3560G InterVlan routing is not working!

Answered Question
Mar 27th, 2010
User Badges:

Dear All,


I have cisco 3560G-TS-S with IOS 12.2(35)SE5 IPbase software. I have vlan 1 and vlan 2.

Each Vlan has one pc attached to it. Each pc can ping its default vlan ip address and can ping the router behind the swtich.

The problem is pc 1 can not ping pc 2 even though i typed "Ip routing" in the global config mode to enable interVlan routing.


Is it because my IOS is old and does't support intervlan routing?


Thanks,

Kevin

Correct Answer by allan.thomas about 7 years 2 months ago

Hi,


Simply create a default route on the switch in order to point to internet router, such as ip route 0.0.0.0 0.0.0.0 192.168.2.1.  This will ensure any traffic that neither destined for 192.168.2.0/24 or 192.168.4.0/24 will be forwarded to internet router, and from their out to the internet.


Regard

Allan.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Jon Marshall Sun, 03/28/2010 - 02:30
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

aboodnet650 wrote:


Dear All,


I have cisco 3560G-TS-S with IOS 12.2(35)SE5 IPbase software. I have vlan 1 and vlan 2.

Each Vlan has one pc attached to it. Each pc can ping its default vlan ip address and can ping the router behind the swtich.

The problem is pc 1 can not ping pc 2 even though i typed "Ip routing" in the global config mode to enable interVlan routing.


Is it because my IOS is old and does't support intervlan routing?


Thanks,

Kevin


Kevin


Doesn't matter which IOS you use, the 3560 is a L3 switch so it will route between vlans.


Have you checked there are no firewalls on the PCs blocking incoming ICMP. Note it might not just be a firewall, antivirus software can do this as well.


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

johnnylingo Sun, 03/28/2010 - 11:24
User Badges:
  • Bronze, 100 points or more

When you say "the router behind the switch", does that mean the router is doing the routing?  Or do you intend to use the 3560 for routing?


You can try these commands on the switch to verify:


# show ip int brief


# show ip route

Abdullah Net Sun, 03/28/2010 - 11:33
User Badges:

johnnylingo,


The router behind the switch is for accessing the internet only nothing more and it has 192.168.2.1 as its IP address. I want the Switch to perform the routing between vlans.

this is what you asked for?

Interface              IP-Address      OK? Method Status                Protocol
Vlan1                  192.168.2.5     YES NVRAM  up                    up
Vlan2                  192.168.4.1     YES manual up                    up
GigabitEthernet0/1     unassigned      YES unset  up                    up
GigabitEthernet0/2     unassigned      YES unset  up                    up
GigabitEthernet0/3     unassigned      YES unset  up                    up
GigabitEthernet0/4     unassigned      YES unset  up                    up
GigabitEthernet0/5     unassigned      YES unset  up                    up
GigabitEthernet0/6     unassigned      YES unset  up                    up
GigabitEthernet0/7     unassigned      YES unset  up                    up
GigabitEthernet0/8     unassigned      YES unset  down                  down
GigabitEthernet0/9     unassigned      YES unset  down                  down
GigabitEthernet0/10    unassigned      YES unset  down                  down
GigabitEthernet0/11    unassigned      YES unset  down                  down
GigabitEthernet0/12    unassigned      YES unset  down                  down
GigabitEthernet0/13    unassigned      YES unset  down                  down
GigabitEthernet0/14    unassigned      YES unset  down                  down
GigabitEthernet0/15    unassigned      YES unset  down                  down
GigabitEthernet0/16    unassigned      YES unset  down                  down
GigabitEthernet0/17    unassigned      YES unset  down                  down
GigabitEthernet0/18    unassigned      YES unset  down                  down
GigabitEthernet0/19    unassigned      YES unset  down                  down
--More--






SW1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

C    192.168.4.0/24 is directly connected, Vlan2
C    192.168.2.0/24 is directly connected, Vlan1

Jon Marshall Sun, 03/28/2010 - 11:42
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

From the PC in vlan 1 can you ping the vlan 2 interface IP address ? If so it strongly suggests firewalling on the PCs.


Jon

Abdullah Net Sun, 03/28/2010 - 11:51
User Badges:

no actually i can not ping another subnet even the interface of the vlan itself. I did trace route and this is what i got...



Here i am in host 2 (192.168.2.10) from vlan 2


C:\Windows\system32>tracert -d 192.168.4.1

Tracing route to 192.168.4.1 over a maximum of 30 hops

  1    <1 ms    <1 ms    <1 ms  192.168.2.1
  2    11 ms    11 ms    11 ms  62.215.127.254
  3    12 ms    11 ms    11 ms  62.215.2.14
  4    16 ms    11 ms    11 ms  62.215.2.90
  5    11 ms    11 ms    11 ms  62.215.2.62
6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
9     *        *        *     Request timed out.
10    *        *        *     Request timed out.


I think my linksys router which is behind the switch is causing the problem.

Jon Marshall Sun, 03/28/2010 - 12:06
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Kevin


Your ip address for vlan 1 on the switch is  192.168.2.5 but in your traceroute the first hop is 192.168.2.1 so the default-gateway on the  PC in vlan 1 is wrong, it should be set to 192.168.1.5.


What is 192.168.2.1 anyway ?


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

Abdullah Net Sun, 03/28/2010 - 12:07
User Badges:

192.168.2.1 is the IP address of my linksys router ( the router behind the switch )

Jon Marshall Sun, 03/28/2010 - 12:10
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

aboodnet650 wrote:


192.168.2.1 is the IP address of my linksys router ( the router behind the switch )


That's why it's not working. Change default-gayeway on PC to 192.168.2.5.


Jon

Abdullah Net Sun, 03/28/2010 - 12:13
User Badges:

I just did that and everything works fine .. i can ping anything i want in my network but when i changed the vlan1 default ip address from 192.168.2.1 to 192.168.2.5 i lost my internet access in vlan 1. why is that?

allan.thomas Sun, 03/28/2010 - 12:08
User Badges:
  • Blue, 1500 points or more

Hi,


From the trace route it appears that the first hop is 192.168.2.1, this suggest that your default-gateway on the pc is the actual address of the internet router and not the vlan interface.  The default-gateway of the pc on subnet 192.168.2.0/24 should the vlan interface address 192.168.2.5, trying changing the address and then try pinging 192.168.4.1.


Regards

Allan.

Abdullah Net Sun, 03/28/2010 - 12:11
User Badges:

I did that and if i changed it to 192.168.2.5 then i won't be able to access the internet.

Correct Answer
allan.thomas Sun, 03/28/2010 - 12:14
User Badges:
  • Blue, 1500 points or more

Hi,


Simply create a default route on the switch in order to point to internet router, such as ip route 0.0.0.0 0.0.0.0 192.168.2.1.  This will ensure any traffic that neither destined for 192.168.2.0/24 or 192.168.4.0/24 will be forwarded to internet router, and from their out to the internet.


Regard

Allan.

Abdullah Net Sun, 03/28/2010 - 12:17
User Badges:

i tried to do that before. i typed ip route 0.0.0.0 0.0.0.0 192.168.2 with no luck..

It does show in running config but it doesn't show in "show ip route"


should i configure the port connecting to my linksys router as a routed port instead of SVI port?

Jon Marshall Sun, 03/28/2010 - 12:21
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

aboodnet650 wrote:


i tried to do that before. i typed ip route 0.0.0.0 0.0.0.0 192.168.2 with no luck..

It does show in running config but it doesn't show in "show ip route"


should i configure the port connecting to my linksys router as a routed port instead of SVI port?


It doesn't need to be a routed port -


so you add "ip route 0.0.0.0 0.0.0.0 192.168.2.1" and it doesn't appear in the routing table ?


Can you post the config of the 3560 and a "sh ip route" from the same device after adding the default-route.


Jon

Abdullah Net Sun, 03/28/2010 - 12:26
User Badges:

I can see it now in the "show ip route" I guess it needs a few sec in order to appear there .. Now everything is working fine .. Thank you so much for your help

Jon Marshall Sun, 03/28/2010 - 12:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

No problem, glad you got it working.


Jon


Cisco are currently donating money to the Haiti earthquake appeal for every rating so please consider rating all helpful posts.

allan.thomas Sun, 03/28/2010 - 12:26
User Badges:
  • Blue, 1500 points or more

The the port on the L3 switch should simply be a normal switchport, and will be in most cases in the default vlan 1.  So if you add the default-route to 192.168.2.1 it should appear in the routing table as it locally connected with the same subnet as the SVI.  Please forward the configuration of the switch, and we should hopefully be able to determine whether your issue is, but it would seem that the interface to the internet gateway is misconfigured in some way.


Rgds

Allan.

Abdullah Net Sun, 03/28/2010 - 12:29
User Badges:

Thanks i figured out the problem. I really appreciate your help

allan.thomas Sun, 03/28/2010 - 12:31
User Badges:
  • Blue, 1500 points or more

No problem at all, glad that we were able to help you out.


Regards

Allan.

allan.thomas Sun, 03/28/2010 - 11:47
User Badges:
  • Blue, 1500 points or more

Hi,


From the information that you have provided, it would seem that the information that Jon provide regarding some local Firewall or Anti-Virus software is more than likely restricting ICMP.  The fact of the matter is that the L3 switch is successfully routing between the VLANs as you mentioned that both hosts on either VLAN is able to reach the internet gateway behind the switch which is on 192.168.2.1.


Therefore the host on subnet 192.168.4.0/24 will have to use the local default gateway on the switch in order to reach the internet router, so there should be no reason why the same host cannot reach the host that is on the same subnet as the internet gateway?  Thus some application on the PC is restricting ICMPs.


Regards

Allan

Actions

This Discussion

Related Content