08-16-2009 08:37 AM - edited 03-06-2019 07:16 AM
Hi Friends,
I have a testing LAN in my network. The switch i used here is cisco 3560.
i have some vlan in this switch
vlan 10
server vlan
ip 192.168.1.1/24
vlan 20
app Vlan
ip 192.168.2.1/24
vlan1
routing vlan
ip 10.10.10.10/8
i have a link from this switch to the existing network, through an L2 switch connecting to the Router. Router interface IP is 10.10.10.1. On 3560 there is a defaultrote to the router (0 0 10.10.10.1). from this switch every thing is working fine.
Now i added one more switch on the Testing Lan and connecting over fiber to the 3560. The new switch is puley L2 only, not any IP address configured on it. i made a trunk dot1q between these two switches and allowed all vlans on it. From the new switch i am able to ping all the vlan, i can ping 192.168.1.1 and 192.168.2.1 and 10.10.10.10 also but i am not able to ping 10.10.10.1 and vise versa also.
Can any one tell me what could be the possible reason for this?
regards
Jacob
08-16-2009 11:48 AM
Hello Jacob,
>> The new switch is puley L2 only, not any IP address configured on it.
you need an ip source address so you have defined an ip address on it.
you may have a duplicated ip address in vlan1 and device with ip addr 10.10.10.1 may have a different mac address associated to the ip address you have given to the new switch.
you can check this with
sh ip arp x.x.x.x
Hope to help
Giuseppe
08-16-2009 09:01 PM
Hi Giusee,
sorry there was a mistake, i was pinging not from the switch but from the PC that is conneted to the new switch. i was able to ping the SVI IP (192.168.1.1, 2.1, 10.10.10.10) from the PC. But if i tried to ping router IP i was not able to ping, I was reaching up to the connected switch only not going further from there. From the Router i tried to ping the SVI IP's it is pinging but if tried to ping the PC that is connected in the new switch, i was not able to ping.
08-16-2009 01:09 PM
From what ip are you trying to ping 10.10.10.1?
The router 10.10.10.1 needs to have a route to the ip you are pinging it from else it will drop the packet.
08-16-2009 09:05 PM
Hi,
I was pinging from a PC which is connected on the new L2 switch i added. Route is there, i am able to ping the SVI IPs (192.168.1.1 and 192.168.2.1)from the Router.
regards
Jacob
08-16-2009 10:46 PM
What is the PC IP address?
Do a debug ip icmp on the router and ping from the PC the router, post the output
08-16-2009 11:04 PM
Hi,
I was pinging from the PC, IP is 192.168.1.11.
My case is - I have a new L2 switch without any IP address on that, connecting to the 3560 L3 switch over a Trunk. The L3 switch is connecting to the existing network and a default route is there (ip route 0 0 10.10.10.1)pointing to the existing network router. (On L3 - Vlan 1 IP 10.10.10.10 pointing to IP 10.10.10.1, Int fe 0/0 of Router)
The PC 192.168.1.11 is connected to the L2 Switch it is able to ping 10.10.10.10, SVI IP of Vlan 1 on 3560 switch, ideally it should also be able to ping the IP of the router which is 10.10.10.1 and vise versa (router should ping 192.168.1.11) also, router can ping 192.168.1.1 but it is not pinging 192.168.1.11.
Regards
Jacob
08-17-2009 08:11 AM
Hello Jacob,
more clear now but something is still missing
in what vlan is the port of the L2 switch to which the PC is connected?
who owns ip address 192.168.1.1 and in what L2 vlan is associated (it is another SVI on the L3 switch I guess)
You say router can ping 192.168.1.1 verify with
sh ip route 192.168.1.1 on the router where the router thinks to send a packet to that destination.
you can also use traceroute to 192.168.1.1 from the router.
if PC can ping 10.10.10.10 this means it has a correct default gateway.
Hope to help
Giuseppe
08-17-2009 10:22 PM
Hi Giusee,
All the ports on the L2 switch are configured as the memeber of Vlan 10
!
int fa 0/1-48
sw acc vlan 10
!
int gig 0/1 is the dot1q trunk connected to the L3 3560 switch, allowed all vlans(1,10,20).
Below are the SVI IPs and config on L3 switch.
!
int vlan 10
192.168.1.1
!
int vlan 20
192.168.2.1
!
int vlan1
101.10.10.10
Interface config
!
int fa 0/1-23
sw acc vlan 20
!
int vlan fa0/24
des *** connecting to existing network Router via some L2 Switch ***
sw acc vlan 1
!
int gig 0/1
des *** Trunk to New L2 Switch ***
sw mode trunk
sw trunk encap dot1q
sw trunk allowed vlan 1,10,20
!
!
#on L3 3560- the routing default route -
!
ip route 0.0.0.0 0.0.0.0 10.10.10.1
How come the router can ping the Vlan IP but not the PC on that VLAN. How come the PC can ping their gateways and the vlan 1 ip 10.10.10.10 but not the IP of the router 10.10.10.1 ???? default route is there and it is working fine, i can ping from L3 switch.
Am i missing some command here on the L3, ip routing? is that could be the problem ? does it require in this scenario? if yes how i was pinging the vlan ip 192.168.1.1 from the router?
appreciate your input
thanks and regards
Jacob
08-24-2009 07:34 AM
Hi
1st I would say you don't need to truck the 2 switch ports up, if everything is staying in vlan 10, then you could try removing the trunking and placing connecting ports also in vlan 10.
2nd, we really could do with a sh ip route on the router, at the very least a sh ip route 192.168.1.11 on that router.
Thanks
Kev
08-24-2009 10:50 PM
Hello Jacob,
for a successful ping also the return path has to work.
Check on the router if it knows network 192.168.1.0/24 by any means
use
sh ip route 192.168.1.0
if the output says subnet not in table you have found the root cause of your issue.
you may need
Router#
ip route 192.168.1.0 255.255.255.0 10.10.10.10
Hope to help
Giuseppe
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: