cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2575
Views
0
Helpful
20
Replies

problem in Intervlan routing of catalyst switch 3560??

begad.nashaat
Level 1
Level 1

Dears, 

 

Please check below configuration for my catalyst switch 3560. The hosts in VLAN 30 (10.0.30.5) can't ping hosts in VLAN 50 (10.0.50.5), however the hosts in VLAN 30 can ping interface VLAN 50 (10.0.50.1) and vice verse. please check configuration of the switch and let me know if you have any suggestions for such a problem.

 

CoreSwitch#show running-config 
Building configuration...
 
Current configuration : 5313 bytes
!
! Last configuration change at 20:47:25 UTC Sun Mar 15 2015
!
version 15.0
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname CoreSwitch
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
logging console emergencies
enable secret 5 $1$PoWT$YSJ1mlvXywqPmn8vUac3x/
!
no aaa new-model
switch 1 provision ws-c3650-24ts
ip routing
!
ip device tracking
ip dhcp excluded-address 10.0.30.1
ip dhcp excluded-address 10.0.40.1
ip dhcp excluded-address 10.0.50.1
ip dhcp excluded-address 10.0.30.254
ip dhcp excluded-address 10.0.40.254
ip dhcp excluded-address 10.0.50.254
ip dhcp excluded-address 10.0.40.111
ip dhcp excluded-address 10.0.40.112
ip dhcp excluded-address 10.0.40.201
ip dhcp excluded-address 10.0.40.113
!
ip dhcp pool V30
 network 10.0.30.0 255.255.255.0
 default-router 10.0.30.1
 lease 4
!
ip dhcp pool V40
 network 10.0.40.0 255.255.255.0
 default-router 10.0.40.1
 lease 4
!
ip dhcp pool V50
 network 10.0.50.0 255.255.255.0
 default-router 10.0.50.1
 lease 4
!
ip dhcp pool test
!
!
!
crypto pki trustpoint TP-self-signed-3362881171
 enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3362881171
 revocation-check none
 rsakeypair TP-self-signed-3362881171
!
!
crypto pki certificate chain TP-self-signed-3362881171
 certificate self-signed 01
  30820242 308201AB A0030201 02020101 300D0609 2A864886 F70D0101 04050030 
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274 
  69666963 6174652D 33333632 38383131 3731301E 170D3135 30333132 30363237 
  33305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649 
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D33 33363238 
  38313137 3130819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 
  8100CF9F 8C723BDF 26C4E228 FB01EE50 BD6D2DE1 C7E19BB5 689139EA B40C1D18 
  6181BB33 83376AB3 B38B9C67 D98D56AE 90E55F7B A66669B1 B378A90C 4EAB6039 
  0EDE80A0 F5064CEC 44CCF520 75BAAD19 62DBAE6A 3B0837F7 C39F3BD1 EA81F189 
  9CFB7508 35856779 37E58DFE BCE4F50D 2CA68BAD 7397A413 95F34917 66706D18 
  D0830203 010001A3 6A306830 0F060355 1D130101 FF040530 030101FF 30150603 
  551D1104 0E300C82 0A436F72 65537769 74636830 1F060355 1D230418 30168014 
  A0C13850 B0D3D7CD 4B556F87 9A253E41 64E8C819 301D0603 551D0E04 160414A0 
  C13850B0 D3D7CD4B 556F879A 253E4164 E8C81930 0D06092A 864886F7 0D010104 
  05000381 81005303 86FC8957 E2ED7811 8ECAC1B2 8CDE27E8 8E53A820 98460169 
  0B5DEBB2 EC6A3DC2 3F2C16F0 336D526E B67660A6 466B15A9 14DACDE4 0E12F6E6 
  EFFFB705 8F3877D8 CEB51D37 A8436501 155DE00B 1EB8E157 C88C46E8 E483344A 
  B630BB54 D9F4851B 570A4C8F E8B4234A 478C39B4 A8434D4A 672D7680 AEEEDF35 
  82C284CE 4EF5
  quit
!
!
!
!
!
diagnostic bootup level minimal
spanning-tree mode pvst
spanning-tree extend system-id
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
  match non-client-nrt 
!
policy-map port_child_policy
 class non-client-nrt-class
 bandwidth remaining ratio 10
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport access vlan 30
 switchport mode access
!
interface GigabitEthernet1/0/2
 switchport access vlan 30
!
interface GigabitEthernet1/0/3
!
interface GigabitEthernet1/0/4
!
interface GigabitEthernet1/0/5
!
interface GigabitEthernet1/0/6
!
interface GigabitEthernet1/0/7
!
interface GigabitEthernet1/0/8
!
interface GigabitEthernet1/0/9
 switchport access vlan 40
!
interface GigabitEthernet1/0/10
 switchport mode trunk
 speed 100
 duplex full
!
interface GigabitEthernet1/0/11
!
interface GigabitEthernet1/0/12
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
switchport access vlan 50
!
interface GigabitEthernet1/0/15
!
interface GigabitEthernet1/0/16
!
interface GigabitEthernet1/0/17
!
interface GigabitEthernet1/0/18
!
interface GigabitEthernet1/0/19
!
interface GigabitEthernet1/0/20
!
interface GigabitEthernet1/0/21
!
interface GigabitEthernet1/0/22
!
interface GigabitEthernet1/0/23
 switchport mode trunk
!
interface GigabitEthernet1/0/24
 switchport mode trunk
!
interface GigabitEthernet1/1/1
!
interface GigabitEthernet1/1/2
!
interface GigabitEthernet1/1/3
!
interface GigabitEthernet1/1/4
!
interface Vlan1
 ip address 10.0.100.100 255.255.255.0
!
interface Vlan30
 ip address 10.0.30.1 255.255.255.0
!
interface Vlan50
 ip address 10.0.50.1 255.255.255.0
!
interface Vlan100
 ip address 192.168.100.1 255.255.255.0
!
ip http server
ip http authentication local
ip http secure-server
!
!
!
!
!
line con 0
 exec-timeout 0 0
 stopbits 1
line aux 0
 stopbits 1
line vty 0 4
 password Eventum
 login
line vty 5 15
 password Eventum
 login
!
wsma agent exec
 profile httplistener
 profile httpslistener
wsma agent config
 profile httplistener
 profile httpslistener
wsma agent filesys
 profile httplistener
 profile httpslistener
wsma agent notify
 profile httplistener
 profile httpslistener
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
ap group default-group
end
 
CoreSwitch#  
20 Replies 20

Charles Hill
VIP Alumni
VIP Alumni

I don't see a default route on the 3560. 

Just by looking at the 3560 and not knowing your network topology, I would change the default router on the dhcp pool(vlan 30 & 50) to 10.0.30.1 & 10.0.50.1 and add a default route to your 3560.

ip route 0.0.0.0 0.0.0.0 x.x.x.x

 

HTH

petenixon
Level 3
Level 3

Hosts in vlan 30 and vlan 50 do not have the correct default gateways defined in the dhcp pools:

ip dhcp pool V30
 default-router 10.0.30.254 
!
ip dhcp pool V50
 default-router 10.0.50.254 
!
!
interface Vlan30
 ip address 10.0.30.1 255.255.255.0
!
interface Vlan50
 ip address 10.0.50.1 255.255.255.0

shine pothen
Level 3
Level 3

Like the other two members said your default gateway is not matching with the Vlan interface ip

For example 

Switch(config)# interface vlan10
Switch(config-if)# ip address 10.1.10.1 255.255.255.0

Switch(config)# ip dhcp pool example10
Switch(config-dhcp)# network 10.1.10.0 255.255.255.0
Switch(config-dhcp)# default-router 10.1.10.1

 

Please let us know to which Interface/Port are you host getting connected.

Please make sure both the host ports are on their respective Vlans (VLan 30 and VLan 50)

Switch(config)# interface gigabitethernet XX/0/ZZ
Switch(config-if)# switchport mode access
Switch(config-if)# switchport access vlan Number

Please try these and let us know if it is working or not for you.

 

 

Thanks All !!

 

Actually, I have shared an old configuration, actually, the default gateway in the DHCP pool is configured to 10.0.30.1 & 10.0.50.1 as shown in the edit configurations mentioned above, but I'm still facing the same problem that the hosts in different VLANs cannot communicate with each other.

 

Also, I don't care about a default gateway to be configured on the switch (ip route 0.0.0.0 0.0.0.0) as I want to make sure first that the intervlan routing between hosts is successful before let hosts access the Internet 

Below the ports connected to the hosts:

 

interface GigabitEthernet1/0/1
 switchport access vlan 30
 switchport mode access
 
interface GigabitEthernet1/0/14
switchport access vlan 50
 
 
 
 

Can you post the output of a show vlan brief?

CoreSwitch#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi1/0/3, Gi1/0/4, Gi1/0/5
                                                Gi1/0/6, Gi1/0/7, Gi1/0/8
                                                Gi1/0/11, Gi1/0/12, Gi1/0/13
                                                Gi1/0/15, Gi1/0/16, Gi1/0/17
                                                Gi1/0/18, Gi1/0/19, Gi1/0/20
                                                Gi1/0/21, Gi1/0/22, Gi1/1/1
                                                Gi1/1/2, Gi1/1/3, Gi1/1/4
30   VLAN0030                         active    Gi1/0/1, Gi1/0/2
40   VLAN0040                         active    Gi1/0/9
50   VLAN0050                         active    Gi1/0/14
100  VLAN0100                         active
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup
1005 trnet-default                    act/unsup
CoreSwitch#

Are your vlan interfaces up?

Also, as you posted an older config earlier, can you attach the output of a show run please.

 

edit: Can you also confirm whether your hosts can ping their default gateway?

The vlan interfaces are up as shown below

 

CoreSwitch#show ip int br
Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  10.0.100.100    YES NVRAM  up                    up
Vlan30                 10.0.30.1       YES manual up                    up
Vlan40                 10.0.40.1       YES manual up                    up
Vlan50                 10.0.50.1       YES manual up                    up
Vlan100                192.168.100.1   YES manual up                    up
GigabitEthernet0/0     unassigned      YES unset  down                  down
GigabitEthernet1/0/1   unassigned      YES unset  up                    up
GigabitEthernet1/0/2   unassigned      YES unset  down                  down
GigabitEthernet1/0/3   unassigned      YES unset  down                  down
GigabitEthernet1/0/4   unassigned      YES unset  down                  down
GigabitEthernet1/0/5   unassigned      YES unset  down                  down
GigabitEthernet1/0/6   unassigned      YES unset  down                  down
GigabitEthernet1/0/7   unassigned      YES unset  down                  down
GigabitEthernet1/0/8   unassigned      YES unset  down                  down
GigabitEthernet1/0/9   unassigned      YES unset  up                    up
GigabitEthernet1/0/10  unassigned      YES unset  up                    up
GigabitEthernet1/0/11  unassigned      YES unset  down                  down
GigabitEthernet1/0/12  unassigned      YES unset  down                  down
GigabitEthernet1/0/13  unassigned      YES unset  down                  down
GigabitEthernet1/0/14  unassigned      YES unset  up                    up
GigabitEthernet1/0/15  unassigned      YES unset  down                  down
GigabitEthernet1/0/16  unassigned      YES unset  down                  down
GigabitEthernet1/0/17  unassigned      YES unset  down                  down
GigabitEthernet1/0/18  unassigned      YES unset  down                  down
GigabitEthernet1/0/19  unassigned      YES unset  down                  down
GigabitEthernet1/0/20  unassigned      YES unset  down                  down
GigabitEthernet1/0/21  unassigned      YES unset  down                  down
GigabitEthernet1/0/22  unassigned      YES unset  down                  down
GigabitEthernet1/0/23  unassigned      YES unset  up                    up
GigabitEthernet1/0/24  unassigned      YES unset  up                    up
GigabitEthernet1/1/1   unassigned      YES unset  down                  down
GigabitEthernet1/1/2   unassigned      YES unset  down                  down
GigabitEthernet1/1/3   unassigned      YES unset  down                  down
GigabitEthernet1/1/4   unassigned      YES unset  down                  down
CoreSwitch#

 

Actually, I have edit the post and applied the recent configuration as shown above.

 

yes, the hosts can ping their gateways, and even the other gateways:

 

For example:

Host : 10.0.40.20

Can ping 10.0.40.1 & 10.0.50.1 but can'y ping host 10.0.50.8

 

Please let us know the Role of the machine which is using the ip address 10.0.50.8

Also paste output of interface GigabitEthernet1/0/14

show interface GigabitEthernet1/0/14 (connecting to 10.0.50.8)

CoreSwitch#show interfaces gigabitEthernet 1/0/14
GigabitEthernet1/0/14 is up, line protocol is up (connected)
  Hardware is Gigabit Ethernet, address is 64f6.9d2e.330e (bia 64f6.9d2e.330e)
  MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
  Encapsulation ARPA, loopback not set
  Keepalive set (10 sec)
  Full-duplex, 1000Mb/s, media type is 10/100/1000BaseTX
  input flow-control is off, output flow-control is unsupported
  ARP type: ARPA, ARP Timeout 04:00:00
  Last input 00:00:07, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 33000 bits/sec, 42 packets/sec
  5 minute output rate 614000 bits/sec, 72 packets/sec
     1327137 packets input, 225172894 bytes, 0 no buffer
     Received 12863 broadcasts (6643 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 6643 multicast, 0 pause input
     0 input packets with dribble condition detected
     1690262 packets output, 806816097 bytes, 0 underruns
     0 output errors, 0 collisions, 1 interface resets
     0 unknown protocol drops
     0 babbles, 0 late collision, 0 deferred
     0 lost carrier, 0 no carrier, 0 pause output
     0 output buffer failures, 0 output buffers swapped out
CoreSwitch#

 

From the output provided we can see that there is traffic passing through the interface.

you can see the packet output and packet input.

Last input 00:00:07, output never, output hang never
  Last clearing of "show interface" counters never
  Input queue: 0/2000/0/0 (size/max/drops/flushes); Total output drops: 0
  Queueing strategy: fifo
  Output queue: 0/40 (size/max)
  5 minute input rate 33000 bits/sec, 42 packets/sec
  5 minute output rate 614000 bits/sec, 72 packets/sec
     1327137 packets input, 225172894 bytes, 0 no buffer

     Received 12863 broadcasts (6643 multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     0 watchdog, 6643 multicast, 0 pause input
     0 input packets with dribble condition detected
     1690262 packets output, 806816097 bytes, 0 underruns

what is the role of this host machine for eg is it a windows/linux/ip phone,

because from the configuration side it looks good.. the interface and the Vlan.

 

As I mentioned before that the host (windows machine) connected to this port can reach 10.0.40.1, 10.0.50.1 which are gateways that's why you can see traffic, but the problem when a host in VLAN 50 want to reach host in VLAN 40 which is not working.

 

Any ideas ???

 

 

 

 

can you ping the windows machine from the switch ?

 check the mac address and the arp request  from the switch side.

just to make my understanding clear, none of the host on vlan 50 is able to reach any other vlan on the switch, the host on Vlan 50 is only able to reach the gateways of the respective Vlans

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: