cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
738
Views
0
Helpful
8
Replies

Vlan routing issue

Zebedee007
Level 1
Level 1

Hi experts,

I have a small problem I am hoping someone can help with.

A little background on the network - Core is a Stack of 3 3750's with a number of 3560's in remote area's and 2960's as access switches.

I have approximately 15 vlans configured on our network, most of them are configured for inter-vlan routing.

The problem I have is one Vlan (503 - Inter Vlan Routing) is un-pingable from a pc with DHCP address, it is fine with a fixed IP address from the same range as the fixed IP (different network from the Vlan503), this is the only Vlan I have had any issue's with.

The only device on this Vlan is a travelling NAS box with fixed IP address - hence setting up the Vlan at the factory so we can plug in and just download the data, however this is getting very annoying as I have to go round and give people a fixrd IP addresses.

Can anyone give me any advice on this issue?

Many thanks,

Zeb.

8 Replies 8

Few questions to understand the problem better..

1. What device are you trying to ping? which subnet is the destination device?

2. Can you pls share your running config (excluding sensitive information) ?

3. you said when assigned a static ip it works fine??

-Swaminathan

Thanks for your reply.

1. The device is a NAS box - it is on a 10.1.102.224 255.255.255.224 network (IP address - 10.1.102.225)

2. See running config below (sanitised)

3. That is a correct - a static IP from the production lan works fine, a dhcp address from the production lan does not ping the NAS...

!
version 15.0
no service pad
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service sequence-numbers
!
hostname SW-CORE
!
boot-start-marker
boot-end-marker
!
!
logging console warnings
logging monitor warnings
enable secret level 2 5 ***********
enable secret 5 **********!
username user1 privilege 15 secret 5 **********

username user2t privilege 2 secret 5 *********
aaa new-model
!
!
aaa group server radius SERVER
server 192.168.50.82
!
aaa authentication login default local
aaa authentication login SERVER group radius group CONSOLE local
!
!
!
!
!
aaa session-id common
clock timezone gmt 0 0
switch 1 provision ws-c3750g-48ts
switch 2 provision ws-c3750g-48ts
switch 3 provision ws-c3750g-48ts
system mtu routing 1500
udld aggressive

ip routing
ip domain-name domain.local
ip name-server 192.168.50.72
ip name-server 192.168.50.82
!
ip dhcp excluded-address 192.168.57.1 192.168.57.20
!
ip dhcp pool Vlan2
   network 192.168.57.0 255.255.255.0
   domain-name domain.local
   dns-server 192.168.112.210 192.168.2.220
   default-router 192.168.57.1
!
!
ip multicast-routing distributed
ip igmp snooping vlan 1 immediate-leave
ip igmp snooping vlan 10 immediate-leave
login block-for 300 attempts 3 within 60
login delay 10
login on-failure log
login on-success log
!
mls qos
!

!
!
!
errdisable recovery cause bpduguard
errdisable recovery cause link-flap
errdisable recovery cause psecure-violation
errdisable recovery interval 60
port-channel load-balance src-ip
archive
log config
  logging enable
  notify syslog contenttype plaintext
  hidekeys
path ftp://SERVER/$h
write-memory
!
spanning-tree mode rapid-pvst
spanning-tree loopguard default
spanning-tree logging
spanning-tree portfast bpduguard default
spanning-tree extend system-id
spanning-tree vlan 1-4094 priority 0
!
vlan internal allocation policy ascending
!
ip ftp username ftp_username
ip ftp password 7 ************

ip ssh version 1
!
!
!
!
macro name access_port
switchport mode access
switchport port-security
switchport port-security maximum 5
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security violation restrict
spanning-tree portfast
spanning-tree bpduguard enable
no shutdown
no switchport access vlan 666
no macro description
@
macro name clear_port
no des
no switchport port-security
no switchport port-security maximum
no switchport port-security aging time
no switchport port-security aging type
no switchport port-security violation
no switchport port-security mac-address sticky
no spanning-tree bpduguard enable
no spanning-tree portfast
no switchport mode access
no switchport access vlan
no switchport voice vlan 2
no switchport mode trunk
shutdown
switchport access vlan 666
no macro description
@
macro name server_port
switchport mode access
spanning-tree portfast
spanning-tree bpduguard enable
no shutdown
no switchport access vlan 666
no macro description
@
macro name printer_port
description Printer Port
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security aging time 60
switchport port-security aging type inactivity
switchport port-security violation shutdown
spanning-tree portfast
spanning-tree bpduguard enable
no shutdown
no switchport access vlan 666
switchport access vlan 3
no macro description
@
macro name voip_port
des VOIP Port
no switchport access vlan 666
switchport mode access
switchport access vlan 2
spanning-tree portfast
spanning-tree bpduguard enable
no shutdown
no macro description
@
!
!
interface Port-channel1
description Server Team PortChannel
switchport access vlan 321
switchport mode access
!

!
interface Vlan1
description Production
ip address 192.168.50.13 255.255.248.0
ip pim sparse-dense-mode
!
interface Vlan2
description P2_Vlan
ip address 192.168.57.1 255.255.255.0
!
interface Vlan3
description P1_Vlan
ip address 192.168.56.1 255.255.255.0
!
interface Vlan10
description E1_Vlan
ip address 192.168.0.1 255.255.255.0
ip pim sparse-dense-mode
!
interface Vlan11
description F1_Vlan
ip address 10.11.0.1 255.255.255.240
ip helper-address 192.168.50.72
ip helper-address 192.168.50.82
!
interface Vlan102
description T1_Vlan
ip address 192.168.102.254 255.255.255.0
shutdown
!
interface Vlan321
description S1_Vlan
ip address 10.0.0.1 255.255.255.192
ip helper-address 192.168.50.72
ip helper-address 192.168.50.82
!
interface Vlan501
description M1_Vlan
ip address 172.31.0.1 255.255.255.224
!
interface Vlan503
description PROBLEM_Vlan
ip address 10.1.102.254 255.255.255.224
!
ip default-gateway 192.168.50.13
no ip http server
ip http secure-server
!
!
ip pim send-rp-announce Vlan10 scope 255
ip pim send-rp-discovery scope 255
ip route 0.0.0.0 0.0.0.0 192.168.50.31
ip route 10.20.30.0 255.255.255.0 192.168.50.31
ip route 10.255.255.248 255.255.255.248 192.168.50.31
ip route 192.168.48.0 255.255.248.0 10.20.30.1
!
!
ip sla enable reaction-alerts
kron occurrence ArchiveConfig at 1:30 recurring
policy-list ArchiveConfig
!
kron occurrence RunningConfig at 1:00 recurring
policy-list RunningConfig
!
kron policy-list KRONLIST
cli event manager run VLANDOWN
!
kron policy-list ArchiveConfig
cli show archive log config all | redirect ftp://SERVER/ArchiveConfig.log
!
kron policy-list RunningConfig
cli more system:running-config | redirect ftp://SERVER/RunningConfig
!
logging esm config
no logging trap
access-list 50 remark Permit MY_SERVER
access-list 50 permit 10.0.0.62 log
!
snmp-server community public RO 50
snmp ifmib ifindex persist
radius-server host 192.168.50.82 key 7 ************
radius-server timeout 3
!
!
!
!
line con 0
session-timeout 10
logging synchronous
line vty 0 4
session-timeout 10
logging synchronous
login authentication SERVER
transport input ssh
line vty 5 15
session-timeout 10
logging synchronous
login authentication SERVER
transport input ssh
!
ntp server 192.168.50.72
event manager environment _Email_Server smtp.net

event manager environment _Email_To me@company.com
event manager environment _Email_From uk-sw-core@company.com
event manager applet VLANDOWN
event none
action 1.0 cli command "enable"
action 1.1 cli command "conf t"
action 1.2 cli command "int vlan102"
action 1.3 cli command "shutdown"
action 1.4 syslog msg "Interface Down!"
event manager applet ConfigChange
event syslog pattern ".*%SYS-5-CONFIG_I.*"
action 1.0 info type routername
action 1.1 cli command "enable"
action 1.2 cli command "show archive log config all"
action 1.3 mail server "$_Email_Server" to "$_Email_To" from "$_Email_From" subject "Config Change: $_info_routername" body "$_cli_result"
action 1.4 cli command "clear archive log config force"
event manager applet SystemRestart
event syslog pattern ".*%SYS-5-RESTART:*"
action 1.0 info type routername
action 1.1 mail server "$_Email_Server" to "$_Email_To" from "$_Email_From" subject "System Restarted --" body "System Restarted -- $_info_routername"
!
end

Thanks for sharing the running config.

but however i dont see dhcp configured on vlan 503.. atleast i dont see the ip helper address configured under the SVI.

so i doubt if the PC's connected to this vlan would be getting an address thorugh dhcp

or am i missing something here?

-Swaminathan.

Hi,

There is no DHCP server on Vlan 503 as the machines that connect to Vlan 503 are on the Production Vlan (Vlan 1)

A pc with a static IP address from Vlan 1 can ping the NAS box on Vlan 503, but a DHCP pc on Vlan 1 cannot ping the NAS box on Vlan 503.

When doing a traceroute from the pc with DHCP it times out after the Core's IP address.

Zeb.

What is the static IP that you assing when you are able to ping the NAS Box on Vlan 503?

does your PC get IP from the same subnet when assigned via dhcp?

-Swaminathan.

Vlan 1 IP range is 192.168.48.1 - 192.168.55.254 /21 mask

I used static IP of 192.168.50.35

The DCHP range is 192.168.51.1 - 192.168.52.254, yes they are both on the same subnet.

This issue is only a problem for this one Vlan, all my other Vlan's are all routing etc without any issues.

Zeb.

Thanks for providing the details.

when your PC in vlan1 gets an IP through DHCP, can you pls check the follwing.

1. Are you able to ping the default gateway of VLan1 with the acquired IP?

2. Can you ping the default gateway of the Vlan 503 from the PC?

3. From the NAS Box, can you ping the default gateway of Vlan 1?

-Swaminathan.

1. Yes, as they are on the same subnet, so np problems there.

2. Yes, with a static IP and a DHCP IP from Vlan 1

3. The NAS box has no ability to ping

Zeb.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: