Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1127
Views
0
Helpful
6
Replies

Strange Ping and route issue.

Kyndall Taylor
Level 1
Level 1

‎12-18-2018 02:49 PM - edited ‎03-08-2019 04:50 PM

I have any existing installation with 2 vlans, a core switch, edge switches, and hosts. I have ip routing enabled on the core / edge switches and all hosts can ping each other and the switches as well as switches ping themselves any which way. (4500 and 3650's).. Works Great..

I have tried the same setup / config with a Nexus 3548x (Core) and 2960x's (EDGE) like the above setup, but it doesn't work right.
I have 2 VLANS on the CORE.. IP ROUTING ENABLED
VLAN 1  192.168.6.254/24
VLAN 5 192.168.5.254/24

Each vlan is configed on the 2960's as well... switches are trunked to the 3548X
Each switch has the VLAN #1 IP at 192.168.6.1/24 and the other switch  at 192.168.6.2/24. IP ROUTING is ENABLED

I have one PC at 192.168.6.201/24 GTWY 192.168.6.254 on one of the 2960's. The Gi1/0/1 port is setup for VLAN 1
I have one PC at 192.168.5.201/24 GTWY 192.168.5.254 on one of the 2960's. The Gi1/0/1 port is setup for VLAN 5.

The computers CAN ping themselves across the both VLANS and switches. The computers can ping the gateways of each of the VLANS.

I ping 192.168.6.1 from computer 6.201/24 I get a reply (local switch)
I ping 192.168.6.2 from computer 6.201/24 I get a reply (remote switch)
I ping 192.168.6.254 from computer 6.201/24 I get a reply (core VLAN1)
I ping 192.168.5.254 from computer 6.201/24 I get a reply (core VLAN5)
I ping 192.168.5.201 from computer 6.201/24 I get a reply (remote PC on the other switch)

The other computer at .5.201/24 can ping the other way. However, It can ping the VLAN1 gateway (6.254) but not the switches on the other side of it. 6.1 and 6.2 for some reason.

Also, if I console into the switch this computer is connected to, I CANNOT ping anything on VLAN5, either .5.201 or the .5.254 on the CORE switch, but can ping (VLAN1) stuff  .6.201 and .6.1 and 6.2


If I console to the CORE I can ping  everything.. everyway...

 

How can the computers ping correctly but not the switches?? This is very confusing and makes no sense.

Thanks..

Labels:
0 Helpful
6 Replies 6

johnd2310
Level 8
Level 8

‎12-18-2018 03:19 PM

Hi,

Have you checked the configs of the switches? Do you have a gateway configured on the switches? Are all the vlans being trunked correctly  between the switches?

 

Thanks

John

**Please rate posts you find helpful**
0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎12-18-2018 03:31 PM

Looks like you have missed the routing config pointing to each switches.

can you post both the switch configuration here to understand what is wrong.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

Kyndall Taylor
Level 1
Level 1
In response to balaji.bandi

‎12-19-2018 05:48 AM

Here is the Core Switch Nexus and the 2960. The other 2960's config is the same except for Vlan1's IP being 192.168.6.2 and the GI ports are all switchport access VLAN 5

From the CORE I can ping both switches IP's and the host in the different VLANS on each switch.

From either 2960 I can't ping anything but stuff on VLAN 1.

Both Computers on each switch can ping each other, as well as ping both VLAN gateways on the CORE. The CORE switch is attached as a file, the 2960 config is below.......

 

 

**********

version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname CCTV1-SYS1-48
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$t9a5$69bRO2crT11jjsBcXAPR21
!
no aaa new-model
switch 1 provision ws-c2960x-48fpd-l
ip routing
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-1084419968
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-1084419968
 revocation-check none
 rsakeypair TP-self-signed-1084419968
!
!
crypto pki certificate chain TP-self-signed-1084419968
 certificate self-signed 01
  3082022B 30820194 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
  31312F30 2D060355 04031326 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 31303834 34313939 3638301E 170D3138 31323138 32313139
  32305A17 0D323030 31303130 30303030 305A3031 312F302D 06035504 03132649
  4F532D53 656C662D 5369676E 65642D43 65727469 66696361 74652D31 30383434
  31393936 3830819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281
  8100BF81 A226D8FE 5FCE2F9C 2146937F E204CC6F 3E874342 94942C76 73BAD59F
  CFC2691C 13DE9950 90C57A34 50B19830 67A9189E C3FBB9F1 C535A461 C9ACAC37
  E67613A6 A0557AF6 9922243D DA9767AF 1728C113 A453F29E 41641573 F086ADE6
  9039C57E 57F88828 FFCB31FB 970B0CE5 CA8F1933 22AF0039 807C995E 776E7DCC
  DDC50203 010001A3 53305130 0F060355 1D130101 FF040530 030101FF 301F0603
  551D2304 18301680 146F7EA0 3C139472 9E1C1CA9 C969BFE4 3AF57AB5 0B301D06
  03551D0E 04160414 6F7EA03C 1394729E 1C1CA9C9 69BFE43A F57AB50B 300D0609
  2A864886 F70D0101 05050003 818100BF 485983C2 B4C3F680 5A046237 FAF16A3A
  FCA5C005 7163193A 57829427 735BAD0D 6AE71DBA F366E555 2B25A055 3FDF99E9
  335DEAE8 F198B912 70707692 922412E5 E37EE137 B2DA1364 17B5A3C2 F914533D
  C85A61AD C3E5FD13 6AF62360 A392703E F2130FE1 376F62ED 1D789506 30C0591B
  242D7137 A6CA2288 F6F43D07 C23913
        quit
!
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
!
!
!
!
!
!
!
!
interface FastEthernet0
 no ip route-cache
!
interface GigabitEthernet1/0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4

 switchport mode access
 spanning-tree portfast

!
interface GigabitEthernet1/0/5
 switchport mode access
 spanning-tree portfast

!
interface GigabitEthernet1/0/6
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/25
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/26
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/27
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/28
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/29
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/30
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/31
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/32
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/33
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/34
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/35
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/36
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/37
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/38
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/39
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/40
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/41
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/42
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/43
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/44
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/45
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/46
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/47
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/48
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/49
 switchport mode trunk
!
interface GigabitEthernet1/0/50
 switchport mode trunk
!
interface TenGigabitEthernet1/0/1
 switchport mode trunk
!
interface TenGigabitEthernet1/0/2
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.6.1 255.255.255.0
!
interface Vlan5
 no ip address
!
interface Vlan6
 no ip address
!
ip http server
ip http secure-server
!
!
no vstack
!
!
end

 

 

Preview file
11 KB
0 Helpful

mark.chennell
Level 1
Level 1
In response to Kyndall Taylor

‎12-19-2018 06:11 AM

The 2960 has ip routing enabled but has no default route .... so it only knows about anything on its connected interface (vlan 1 - 192.168.6.0/24)

The nexus can ping this because it is directly connected on that vlan, but obviously that 2960 will not be able to reach anything else other than vlan1, so configure a default gateway on it.
0 Helpful

Kyndall Taylor
Level 1
Level 1
In response to mark.chennell

‎12-19-2018 07:15 AM

Thanks for the reply. I don't really understand where to add the default route. I looked at my other site that works (I have enclosed the config of the 3650x below with a core 4500 with a similar setup) and I don't see a default route in the config, but yet I can ping from the switch across other VLANS (see pings at bottom). I don't understand what the difference is and why I can ping everywhere there.. Is there some kind of difference between a 2960/Nexus 3548 vs 3650/4500 regarding this? I also don't see anything in the 4500 core regarding a default gateway, I just issued the ip routing command.. Any more ideas would be greatly appreciated..

 

*****

 

Current configuration : 8737 bytes
!
! Last configuration change at 15:30:05 EST Tue Sep 4 2018
! NVRAM config last updated at 15:30:07 EST Tue Sep 4 2018
!
version 15.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SYSTEM1_24
!
boot-start-marker
boot-end-marker
!
!
vrf definition Mgmt-vrf
 !
 address-family ipv4
 exit-address-family
 !
 address-family ipv6
 exit-address-family
!
enable secret 5 $1$Ahvi$TRARKMpF1UL/WPhoqJVaR0
!
no aaa new-model
clock timezone EST -5 0
switch 1 provision ws-c3650-24ps
!
!
!
!
!
!
!
!
!
!
!
!
!
crypto pki trustpoint TP-self-signed-812598115
 enrollment selfsigned
 subject-name cn=IOS-Self-Signed-Certificate-812598115
 revocation-check none
 rsakeypair TP-self-signed-812598115
!
!
crypto pki certificate chain TP-self-signed-812598115
 certificate self-signed 01
  3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
  30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
  69666963 6174652D 38313235 39383131 35301E17 0D313731 31303631 37353430
  375A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
  532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 32353938
  31313530 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
  95704E94 7FBB62E1 B981CC71 F68D9353 6004016E 510B8687 1CB1A189 90530671
  9F26A948 0FF95562 EBAA25BC B09E27E7 94DDA659 484F983D 8F3C15E5 ACCB5E88
  4D35AD98 9B05ED4B 4DE0A481 763170FA 99C934A7 2B463CF8 C4967DFE A203D354
  B03C3529 89D0FA23 AECA0C2F 28B85CE4 F3E19EA2 1A194201 494E931A E6FBCD63
  02030100 01A36730 65300F06 03551D13 0101FF04 05300301 01FF3012 0603551D
  11040B30 09820753 59535445 4D31301F 0603551D 23041830 1680144E 2CFCEBB0
  B2D90710 E55AA35C DB34F80D AB437930 1D060355 1D0E0416 04144E2C FCEBB0B2
  D90710E5 5AA35CDB 34F80DAB 4379300D 06092A86 4886F70D 01010405 00038181
  00639D6D E0259B96 73160FC5 70D1FAC8 8094CED1 C9F9CDAE F7C340C2 75763992
  1E586A43 CAC5DCBD EF2791EC 8558DBBA E1CC516E 56C7DF7D 1E6DF631 FAB53C49
  835D9F81 2F000A94 EE93CF35 72420CA8 3BD1B36E DD23B127 A7967918 619040B7
  53457A52 CC1337A0 9872EA92 B082557A 554B8EB8 8BCAC8D0 45AE6B34 0DBABB4E 35
        quit
diagnostic bootup level minimal
spanning-tree mode rapid-pvst
spanning-tree extend system-id
hw-switch switch 1 logging onboard message level 3
!
redundancy
 mode sso
!
!
!
class-map match-any non-client-nrt-class
!
policy-map port_child_policy
 class non-client-nrt-class
  bandwidth remaining ratio 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 vrf forwarding Mgmt-vrf
 no ip address
 negotiation auto
!
interface GigabitEthernet1/0/1
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/2
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/3
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/4
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/5
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/6
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/7
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/8
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/9
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/10
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/11
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/12
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/13
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/14
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/15
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/16
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/17
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/18
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/19
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/20
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/21
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/22
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/23
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/0/24
 switchport mode access
 spanning-tree portfast
!
interface GigabitEthernet1/1/1
 switchport mode trunk
!
interface GigabitEthernet1/1/2
 switchport mode trunk
!
interface GigabitEthernet1/1/3
 switchport mode trunk
!
interface GigabitEthernet1/1/4
 switchport mode trunk
!
interface Vlan1
 ip address 192.168.0.50 255.255.255.0
!
interface Vlan5
 no ip address
!
ip forward-protocol nd
ip http server
ip http secure-server
!
ip access-list extended AutoQos-4.0-wlan-Acl-Bulk-Data
 permit tcp any any eq 22
 permit tcp any any eq 465
 permit tcp any any eq 143
 permit tcp any any eq 993
 permit tcp any any eq 995
 permit tcp any any eq 1914
 permit tcp any any eq ftp
 permit tcp any any eq ftp-data
 permit tcp any any eq smtp
 permit tcp any any eq pop3
ip access-list extended AutoQos-4.0-wlan-Acl-MultiEnhanced-Conf
 permit udp any any range 16384 32767
 permit tcp any any range 50000 59999
ip access-list extended AutoQos-4.0-wlan-Acl-Scavanger
 permit tcp any any range 2300 2400
 permit udp any any range 2300 2400
 permit tcp any any range 6881 6999
 permit tcp any any range 28800 29100
 permit tcp any any eq 1214
 permit udp any any eq 1214
 permit tcp any any eq 3689
 permit udp any any eq 3689
 permit tcp any any eq 11999
ip access-list extended AutoQos-4.0-wlan-Acl-Signaling
 permit tcp any any range 2000 2002
 permit tcp any any range 5060 5061
 permit udp any any range 5060 5061
ip access-list extended AutoQos-4.0-wlan-Acl-Transactional-Data
 permit tcp any any eq 443
 permit tcp any any eq 1521
 permit udp any any eq 1521
 permit tcp any any eq 1526
 permit udp any any eq 1526
 permit tcp any any eq 1575
 permit udp any any eq 1575
 permit tcp any any eq 1630
 permit udp any any eq 1630
 permit tcp any any eq 1527
 permit tcp any any eq 6200
 permit tcp any any eq 3389
 permit tcp any any eq 5985
 permit tcp any any eq 8080
!
!
!
!
!
wsma agent exec
 profile httplistener
 profile httpslistener
!
wsma agent config
 profile httplistener
 profile httpslistener
!
wsma agent filesys
 profile httplistener
 profile httpslistener
!
wsma agent notify
 profile httplistener
 profile httpslistener
!
!
wsma profile listener httplistener
 transport http
!
wsma profile listener httpslistener
 transport https
!
ap group default-group
end

SYSTEM1_24#ping 192.168.0.50
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.50, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/10 ms
SYSTEM1_24#ping 192.168.0.84
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.0.84, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/10 ms
SYSTEM1_24#ping 192.167.2.105
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.167.2.105, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/200/1000 ms
SYSTEM1_24#

 

The show ip route from both sites show this:

Working site:

SYSTEM1_24#sh ip route
removed codes.....
Gateway of last resort is not set

      192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.0.0/24 is directly connected, Vlan1
L        192.168.0.50/32 is directly connected, Vlan1

Current Nonworking Site:

CCTV1-SYS1-48#sh ip route
Gateway of last resort is not set

      192.168.6.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.6.0/24 is directly connected, Vlan1
L        192.168.6.1/32 is directly connected, Vlan1

0 Helpful

Vittorio Fortunato
Level 1
Level 1

‎12-19-2018 06:16 AM - edited ‎12-19-2018 06:37 AM

@Kyndall Taylor wrote:


Also, if I console into the switch this computer is connected to, I CANNOT ping anything on VLAN5, either .5.201 or the .5.254 on the CORE switch, but can ping (VLAN1) stuff  .6.201 and .6.1 and 6.2


If I console to the CORE I can ping  everything.. everyway...

 

How can the computers ping correctly but not the switches?? This is very confusing and makes no sense.

Thanks..

Hi Kyndall,

 

in order to ping addresses on networks not locally configured you need to configure routing information on the switch/router. If you want to ping addresses in VLAN 6, while not having L3 interfaces on the same VLAN, you need to have either an ip default-gateway or a ip default route set on the switch.

You can ping every address on VLAN 1 because you have a locally connected interface on that network.

 

Regards,

Vittorio

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card