Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
817
Views
0
Helpful
2
Replies

Unable to ping behind SVI

whartigan1
Level 1
Level 1

‎03-18-2016 03:17 PM - edited ‎03-08-2019 05:02 AM

I have one I think should be really simple but I can fix it to save my life....

Running a little Cisco 1811 router. 

Int fa0 = Outside interface to Cable Modem

Int vlan1921 = SVI for the local LAN

Everything works swimmingly on vlan 1921. No issue communicating between device or to the internet.

If I create a loopback or another SVI interface I can ping the 1921 SVI Router IP, but I cannot ping any devices behind the SVI... 

If I try to ping the router ip of another SVI or loopback from a device on the 1921 vlan it times out.

Thoughts?

Show output and running configuration below...

Labels:
0 Helpful
2 Replies 2

whartigan1
Level 1
Level 1

‎03-18-2016 03:58 PM

R1811#show ip route

Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area 

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP

       + - replicated route, % - next hop override

Gateway of last resort is 73.220.84.1 to network 0.0.0.0

S*    0.0.0.0/0 [254/0] via 73.220.84.1

      10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        10.10.10.0/24 is directly connected, Loopback10

L        10.10.10.10/32 is directly connected, Loopback10

      69.0.0.0/32 is subnetted, 1 subnets

S        69.252.97.6 [254/0] via 73.220.84.1, FastEthernet0

      73.0.0.0/8 is variably subnetted, 2 subnets, 2 masks

C        73.220.84.0/23 is directly connected, FastEthernet0

L        73.220.84.54/32 is directly connected, FastEthernet0

      172.16.0.0/16 is variably subnetted, 3 subnets, 2 masks

S        172.16.5.0/24 is directly connected, Vlan114

C        172.16.254.0/24 is directly connected, Vlan114

L        172.16.254.1/32 is directly connected, Vlan114

      192.168.1.0/24 is variably subnetted, 2 subnets, 2 masks

C        192.168.1.0/24 is directly connected, Vlan1921

L        192.168.1.1/32 is directly connected, Vlan1921

R1811#ping 192.168.1.253 source

R1811#ping 192.168.1.253 source vlan 114

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.1.253, timeout is 2 seconds:

Packet sent with a source address of 172.16.254.1 

.....

Success rate is 0 percent (0/5)

R1811#show vlan-s

R1811#show vlan-switch brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Fa7

114  Management                       active    Fa4

1002 fddi-default                     act/unsup 

1003 token-ring-default               act/unsup 

1004 fddinet-default                  act/unsup 

1005 trnet-default                    act/unsup 

1921 192.168.1.x/24                   active    Fa2, Fa3, Fa5, Fa6, Fa8

R1811#show ip int brief

Interface                  IP-Address      OK? Method Status                Protocol

Async1                     unassigned      YES unset  down                  down    

FastEthernet0              73.220.84.54    YES DHCP   up                    up      

FastEthernet1              unassigned      YES NVRAM  administratively down down    

FastEthernet2              unassigned      YES unset  up                    down    

FastEthernet3              unassigned      YES unset  up                    up      

FastEthernet4              unassigned      YES unset  up                    up      

FastEthernet5              unassigned      YES unset  up                    down    

FastEthernet6              unassigned      YES unset  up                    down    

FastEthernet7              unassigned      YES unset  up                    down    

FastEthernet8              unassigned      YES unset  up                    up      

FastEthernet9              unassigned      YES unset  up                    down    

Loopback10                 10.10.10.10     YES NVRAM  up                    up      

NVI0                       10.10.10.10     YES unset  up                    up      

Vlan1                      unassigned      YES unset  up                    down    

Vlan114                    172.16.254.1    YES NVRAM  up                    up      

Vlan1921                   192.168.1.1     YES NVRAM  up                    up      

R1811#

R1811#show run 

Building configuration...

Current configuration : 4839 bytes

!

! Last configuration change at 14:23:01 Pacific Fri Mar 18 2016 by will

! NVRAM config last updated at 22:21:10 Pacific Thu Mar 17 2016 by will

! NVRAM config last updated at 22:21:10 Pacific Thu Mar 17 2016 by will

version 15.1

service timestamps debug datetime msec

service timestamps log datetime localtime

service password-encryption

service sequence-numbers

!

hostname R1811

!

boot-start-marker

boot system flash:c181x-adventerprisek9-mz.151-4.M8.bin

boot-end-marker

!

!

logging buffered 4096 informational

enable secret 5 $xxx

!

no aaa new-model

!         

clock timezone Pacific -8 0

crypto pki token default removal timeout 0

!

!

dot11 syslog

ip source-route

!

!

no ip dhcp use vrf connected

!

ip dhcp pool 192.168.1.x/24

 network 192.168.1.0 255.255.255.0

 default-router 192.168.1.1 

 dns-server 8.8.8.8 

!

!

!

ip cef

ip domain name hartigan.com

ip ips config location flash:ips retries 1

ip ips name iosips

!

ip ips signature-category

  category all

   retired true

  category ios_ips advanced

   retired false

   enabled true

  category ios_ips basic

   retired true

   enabled false

!

ip inspect max-incomplete low 60

ip inspect max-incomplete high 100

ip inspect name Firewall tcp router-traffic

ip inspect name Firewall udp router-traffic

ip inspect name Firewall icmp router-traffic

ip inspect name Firewall tftp

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

license udi pid CISCO1811/K9 sn FTX1118Z0YQ

archive   

 log config

  hidekeys

vtp mode transparent

username will privilege 15 password 7 xxx

!

crypto key pubkey-chain rsa

 named-key realm-cisco.pub signature

  address 64.99.80.30

  key-string

   30820122 300D0609 2A864886 F70D0101 01050003 82010F00 3082010A 02820101 

   00C19E93 A8AF124A D6CC7A24 5097A975 206BE3A2 06FBA13F 6F12CB5B 4E441F16 

   17E630D5 C02AC252 912BE27F 37FDD9C8 11FC7AF7 DCDD81D9 43CDABC3 6007D128 

   B199ABCB D34ED0F9 085FADC1 359C189E F30AF10A C0EFB624 7E0764BF 3E53053E 

   5B2146A9 D7A5EDE3 0298AF03 DED7A5B8 9479039D 20F30663 9AC64B93 C0112A35 

   FE3F0C87 89BCB7BB 994AE74C FA9E481D F65875D6 85EAF974 6D9CC8E3 F0B08B85 

   50437722 FFBE85B9 5E4189FF CC189CB9 69C46F9C A84DFBA5 7A0AF99E AD768C36 

   006CF498 079F88F8 A3B3FB1F 9FB7B3CB 5539E1D1 9693CCBB 551F78D2 892356AE 

   2F56D826 8918EF3C 80CA4F4D 87BFCA3B BFF668E9 689782A5 CF31CB6E B4B094D3 

   F3020301 0001

  quit

!

!

vlan 114  

 name Management

!

vlan 1921

 name 192.168.1.x/24

!

!

!

!

!

!

!

interface Loopback10

 ip address 10.10.10.10 255.255.255.0

!

interface FastEthernet0

 ip address dhcp

 ip access-group Firewall-Remark in

 ip nat outside

 ip ips iosips in

 ip inspect Firewall out

 ip virtual-reassembly in max-reassemblies 64

 load-interval 30

 duplex auto

 speed auto

!

interface FastEthernet1

 no ip address

 shutdown

 duplex auto

 speed auto

!

interface FastEthernet2

 switchport access vlan 1921

 no ip address

 spanning-tree portfast

!

interface FastEthernet3

 switchport access vlan 1921

 no ip address

 spanning-tree portfast

!

interface FastEthernet4

 switchport access vlan 114

 no ip address

!         

interface FastEthernet5

 switchport access vlan 1921

 no ip address

 spanning-tree portfast

!

interface FastEthernet6

 switchport access vlan 1921

 no ip address

 spanning-tree portfast

!

interface FastEthernet7

 switchport mode trunk

 no ip address

!

interface FastEthernet8

 switchport access vlan 1921

 no ip address

 spanning-tree portfast

!

interface FastEthernet9

 switchport access vlan 10

 no ip address

 spanning-tree portfast

!

interface Vlan1

 no ip address

!

interface Vlan114

 ip address 172.16.254.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

interface Vlan1921

 ip address 192.168.1.1 255.255.255.0

 ip nat inside

 ip virtual-reassembly in

!

interface Async1

 no ip address

 encapsulation slip

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!         

ip nat inside source list NAT interface FastEthernet0 overload

!

ip access-list extended Firewall-Remark

 permit udp any eq bootps any eq bootpc

 permit icmp any any time-exceeded

 permit icmp any any unreachable

 remark Implicit deny for IP Inspect

 deny   ip any any log

ip access-list extended NAT

 permit ip 192.168.1.0 0.0.0.255 any

 permit ip 10.1.10.0 0.0.0.255 any

 permit ip host 172.16.1.1 any

 permit ip 172.16.254.0 0.0.0.255 any

!

logging host 192.168.1.13 transport tcp port 5544

!

!

!

!

!         

!

control-plane

!

!

!

line con 0

 logging synchronous

 length 30

line 1

 modem InOut

 stopbits 1

 speed 115200

 flowcontrol hardware

line aux 0

line vty 0 4

 logging synchronous

 login local

 length 40

 transport input ssh

line vty 5 15

 logging synchronous

 login local

 length 40

 transport input ssh

!

ntp server 97.107.128.58

end

0 Helpful

whartigan1
Level 1
Level 1
In response to whartigan1

‎03-18-2016 04:08 PM

RESOLVED.

In doing ping tests I somehow managed to pick the ONLY two devices in my entire house that are not responding to pings across the SVI's. I have since tested other IP's and can successfully route between SVI's. 

Issue to be troubleshooted local to each device that won't respond... Go figure its my FTP/TFTP server I can't reach of all things...

0 Helpful
Customers Also Viewed These Support Documents