Can't ping devices in same subnet

Answered Question
May 26th, 2009

Hi guys,

I'm pretty sure I'm missing something blatantly obvious here but please indulge me.

I have a switch which used to be in a vlan and had no problem connecting to other devices in the same vlan.

During an upgrade and because the I wanted only L3 routed links on the switch, I took the device out of the vlan and connected a routed interface to one of the devices in the vlan as it is imperative that these two devices talk.

Lets say the device in question is 10.25.10.200 (which is the same address it had when it was a member of vlan 50), it is directly connected to another switch which 10.25.10.50.

Both these addresses are part of vlan 50 but the addresses are now on routed ports on the switches - no Vlans.

Nothing in vlan 50 can talk to these devices and vice-versa.

I would want to just assign these two devices /30 addresses but I am definitely unable to change the address of 10.25.10.50.

What changes may I make to enable the devices in vlan 50 access these two devices, even the default gateway of vlan 50 (10.25.10.250) can't get to the devices so what hope for the others?....

I can't subnet down the IP address allocation for vlan 50 either as it is pretty much all used up.

Any ideas would be much appreciated. Is there a command that would help route the traffic? proxy-arp somewhere perhaps? I'm a bit lost here so I hope its a quick fix.

Cheers,

Martha.

I have this problem too.
0 votes
Correct Answer by Giuseppe Larosa about 7 years 6 months ago

Hello Martha,

just a little addition:

I've realized you had asked for more details of the static NAT approach.

I've provided you a possible procedure to change the ip subnet on the point-to-point link.

The reasons are the following:

the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.

From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.

if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).

NAt

int type x1/y1

ip nat inside

int other x1/y1

ip nat outside

ip nat inside source static 10.25.10.50 10.x.y.2

ip nat inside source static 10.25.10.50 10.x.y.3

int loop M

ip address 10.x.y.1 255.255.255.248

see

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1074422

advertise this in your intranet in your IGP

Hope to help

Giuseppe

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Giuseppe Larosa Tue, 05/26/2009 - 05:20

Hello Martha,

when you introduce routed ports in a campus network you should use dedicated /30 IP subnets.

Using ip addresses belonging to the IP subnet associated to Vlan50 is not correct: you are introducing a duplicated ip subnet.

When a device in vlan50 tries to reach 10.25.10.200 or 10.25.10.50 it arps on the broadcast domain and no one answers.

Even if you enable ip proxy-arp this doesn't solve because it is meant to help hosts that try to ARP for IP addresses outside the local subnet.

The only way to deal with this would be the usage of some static NAT statements that make appear those ip addresses as something different to users in vlan50.

However, I would suggest to get access to the modified switch by any means (another ip address in a different ip subnet if ip routing has been enabled) or have someone connects the console cable to a PC you can have access to using remote desktop.

Hope to help

Giuseppe

mfawehin Tue, 05/26/2009 - 05:38

Hi Giuseppe,

Thanks for your prompt response and for the explanantion of how I've cocked things up :).

I have every intention of making the connection between the two a dedicated /30 subnet but as I said at this point in time I am unable to change the 10.25.10.50 address.

Please expand on your theory to get it working in the meantime - the static NAT statements. Where do I configure these and is it more trouble than its worth for a short-term solution.

I am able to connect to both switches as 10.25.10.200 has interfaces in other subnets so I have access to the switch via one of these and to get to .50 switch, there is a direct connection from the .200 device.

Thanks again,

Martha.

Giuseppe Larosa Tue, 05/26/2009 - 06:16

Hello Martha,

if you have access to 10.25.10.200 you should be able to recover:

from 10.25.10.200 access the other switch at 10.25.10.50:

use

reload at ?

hh:mm Time to reload (hh:mm)

example

reload at 22:23 31 May pippo

Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)

Reload reason: pippo

Proceed with reload? [confirm]y

sh reload

Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)

Reload reason: pippo

to schedule a timed reload in case things go bad

go to the routed port

conf t

int type x/y

! assign new ip address from unused /30

ip address 10.x.y.1 255.255.255.252

after you type enter you lost telnet to Sw2

open another telnet session to the switch with ip 10.25.10.200 (called switch1) using a valid ip address different from that

do

conf t

int type x1/y1

ip address 10.x.y.2 255.255.255.252

from SW1 try to ping Sw2 at new ip 10.x.y.1 (first packet is lost for sure for ARP)

if everything is well you can access SW2 at 10.x.y.1

save config !

then remove the scheduled reload

to remove use

reload cancel

router#

***

*** --- SHUTDOWN ABORTED ---

***

sh reload

No reload is scheduled.

see

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1056246

you can finish your config with

ip route 0.0.0.0 0.0.0.0 10.x.y.2 on Sw2

on Sw1 you can advertise the new subnet 10.x.y.0/30 with no problems

Hope to help

Giuseppe

(if you have enabled ip routing )

Correct Answer
Giuseppe Larosa Tue, 05/26/2009 - 08:00

Hello Martha,

just a little addition:

I've realized you had asked for more details of the static NAT approach.

I've provided you a possible procedure to change the ip subnet on the point-to-point link.

The reasons are the following:

the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.

From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.

if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).

NAt

int type x1/y1

ip nat inside

int other x1/y1

ip nat outside

ip nat inside source static 10.25.10.50 10.x.y.2

ip nat inside source static 10.25.10.50 10.x.y.3

int loop M

ip address 10.x.y.1 255.255.255.248

see

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1074422

advertise this in your intranet in your IGP

Hope to help

Giuseppe

mfawehin Tue, 05/26/2009 - 22:32

Hi Giuseppe, I guess there's no way around it. I will make the changes as advised.

Thanks again,

Martha.

Actions

This Discussion