Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6961
Views
0
Helpful
23
Replies

Unable to ping management VLAN from user subnet

jeffrey.girard
Level 1
Level 1

‎10-19-2011 11:59 AM - edited ‎03-07-2019 02:55 AM

I have a router on a stick (3845 router) connected to 3560 switch via an 802.1q trunk.  VLAN 1 is shutdown.  I am using VLAN 139 as my management VLAN.  I also have several more user VLANs all defined on the switch and as Layer 3 interfaces on the router via the trunk.

From a user VLAN (ie VLAN 137) I am able to ping to the default gateways of both VLANs (137 and 139) that exist on the 3845 router.  However, I am unable to ping to the management IP of the switch (VLAN 139) from a user port on VLAN 137.

Snippets of configuration

3845

Gig 0/1.137

     encap dot1q

     ip address 172.30.252.254 255.255.255.0

     no shut

Gig 0/1.139

     encap dot1q

     ip address 172.30.254.254 255.255.255.0

     no shut

3560

Gig 0/48

     switchport mode trunk

     switchport trunk encap dot1q

int vlan 139

     ip address 172.30.254.100 255.255.255.0

     no shut

Its probably something very simple and obvious, but Im not seeing the forest for the trees

Jeff

Labels:
0 Helpful
23 Replies 23

jeffrey.girard
Level 1
Level 1
In response to Jon Marshall

‎10-19-2011 02:59 PM

That is correct.  From the single switch connected to the router, I have approx a dozen more switches trunked together.  Each switch has as it management VLAN, VLAN139.  All the trunks are carrying VLAN 139, else I would not be able to connect to them remotely.  All of our trunks between all of our switches are carrying all VLANs.

From any of the switches with management VLAN ip addresses on VLAN 139 (ie 172.30.254.0/24), I am unable to ping any device on any other VLAN (except for the Layer 3 interfaces of each of those VLANs on the router.  Each of these is the .254 address)

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to jeffrey.girard

‎10-19-2011 03:18 PM

Jeff

1) from the test laptop in vlan 140 can you try pinging a switch management IP

2)  you said -

From the single switch connected to the router, I have approx a dozen more switches trunked together

but from the output of "sh int trunk" on the switch connected to the router you only have one trunk link ie. the one to the router ? so hwo do the other switches connect to this switch ?

Jon

0 Helpful

jeffrey.girard
Level 1
Level 1
In response to Jon Marshall

‎10-19-2011 01:32 PM

Jon -  See below

Trunk uplink from NOC switch to router is port 24

=~=~=~=~=~=~=~=~=~=~=~= PuTTY log 2011.10.19 14:28:00 =~=~=~=~=~=~=~=~=~=~=~=
sh vlan

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/13, Gi0/14, Gi0/15, Gi0/16
                                                Gi0/17, Gi0/25, Gi0/26, Gi0/27
                                                Gi0/28
10   VLAN0010                         active   
58   VLAN0058                         active    Gi0/20, Gi0/22
59   VLAN0059                         active    Gi0/1, Gi0/2, Gi0/20, Gi0/22
100  XG                               active   
134  Common_Services                  active    Gi0/23
135  Wireless_Management              active    Gi0/4
136  WAVE                             active    Gi0/12
137  RTCA                             active    Gi0/5
138  M&S                              active    Gi0/8
139  MANAGEMENT                       active    Gi0/6, Gi0/9, Gi0/18
140  VOIP                             active    Gi0/3, Gi0/19, Gi0/21
141  ABCS                             active   
142  GMR                              active   
143  JCR                              active   
144  DOTMLPF                          active   
145  VLAN0145                         active    Gi0/11
146  VLAN0146                         active    Gi0/10
--More--                          
VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
147  TAIS_RADAR                       active    Gi0/7
148  Surrogate_UPPER_TI               active   
149  UAV_VIDEO                        active   
150  VLAN0150                         active   
154  VLAN0154                         active   
200  XG_Outbound_1                    active   
300  XG_Outbound_2                    active   
500  VLAN0500                         active   
1002 fddi-default                     act/unsup
1003 trcrf-default                    act/unsup
1004 fddinet-default                  act/unsup
1005 trbrf-default                    act/unsup

VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
1    enet  100001     1500  -      -      -        -    -        0      0  
10   enet  100010     1500  -      -      -        -    -        0      0  
58   enet  100058     1500  -      -      -        -    -        0      0  
59   enet  100059     1500  -      -      -        -    -        0      0  
100  enet  100100     1500  -      -      -        -    -        0      0  
134  enet  100134     1500  -      -      -        -    -        0      0  
135  enet  100135     1500  -      -      -        -    -        0      0  
136  enet  100136     1500  -      -      -        -    -        0      0  
--More--                          
VLAN Type  SAID       MTU   Parent RingNo BridgeNo Stp  BrdgMode Trans1 Trans2
---- ----- ---------- ----- ------ ------ -------- ---- -------- ------ ------
137  enet  100137     1500  -      -      -        -    -        0      0  
138  enet  100138     1500  -      -      -        -    -        0      0  
139  enet  100139     1500  -      -      -        -    -        0      0  
140  enet  100140     1500  -      -      -        -    -        0      0  
141  enet  100141     1500  -      -      -        -    -        0      0  
142  enet  100142     1500  -      -      -        -    -        0      0  
143  enet  100143     1500  -      -      -        -    -        0      0  
144  enet  100144     1500  -      -      -        -    -        0      0  
145  enet  100145     1500  -      -      -        -    -        0      0  
146  enet  100146     1500  -      -      -        -    -        0      0  
147  enet  100147     1500  -      -      -        -    -        0      0  
148  enet  100148     1500  -      -      -        -    -        0      0  
149  enet  100149     1500  -      -      -        -    -        0      0  
150  enet  100150     1500  -      -      -        -    -        0      0  
154  enet  100154     1500  -      -      -        -    -        0      0  
200  enet  100200     1500  -      -      -        -    -        0      0  
300  enet  100300     1500  -      -      -        -    -        0      0  
500  enet  100500     1500  -      -      -        -    -        0      0  
1002 fddi  101002     1500  -      -      -        -    -        0      0  
1003 trcrf 101003     4472  1005   3276   -        -    srb      0      0  
1004 fdnet 101004     1500  -      -      -        ieee -        0      0  
1005 trbrf 101005     4472  -      -      15       ibm  -        0      0  

--More--                          
VLAN AREHops STEHops Backup CRF
---- ------- ------- ----------
1003 0       0       off

Remote SPAN VLANs
------------------------------------------------------------------------------


Primary Secondary Type              Ports
------- --------- ----------------- ------------------------------------------

FFID_NOC_1090#sh int trunk

Port        Mode             Encapsulation  Status        Native vlan
Gi0/24      on               802.1q         trunking      500

Port        Vlans allowed on trunk
Gi0/24      2-4094

Port        Vlans allowed and active in management domain
Gi0/24      10,58-59,100,134-150,154,200,300,500

Port        Vlans in spanning tree forwarding state and not pruned
Gi0/24      10,58-59,100,134-150,154,200,300,500
FFID_NOC_1090#

0 Helpful

Jon Marshall
Hall of Fame
Hall of Fame
In response to jeffrey.girard

‎10-19-2011 01:34 PM

Thanks, that looks fine.

So can you run the pings and let me know the results ?

Jon

0 Helpful

joeadiutori
Level 1
Level 1

‎10-19-2011 12:09 PM

I think behind the encap dot1q you need to put the VLAN.

example:  encap dot1q 137

0 Helpful

joeadiutori
Level 1
Level 1
In response to joeadiutori

‎10-19-2011 12:14 PM

0 Helpful

jeffrey.girard
Level 1
Level 1
In response to joeadiutori

‎10-19-2011 12:16 PM

Joe -

     yes, I already have the VLAN numbers on the encap commands.  I just did not include them when I typed this snippet.

     So, correcting my snippets, the code looks likes this

3845

Gig 0/1.137

encap dot1q 137

ip address 172.30.252.254 255.255.255.0

no shut

Gig 0/1.139

encap dot1q 139

ip address 172.30.254.254 255.255.255.0

no shut

3560

Gig 0/48

switchport mode trunk

switchport trunk encap dot1q

int vlan 139

ip address 172.30.254.100 255.255.255.0

no shut

ip default-gateway 172.30.254.254

0 Helpful

joeadiutori
Level 1
Level 1
In response to joeadiutori

‎10-19-2011 12:17 PM

the more I think about it, the more I'm certain that you need the VLAN number behind the encap statement.  Just because you name the VLAN 137, this does not put this interface in VLAn 137.  To get the interface into VLAN 137, include 137 behind the dot1q and that should do it ....... I think.

0 Helpful

joeadiutori
Level 1
Level 1
In response to joeadiutori

‎10-19-2011 12:30 PM

How about putting this on the switch for

int Gig 0/48

   switchport trunk NATIVE VLAN 139

just an idea

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card