Unable to connect to SVI

kcross · ‎12-07-2022

So running into a strange issue. I have multiple SVI's created on our switch due to one subnet being in our test environment and one being in our production environment. The test SVI has a subnet of 10.20.1.10 and the production one has a IP of 10.10.2.10 both being /24. I am attempting to connect to our 10.20.1.10 web gui but running into a weird issue where I can't. My PC sits on the 10.10.2.x network. If I move to a different subnet (10.10.3.x) I can connect to it perfectly fine. If I am on the 10.10.2.x subnet I can ping the 10.20.1.1 subnet but can't ping 10.20.1.10 SVI. Is this due to me having a SVI from the 10.10.2.1 network? This is the only reason I can think this is giving me issues. Any suggestions would help immensely

MHM Cisco World · ‎12-07-2022

show ip int brief
check the IP of each SVI are right enter

show dhcp
check the default-router you use under each DHCP Pool.

balaji.bandi · ‎12-07-2022

you need to provide more informatrion about environment

what is the model of switch

what IOS code running

all SVI are in same Switch ?

where is the Server connected to same switch ?

post below informaiton :

show ip interface brief

show vlan

show ip route

show ip arp

(you have access issue from 10.20.2.X network to 10.20.1.10 ) same this work in 10.10.3,X ok connecting to 10.20.1.10)

this looks for me some where thing blocking, could be ACL (until we see show run we can guide you in right direction since we do not have any visibility of your config)

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kcross · ‎12-07-2022

The switch only acts as a layer 2 device, the firewall it is connected to handles all DHCP and routing. I posted the config for review

kcross · ‎12-07-2022

balaji.bandi · ‎12-07-2022

thank you for the config - we do see config vlan 5

interface Vlan5
ip address 10.20.1.10 255.255.255.0
!

But i do not see any where the ports are part of VLAN 5?

To work as expected

- the device connected should be vlan 5

example :

interface GigabitEthernet1/0/X
switchport access vlan 5
switchport mode access

---

if this is layer 2 switch : then port going to FW required vlan allowed

Example :

interface GigabitEthernet1/0/X
switchport trunk allowed vlan 3,5,6
switchport mode trunk

on the FW you should have VLAN 5 available to take part of routing.

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

kcross · ‎12-07-2022

interface GigabitEthernet1/0/X
switchport trunk allowed vlan 3,5,6
switchport mode trunk

In regards to this, if I want all vlans to be able to route to the firewall I don't need the allowed portion correct? I should be fine with just the switchport mode trunk portion?

This switch is acting as a layer 2 device

balaji.bandi · ‎12-07-2022

if the switch Layer2 - All your VLAN routing Firewall. you need this vlan to be allowed and Firewall also should have VLAN 5

Not sure what Firewall is this ?

interface GigabitEthernet1/0/X
switchport mode trunk < this means all vlan allowed

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

amikat · ‎12-08-2022

Hi,

In my view your assumptions are correct. As an interim measure you may try to configure static 10.20.1.10 host route via 10.20.2.10 at your PC in addition to the current DG.

Best regards,

Antonin