cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4144
Views
0
Helpful
5
Replies

Can't ping devices in same subnet

mfawehin
Level 1
Level 1

Hi guys,

I'm pretty sure I'm missing something blatantly obvious here but please indulge me.

I have a switch which used to be in a vlan and had no problem connecting to other devices in the same vlan.

During an upgrade and because the I wanted only L3 routed links on the switch, I took the device out of the vlan and connected a routed interface to one of the devices in the vlan as it is imperative that these two devices talk.

Lets say the device in question is 10.25.10.200 (which is the same address it had when it was a member of vlan 50), it is directly connected to another switch which 10.25.10.50.

Both these addresses are part of vlan 50 but the addresses are now on routed ports on the switches - no Vlans.

Nothing in vlan 50 can talk to these devices and vice-versa.

I would want to just assign these two devices /30 addresses but I am definitely unable to change the address of 10.25.10.50.

What changes may I make to enable the devices in vlan 50 access these two devices, even the default gateway of vlan 50 (10.25.10.250) can't get to the devices so what hope for the others?....

I can't subnet down the IP address allocation for vlan 50 either as it is pretty much all used up.

Any ideas would be much appreciated. Is there a command that would help route the traffic? proxy-arp somewhere perhaps? I'm a bit lost here so I hope its a quick fix.

Cheers,

Martha.

1 Accepted Solution

Accepted Solutions

Hello Martha,

just a little addition:

I've realized you had asked for more details of the static NAT approach.

I've provided you a possible procedure to change the ip subnet on the point-to-point link.

The reasons are the following:

the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.

From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.

if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).

NAt

int type x1/y1

ip nat inside

int other x1/y1

ip nat outside

ip nat inside source static 10.25.10.50 10.x.y.2

ip nat inside source static 10.25.10.50 10.x.y.3

int loop M

ip address 10.x.y.1 255.255.255.248

see

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1074422

advertise this in your intranet in your IGP

Hope to help

Giuseppe

View solution in original post

5 Replies 5

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Martha,

when you introduce routed ports in a campus network you should use dedicated /30 IP subnets.

Using ip addresses belonging to the IP subnet associated to Vlan50 is not correct: you are introducing a duplicated ip subnet.

When a device in vlan50 tries to reach 10.25.10.200 or 10.25.10.50 it arps on the broadcast domain and no one answers.

Even if you enable ip proxy-arp this doesn't solve because it is meant to help hosts that try to ARP for IP addresses outside the local subnet.

The only way to deal with this would be the usage of some static NAT statements that make appear those ip addresses as something different to users in vlan50.

However, I would suggest to get access to the modified switch by any means (another ip address in a different ip subnet if ip routing has been enabled) or have someone connects the console cable to a PC you can have access to using remote desktop.

Hope to help

Giuseppe

Hi Giuseppe,

Thanks for your prompt response and for the explanantion of how I've cocked things up :).

I have every intention of making the connection between the two a dedicated /30 subnet but as I said at this point in time I am unable to change the 10.25.10.50 address.

Please expand on your theory to get it working in the meantime - the static NAT statements. Where do I configure these and is it more trouble than its worth for a short-term solution.

I am able to connect to both switches as 10.25.10.200 has interfaces in other subnets so I have access to the switch via one of these and to get to .50 switch, there is a direct connection from the .200 device.

Thanks again,

Martha.

Hello Martha,

if you have access to 10.25.10.200 you should be able to recover:

from 10.25.10.200 access the other switch at 10.25.10.50:

use

reload at ?

hh:mm Time to reload (hh:mm)

example

reload at 22:23 31 May pippo

Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)

Reload reason: pippo

Proceed with reload? [confirm]y

sh reload

Reload scheduled for 22:23:00 MET Sun May 31 2009 (in 126 hours and 17 minutes) by g.larosa on vty0 (10.55.49.57)

Reload reason: pippo

to schedule a timed reload in case things go bad

go to the routed port

conf t

int type x/y

! assign new ip address from unused /30

ip address 10.x.y.1 255.255.255.252

after you type enter you lost telnet to Sw2

open another telnet session to the switch with ip 10.25.10.200 (called switch1) using a valid ip address different from that

do

conf t

int type x1/y1

ip address 10.x.y.2 255.255.255.252

from SW1 try to ping Sw2 at new ip 10.x.y.1 (first packet is lost for sure for ARP)

if everything is well you can access SW2 at 10.x.y.1

save config !

then remove the scheduled reload

to remove use

reload cancel

router#

***

*** --- SHUTDOWN ABORTED ---

***

sh reload

No reload is scheduled.

see

http://www.cisco.com/en/US/docs/ios/fundamentals/command/reference/cf_r1.html#wp1056246

you can finish your config with

ip route 0.0.0.0 0.0.0.0 10.x.y.2 on Sw2

on Sw1 you can advertise the new subnet 10.x.y.0/30 with no problems

Hope to help

Giuseppe

(if you have enabled ip routing )

Hello Martha,

just a little addition:

I've realized you had asked for more details of the static NAT approach.

I've provided you a possible procedure to change the ip subnet on the point-to-point link.

The reasons are the following:

the NAT approach is feasible only if SW1 is a C6500 all other multilayer platforms don't support NAT.

From the fact that you reach SW2 from Sw1 I've seen enough space to propose a definitive correction as described in my second post in this thread.

if SW1 is a C6500 that is NAT capable and you don't feel confident with the suggested procedure (I've provided an example of using scheduled reload to be able to recover as we do with remote sites changes).

NAt

int type x1/y1

ip nat inside

int other x1/y1

ip nat outside

ip nat inside source static 10.25.10.50 10.x.y.2

ip nat inside source static 10.25.10.50 10.x.y.3

int loop M

ip address 10.x.y.1 255.255.255.248

see

http://www.cisco.com/en/US/docs/ios/ipaddr/configuration/guide/iadnat_addr_consv_ps6350_TSD_Products_Configuration_Guide_Chapter.html#wp1074422

advertise this in your intranet in your IGP

Hope to help

Giuseppe

Hi Giuseppe, I guess there's no way around it. I will make the changes as advised.

Thanks again,

Martha.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco