05-15-2015 07:00 AM - edited 03-08-2019 12:01 AM
Please help me!!
I am working on a Catalyst 3560 IOS 15.0(2) SE
I have my switch with a couple of VLANs and routing enabled, but my switch doesn't seem to route...
Desription:
VLAN 10
VLAN interface 10.190.1.3/24
VLAN 20
VLAN interface 192.168.20.1/24
Computer
IP 192.168.20.21/24
Problem:
I can ping the computer from VLAN interface 20 but not 10
Master-Switch#ping 192.168.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Master-Switch#ping 192.168.20.21 source vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
.....
Success rate is 0 percent (0/5)
See attached putty log for complete config and tests.
05-15-2015 07:11 AM
Have you checked the computer's default-gateway?
HTH
Rolf
05-15-2015 07:22 AM
From the computer I can ping 192.168.20.1 10.190.1.3 and 10.190.1.1 all with success
05-15-2015 10:44 AM
What happens if you remove the "no ip redirects" from vlan 10?
interface Vlan10
ip address 10.190.1.3 255.255.255.0
no ip redirects
Regards,
Jason
05-15-2015 07:30 AM
I don't thin kit's a PC problem:
From the switch:
Master-Switch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/38/42 ms
Master-Switch#ping 8.8.8.8 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)
- See more at: https://supportforums.cisco.com/discussion/12508486/what-am-i-missing-here#comment-10503136
05-15-2015 07:15 AM
From the computer can you ping the vlan 10 IP address ?
Jon
05-15-2015 07:22 AM
From the computer I can ping 192.168.20.1 10.190.1.3 and 10.190.1.1 all with success
05-15-2015 07:26 AM
Then it sounds like you have some sort of firewall on the computer that only allows connections from the same IP subnet.
Jon
05-15-2015 07:30 AM
I don't thin kit's a PC problem:
From the switch:
Master-Switch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/38/42 ms
Master-Switch#ping 8.8.8.8 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)
05-15-2015 07:35 AM
If you can ping from the computer to 10.190.1.1 then your switch is routing.
In terms of your ping of 8.8.8.8 what device does NAT and is it configured to NAT for 192.168.20.x IPs ?
If the device that does NAT is not 10.190.1.1 does it also have a route back to 192.168.20.x ?
Jon
05-15-2015 07:39 AM
From 10.190.1.1:
DK-DNIE-RTR01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/40 ms
DK-DNIE-RTR01#ping 10.190.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.190.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DK-DNIE-RTR01#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DK-DNIE-RTR01#ping 192.168.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
05-15-2015 07:46 AM
So your switch is routing.
It's an issue with your PC by the looks of it.
You are using DHCP on the switch so I assume it has the right default gateway as Rolf asked.
If so check for any firewalls etc. because basically your computer can ping up to 10.190.1.1 and from 101.190.1.1 you can ping everything on the switch but not the computer itself.
Jon
05-15-2015 07:59 AM
But why can one switch VLAN ping externaly AND internlay when the other can't?
Master-Switch#ping 192.168.20.21 source vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
.....
Success rate is 0 percent (0/5)
Master-Switch#ping 192.168.20.21 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms
Master-Switch#ping 8.8.8.8 sour vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)
Master-Switch#ping 8.8.8.8 sour vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/37/42 ms
Master-Switch#
05-15-2015 08:40 AM
Does 10.190.1.1 do NAT for your private IPs ?
If so have you setup NAT for the 192.168.20.x IPs ?
Jon
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide