What am I missing here?????

Dennis Nielsen · ‎05-15-2015

Please help me!!

I am working on a Catalyst 3560 IOS 15.0(2) SE

I have my switch with a couple of VLANs and routing enabled, but my switch doesn't seem to route...

Desription:

VLAN 10

VLAN interface 10.190.1.3/24

VLAN 20

VLAN interface 192.168.20.1/24

Computer

IP 192.168.20.21/24

Problem:

I can ping the computer from VLAN interface 20 but not 10

Master-Switch#ping 192.168.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

Master-Switch#ping 192.168.20.21 source vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
.....
Success rate is 0 percent (0/5)

See attached putty log for complete config and tests.

Rolf Fischer · ‎05-15-2015

Have you checked the computer's default-gateway?

HTH

Rolf

Dennis Nielsen · ‎05-15-2015

From the computer I can ping 192.168.20.1 10.190.1.3 and 10.190.1.1 all with success

Jason Dance · ‎05-15-2015

What happens if you remove the "no ip redirects" from vlan 10?

interface Vlan10
ip address 10.190.1.3 255.255.255.0
no ip redirects

Regards,

Jason

Dennis Nielsen · ‎05-15-2015

I don't thin kit's a PC problem:

From the switch:

Master-Switch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/38/42 ms
Master-Switch#ping 8.8.8.8 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)

- See more at: https://supportforums.cisco.com/discussion/12508486/what-am-i-missing-here#comment-10503136

Jon Marshall · ‎05-15-2015

From the computer can you ping the vlan 10 IP address ?

Jon

Dennis Nielsen · ‎05-15-2015

From the computer I can ping 192.168.20.1 10.190.1.3 and 10.190.1.1 all with success

Jon Marshall · ‎05-15-2015

Then it sounds like you have some sort of firewall on the computer that only allows connections from the same IP subnet.

Jon

Dennis Nielsen · ‎05-15-2015

I don't thin kit's a PC problem:

From the switch:

Master-Switch#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/38/42 ms
Master-Switch#ping 8.8.8.8 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)

Jon Marshall · ‎05-15-2015

If you can ping from the computer to 10.190.1.1 then your switch is routing.

In terms of your ping of 8.8.8.8 what device does NAT and is it configured to NAT for 192.168.20.x IPs ?

If the device that does NAT is not 10.190.1.1 does it also have a route back to 192.168.20.x ?

Jon

Dennis Nielsen · ‎05-15-2015

From 10.190.1.1:

DK-DNIE-RTR01#ping 8.8.8.8
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 36/36/40 ms
DK-DNIE-RTR01#ping 10.190.1.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.190.1.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DK-DNIE-RTR01#ping 192.168.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
DK-DNIE-RTR01#ping 192.168.20.21
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)

Jon Marshall · ‎05-15-2015

So your switch is routing.

It's an issue with your PC by the looks of it.

You are using DHCP on the switch so I assume it has the right default gateway as Rolf asked.

If so check for any firewalls etc. because basically your computer can ping up to 10.190.1.1 and from 101.190.1.1 you can ping everything on the switch but not the computer itself.

Jon

Dennis Nielsen · ‎05-15-2015

But why can one switch VLAN ping externaly AND internlay when the other can't?

Master-Switch#ping 192.168.20.21 source vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
.....
Success rate is 0 percent (0/5)
Master-Switch#ping 192.168.20.21 source vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.20.21, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/8 ms

Master-Switch#ping 8.8.8.8 sour vl 20
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 192.168.20.1
.....
Success rate is 0 percent (0/5)

Master-Switch#ping 8.8.8.8 sour vl 10
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:
Packet sent with a source address of 10.190.1.3
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 33/37/42 ms
Master-Switch#

Jon Marshall · ‎05-15-2015

Does 10.190.1.1 do NAT for your private IPs ?

If so have you setup NAT for the 192.168.20.x IPs ?

Jon