cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
5268
Views
10
Helpful
9
Replies
FirewallEngineer
Beginner

[Problem] Cisco 3560 Switch: Unable to ping to different VLAN

Hi all,

Here is my topology. I’ve created to VLAN and I can ping each host in the same VLAN. Unfortunately, I can’t ping a host on different VLAN.

 

Ping Test

SERVER>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::260:3EFF:FE09:EBE8

IP Address......................: 4.1.1.1

Subnet Mask.....................: 255.0.0.0

Default Gateway.................: 0.0.0.0

 

SERVER>ping 4.1.1.2

Pinging 4.1.1.2 with 32 bytes of data:

Reply from 4.1.1.2: bytes=32 time=0ms TTL=128

Reply from 4.1.1.2: bytes=32 time=0ms TTL=128

Reply from 4.1.1.2: bytes=32 time=0ms TTL=128

Reply from 4.1.1.2: bytes=32 time=0ms TTL=128

Ping statistics for 4.1.1.2:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

SERVER>ping 3.1.1.1

Pinging 3.1.1.1 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 3.1.1.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

SERVER>

 

All interfaces are connected and up

S1#sh ip int b
Interface IP-Address OK? Method Status Protocol

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset up up

FastEthernet0/3 unassigned YES unset up up

FastEthernet0/4 unassigned YES unset up up

Vlan1 unassigned YES unset administratively down down

Vlan30 3.1.1.10 YES manual up up

Vlan40 4.1.1.10 YES manual up up
S1#

 

S2#sh ip int b
Interface IP-Address OK? Method Status Protocol

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset up up

FastEthernet0/3 unassigned YES unset up up

FastEthernet0/4 unassigned YES unset up up

Vlan1 unassigned YES unset administratively down down

Vlan30 3.1.1.20 YES manual up up

Vlan40 4.1.1.20 YES manual up up
S2#

 

 

Routing looks good

S1#sh ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route

Gateway of last resort is not set

3.0.0.0/24 is subnetted, 1 subnets
C 3.1.1.0 is directly connected, Vlan30
4.0.0.0/24 is subnetted, 1 subnets
C 4.1.1.0 is directly connected, Vlan40
S1#

 

S2#sh ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

3.0.0.0/24 is subnetted, 1 subnets

C 3.1.1.0 is directly connected, Vlan30

4.0.0.0/24 is subnetted, 1 subnets

C 4.1.1.0 is directly connected, Vlan40

S2#

 

 

Trunk Status

S1#sh int trunk
Port Mode Encapsulation Status Native vlan
Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk
Fa0/1 1-1005

Port Vlans allowed and active in management domain
Fa0/1 1,30,40

Port Vlans in spanning tree forwarding state and not pruned
Fa0/1 1,30,40
S1#

 

S2#sh in tr

Port Mode Encapsulation Status Native vlan

Fa0/1 auto n-802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-1005

Port Vlans allowed and active in management domain

Fa0/1 1,30,40

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1,30,40

S2#

 

 

Here is my switches config. Please let me know how to troubleshoot/solve this issue. Thanks.

 

S1#sh run

Building configuration...

Current configuration : 1405 bytes

!

version 12.2

no service timestamps log datetime msec

no service timestamps debug datetime msec

no service password-encryption

!

hostname S1

!

!

!

enable password ep

!

!

!

ip routing

!

!

!

!

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

!

!

!

!

!

!

interface FastEthernet0/1

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface FastEthernet0/2

!

interface FastEthernet0/3

switchport access vlan 30

!

interface FastEthernet0/4

switchport access vlan 40

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

shutdown

!

interface Vlan30

ip address 3.1.1.10 255.255.255.0

!

interface Vlan40

ip address 4.1.1.10 255.255.255.0

!

ip classless

!

ip flow-export version 9

!

!

!

!

!

!

!

line con 0

!

line aux 0

!

line vty 0 4

exec-timeout 0 0

password lv

login

!

!

!

end

S1#

 

S2#sh run
Building configuration...

Current configuration : 1326 bytes
!
version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S2
!
!
!
enable password ep
!
!
!
ip routing
!
!
!
!
!
!
!
!
!
!
!
!
!
!
spanning-tree mode pvst
!
!
!
!
!
!
interface FastEthernet0/1
!
interface FastEthernet0/2
!
interface FastEthernet0/3
switchport access vlan 30
!
interface FastEthernet0/4
switchport access vlan 40
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
!
interface FastEthernet0/8
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
no ip address
shutdown
!
interface Vlan30
ip address 3.1.1.20 255.255.255.0
!
interface Vlan40
ip address 4.1.1.20 255.255.255.0
!
ip classless
!
ip flow-export version 9
!
!
!
!
!
!
!
line con 0
!
line aux 0
!
line vty 0 4
password lv
login
!
!
!
end
S2#

 

https://firewallengineer.wordpress.com/2014/12/27/problem-cisco-3560-switch-unable-to-ping-to-different-vlan/

1 ACCEPTED SOLUTION

Accepted Solutions

You can ping the other network, rather you can not ping the host.

Given you had the servers config wrong, the chances are the clients are as well.

Therefore, check the clients S/M and G/W are correct.

Martin

View solution in original post

9 REPLIES 9
Leo Laohoo
VIP Community Legend

Sounds like firewall on 3.1.1.1 is enabled.

Thanks Leo for your prompt response. Firewall is disabled. I can ping 3.1.1.1 from 3.1.1.2 (different switch, same VLAN)
But I can’t ping from the same switch, different VLAN

PC>ipconfig

FastEthernet0 Connection:(default port)

Link-local IPv6 Address.........: FE80::2D0:BAFF:FE54:C865
IP Address......................: 3.1.1.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 0.0.0.0

PC>ping 3.1.1.1

Pinging 3.1.1.1 with 32 bytes of data:

Reply from 3.1.1.1: bytes=32 time=10ms TTL=128
Reply from 3.1.1.1: bytes=32 time=0ms TTL=128
Reply from 3.1.1.1: bytes=32 time=0ms TTL=128
Reply from 3.1.1.1: bytes=32 time=1ms TTL=128

Ping statistics for 3.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 10ms, Average = 2ms

PC>tracert 3.1.1.1

Tracing route to 3.1.1.1 over a maximum of 30 hops: 

1 0 ms 0 ms 0 ms 3.1.1.1

Trace complete.

PC>

 

Hi

This is what's wrong:

IP Address......................: 3.1.1.2
Subnet Mask.....................: 255.0.0.0
Default Gateway.................: 0.0.0.0

It needs to be:

IP Address......................: 3.1.1.2
Subnet Mask.....................: 255.255.255.0
Default Gateway.................: 3.1.1.10

The mask needs to be correct so that the host knows when the host is on a different subnet, and the default gateway needs to be configured to that the host knows where to send packets that should be transported to a different subnet.

 

 

Thanks Henrik, 
I’ve fixed the gateway & subnet but still can’t ping to different VLAN.

BEFORE

SERVER>ipconfig

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::260:3EFF:FE09:EBE8
   IP Address......................: 4.1.1.1
   Subnet Mask.....................: 255.0.0.0
   Default Gateway.................: 0.0.0.0

SERVER>ping 3.1.1.1

Pinging 3.1.1.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 3.1.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

AFTER

SERVER>ipconfig

FastEthernet0 Connection:(default port)

   Link-local IPv6 Address.........: FE80::260:3EFF:FE09:EBE8
   IP Address......................: 4.1.1.1
   Subnet Mask.....................: 255.255.255.0
   Default Gateway.................: 4.1.1.10

SERVER>ping 4.1.1.10

Pinging 4.1.1.10 with 32 bytes of data:

Reply from 4.1.1.10: bytes=32 time=0ms TTL=255
Reply from 4.1.1.10: bytes=32 time=0ms TTL=255
Reply from 4.1.1.10: bytes=32 time=0ms TTL=255
Reply from 4.1.1.10: bytes=32 time=0ms TTL=255

Ping statistics for 4.1.1.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

SERVER>

SERVER>ping 3.1.1.1

Pinging 3.1.1.1 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 3.1.1.1:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

SERVER>

 

What happends when you ping 3.1.1.10?

I can ping it. (from 4.1.1.1)

SERVER>ping 3.1.1.10

 

Pinging 3.1.1.10 with 32 bytes of data:

 

Reply from 3.1.1.10: bytes=32 time=0ms TTL=255

Reply from 3.1.1.10: bytes=32 time=0ms TTL=255

Reply from 3.1.1.10: bytes=32 time=0ms TTL=255

Reply from 3.1.1.10: bytes=32 time=0ms TTL=255

 

Ping statistics for 3.1.1.10:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

 

SERVER>

You can ping the other network, rather you can not ping the host.

Given you had the servers config wrong, the chances are the clients are as well.

Therefore, check the clients S/M and G/W are correct.

Martin

Aaah, you're right Martin. I did the same mistake on the other host. Gateway was not configured.

Now I'm able to ping to all hosts even in different VLAN.

Thanks all, I really appreciate your help.

Hi,

You have not mentioned gateway/default-router address. Thats why you are not able to ping different vlans.