.0.0.0 10.1.100.2
ip route 10.1.60.0 255.255.255.0 10.1.20.21
snmp-server set rlAutomaticClockSetFromPCEnabled rlAutomaticClockSetFromPCEnabled true

I thought this might be a machine specific problem, but I've seen it on two machines. Any help is appreciated.

Thanks,

Joshua

Richard Bradfield · ‎08-16-2016

Is the printer wireless or hardwired? I was thinking might be something to do with the Wireless Access point

View solution in original post

johnd2310 · ‎08-15-2016

Hi,

Have you checked firewall on those machines?

Thanks

John

**Please rate posts you find helpful**

Joshua Schaeffer · ‎08-16-2016

Just double checked and yes, the firewall is disabled my testing machine. I'm also trying to ping a printer on VLAN 90 as well. I can ping it from the switch and machines on VLAN 90, but like my other tests I cannot ping it from machines outside of VLAN 90.

Richard Bradfield · ‎08-16-2016

Is the printer wireless or hardwired? I was thinking might be something to do with the Wireless Access point

Joshua Schaeffer · ‎08-16-2016

The printer is wired. That is not the correct answer, accidentally hit that.

Richard Bradfield · ‎08-16-2016

As a test is it possible to connect the printer directly to the sg300 switch, and disable all other vlan 90 connections on the switch. then see if it pings ok.

Machine does not generate ICMP reply