04-29-2012 01:27 AM - edited 03-07-2019 06:24 AM
Hi,
We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing. We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.
Rquest you to please help in where I am going wrong.
Thanks in advance !
Cheers,
Sagar
04-29-2012 01:35 AM
Hi Sagar,
If laptop B can ping laptop A then the routing is working fine. In that case, I suggest to have a close look at the firewall settings on both laptops. Firewalls on Windows are notoriously known for causing similar incidents. Ideally, deactivate the firewall on both laptops for the time being and see if it solves the issue.
Best regards,
Peter
04-29-2012 01:42 AM
Hi Peter,
Thanks for your reply !!
Firewall on both the laptops are disabled !!
Also, from Switch we are unable to ping Laptop A
Thanks,
Sagar
04-29-2012 01:37 AM
Your switch is probably OK.
You have verified that the global command ip routing is in the config?
At least ip forwarding seems to work but the problem description is slightly confusing.
From your explanation, the following are likely causes:
-Incorrect subnet mask on client A or B
-Incorrect or missing default gateway on A or B
regards,
Leo
04-29-2012 01:43 AM
Hi Leo,
Thanks for your reply !!
Yes, IP routing is enabled and checked by 'show running-config' command.
Also, we have given common subnet mask on both laptops which are same as VLAN subnet masks.
Also, given correct gateway as given for VLANs
Appreciate your help !!
Thanks,
Sagar
04-29-2012 02:14 AM
Any access lists configured on the switch perhaps?
04-29-2012 02:21 AM
Nopes....just starting configuring Inter VLANs
04-29-2012 02:31 AM
Well, in that case you are definitely overlooking something basic.
How much can there be wrong with this config
Looks like all the options have been mentioned:
-Firewall on clients
-Wrong subnet masks
-Def GW missing or incorrect
Without any detailed information regarding the config, this is merely guessing and I'm not quite good at that.
Basic steps to troubleshoot:
Verify each PC can ping its own gateway
Then try gateway of the other side >> If this works, the cisco part is OK.
Looks like this is your issue which must hence be something with one of the clients or perhaps both.
regards,
Leo
04-29-2012 02:39 AM
Hi Leo,
I am also not sure where the the problem and we are trying to dig this out from last 8-9 hrs. We have tried changing the clients with different laptops, etc but still no luck
I have attached a network structurediagram which we are planning to build, so that you will get a fair idea about the same. Also, let me know if you want me to forward you the config details of switch.
Thanks,
sagar
04-29-2012 03:41 AM
Hi Sagar,
A very quick one now that I see which addresses you are using:
conf t
ip subnet zero
end
This should be on by default but you never know.
From your initial description it is not really possible to understand what exactly is the problem.
This is due to some poor english (sorry but thats how it is). Can you please repeat what is working and what not?
Preferrably while using the troubleshooting steps I suggested earlier.
You may paste in the ping results from the pc's in the scheme above, than everyone will understand what you mean.
Leo
04-29-2012 04:02 AM
Hi Leo,
PFA the ping reports from the PCs and also the running config from the switch
So, currently we have re-created 2 different VLANs than i shown you in the diagram, and still we are facing same issue.
Current Scenario -
VLAN 1 - 20.1.2.1/255.255.255.0
VLAN 2 - 20.1.3.1/255.255.255.0
Issue - LAPTOP A from VLAN1 is unable to communicate with LAPTOP B but LAPTOP B from VLAN 2 is able to
communicate with LAPTOP A
Above snapshot from LAPTOP A
Above Snapshot from LAPTOP B
Config -
KOMLI_L3#sh running-config
Building configuration...
Current configuration : 4076 bytes
!
version 12.2
no service pad
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname KOMLI_L3
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$ux3J$ms2dlWauH1hGlfc0hcd5C0
enable password XXXXXXXXXXXX
!
!
!
no aaa new-model
system mtu routing 1500
ip routing
!
!
!
!
crypto pki trustpoint TP-self-signed-59983872
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-59983872
revocation-check none
rsakeypair TP-self-signed-59983872
!
!
crypto pki certificate chain TP-self-signed-59983872
certificate self-signed 01
3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 35393938 33383732 301E170D 39333033 30313030 30313236
5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53
2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D353939 38333837
3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C490
754E131F E400D3C0 B7B2C0FE BDAABE78 A60AB694 1A3C8FAA 9C43E2CE 137F0AE9
457FC01D CF847B41 6B802F34 ADE923AB 0FE02560 B8E63AFF 217871EC EC0A71D4
2A1F7F3C 95C2C59B A28A716E 3A80CA02 82E87AAF 0B266877 3DEA897C A5EA7643
5A15B9B3 0BD72FC4 3B063273 959FE954 9B25EB0B 0BBCFCFC F26C1972 F1690203
010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104
0D300B82 094B4F4D 4C495F4C 332E301F 0603551D 23041830 168014FD 9D0BBB7D
567D0062 09C94583 A38F10B7 1A6C0F30 1D060355 1D0E0416 0414FD9D 0BBB7D56
7D006209 C94583A3 8F10B71A 6C0F300D 06092A86 4886F70D 01010405 00038181
002A60BB 9CBF7C95 1D44F3C3 9EE27E9B A74E7905 7B472973 0E35D868 A9769196
983B7B52 8C96A917 26DAB0CD 9E9552D8 831B9A29 F522C184 1B6912EC E6335FDD
C0823306 42892FD3 0C54AB68 A247C9B8 3D06BE36 75D7419C A0488AE9 3FD94749
19BB63EE 632C357D 5DE87411 B4111C5D 9B5FD1D7 D4A34B2C FE3ADB88 0D6679A5 E0
quit
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet0
no ip address
no ip route-cache cef
no ip route-cache
no ip mroute-cache
shutdown
!
interface GigabitEthernet0/1
no switchport
ip address 200.1.1.1 255.255.255.0
!
interface GigabitEthernet0/2
!
interface GigabitEthernet0/3
!
interface GigabitEthernet0/4
switchport access vlan 10
!
interface GigabitEthernet0/5
!
interface GigabitEthernet0/6
switchport access vlan 20
!
interface GigabitEthernet0/7
!
interface GigabitEthernet0/8
!
interface GigabitEthernet0/9
!
interface GigabitEthernet0/10
!
interface GigabitEthernet0/11
switchport access vlan 2
switchport mode access
!
interface GigabitEthernet0/12
no switchport
ip address 203.212.24.28 255.255.255.248
!
interface GigabitEthernet0/13
switchport access vlan 3
switchport mode access
!
interface GigabitEthernet0/14
!
interface GigabitEthernet0/15
!
interface GigabitEthernet0/16
!
interface GigabitEthernet0/17
!
interface GigabitEthernet0/18
!
interface GigabitEthernet0/19
!
interface GigabitEthernet0/20
!
interface GigabitEthernet0/21
!
interface GigabitEthernet0/22
!
interface GigabitEthernet0/23
!
interface GigabitEthernet0/24
!
interface GigabitEthernet1/1
!
interface GigabitEthernet1/2
!
interface GigabitEthernet1/3
!
interface GigabitEthernet1/4
!
interface TenGigabitEthernet1/1
!
interface TenGigabitEthernet1/2
!
interface Vlan1
ip address 10.10.10.1 255.0.0.0
!
interface Vlan2
ip address 20.1.2.1 255.255.255.0
!
interface Vlan3
ip address 20.1.3.1 255.255.255.0
!
interface Vlan10
ip address 192.168.0.240 255.255.248.0
!
interface Vlan20
ip address 172.40.16.1 255.255.248.0
!
router rip
network 172.40.0.0
network 192.168.0.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 200.1.1.2
ip route 0.0.0.0 0.0.0.0 203.212.24.25
ip route 172.40.16.0 255.255.248.0 192.168.0.0
ip route 192.168.0.0 255.255.248.0 172.40.16.0
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
!
!
line con 0
line vty 0 4
password xxxxxxxxx
login
line vty 5 15
password XXXXXXXXXX
login
!
end
IP Route -
KOMLI_L3#sh ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is 203.212.24.25 to network 0.0.0.0
20.0.0.0/24 is subnetted, 2 subnets
C 20.1.3.0 is directly connected, Vlan3
C 20.1.2.0 is directly connected, Vlan2
C 10.0.0.0/8 is directly connected, Vlan1
203.212.24.0/29 is subnetted, 1 subnets
C 203.212.24.24 is directly connected, GigabitEthernet0/12
S* 0.0.0.0/0 [1/0] via 203.212.24.25
KOMLI_L3#sh ip route summary
IP routing table name is Default-IP-Routing-Table(0)
IP routing table maximum-paths is 32
Route Source Networks Subnets Overhead Memory (bytes)
connected 1 3 256 608
static 1 0 64 152
rip 0 0 0 0
internal 2 2344
Total 4 3 320 3104
KOMLI_L3#sh vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/2, Gi0/3, Gi0/5, Gi0/7
Gi0/8, Gi0/9, Gi0/10, Gi0/14
Gi0/15, Gi0/16, Gi0/17, Gi0/18
Gi0/19, Gi0/20, Gi0/21, Gi0/22
Gi0/23, Gi0/24
2 v1 active Gi0/11
3 v2 active Gi0/13
10 SERVER_192 active Gi0/4
20 USERS_172 active Gi0/6
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1 enet 100001 1500 - - - - - 0 0
2 enet 100002 1500 - - - - - 0 0
3 enet 100003 1500 - - - - - 0 0
10 enet 100010 1500 - - - - - 0 0
VLAN Type SAID MTU Parent RingNo BridgeNo Stp BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
20 enet 100020 1500 - - - - - 0 0
1002 fddi 101002 1500 - - - - - 0 0
1003 tr 101003 1500 - - - - - 0 0
1004 fdnet 101004 1500 - - - ieee - 0 0
1005 trnet 101005 1500 - - - ibm - 0 0
Remote SPAN VLANs
------------------------------------------------------------------------------
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
KOMLI_L3#sh ip int bri
Interface IP-Address OK? Method Status Protocol
Vlan1 10.10.10.1 YES NVRAM up up
Vlan2 20.1.2.1 YES manual up up
Vlan3 20.1.3.1 YES manual up up
Vlan10 192.168.0.240 YES NVRAM up down
Vlan20 172.40.16.1 YES NVRAM up down
FastEthernet0 unassigned YES NVRAM administratively down down
GigabitEthernet0/1 200.1.1.1 YES NVRAM down down
GigabitEthernet0/2 unassigned YES unset down down
GigabitEthernet0/3 unassigned YES unset down down
GigabitEthernet0/4 unassigned YES unset down down
GigabitEthernet0/5 unassigned YES unset down down
GigabitEthernet0/6 unassigned YES unset down down
GigabitEthernet0/7 unassigned YES unset down down
GigabitEthernet0/8 unassigned YES unset down down
GigabitEthernet0/9 unassigned YES unset down down
GigabitEthernet0/10 unassigned YES unset down down
GigabitEthernet0/11 unassigned YES unset up up
GigabitEthernet0/12 203.212.24.28 YES manual up up
GigabitEthernet0/13 unassigned YES unset up up
GigabitEthernet0/14 unassigned YES unset down down
GigabitEthernet0/15 unassigned YES unset down down
GigabitEthernet0/16 unassigned YES unset down down
GigabitEthernet0/17 unassigned YES unset down down
GigabitEthernet0/18 unassigned YES unset down down
GigabitEthernet0/19 unassigned YES unset down down
GigabitEthernet0/20 unassigned YES unset down down
GigabitEthernet0/21 unassigned YES unset up up
GigabitEthernet0/22 unassigned YES unset down down
GigabitEthernet0/23 unassigned YES unset down down
GigabitEthernet0/24 unassigned YES unset down down
GigabitEthernet1/1 unassigned YES unset down down
GigabitEthernet1/2 unassigned YES unset down down
GigabitEthernet1/3 unassigned YES unset down down
GigabitEthernet1/4 unassigned YES unset down down
TenGigabitEthernet1/1 unassigned YES unset down down
TenGigabitEthernet1/2 unassigned YES unset down down
Thanks for your help and patience !!
04-29-2012 04:14 AM
Windows firewall enabled on Laptop B ?
Dan
04-29-2012 04:33 AM
Windows Firewall 'Turned Off' oon both the laptops
04-29-2012 05:42 AM
You should try ruling the switch out and put both problem laptops in the same vlan. If they start to work, then something is going on with intervlan routing. If they still don't work and it follows the laptop, then something is wrong with the laptop. If it all works in vlan 2, move both boxes to vlan 3 and see if the problem occurs. If the problem occurs between both, then you could be having an issue with that vlan, etc.
HTH,
John
04-29-2012 06:34 AM
Thanks it worked !!
Firewall issue, it was actually not turned off on LAPTOP B.
Appreciate your help !!
Maybe I am asking more now I need a further help on adding my Firewall to switch and configure the same. Can you please help me in same?
I dont want to disturb the current setup on firewall and add new scope of User Vlan.
Current Firewall Scenario -
DHCP Server Scope - 192.168.0.1 to 192.168.1.254 /255.255.254.0
Appreciate your help !!
Cheers,
Sagar
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide