Re: SVI does not route traffic

Andre Sydoriak · ‎12-09-2014

Hi,

I've got a problem with one of my svi's created on a 3750-x switch.

I created a new vlan 220 which has been distributed with vtp. The 3750x is connected with a trunk to a 2960 which has ports in VLAN 220. 2960 sees the new vlan and I am able to ping inside the VLAN and the SVI.

When I want to ping from a differen VLAN to VLAN 220 which is directly connected to the 3750-x I don't get any responds. When I do a shutdown and no shutdown command I am able to ping a few times an then I get never ending timeouts.

Here is my config:

interface Vlan220
ip address 192.168.206.1 255.255.255.0

Vlan220 is up, line protocol is up
Hardware is EtherSVI, address is 4c4e.3510.42c6 (bia 4c4e.3510.42c6)
Internet address is 192.168.206.1/24
MTU 1500 bytes, BW 1000000 Kbit/sec, DLY 10 usec,
     reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive not supported
ARP type: ARPA, ARP Timeout 04:00:00
Last input 00:01:08, output 00:20:08, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
     11457 packets input, 2273358 bytes, 0 no buffer
     Received 0 broadcasts (0 IP multicasts)
     0 runts, 0 giants, 0 throttles
     0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
     1148 packets output, 74324 bytes, 0 underruns
     0 output errors, 5 interface resets
     0 unknown protocol drops
     0 output buffer failures, 0 output buffers swapped out

#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
       + - replicated route, % - next hop override

Gateway of last resort is 10.10.10.1 to network 0.0.0.0

S*    0.0.0.0/0 [1/0] via 10.10.10.1
      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C        10.10.10.0/24 is directly connected, GigabitEthernet2/0/1
L        10.10.10.2/32 is directly connected, GigabitEthernet2/0/1
      192.168.90.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.90.0/24 is directly connected, Vlan500
L        192.168.90.1/32 is directly connected, Vlan500
      192.168.201.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.201.0/24 is directly connected, Vlan200
L        192.168.201.1/32 is directly connected, Vlan200
      192.168.202.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.202.0/24 is directly connected, Vlan300
L        192.168.202.1/32 is directly connected, Vlan300
      192.168.203.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.203.0/24 is directly connected, Vlan400
L        192.168.203.1/32 is directly connected, Vlan400
      192.168.205.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.205.0/24 is directly connected, Vlan1
L        192.168.205.10/32 is directly connected, Vlan1
      192.168.206.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.206.0/24 is directly connected, Vlan220
L        192.168.206.1/32 is directly connected, Vlan220

Do I have a config mistake or is there something wrong with the switch?

Thanks,

André

Reza Sharifi · ‎12-09-2014

Hi,

What is the output of "sh spann" and "sh spann interface x/x" from both 3750 and 2960?

x/x the interface between the 3750 and 2960.

HTH

Andre Sydoriak · ‎12-11-2014

Hi,

Core:

sh spann

VLAN0220
Spanning tree enabled protocol ieee
Root ID    Priority    32988
             Address     0cd9.9667.d700
             Cost        3
             Port        512 (Port-channel1)
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32988 (priority 32768 sys-id-ext 220)
             Address     4c4e.3510.4280
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Po1                 Root FWD 3         128.512 P2p
Po2                 Desg FWD 4         128.520 P2p
Po3                 Desg FWD 3         128.528 P2p

#sho spanning-tree interface port-channel 1

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Root FWD 3         128.512 P2p
VLAN0100            Root FWD 3         128.512 P2p
VLAN0110            Root FWD 3         128.512 P2p
VLAN0120            Root FWD 3         128.512 P2p
VLAN0200            Root FWD 3         128.512 P2p
VLAN0210            Root FWD 3         128.512 P2p
VLAN0220            Root FWD 3         128.512 P2p
VLAN0300            Root FWD 3         128.512 P2p
VLAN0400            Root FWD 3         128.512 P2p
VLAN0500            Root FWD 3         128.512 P2p

sh spanning-tree interface gigabitEthernet 1/0/23

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Root FWD 3         128.512 P2p
VLAN0100            Root FWD 3         128.512 P2p
VLAN0110            Root FWD 3         128.512 P2p
VLAN0120            Root FWD 3         128.512 P2p
VLAN0200            Root FWD 3         128.512 P2p
VLAN0210            Root FWD 3         128.512 P2p
VLAN0220            Root FWD 3         128.512 P2p
VLAN0300            Root FWD 3         128.512 P2p
VLAN0400            Root FWD 3         128.512 P2p
VLAN0500            Root FWD 3         128.512 P2p

Access-Switch

VLAN0220
Spanning tree enabled protocol ieee
Root ID    Priority    32988
             Address     0cd9.9667.d700
             This bridge is the root
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec

Bridge ID Priority    32988 (priority 32768 sys-id-ext 220)
             Address     0cd9.9667.d700
             Hello Time   2 sec Max Age 20 sec Forward Delay 15 sec
             Aging Time 300 sec

Interface           Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Gi2/0/9             Desg FWD 4         128.63   P2p
Po1                 Desg FWD 3         128.224 P2p
Gi1/0/15            Desg FWD 4         128.15   P2p
Gi3/0/11            Desg FWD 4         128.119 P2p
Gi3/0/22            Desg FWD 4         128.130 P2p

Vlan                Role Sts Cost      Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
VLAN0001            Desg FWD 3         128.224 P2p
VLAN0100            Desg FWD 3         128.224 P2p
VLAN0110            Desg FWD 3         128.224 P2p
VLAN0120            Desg FWD 3         128.224 P2p
VLAN0200            Desg FWD 3         128.224 P2p
VLAN0210            Desg FWD 3         128.224 P2p
VLAN0220            Desg FWD 3         128.224 P2p
VLAN0300            Desg FWD 3         128.224 P2p
VLAN0400            Desg FWD 3         128.224 P2p
VLAN0500            Desg FWD 3         128.224 P2p

Thanks,

ERLI HAMITH CARVAJAL REYES · ‎12-11-2014

Did you enable the ip routing command at configure terminal mode?

Do you have a port in up state for these vlan? if you don't use the next command in a port, switchport autostate excluded

Andre Sydoriak · ‎12-12-2014

yes, routing is enabled since we have a lot of other vlan which are working fine.

I have ports in up state on my access switches (2 storages and one backup server) but no up ports on the core switch (3750x). Since all other VLANs are configured the same this should work either or am I wrong?

ERLI HAMITH CARVAJAL REYES · ‎12-12-2014

I think the problem is, your access switch is the root, and the Core should be the Root.

- You need to have configured the same vlans in the Core Switch and Access Switch, and should be allowed in the trunk link with the command switchport trunk allowed vlan all.

- Ip routing command should be configured on Core Switch

Andre Sydoriak · ‎12-15-2014

Dear all,

as usual always check twice if you say I am sure. After long investigations at weekend we found a client which had misconfigured ip settings for connecting to a legacy label printer. After unplugging the client from the network everything is working like a charm.

We also changed span tree priority on core switch so everything ist working now.

Thanks a lot,

André

paul driver · ‎12-12-2014

hello

so just confirm

the core switch has ip routing enabled

the access switch DOSENT have ip routing enabled and is running as a host with DG applied?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Zach Smith · ‎12-11-2014

Are you pinging your gateway IPs or devices like PCs? Lets say you also have a VLAN 120. Can you ping VLAN 120's gateway IP from a device on VLAN 220? Same for a Device on VLAN 120 - can you ping VLAN 220's default gateway IP of 192.168.206.1?

Andre Sydoriak · ‎12-12-2014

Hi,

I am able to ping the SVI of VLAN 220 from VLAN200 based host. But I am not able to ping a host inside the VLAN 220 from a host on VLAN200 for instance.

Vice versa is the same as above.

Zach Smith · ‎12-12-2014

If you are able to ping the default gateway for VL 220 FROM vlan 200 but not a host on VL 220 then i'd say look at the host. Windows firewall blocking this? If you run wireshark on the host your are trying to ping do you see the traffic hit its interface?

paul driver · ‎12-11-2014

hello

do you hve any duplicate ip addresssing by mistake?

are Any vlans being manualy or auto pruned off the trunks

can you ping all host sourced from different svi interfaces from the core?

res

paul

Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul

Andre Sydoriak · ‎12-12-2014

I am sure not having any mistake.

I don't see some vlans beeing pruned off the trunks. How can I check this? Switchports are all configured like this:

interface GigabitEthernet1/0/24
description Uplink DSW1
switchport mode trunk
channel-protocol lacp
channel-group 1 mode passive
!

Whats a little be strange is when I shutdown and no shutdown the svi about 10 pings are working and then I get timeouts only.

cstathopoulos · ‎10-02-2020

Possible Fix:

COMMAND: no ip cef

I ran into a similar issue in my GNS3 lab. Had an IOU Layer 3 switch image.

Turns out this feature called CEF (Cisco Express Forwarding) was enabled by default.

This was preventing the SVI interfaces from routing between VLANs.

Not sure if it will work for you, but it worked in my case.

Found in another forum: https://learningnetwork.cisco.com/s/question/0D53i00000Kt58B/svi-routing-issue

Joseph W. Doherty · ‎10-02-2020

Generally, disabling CEF is not recommended.

From what the OP describes, I wonder if VTP auto pruning is enabled.