cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1741
Views
27
Helpful
17
Replies

Unable to perform VLAN Routing

sagarshaha
Level 1
Level 1

Hi,

We recently purchased Cisco 3560X Layer3 Switch. We need to perform simple Inter VLAN routing.  We have configured VLAN1 (name-server_vlan) and VLAN2 (name- user_vlan). We have also assigned the Ports and IP address to both the VLANs. After assiging this if we plug Laptop A into VLAN1 then it doesnt communicates with Laptop B (btw, Laptop A is able to Ping VLAN2 Gateway ) in VLAN2 but on the other hand Laptop B is able to communicate with Laptop A and ping everything i.e. Gateway of VLAN1.

Rquest you to please help in where I am going wrong.

Thanks in advance !

Cheers,

Sagar

17 Replies 17

Peter Paluch
Cisco Employee
Cisco Employee

Hi Sagar,

If laptop B can ping laptop A then the routing is working fine. In that case, I suggest to have a close look at the firewall settings on both laptops. Firewalls on Windows are notoriously known for causing similar incidents. Ideally, deactivate the firewall on both laptops for the time being and see if it solves the issue.

Best regards,

Peter

Hi Peter,

Thanks for your reply !!

Firewall on both the laptops are disabled !!

Also, from Switch we are unable to ping Laptop A

Thanks,

Sagar

lgijssel
Level 9
Level 9

Your switch is probably OK.

You have verified that the global command ip routing is in the config?

At least ip forwarding seems to work but the problem description is slightly confusing.

From your explanation, the following are likely causes:

-Incorrect subnet mask on client A or B

-Incorrect or missing default gateway on A or B

regards,

Leo

Hi Leo,

Thanks for your reply !!

Yes, IP routing is enabled and checked by 'show running-config' command.

Also, we have given common subnet mask on both laptops which are same as VLAN subnet masks.

Also, given correct gateway as given for VLANs

Appreciate your help !!

Thanks,

Sagar

Any access lists configured on the switch perhaps?

Nopes....just starting configuring Inter VLANs

Well, in that case you are definitely overlooking something basic.

How much can there be wrong with this config

Looks like all the options have been mentioned:

-Firewall on clients

-Wrong subnet masks

-Def GW missing or incorrect

Without any detailed information regarding the config, this is merely guessing and I'm not quite good at that.

Basic steps to troubleshoot:

Verify each PC can ping its own gateway

Then try gateway of the other side >> If this works, the cisco part is OK.

Looks like this is your issue which must hence be something with one of the clients or perhaps both.

regards,

Leo

Hi Leo,

I am also not sure where the the problem and we are trying to dig this out from last 8-9 hrs. We have tried changing the clients with different laptops, etc but still no luck

I have attached a network structurediagram which we are planning to build, so that you will get a fair idea about the same. Also, let me know if you want me to forward you the config details of switch.

Thanks,

sagar

Hi Sagar,

A very quick one now that I see which addresses you are using:

conf t

ip subnet zero

end

This should be on by default but you never know.

From your initial description it is not really possible to understand what exactly is the problem.

This is due to some poor english (sorry but thats how it is). Can you please repeat what is working and what not?

Preferrably while using the troubleshooting steps I suggested earlier.

You may paste in the ping results from the pc's in the scheme above, than everyone will understand what you mean.

Leo

Hi Leo,

PFA the ping reports from the PCs and also the running config from the switch

So, currently we have re-created 2 different VLANs than i shown you in the diagram, and still we are facing same issue.

Current Scenario -

VLAN 1 - 20.1.2.1/255.255.255.0

VLAN 2 - 20.1.3.1/255.255.255.0

Issue - LAPTOP A from VLAN1 is unable to communicate with LAPTOP B but LAPTOP B from VLAN 2 is able to

communicate with LAPTOP A

Above snapshot from LAPTOP A

Above Snapshot from LAPTOP B

Config -

KOMLI_L3#sh running-config

Building configuration...

Current configuration : 4076 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname KOMLI_L3

!

boot-start-marker

boot-end-marker

!

enable secret 5 $1$ux3J$ms2dlWauH1hGlfc0hcd5C0

enable password XXXXXXXXXXXX

!

!

!

no aaa new-model

system mtu routing 1500

ip routing

!

!

!

!

crypto pki trustpoint TP-self-signed-59983872

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-59983872

revocation-check none

rsakeypair TP-self-signed-59983872

!

!

crypto pki certificate chain TP-self-signed-59983872

certificate self-signed 01

  3082023D 308201A6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

  2F312D30 2B060355 04031324 494F532D 53656C66 2D536967 6E65642D 43657274

  69666963 6174652D 35393938 33383732 301E170D 39333033 30313030 30313236

  5A170D32 30303130 31303030 3030305A 302F312D 302B0603 55040313 24494F53

  2D53656C 662D5369 676E6564 2D436572 74696669 63617465 2D353939 38333837

  3230819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281 8100C490

  754E131F E400D3C0 B7B2C0FE BDAABE78 A60AB694 1A3C8FAA 9C43E2CE 137F0AE9

  457FC01D CF847B41 6B802F34 ADE923AB 0FE02560 B8E63AFF 217871EC EC0A71D4

  2A1F7F3C 95C2C59B A28A716E 3A80CA02 82E87AAF 0B266877 3DEA897C A5EA7643

  5A15B9B3 0BD72FC4 3B063273 959FE954 9B25EB0B 0BBCFCFC F26C1972 F1690203

  010001A3 69306730 0F060355 1D130101 FF040530 030101FF 30140603 551D1104

  0D300B82 094B4F4D 4C495F4C 332E301F 0603551D 23041830 168014FD 9D0BBB7D

  567D0062 09C94583 A38F10B7 1A6C0F30 1D060355 1D0E0416 0414FD9D 0BBB7D56

  7D006209 C94583A3 8F10B71A 6C0F300D 06092A86 4886F70D 01010405 00038181

  002A60BB 9CBF7C95 1D44F3C3 9EE27E9B A74E7905 7B472973 0E35D868 A9769196

  983B7B52 8C96A917 26DAB0CD 9E9552D8 831B9A29 F522C184 1B6912EC E6335FDD

  C0823306 42892FD3 0C54AB68 A247C9B8 3D06BE36 75D7419C A0488AE9 3FD94749

  19BB63EE 632C357D 5DE87411 B4111C5D 9B5FD1D7 D4A34B2C FE3ADB88 0D6679A5 E0

  quit

spanning-tree mode pvst

spanning-tree extend system-id

!

!

!

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

no ip mroute-cache

shutdown

!

interface GigabitEthernet0/1

no switchport

ip address 200.1.1.1 255.255.255.0

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

switchport access vlan 10

!

interface GigabitEthernet0/5

!

interface GigabitEthernet0/6

switchport access vlan 20

!

interface GigabitEthernet0/7

!

interface GigabitEthernet0/8

!

interface GigabitEthernet0/9

!

interface GigabitEthernet0/10

!

interface GigabitEthernet0/11

switchport access vlan 2

switchport mode access

!

interface GigabitEthernet0/12

no switchport

ip address 203.212.24.28 255.255.255.248

!

interface GigabitEthernet0/13

switchport access vlan 3

switchport mode access

!

interface GigabitEthernet0/14

!

interface GigabitEthernet0/15

!

interface GigabitEthernet0/16

!

interface GigabitEthernet0/17

!

interface GigabitEthernet0/18

!

interface GigabitEthernet0/19

!

interface GigabitEthernet0/20

!

interface GigabitEthernet0/21

!

interface GigabitEthernet0/22

!

interface GigabitEthernet0/23

!

interface GigabitEthernet0/24

!

interface GigabitEthernet1/1

!

interface GigabitEthernet1/2

!

interface GigabitEthernet1/3

!

interface GigabitEthernet1/4

!

interface TenGigabitEthernet1/1

!

interface TenGigabitEthernet1/2

!

interface Vlan1

ip address 10.10.10.1 255.0.0.0

!

interface Vlan2

ip address 20.1.2.1 255.255.255.0

!

interface Vlan3

ip address 20.1.3.1 255.255.255.0

!

interface Vlan10

ip address 192.168.0.240 255.255.248.0

!

interface Vlan20

ip address 172.40.16.1 255.255.248.0

!

router rip

network 172.40.0.0

network 192.168.0.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 200.1.1.2

ip route 0.0.0.0 0.0.0.0 203.212.24.25

ip route 172.40.16.0 255.255.248.0 192.168.0.0

ip route 192.168.0.0 255.255.248.0 172.40.16.0

ip http server

ip http secure-server

!

ip sla enable reaction-alerts

!

!

line con 0

line vty 0 4

password xxxxxxxxx

login

line vty 5 15

password XXXXXXXXXX

login

!

end

IP Route -

KOMLI_L3#sh ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is 203.212.24.25 to network 0.0.0.0

     20.0.0.0/24 is subnetted, 2 subnets

C       20.1.3.0 is directly connected, Vlan3

C       20.1.2.0 is directly connected, Vlan2

C    10.0.0.0/8 is directly connected, Vlan1

     203.212.24.0/29 is subnetted, 1 subnets

C       203.212.24.24 is directly connected, GigabitEthernet0/12

S*   0.0.0.0/0 [1/0] via 203.212.24.25

KOMLI_L3#sh ip route summary

IP routing table name is Default-IP-Routing-Table(0)

IP routing table maximum-paths is 32

Route Source    Networks    Subnets     Overhead    Memory (bytes)

connected       1           3           256         608

static          1           0           64          152

rip             0           0           0           0

internal        2                                   2344

Total           4           3           320         3104

KOMLI_L3#sh vlan

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi0/2, Gi0/3, Gi0/5, Gi0/7

                                                Gi0/8, Gi0/9, Gi0/10, Gi0/14

                                                Gi0/15, Gi0/16, Gi0/17, Gi0/18

                                                Gi0/19, Gi0/20, Gi0/21, Gi0/22

                                                Gi0/23, Gi0/24

2    v1                               active    Gi0/11

3    v2                               active    Gi0/13

10   SERVER_192                       active    Gi0/4

20   USERS_172                        active    Gi0/6

1002 fddi-default                     act/unsup

1003 token-ring-default               act/unsup

1004 fddinet-default                  act/unsup

1005 trnet-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

1    enet  100001     1500  -      -      -        -    -        0      0

2    enet  100002     1500  -      -      -        -    -        0      0

3    enet  100003     1500  -      -      -        -    -        0      0

10   enet  100010     1500  -      -      -        -    -        0      0

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2

---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------

20   enet  100020     1500  -      -      -        -    -        0      0

1002 fddi  101002     1500  -      -      -        -    -        0      0

1003 tr    101003     1500  -      -      -        -    -        0      0

1004 fdnet 101004     1500  -      -      -        ieee -        0      0

1005 trnet 101005     1500  -      -      -        ibm  -        0      0

Remote SPAN VLANs

------------------------------------------------------------------------------

Primary Secondary Type              Ports

------- --------- ----------------- ------------------------------------------

KOMLI_L3#sh ip int bri

Interface              IP-Address      OK? Method Status                Protocol

Vlan1                  10.10.10.1      YES NVRAM  up                    up

Vlan2                  20.1.2.1        YES manual up                    up

Vlan3                  20.1.3.1        YES manual up                    up

Vlan10                 192.168.0.240   YES NVRAM  up                    down

Vlan20                 172.40.16.1     YES NVRAM  up                    down

FastEthernet0          unassigned      YES NVRAM  administratively down down

GigabitEthernet0/1     200.1.1.1       YES NVRAM  down                  down

GigabitEthernet0/2     unassigned      YES unset  down                  down

GigabitEthernet0/3     unassigned      YES unset  down                  down

GigabitEthernet0/4     unassigned      YES unset  down                  down

GigabitEthernet0/5     unassigned      YES unset  down                  down

GigabitEthernet0/6     unassigned      YES unset  down                  down

GigabitEthernet0/7     unassigned      YES unset  down                  down

GigabitEthernet0/8     unassigned      YES unset  down                  down

GigabitEthernet0/9     unassigned      YES unset  down                  down

GigabitEthernet0/10    unassigned      YES unset  down                  down

GigabitEthernet0/11    unassigned      YES unset  up                    up

GigabitEthernet0/12    203.212.24.28   YES manual up                    up

GigabitEthernet0/13    unassigned      YES unset  up                    up

GigabitEthernet0/14    unassigned      YES unset  down                  down

GigabitEthernet0/15    unassigned      YES unset  down                  down

GigabitEthernet0/16    unassigned      YES unset  down                  down

GigabitEthernet0/17    unassigned      YES unset  down                  down

GigabitEthernet0/18    unassigned      YES unset  down                  down

GigabitEthernet0/19    unassigned      YES unset  down                  down

GigabitEthernet0/20    unassigned      YES unset  down                  down

GigabitEthernet0/21    unassigned      YES unset  up                    up

GigabitEthernet0/22    unassigned      YES unset  down                  down

GigabitEthernet0/23    unassigned      YES unset  down                  down

GigabitEthernet0/24    unassigned      YES unset  down                  down

GigabitEthernet1/1     unassigned      YES unset  down                  down

GigabitEthernet1/2     unassigned      YES unset  down                  down

GigabitEthernet1/3     unassigned      YES unset  down                  down

GigabitEthernet1/4     unassigned      YES unset  down                  down

TenGigabitEthernet1/1  unassigned      YES unset  down                  down

TenGigabitEthernet1/2  unassigned      YES unset  down                  down

Thanks for your help and patience !!

Windows firewall enabled on Laptop B ?

Dan

Windows Firewall 'Turned Off' oon both the laptops

You should try ruling the switch out and put both problem laptops in the same vlan. If they start to work, then something is going on with intervlan routing. If they still don't work and it follows the laptop, then something is wrong with the laptop. If it all works in vlan 2, move both boxes to vlan 3 and see if the problem occurs. If the problem occurs between both, then you could be having an issue with that vlan, etc.

HTH,

John

HTH, John *** Please rate all useful posts ***

Thanks it worked !!

Firewall issue, it was actually not turned off on LAPTOP B.

Appreciate your help !!

Maybe I am asking more now I need a further help on adding my Firewall to switch and configure the same. Can you please help me in same?

I dont want to disturb the current setup on firewall and add new scope of User Vlan.

Current Firewall Scenario -

DHCP Server Scope - 192.168.0.1 to 192.168.1.254 /255.255.254.0

Appreciate your help !!

Cheers,

Sagar

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco