×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Catalyst 3560 SVI - VMs cannot access Internet

Answered Question
Aug 13th, 2012
User Badges:

Hello everyone,


I have 5 SVIs configured for VLAN Interfaces 121-125 for my vSphere environment.


All VMs can ping IPs on all the VLANs (VMs on VLAN 124 can ping VMs on VLAN121)


All VMs, except those on VLAN 124, can access the Internet or even ping my router IP.


If I change one of the VLAN 124 VMs to use a different VLAN, and update the addressing appropriately, it can access the Internet.


The problem is exhibited with Windows and Linux VMs.  So, I believe something in my switch setup is the problem with VLAN 124 in particular.


If i do a show vlan brief, VLAN 124 is listed.


If I do a show ip int brief, VLAN 124 is listed as up\up.  I also tried to shut\no shut the VLAN 124 interface.


Has anyone encountered a similar problem where one specific VLAN has connectivity problems?


My topology is Catalyst 3560 to home router to Internet.


Here is my IOS image: c3560-ipservicesk9-mz.122-55.SE6.bin


Here is my show run output:

3560_02#sh run

Building configuration...



Current configuration : 5900 bytes

!

version 12.2

service config

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname 3560_02

!

boot-start-marker

boot-end-marker

aaa new-model

!

!

aaa session-id common

system mtu routing 1600

vtp interface lo0 only

authentication mac-move permit

ip routing

ip domain-name test.com

!

!

ip multicast-routing distributed

ip igmp snooping querier address 192.168.120.254

!

!

interface Loopback0

ip address 11.1.1.11 255.255.255.0

!

interface Port-channel1

switchport access vlan 121

switchport mode access

!

interface FastEthernet0/17

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/18

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/19

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/20

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,120-125

switchport mode trunk

!

interface FastEthernet0/29

switchport access vlan 122

switchport mode access

!

interface FastEthernet0/30

switchport access vlan 122

switchport mode access

!

interface FastEthernet0/31

switchport trunk encapsulation dot1q

switchport trunk allowed vlan 1,121-125

switchport mode trunk

!

interface FastEthernet0/33

switchport access vlan 121

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

interface FastEthernet0/34

switchport access vlan 121

switchport mode access

channel-protocol lacp

channel-group 1 mode active

!

interface GigabitEthernet0/4

no switchport

ip address 10.66.95.254 255.255.255.0

!

interface Vlan1

no ip address

shutdown

!

interface Vlan120

ip address 192.168.120.254 255.255.255.0

ip pim sparse-dense-mode

!        

interface Vlan121

ip address 192.168.121.254 255.255.255.0

!

interface Vlan122

ip address 192.168.122.254 255.255.255.0

!

interface Vlan123

ip address 192.168.123.254 255.255.255.0

!

interface Vlan124

ip address 192.168.124.254 255.255.255.0

!

interface Vlan125

ip address 192.168.125.254 255.255.255.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.66.95.194

ip http server

ip http secure-server

!

ip pim ssm default

!

ip sla enable reaction-alerts

!

end

Correct Answer by rsimoni about 5 years 1 week ago

Hi Trevor,


what you describe does not seem to be a switch issue.


Check first of all your default gateway routing (if it knows the route back to vlan 124) on 10.66.95.194.


If you have firewalls in between make sure they have the correct configuration.


Also, can the switch ping any address in the Internet sourcing from SVI 124 - 192.168.124.254?


Riccardo

Correct Answer by cadet alain about 5 years 1 week ago

Hi,


Can any of the VMs in vlan 124 ping  10.66.95.254 ?

Can you also provide the config from the router


Regards.


Alain


Don't forget to rate helpful posts.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Correct Answer
cadet alain Mon, 08/13/2012 - 02:19
User Badges:
  • Purple, 4500 points or more

Hi,


Can any of the VMs in vlan 124 ping  10.66.95.254 ?

Can you also provide the config from the router


Regards.


Alain


Don't forget to rate helpful posts.

Correct Answer
rsimoni Mon, 08/13/2012 - 02:24
User Badges:
  • Cisco Employee,

Hi Trevor,


what you describe does not seem to be a switch issue.


Check first of all your default gateway routing (if it knows the route back to vlan 124) on 10.66.95.194.


If you have firewalls in between make sure they have the correct configuration.


Also, can the switch ping any address in the Internet sourcing from SVI 124 - 192.168.124.254?


Riccardo

Trevor Roberts Jr Mon, 08/13/2012 - 02:38
User Badges:

Thank you gentlemen!


I forgot to go back to the basics.


Since the home router is Linksys and there's no routing protocol, I forgot that I had to manually add static routes for the earlier VLANs that I had setup.


After adding the static route for this VLAN, I am able to get out.


Best regards,

Trevor

rsimoni Mon, 08/13/2012 - 02:48
User Badges:
  • Cisco Employee,

sometime that happens...

this is what the forum can be useful for: help identify what has been overlooked.


Riccardo

Actions

This Discussion

Related Content