vlans not in "show IP route"

Unanswered Question

Greetings,

I have a Catalyst 3550 with 5 vlans configured. They appear ok........

"Show VLAN" result is attachment 1

However, although the vlans appear in "show vlan", they do not appear in "show IP route".

Show IP Route result is attachment 3

I attempted to use "vlan database", but got this error....

ieswitch#vlan database

% Warning: It is recommended to configure VLAN from config mode,

as VLAN database mode is being deprecated. Please consult user

documentation for configuring VTP/VLAN in config mode.

The bottomline is that while vlan 1 works OK and vlans 2-5 are serving IP address info correctly, I can not ping an outside the switch address or location. I am not sure what is wrong.

The switch config is attachment 2

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
glen.grant Wed, 11/26/2008 - 11:35

You have one default static route pointing to 67.59.83.1 , I assume this is the other end . The device on the other end will need specific static routes pointing back to the 3550 for all the subnets you have defined otherwise it does not have a path back. Are the layer 3 switch virtual interfaces up/up ? You need at least one active interface in each of those vlans in order to have the layer 3 side up/up . My guess is that they are not up otherwise it would show as a connected route.

John Blakley Wed, 11/26/2008 - 11:43

I agree with Glen. Check the vlan svis to see if they're up. Do a "sh ip int brie" and find the subnet that isn't showing up and see if it's administratively down.

Or you can always go into one of the interfaces that isn't showing in the routing table and do a "no shut".

HTH,

John

John,

OK, I just got back....I connected a Macintosh to the vlan 1, interface 3. It's up and running and it is getting dhcp addressing OK. I still can't ping anything though.

Here is the result of the commend you suggested......

ieswitch#sh ip int brie

Interface IP-Address OK? Method Status Protocol

Vlan1 67.xx.xx.4 YES NVRAM up up

Vlan2 192.168.100.1 YES NVRAM up up

Vlan3 192.168.120.1 YES NVRAM up down

Vlan4 192.168.140.1 YES NVRAM up down

Vlan5 192.168.160.1 YES NVRAM up down

Vlan23 unassigned YES NVRAM down down

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset down down

FastEthernet0/3 unassigned YES unset up up

FastEthernet0/4 unassigned YES unset down down

FastEthernet0/5 unassigned YES unset down down

FastEthernet0/6 unassigned YES unset down down

FastEthernet0/7 unassigned YES unset down down

FastEthernet0/8 unassigned YES unset down down

FastEthernet0/9 unassigned YES unset down down

FastEthernet0/10 unassigned YES unset down down

FastEthernet0/11 unassigned YES unset down down

FastEthernet0/12 unassigned YES unset down down

FastEthernet0/13 unassigned YES unset down down

FastEthernet0/14 unassigned YES unset down down

FastEthernet0/15 unassigned YES unset down down

FastEthernet0/16 unassigned YES unset down down

FastEthernet0/17 unassigned YES unset up up

FastEthernet0/18 unassigned YES unset down down

FastEthernet0/19 unassigned YES unset down down

FastEthernet0/20 unassigned YES unset down down

FastEthernet0/21 unassigned YES unset down down

FastEthernet0/22 unassigned YES unset down down

FastEthernet0/23 unassigned YES unset down down

FastEthernet0/24 unassigned YES unset up up

GigabitEthernet0/1 unassigned YES unset down down

GigabitEthernet0/2 unassigned YES unset down down

Yes you are correct. 67.59.83.1 is the router above the 3550. It is statically routing 67.59.83.0/25.

There are only two devices connected right now in Interface 17 and 23. Those however are not in the vlan we need the routing on.

I will have to drive up to the hill top where the equipment is loccated and plug a device into one or two of the vlans I am concerned about.

I will get back to this discussion.

I am more suspicious of some issue with the VLAN database.

If I try to configure......I get.....

ieswitch#config t

Enter configuration commands, one per line. End with CNTL/Z.

ieswitch(config)#vlan database

Command rejected: Bad VLAN list - character #1 is a non-numeric

character ('d').

Furthermore, there should be some acknowledgement of 4 vlans 192.0.0.0/24

If I show IP route, it now shows the 192.168.100.1 vlan up

ieswitch#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2

i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

ia - IS-IS inter area, * - candidate default, U - per-user static route

o - ODR, P - periodic downloaded static route

Gateway of last resort is 67.59.83.1 to network 0.0.0.0

67.0.0.0/25 is subnetted, 1 subnets

C 67.xx.xx.0 is directly connected, Vlan1

C 192.168.100.0/24 is directly connected, Vlan2

S* 0.0.0.0/0 [1/0] via 67.xx.xx.1

There should be a line in the output like....

C 192.0.0.0/24 is subnetted, 4 subnets

John Blakley Wed, 11/26/2008 - 16:24

Can you show the configuration of your vlan2 interface?

do a sh run int vlan2 and post the results. Also, is your dhcp server on the switch or external on a server? You should be able to ping the interface if you're getting an address now.

The vlan database command is deprecated on most switches. Under (config)# just type vlan 2 and enter. That will take you to the vlan that you need.

HTH,

John

John,

ieswitch#sh run int vlan2

Building configuration...

Current configuration : 63 bytes

!

interface Vlan2

ip address 192.168.100.1 255.255.255.0

end

The DHCP server is on the switch. The odd thing is that I can ping 192.168.100.1 (vlan 2) from the switch, even though I can not from the computer connected through one of the vlan 2 interfaces.

I included the switch config as an attachment in the original post.

John Blakley Wed, 11/26/2008 - 17:30

If you're getting the correct address from the switch, and the interfaces, both vlan and port that the switch is connected to, you should be able to ping it. I looked over your config again, and everything looks fine. Can you ping past the switch? If you do a show int fa0/3, does it show up/up or err-disabled? If you take bpduguard off that interface, will it work? Can you ping the workstation from the switches interface?

ping sour vlan2

(I'm not even sure if this would work on a switch. I've never tried it.)

The next thing I would do is make the port a member of vlan1 and see if you can do anything with the default vlan by pinging it, getting the proper address, etc.

HTH,

John

John,

Now you know why I am having trouble...it looks right, but it doesn't work completely.

From any interface of vlan 1, I can ping fine. In fact, there are two devices working just fine on vlan 1. I have a laptop with vnc server connected to interface 24 (vlan 1) that connects to the console port on the switch. No problem there. I can telnet to the switch using interface 1's ip address.

However, it those 4 vlans with the dhcp server, that is the issue.

Again, if I "show IP route", it makes no mention of 192.0.0.0/24 is subnetted with 4 subnets.

I belive it should show this item.

I can ping the "up" interface's IP, but not the computer connected to it.

I'll try removing bpduguard and see what happens.

John Blakley Wed, 11/26/2008 - 17:51

If that doesn't change it, try removing the vlan SVI and the vlan from the database and then recreate all of it. Leave everything at the defaults, and then see what happens. Maybe reloading the switch will help, if you can. Everything does look correct,.and believe me, I know how frustrating THAT can be. ;-)

John

glen.grant Wed, 11/26/2008 - 16:50

As the other poster said you no longer use the vlan database . Put the switch in vtp transparent mode and all your vlans should show up in the running config . The vlans look ok because they show up and active under your show vlan command. If you do a show ip int brief do all your layer 3 svi's show up/up . They will only show up in the routing table if they all show up/up and they can only show up/up with at least 1 port in each vlan in a connected state.

Glen,

I have put the switch in vtp transparent mode.

I did the "show ip int brief" and the one vlan (192.168.100.1) is up/up.....

ieswitch#show ip int brief

Interface IP-Address OK? Method Status Protocol

Vlan1 67.xx.xx.4 YES NVRAM up up

Vlan2 192.168.100.1 YES NVRAM up up

Vlan3 192.168.120.1 YES NVRAM up down

Vlan4 192.168.140.1 YES NVRAM up down

Vlan5 192.168.160.1 YES NVRAM up down

Vlan23 unassigned YES NVRAM down down

FastEthernet0/1 unassigned YES unset up up

FastEthernet0/2 unassigned YES unset down down

FastEthernet0/3 unassigned YES unset up up

glen.grant Thu, 11/27/2008 - 03:46

Correct that means you have no ports in the other vlans on the switch in a connected state other than vlan 1 and vlan 2 so you cannot route to those subnets , but then again you do not need to if nothing is connected. As soon as you put a device on port in say vlan 4 that layer 3 interface will go up/up and it will show as a connected route in your route table . So technically I don't think you have a problem , you just don't have anything connected into those vlans yet so your layer 3 interfaces are up/down . Post back if you are still having an issue.

Glen,

I agree that since there is nothing connected to the other three vlans, they should appear down.

However, vlan 2 does have something connected and it is not working correctly. I should be able to ping the device on vlan 2 and the device should be able to ping out to the Internet.

So far, all the vlan 2 does do correctly, is automatically assign IP addressing to the connected device.

glen.grant Thu, 11/27/2008 - 07:12

Check the default gateway is correct on the device . If the device is a pc make sure all firewalls on the pc are turned off if trying to ping it ,if its on it won't ping . If the internet is out the default route check the other side and make sure you have static routes pointing back into the 3550 for the subnets defined on the 3550. Also on your 3550 make sure your ports are switchports and not routed ports . To make sure just do a interface range command on your access ports and type "switchport" . Best way to check is to issue a "show interface status" command.

Glen,

Thanks for sticking with this on a Holiday. The switch "was" scheduled to be deployed over this 4 day weekend.

The device connected to vlan 2, int 3 is a Macintosh. The firewall is enabled but it is a test machine (so I can ssh to it's UNIX capabilities) and we routinely ping, remotely login, etc.

It is configured to obtain an IP automatically, and it got

IP 192.168.100.3

subnet 255.255.255.0

gateway 192.168.100.1

It did NOT propagate DNS info though. I manually set it to the gateway IP.

The switch is configured with 208.67.222.222 208.67.220.220 (opendns.org servers)

This should NOT prevent it from pinging an IP address though, just prevent it from resolving names.

VLAN 2 through 5 (the ones we want routing) are configured as switchports, not routed ports.

Here is the result of "show interface status".

ieswitch#show interface status

Port Name Status Vlan Duplex Speed Type

Fa0/1 management connected 1 a-full a-100 10/100BaseTX

Fa0/2 watertower1 notconnect 2 auto auto 10/100BaseTX

Fa0/3 watertower2 connected 2 a-full a-100 10/100BaseTX

Fa0/4 spare notconnect 2 auto auto 10/100BaseTX

Fa0/5 schmidts notconnect 3 auto auto 10/100BaseTX

Fa0/6 flowerree notconnect 3 auto auto 10/100BaseTX

Fa0/7 spare notconnect 3 auto auto 10/100BaseTX

Fa0/8 parkrec notconnect 4 auto auto 10/100BaseTX

Fa0/9 handdee notconnect 4 auto auto 10/100BaseTX

Fa0/10 spare notconnect 4 auto auto 10/100BaseTX

Fa0/11 silverlake notconnect 5 auto auto 10/100BaseTX

Fa0/12 fortrock notconnect 5 auto auto 10/100BaseTX

Fa0/13 oildri notconnect 5 auto auto 10/100BaseTX

Fa0/14 spare notconnect 5 auto auto 10/100BaseTX

Fa0/15 spare notconnect 1 auto auto 10/100BaseTX

Fa0/16 spare notconnect 1 auto auto 10/100BaseTX

Fa0/17 spare connected 1 a-full a-100 10/100BaseTX

Fa0/18 spare notconnect 1 auto auto 10/100BaseTX

Fa0/19 agauto notconnect 1 auto auto 10/100BaseTX

Fa0/20 floydaboyd notconnect 1 auto auto 10/100BaseTX

Fa0/21 spare notconnect 1 auto auto 10/100BaseTX

Fa0/22 iebusiness1 notconnect 1 auto auto 10/100BaseTX

Fa0/23 iebusiness2 notconnect 1 auto auto 10/100BaseTX

Fa0/24 nlhealthclinic connected 1 a-full a-100 10/100BaseTX

Gi0/1 notconnect 1 auto auto unknown

Gi0/2 notconnect 1 auto auto unknown

glen.grant Thu, 11/27/2008 - 08:44

If you can't ping a directly attached device then I would suspect the device itself . From the switch can you do a extended ping and source from vlan 2 and have it ping ? From the switch can you ping the far end of that default static route assuming it not a FW that might block ping ? From the mac what can't you do at this point? Can you ping the default gateway ? Can you ping the vlan 1 default gateway ? Can you ping the far end of that static route ? From the device on the far end of that static can you ping addresses on the 3550 that are up/up ?

Glen,

I have a second Macintosh connected at int 17, vlan 1. From it, I can ping the default gateway, the IP for vlan 1, int 1 on the switch. Everything works OK.

From the switch, I can ping the default gateway, I can even ping the vlan 2 asssigned IP

ieswitch#ping 192.168.100.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.100.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

I am going to drive up to the hilltop and try again from the Macintosh and see what I can/can't ping. I might try the network config without adding anything manually to the DNS settings.

Curiously, I can't ping Macintoshs from the switch. The one in vlan 1, int 17, I can't ping although I am remotely connected to it and using it without issue.

I have attached the config again. I'll be back in about an hour.

bharadwajkn Thu, 11/27/2008 - 09:45

Hi , You will never be able to see the Vlan Configuration in the Sh IP Router Command. Determine the LAN and WAN. Command that Show Vlan, will show the LAN Divided Vlan . Show IP route works for only the route you have or hops which has connected

:- Correct me If I am wrong

I realize what you say. What I was trying to see was if it recognized the 4 subnets for 192.0.0.0.24

I would have expected to see a line in there that said.......

192.0.0.0/24 is subnetted, 4 subnets

This is what it does show....

Gateway of last resort is 67.xx.xx.1 to network 0.0.0.0

67.0.0.0/25 is subnetted, 1 subnets

C 67.xx.xx.0 is directly connected, Vlan1

C 192.168.100.0/24 is directly connected, Vlan2

S* 0.0.0.0/0 [1/0] via 67.xx.xx.1

glen.grant Thu, 11/27/2008 - 10:35

I see nothing wrong with the 3550 config , it should work . The ping issue has to be something with the mac if you can get to it using ssh . If have a windows machine around to hook up you could try that too . Besides that not sure what else to tell you .

The Macs that we use are used often. I did connect them to another switch to insure there was no issue with them and they do work OK,

I am afraid since I did not see a configuration issue either, that there may be a hardware problem or some other issue on the switch.

I am going to give it one more try with a fresh IOS image and see what I can do.

Glen,

I reset the switch to default. I have reconfigured it OK. Same basic setup without the DHCP server.

Now, everything on the switch works. I can ping between two different end devices on two different vlans.

vlan 1 (default) still works fine, although it always did. I can ping out to the Internet.

The other 4 vlans, everything works internally, but not out to the Internet.

I am pursuing possibly adding static routes in the router above the 3550 to the vlan IPs. I am convinced now that the issue is between the router and the switch.

Glen,

Well, this trip up to the hill was informative....sort of.

vlan 2 could not ping it's gateway 192.168.100.1 from the external computer connected in int 3

switch could ping 192.168.100.1

after I tried to renew the lease, I got a self assigned IP address.

vlan 3 could not ping it's gateway from int 5 from external computer

switch could ping 192.168.120.1

vlan 4 same issue.......

vlan 5 however, got a good assigned IP address and the external computer connected at int 11 AND I can ping it's gateway 192.168.160.1 and the switch can ping it also.

However, despite that working, I still can not get the computer to ping out to anything.

KrazyBlu Thu, 11/27/2008 - 09:47

vlan database has been deprecated on new Cisco switches

Actions

This Discussion