Solved: Management VLAN Question

jmaciak01 · ‎08-31-2012

I'm setting up a few new switches on our network and I've connected them each to a trunk port on an existing switch.

The management VLAN that I'm using is 99, with an IP subnet of 10.10.99.0/26.

One switch that I've connected is working just fine. I'm able to telnet and ping the management IP 10.10.99.16 from the client VLAN 103. The other two switches are unreachable from the client VLAN. I am able to ping the management IPs on any switch, though.

New switch 1 (c2960): pinging from 10.10.103.98 to 10.10.99.16 works fine

New switch 2 (c2960): pinging from 10.10.103.98 to 10.10.99.9 fails

New switch 3 (c3560): pinging from 10.10.103.98 to 10.10.99.3 fails

All switches can ping eachother, though.

The trunk ports looks like this:

interface GigabitEthernet1/0/1

description Link to X

switchport mode trunk

vlan interface:

interface vlan 99

description MANAGEMENT

ip address 10.10.99.9 255.255.255.192

no ip redirects

I can ping to other .99.x management interfaces of switches in the network, just not to the two I mentioned 99.9 and 99.3.

I've looked over the configs for hours now and I can't find what I'm missing. Any ideas? If you need me to post more configs, let me know.

Richard Burts · ‎08-31-2012

I do not quite understand all that you have put into your post and may have missed something about your problem. But here are a couple of observations that might help.

In the beginning of your post you tell us that the management VLAN is a /27. But in the partial config the interface address is ip address 10.10.99.9 255.255.255.192 which is a /26. If the subnet masks are not consistent then it could cause connectivity problems. So please verify the subnet mask on each switch interface and let us know what it is.

Where is the source address of the pings 10.10.103.98? Is it perhaps on switch1 where the ping works?

Are switch 2 and switch 3 operating as just layer 2 switches or have you enabled layer 3 processing on them? I would suggest that you check switch 2 and switch 3 and verify if they have proper default-gateway (if they are layer 2 only) or default route (if they are layer 3). Not having a correct default-gateway or default route could cause the symptoms that you describe.

HTH

Rick

HTH

Rick

View solution in original post

Kyle McKay · ‎08-31-2012

More than likely you are missing the default gateway configuration on 99.9 and 99.3

In order to route packets back from a different subnet, these switches must have a default gateway.

"ip default-gateway x"

krahmani323 · ‎08-31-2012

Hello Kyle,

You beat me at this one !

Regards.

Karim

jmaciak01 · ‎08-31-2012

I tried that before, no dice. The weird part is that the switches I'm able to connect to via the management IP have no ip default gateway set, nor any ip routes.

krahmani323 · ‎08-31-2012

Hello jmaciak,

All the switches can ping each others within their vlan 99, but two of them are not reachable from another subnet.

It could be a mis-(or non)-configured default gateway on the two switches 99.9 & 99.3 switches (assuming they are L2-switches with no 'ip routing' enaled).

Could you check the command 'ip default-gateway x.x.x.x' is well configured on both switches ? If yes you can also check theirt netmask.

Best regards.

Karim

Richard Burts · ‎08-31-2012

I do not quite understand all that you have put into your post and may have missed something about your problem. But here are a couple of observations that might help.

In the beginning of your post you tell us that the management VLAN is a /27. But in the partial config the interface address is ip address 10.10.99.9 255.255.255.192 which is a /26. If the subnet masks are not consistent then it could cause connectivity problems. So please verify the subnet mask on each switch interface and let us know what it is.

Where is the source address of the pings 10.10.103.98? Is it perhaps on switch1 where the ping works?

Are switch 2 and switch 3 operating as just layer 2 switches or have you enabled layer 3 processing on them? I would suggest that you check switch 2 and switch 3 and verify if they have proper default-gateway (if they are layer 2 only) or default route (if they are layer 3). Not having a correct default-gateway or default route could cause the symptoms that you describe.

HTH

Rick

HTH

Rick

jmaciak01 · ‎08-31-2012

Sorry made a typo, all of the management IPs are masked w/ 255.255.255.192

Where is the source address of the pings 10.10.103.98? Is it perhaps on switch1 where the ping works?

Yes, it is on switch 1. However, I am able to ping and telnet to other switches as well.

Are switch 2 and switch 3 operating as just layer 2 switches or have you enabled layer 3 processing on them? I would suggest that you check switch 2 and switch 3 and verify if they have proper default-gateway (if they are layer 2 only) or default route (if they are layer 3). Not having a correct default-gateway or default route could cause the symptoms that you describe.

Ugh, that was it. I had "ip routing" enabled because I had originally intended to use this as a L3 switch. Thanks so much!

Richard Burts · ‎08-31-2012

I am glad that you got the problem worked out and that our suggestions were helpful in finding the problem. Thank you for posting back to the forum and indicating that you had solved the problem. And thank you for using the rating system to mark the question as answered. It makes the forum more useful when people can read about a problem and can know that a solution was found. Your marking has contributed to this process.

HTH

Rick

HTH

Rick