Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1274
Views
0
Helpful
5
Replies

Some clients can't communicate with secondary IP subnet

eric nguyen
Level 1
Level 1

‎05-07-2014 03:56 PM - edited ‎03-07-2019 07:22 PM

I have an issue that's been bugging me since this morning. This site has a single VLAN, 1, and the gateway is an SVI for VLAN 1 with a secondary IP of 192.168.116.254/24 and a primary IP of 10.53.16.1/22.

Some clients on the 10 network can ping servers on the 192 network, but some cannot. From the switches, I can ping the servers at 192.168.116.64 and .80. The servers and most of the clients are connected to the same switch stack, but still can't talk. I have attached a diagram and the interface configs are below. There are no ACLs on any of the switches either.

 

4500X

interface Vlan1
 description GATEWAY FOR LAN
 ip address 192.168.116.254 255.255.255.0 secondary
 ip address 10.53.16.1 255.255.252.0

interface TenGigabitEthernet1/1/3
 switchport mode trunk
 channel-group 1 mode active

interface TenGigabitEthernet2/1/3
 switchport mode trunk
 channel-group 1 mode active

interface Port-channel1
 switchport
 switchport mode trunk

 

 

3850 Stack

interface Vlan1
 ip address 10.53.16.5 255.255.252.0

interface GigabitEthernet1/1/1
 switchport mode trunk
 channel-group 1 mode active

interface GigabitEthernet4/1/1
 switchport mode trunk
 channel-group 1 mode active

interface Port-channel1
 switchport mode trunk

 

Labels:
Preview file
22 KB
0 Helpful
5 Replies 5

Julio Carvajal
VIP Alumni
VIP Alumni

‎05-07-2014 05:04 PM

Hello,

 

Can you try to do a ping from one PC to a server that does not work and check if with wireshark you see the packets reaching the server?

Have you make sure all of the PCs have the right Default gateway on their corresponding VLAN?

 

Do you see the ARP mapping on their network table?

 

Regards

Julio Carvajal
Senior Network Security and Core Specialist
CCIE #42930, 2xCCNP, JNCIP-SEC
0 Helpful

eric nguyen
Level 1
Level 1
In response to Julio Carvajal

‎05-07-2014 05:30 PM

I have not done a packet capture yet.

Yes, the PCs have the correct default gateway, they all point to the 4500s.

Yes, both the client and servers are in the ARP tables of the 4500s.

0 Helpful

Wassim Aouadi
Level 4
Level 4
In response to eric nguyen

‎06-01-2014 10:42 PM

Regarding the PCs that do not reach the servers, can they ping the other VLAN1 ip address, i.e. the one other than their gateway address?

0 Helpful

Parvesh Paliwal
Level 3
Level 3

‎06-01-2014 11:57 PM

Can you share a traceroute for different subnets from the clients subnet(s) ?

 

 

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Parvesh Paliwal

‎06-02-2014 07:13 AM

Two things in the partial config shown puzzle me though I am not sure if either is really the problem.

- the original post says there is only a single vlan. but the connection between switches is configured as a trunk? why is there a trunk if there is only a single vlan?

- the 4500 has the primary and secondary addresses but the 3850 has only the primary address. I wonder what would happen if the secondary address were configured on the 3850 also?

 

HTH

 

Rick

HTH

Rick
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card