Solved: InterVLAN Routing Problem

jakecomm1 · ‎01-15-2010

I have a 3750 stacked switch with two 48-port PoE switches connected via stacking cable. On these switches I have three VLANS: VLAN10 for VoIP phones, VLAN20 for Computer Hosts and VLAN30 for IP CCTV cameras. I configured the switch with SVI (gave each VLAN its own I.P. address and mask) and then entered the IP Routing command from Global Config.

Here's the problem: As a host on all three VLANs - configured with the the appropriate subnet I.P. address and a gateway that is the I.P. address of the respective VLAN - I can ping the three VLAN gateways without a problem. However, as a host on VLAN10, I can ping another host on VLAN10, a host on VLAN 30, but not a host on VLAN20. As a host on VLAN30, I can ping another host on VLAN30, a host on VLAN10, but not VLAN20. As a host on VLAN20, I can ping a host on all three VLANs. So basically I can't access VLAN20 from VLAN10 or VLAN30.

I'm completely dumbfounded by this and have researched for days trying to find the answer. I'd appreciate if anyone here could help. I've attached the configuration.

glen.grant · ‎01-15-2010

Are you pinging the same host everytime on vlan 20 ? If so then that host has either a firewall activated on the host that is blocking pings or it has a incorrect or missing default gateway defined . The 3750 looks fine for what you are trying to do . The fact that you can ping the vlan 20 gateway from the other vlans eliminates the 3750 and points to the host you are trying to ping . Also check things like the subnet mask in the devices and verify they are correct.. I see vlan 20 is mostly on switch 2 , can you put a port in vlan 20 on switch 1 and see if it works . Verify the stack setup looks ok with show switch detail , one should say master and the other in a ready state . Maybe a show vlan allso to make sure vlan 20 shows up llike it should .

View solution in original post

glen.grant · ‎01-15-2010

Are you pinging the same host everytime on vlan 20 ? If so then that host has either a firewall activated on the host that is blocking pings or it has a incorrect or missing default gateway defined . The 3750 looks fine for what you are trying to do . The fact that you can ping the vlan 20 gateway from the other vlans eliminates the 3750 and points to the host you are trying to ping . Also check things like the subnet mask in the devices and verify they are correct.. I see vlan 20 is mostly on switch 2 , can you put a port in vlan 20 on switch 1 and see if it works . Verify the stack setup looks ok with show switch detail , one should say master and the other in a ready state . Maybe a show vlan allso to make sure vlan 20 shows up llike it should .

jakecomm1 · ‎01-15-2010

I have tried three different hosts: a friends' laptop, a desktop (both configured with static IP addresses and gateway, just to be sure) and a linksys router that is connected to one of the ports. Plus I can ping the same hosts from inside the same VLAN.

lusandi · ‎01-15-2010

Hello,

Do you think that is by anychance possible that you provide me a:

show vlan in order to confirm the vlan information

Thanks,

krishnakumarr · ‎01-15-2010

Hi

Enable IP routing

conf t

ip routing

regards

krishna kumar

Ganesh Hariharan · ‎01-16-2010

Hi,

Can you do extended ping from switch making source as vlan 20 and ping vlan 30 host.Is it pinging or not.

Regards

Ganesh.H

jakecomm1 · ‎01-16-2010

It looks as though glen.grant was correct. My coworker enabled the firewall on the dhcp/firewall server located on VLAN20 without letting me know. Once I made some changes to the firewall configuration, I was able to reach hosts on VLAN20 from the other VLANs.

Thank you so much everyone for you help! This is a great community with a lot of selfless people that are willing to share their knowledge! The rest of the world should be this helpful to each other.