new vlan problem

Answered Question
Feb 6th, 2007

I have configured two new vlans. I am able to ping those vlans via any switch on the network. The problem is when I try to ping it from a machine that has been setup on that vlan with a static ip, the request times out.

I have this problem too.
0 votes
Correct Answer by Richard Burts about 9 years 7 months ago

Brian

Thanks for posting back with the solution. It is good to know what was causing this.

HTH

Rick

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Richard Burts Tue, 02/06/2007 - 08:44

Brian

If you can ping those vlans from any switch on the network, then it sounds like the configuration of the vlans is ok. If a machine that is setup with a static IP can not ping then it sounds more likely to be an issue with the machine. Can you check and verify that the machine's IP address and netmask are configured correctly. And most importantly can you verify that the machine has the correct default gateway configured?

HTH

Rick

bpeacock2598 Tue, 02/06/2007 - 08:55

Thanks for responding. I have verified that the ip, netmask, and gateway are set correctly and still unable to ping the gateway. The strange thing is I can ping it from another terminal that is on a different vlan. Could it be that I have the port configured incorrectly that the machine with the staic ip is in. I have it configured as a acccess port.

bpeacock2598 Tue, 02/06/2007 - 08:57

Thanks for responding. I have verified that the ip, netmask, and gateway are set correctly and still unable to ping the gateway. The strange thing is I can ping it from another terminal that is on a different vlan. Could it be that I have the port configured incorrectly that the machine with the staic ip is in. I have it configured as a acccess port.

Richard Burts Tue, 02/06/2007 - 09:05

Brian

If you are able to ping the machine from another terminal that is in a different vlan, then that seems to verify that the vlan is configured and operating ok and that the machine is configured correctly with IP address, netmask, and default gateway.

If the machine is not able to ping the gateway there must be something else going on. Are you doing any access list filtering? If you attempt to ping the gateway and then immediately do an arp -a on the machine, does it show the address of the gateway, what MAC does it show as associated with that address?

HTH

Rick

rafaelgarcia Tue, 02/06/2007 - 09:25

Hi,

Is the OS on those two machines the same? It might be that your Windows XP firewall is blocking the echo reply coming back from the switch. Try doing an icmp debug on the switch and check if the switch is being pinged. If so, the problem is the machine.

I hope it helps.

bpeacock2598 Tue, 02/06/2007 - 09:27

Sorry Rick I didn't make myself clear. I can ping the new vlan's ip from another pc that is on a different vlan. I can not ping the machine that is set with a static ip nor can I ping anything from the machine with the static address. there is no ACL filtering being used.

glen.grant Tue, 02/06/2007 - 09:32

You created the layer3 side , is the layer 2 side setup correctly ? Do the new vlans show up with the "show vlan " command and show your ports in those vlans ??? Is this on a layer 3 switch ?

bpeacock2598 Tue, 02/06/2007 - 09:40

Yes it is on a layer 3 switch, and when I do a "show vlan brief" on the switch is does show the ports I have configured for that vlan.

Jon Marshall Tue, 02/06/2007 - 10:44

Hi

Does the port that your PC with the static IP address is connected to show as up ?

Could you send the IP details of the layer 3 vlan interface and the PC.

Jon

Richard Burts Tue, 02/06/2007 - 11:11

Brian

OK. Lets see what we can do to clarify things. Are we saying that we are sure that the server is configured with correct IP address, netmask, and default gateway? I would assume that it should be correct to configure the port as an access port. Perhaps it would be helpful to post the details of how the port is configured.

As has been mentioned, there is a possibility that there is a firewall on the server or other hardening that has been done. Is it possible for the people at the other site to check on this. And it would be very helpful to know if they can access anything from the server: can they access devices in the same vlan/subnet, can they access anything on a remote subnet.

HTH

Rick

bpeacock2598 Tue, 02/06/2007 - 11:24

HERE IS THE PORT INFO(where the machine with the static address resides) :

interface GigabitEthernet4/19

switchport access vlan 120

switchport mode access

HERE IS HOW THE VLAN IS CONFIGURED:

interface Vlan120

description

ip address 10.30.120.1 255.255.255.0

THIS IS HOW THE PC IS SETUP WITH THE STATIC ADDRESS:

ip address: 10.30.120.2

netmask: 255.255.255.0

gateway: 10.30.120.1

FYI...I tried to setup another pc on this same vlan(interface 4/5) and got the same results

HERE IS A FULL DESCRIPTION OF VLAN 120:

Vlan120 is up, line protocol is up

Hardware is Ethernet SVI, address is 0012.43da.efff (bia 0012.43da.efff)

Description: Internal_Wireless

Internet address is 10.30.120.1/24

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 03:33:40, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue: 0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

L3 in Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

L3 out Switched: ucast: 0 pkt, 0 bytes - mcast: 0 pkt, 0 bytes

0 packets input, 0 bytes, 0 no buffer

Received 0 broadcasts (0 IP multicast)

0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

17809 packets output, 1174634 bytes, 0 underruns

0 output errors, 0 interface resets

0 output buffer failures, 0 output buffers swapped out

Sorry if this is to much info but I wanted to insure you had everything.

sundar.palaniappan Tue, 02/06/2007 - 11:43

Brian,

Sorry, I missed anything here. I don't see anywhere in the post you told us what your topology is like. Can you respond to the following questions so we may be able to find the problem quickly.

1. How many switches are there and what kind of switches are they?

2. Are you trunking between the switches?

3. Which one of these switches is configured as the layer 3 gateway i.e using vlan interfaces?

4. Are you running VTP or did you create VLANs manually on all the switches?

5. Is g4/19 on the same switch that's configured with int vlan 120?

The int vlan 120 output you posted show 0 input traffic and that's definitely something to be looked into.

HTH

Sundar

Richard Burts Tue, 02/06/2007 - 11:48

Brian

I do not think that this is too much info. I think that it is partucularly interesting that the counters show 17809 packets output but no packets input.

I also think that it is very interesting that when you attempt to set up another machine on that VLAN that you get the same symptoms. Can you verify that the cabling is correct and that there are no mismatches in speed or duplex between the switch and the devices?

A couple other things to try:

- if you attempt to ping either of the devices and then immediately do show arp on the switch, are there any ARP entries for the addresses?

- if you look into the switch's layer 2 forwarding table (CAM or mac-address-table depending on the model of switch) are you learning the MAC address for either of the machines?

HTH

Rick

bpeacock2598 Tue, 02/06/2007 - 11:42

I HAVE FOUND THE PROBLEM!!!

I had done some vlan prunning in the past on the trunk between 2 sites, and forgot about it. Once I added the vlan the the switchport allow it is working fine.

I greatly appreceiate all of your help.

Thanks

Correct Answer
Richard Burts Tue, 02/06/2007 - 11:50

Brian

Thanks for posting back with the solution. It is good to know what was causing this.

HTH

Rick

Actions

This Discussion