vlans on 3560 can't talk to each other

michaeli · ‎07-12-2007

ip routing is enabled, there is an ip on each vlan interface, but hosts on one vlan cannot ping hosts on another. All hosts are pingable from the switch.

Edison Ortiz · ‎07-12-2007

Did you check the default gateway on the hosts ?

Amit Singh · ‎07-12-2007

The default gateway on the hosts has to be the Vlan interface IP for each VLAN hosts. If you have correct vlan SVI configured as the gateway it should work.

-amit singh

royalblues · ‎07-12-2007

seems to be strange

R u sure you are seeing the VLAN subnets when you do sh ip route

what code are you running btw?

Narayan

mahmoodmkl · ‎07-12-2007

Hi

As the above poster said u r gateway of the hosts should be the vlan SVI created on u r swith for the specifed vlan.

Thanks

Mahmood

michaeli · ‎07-12-2007

Hosts are configured to use the vlan interface ip for their respective vlan as the gateway. I do see the vlan subnets when i run show ip route. Code on this guy is 12.2(25)SEE2 with ipservices.

Edison Ortiz · ‎07-12-2007

Can we see the switch config along with ipconfig /all from one of the workstations ? FW enabled on the workstations ?

michaeli · ‎07-12-2007

indc-c3560-1#sho run

Building configuration...

Current configuration : 9888 bytes

!

! Last configuration change at 10:30:56 PST Thu Jul 12 2007

! NVRAM config last updated at 10:20:26 PST Thu Jul 12 2007

!

version 12.2

no service pad

service tcp-keepalives-in

service tcp-keepalives-out

service timestamps debug datetime msec localtime show-timezone

service timestamps log datetime msec localtime show-timezone

service password-encryption

!

hostname indc-c3560-1

!

logging buffered 50000 debugging

logging monitor warnings

enable secret xxx

!

no aaa new-model

clock timezone PST -8

clock summer-time PST recurring

vtp domain indc-cluster

vtp mode transparent

ip subnet-zero

no ip source-route

ip routing

ip domain-name synopsys.com

ip name-server 146.x.100.240

ip name-server 146.x.100.241

ip name-server 146.x.100.242

!

no file verify auto

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

vlan 10

name chera

!

vlan 40

name shared

!

vlan 70

name management

!

interface Vlan1

no ip address

!

interface Vlan10

description Chera cluster

ip address 10.144.205.62 255.255.255.192

!

interface Vlan20

ip address 10.144.205.126 255.255.255.192

!

interface Vlan30

ip address 10.144.205.190 255.255.255.192

!

interface Vlan40

description cluster shared network

ip address 10.144.205.206 255.255.255.240

!

interface Vlan70

description Management Network

ip address 10.144.205.241 255.255.255.240

!

router ospf 1

router-id 10.144.205.241

log-adjacency-changes

network 10.144.205.0 0.0.0.63 area 0

network 10.144.205.192 0.0.0.15 area 0

network 10.144.205.240 0.0.0.15 area 0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.144.205.254

ip http server

!

logging history size 500

logging trap notifications

logging 146.225.100.1

logging 146.225.64.9

access-list 2 permit 146.225.64.9

access-list 2 permit 10.15.1.100

access-list 2 permit 10.15.1.101

access-list 2 permit 10.225.1.25

access-list 2 permit 146.225.66.0 0.0.0.255

access-list 2 permit 146.225.100.0 0.0.0.255

snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart

snmp-server enable traps tty

snmp-server enable traps cluster

snmp-server enable traps fru-ctrl

snmp-server enable traps entity

snmp-server enable traps cpu threshold

snmp-server enable traps vtp

snmp-server enable traps vlancreate

snmp-server enable traps vlandelete

snmp-server enable traps flash insertion removal

snmp-server enable traps port-security

snmp-server enable traps envmon

snmp-server enable traps mac-notification

snmp-server enable traps bgp

snmp-server enable traps copy-config

snmp-server enable traps config

snmp-server enable traps hsrp

snmp-server enable traps ipmulticast

snmp-server enable traps msdp

snmp-server enable traps ospf state-change

snmp-server enable traps ospf errors

snmp-server enable traps ospf retransmit

snmp-server enable traps ospf lsa

snmp-server enable traps ospf cisco-specific state-change

snmp-server enable traps ospf cisco-specific errors

snmp-server enable traps ospf cisco-specific retransmit

snmp-server enable traps ospf cisco-specific lsa

snmp-server enable traps pim neighbor-change rp-mapping-change invalid-pim-messa

ge

snmp-server enable traps rtr

snmp-server enable traps bridge newroot topologychange

snmp-server enable traps stpx inconsistency root-inconsistency loop-inconsistenc

y

snmp-server enable traps syslog

snmp-server enable traps vlan-membership

!

control-plane

!

line con 0

login

line vty 0 4

login

line vty 5 15

no login

!

ntp clock-period 36029152

ntp server 146.x.64.200 version 1

ntp server 146.x.64.240

ntp server 146.x.64.212 version 1

end

indc-c3560-1#

royalblues · ‎07-12-2007

are all the hosts connected to this switch only?

Is this switch trunkie dany other switch?

you have SVI defined for VLAN 10,20,30,40 & 70 but vlans created are only 10,40 & 70

Narayan

michaeli · ‎07-12-2007

hosts are connected to only this switch, and as of now only vlans 10, 40, and 70. No trunking used, switch is isolated by a firewall cluster.

Edison Ortiz · ‎07-12-2007

Did you verify the subnet mask matches on the workstation with the corresponding SVI ?

Can we see a 'ipconfig /all' from the workstation ?

Was this working before and suddenly stopped ?

glen.grant · ‎07-12-2007

As narayan said the way it is right now you would only be able to route between vlans 10,40 and 70 as you have no layer 2 defs for the others .