Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can not able to ping remote address via desktop.

hello,

i am trying to ping 172.16.0.250 address from my desktop located in vlan 10.

i can able to ping 172.16.0.250 from my L3 switch but not able to ping from my desktop belong to vlan 10.

we have assing 172.16.0.254 ip to one interface fa 0/48.

dekstop can able to ping 172.16.0.254  this ip.

pasting running config

CTC_L3#show run

Building configuration...

Current configuration : 4357 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname CTC_L3

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

!

!

!

crypto pki trustpoint TP-self-signed-2873386624

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2873386624

revocation-check none

rsakeypair TP-self-signed-2873386624

!

!

crypto pki certificate chain TP-self-signed-2873386624

  quit

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

switchport mode access

!

interface FastEthernet0/3

switchport access vlan 8

switchport mode access

!

interface FastEthernet0/4

!

interface FastEthernet0/5

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

no switchport

ip address 172.16.0.254 255.255.248.0

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

no ip address

ip directed-broadcast 1

!

interface Vlan8

ip address 172.16.8.1 255.255.254.0

!

interface Vlan9

ip address 192.168.9.1 255.255.255.0

!

interface Vlan10

ip address 172.16.10.1 255.255.254.0

!

ip default-gateway 172.16.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

ip http server

ip http secure-server

!

!

control-plane

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

CTC_L3#$

your help is highly appriciated.

26 REPLIES

Can not able to ping remote address via desktop.

Is this desktop directly connected to this switch and if so is it on port Fa0/5. That appears to be the only port that is on vlan 10 on this switch. Can you ping your default gateway which I'm assuming is 172.16.10.1?

New Member

Can not able to ping remote address via desktop.

thanks for your reply, yes desktop is directally connected to the switch. i can able to ping my default gateway. as well as other computer in vlan 10.

from switch console i can able to ping 172.16.0.11 but from desktop. i cannot ping this host.

L3->172.16.0.254 (fa0/48)->172.16.0.11 succesfully ping 172.16.0.11 is connected to plane switch

Desktop (vlan)->default gateway(succesffull)-> 172.16.0.11 (fail)

your responce is highly appriciated

Can not able to ping remote address via desktop.

So just to clarify, the desktop is on VLAN 10? I see the following configuration for VLAN 10.

interface Vlan10

ip address 172.16.10.1 255.255.254.0

Is this desktop statically configured or does it get its IP configuration from DHCP?

Can not able to ping remote address via desktop.

ip default-gateway 172.16.0.250

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

Your default route is to 172.16.0.250. If you look at your routing table the following networks go es to 172.16.0.250.

172.16.0.11/32

192.168.11.0/24

0.0.0.0/0

Notice that you have a /32 route for 172.16.0.250/32 going to Fa0/48

So your default route and default gateway are going to Fa0/48.

Since everything is going to 172.16.0.250 why not just leave the default route going to 172.16.0.250. But if it's just

going to Fa0/48 its going to die at that switch.

New Member

Can not able to ping remote address via desktop.

Thanks John for reply,

since we are going to implement layer 2 and layer 3 switched in our network. we have buy layer 3 switch. all our existing network are working in 172.16.0.0/255.255.248.0 subnet. since our branches are located diffrent location we have decided to implement network one by one.

here u can see i have created a vlan. as of now all client are going throug a firewall having IP address 172.16.0.250 for internet access.

i have given 172.16.0.254 ip to fa0/48. fa0/48 is directally connected to a plane switch and plane switch is connected to 172.16.0.250(firewall interface).

please correct me if i'm making some mistake.

i have remove below mention route

ip route 172.16.0.11 255.255.255.255 172.16.0.250

ip route 172.16.0.250 255.255.255.255 FastEthernet0/48

ip route 192.168.11.0 255.255.255.0 172.16.0.250

only available route is

ip route 0.0.0.0 0.0.0.0 172.16.0.250(all unknow traffic passed from this address)

since from switch i can able to ping my all network computer as well as branches (192.168.x.x). i guess this is fine but there is something went wrong which is not allowing vlan computer to use fa0/48 to send traffic outside (may be some broadcast preventing mechanism)

yes all computer IPs are manually configure.

do it need some kind of reverce route?

thanks once again.

Can not able to ping remote address via desktop.

Alright, I'm getting confused here. Can you give me a little ASCII diagram of this setup?

Also, "not allowing vlan computer) to send traffic outside? Is it able to communicate to anything outside

of its local network or is it just not using that specific IP to access the outside? What is the VLAN os this desktop that can send traffic outside (VLAN number and network).

New Member

Can not able to ping remote address via desktop.

Here we go,

pc1 belong to vlan 8 ip 172.16.8.2 (vlan 8 ip 172.16.8.1)

pc2 belong to vlan 10 ip 172.16.10.2 (vlan 10 ip 172.16.10.1)

ping from pc1 to pc2 --ok

ping from l3 to FW (172.16.0.250) and pc3 (172.16.0.11)-- ok

ping from pc1 to fw and pc3 not working.

ping from pc2 to fw and pc3 not working.

since i dont have diagram tool available with me. i am sending you a raw digaram hop this will help.

thanks

New Member

Can not able to ping remote address via desktop.

please lee me know incase any other info needed.

Can not able to ping remote address via desktop.

Hi,

see vlan 8 and vlan 10 are in the same switch so intervlan routing is happening and its pinging. but the vlan at the other switch you are not able to ping because you have connected the switch1 (valn 8 & 10) to switch 2 using a routed interface. Also you have pointed defailt route as a firewall interface ip. So when you ping to  172.16.0.11 it will go to firewall and get dropped.  You can remove that routed interface f0/48 and connect

New Member

Can not able to ping remote address via desktop.

Sorry for confussion, 

port fa0/48 having ip address 172.16.0.254 belong to vlan 1

pc3 ip address is 172.16.0.11

fw ip address is 172.16.0.250

please let me know in case any other info needed.

Can not able to ping remote address via desktop.

On the Plane switch are their routes going back to the L3 switch? P1 and PC2 can communicate, which suggests that their is bi-directioanl inter-vlan communication. But the failure seems to be in bi-directioan communication from L2 to Plane switch.

New Member

Can not able to ping remote address via desktop.

Hello John,

if i'm not making mistake than plan switch boradcast the traffic. i have tryied to ping 172.16.0.254 which is fa0/48 ip from 172.16.0.11and it is working.

i guess we cannot defing route from plan switch to L3 switch.

Can not able to ping remote address via desktop.

On the VLAN1 interface, try putting the IP address that is associated with Fa0/48 on it. Do a 'no ip address on Fa0/48 and see what happens. Once that is done, ping 172.16.0.250 with a source of 172.16.0.254.

Can not able to ping remote address via desktop.

The IP which you try to ping is not in the broadcast domain. It will be forwarded to the default route defined in the switch and then it will get dropped. You are able to ping the Ip address which is assigned in fa0/48 of l3 switch from that PC because that was present in the broadcast domain of the plain l2 switch. For this you need to the same vlan subnet created on the l3 switch and advertised to have the intervlan routing happen. Else the packet will get forwarded to the default route and the firewall/router drops the packet.

New Member

Can not able to ping remote address via desktop.

Thanks guys for reply,

as per above post, i have created vlan same as my existing network (172.16.0.0/255.255.248.0) named vlan 1.

host belong to vlan 1 can able to ping my other host available in my existing networkk connected to plane switch.

but the host from vlan 8 and vlan 10 are not able to ping host available in my plane network. they can only able to ping the host of vlan 1 available in my l3 switch.

at the end of the day i need default route pointing to my firewall 172.16.0.250 for connecting to branches and internet.

the question is how do i advertised to have the intervlan routing???

i have already enable intervlan routing using ip routing command in layer 3 switch.

the excisting configuration is as below.

Press RETURN to get started.

Switch>

Switch>

Switch>en

Switch#show run

Building configuration...

Current configuration : 4115 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

!

!

!

crypto pki trustpoint TP-self-signed-2873386624

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2873386624

revocation-check none

rsakeypair TP-self-signed-2873386624

!

!

crypto pki certificate chain TP-self-signed-2873386624

  quit

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

no switchport

no ip address

!

interface FastEthernet0/46

switchport mode access

!

interface FastEthernet0/47

switchport access vlan 8

switchport mode access

!

interface FastEthernet0/48

switchport access vlan 10

switchport mode access

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

ip address 172.16.0.254 255.255.248.0

!

interface Vlan8

ip address 172.16.8.1 255.255.254.0

!

interface Vlan10

ip address 172.16.10.1 255.255.254.0

!

ip classless

ip route 0.0.0.0 0.0.0.0 172.16.0.250

ip route 192.168.11.0 255.255.255.0 172.16.0.250

ip http server

ip http secure-server

!

!

control-plane

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

thanks

Can not able to ping remote address via desktop.

I would do the following.

L2(Switch) ---> L3(Switch) ---> Firewall ---> Internet

Have the link between the L2 switch and L3 switch be a trunk carrying the vlans you need or all, doesn't matter.

Make sure to specify who ports belong to which vlan on the L2 switch. I would then setup L3 intervlan routing on the

L3 switch. That way traffic will flow via L2, to the Default Gateway on the L3 switch, then following routing to specified

vlans or hit the default route and go out to the Internet. You're traffic flow, troubleshooting, and everything else will be

must easier.

New Member

Can not able to ping remote address via desktop.

Thanks John,

yes i aggreed with you this is a ideal solution is to have network like

L2(Switch) ---> L3(Switch) ---> Firewall ---> Internet

but in my case i dont have sufficient resources to put aal netwrok computers in a vlan. so i am trying to separate atlease one network. so in future slowally i can migrate the other one also.

can we do something like this

what ever host not available in L3. destination to those address will broadcast to interface connected to  plane switch.

or

some sort of source and destination based routing.

as of now from layer3 switch i can ping to all devices but from vlan 8 and vlan 10 it fail.

Can not able to ping remote address via desktop.

I keep forgetting you have a plain L2 switch. Well the L2 plain switch, is currently only in one broadcast domain which is 172.16.0.0/28. You have bi-directional intervlan communication of your vlans on the L3 switch, and you have 172.16.0.254 on the VLAN1 interface. You know that the switch can ping the firewall and other hosts on the L2 switch. Now, if the host on 172.16.0.0/28 network wants to communicate with a host on one of the vlans on the L3 switch, it will go to its default gateway which if it's 172.16.0.254, it should work. Because, it should have directly connected networks for the specific vlans that are terminated on that L3 switch.

New Member

Can not able to ping remote address via desktop.

soryy for confusion, my firewall ip add ress is 172.16.0.250 . my internal network 172.16.0.0/21 using firewall interface as an default gateway to send traffic outside (internet and branches). in above case i have to change gatway of my all client computer and server. in that case also traffic to internet will not pass becoase we will make 172.16.0.254 as our new default gateway.

please correct me incase i;m making some mistake.

Can not able to ping remote address via desktop.

Well if traffic from hosts on the L3 switch, reach the DR out 172.16.0.250(Firewall IP), and goes out on the internet, and then comes back, the L2 switch isn't going to have a route back to any of the networks on the L2 switch. The reason that it's working fine for hosts on 172.16.0.250 is, that switch is on that directly connected network(same vlan) will work fine.

New Member

Can not able to ping remote address via desktop.

thans John,

i have put route on my firewall to route a traffic having destination to vlan 8 should be point to my vlan 1.

plane switch client->gateway 172.16.0.250(firewall interface)->destination 172.16.8.0/23 (vlan 8 in L3)->forward to 172.16.0.254/21 (vlan 1 ip on L3)

using this i can not able to ping vlan 8 (172.16.8.1/23) but only problem is that i cannot able to ping the client connetce to vlan 8 (172.16.8.2/23)

any suggestion??

New Member

Can not able to ping remote address via desktop.

Switch#show run

Building configuration...

Current configuration : 2335 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

ip routing

!

!

!

!

!

!

!

!

!

!

spanning-tree mode pvst

spanning-tree etherchannel guard misconfig

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

switchport mode access

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

switchport access vlan 8

switchport mode access

!

interface FastEthernet0/9

!

interface FastEthernet0/10

switchport access vlan 10

switchport mode access

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface FastEthernet0/25

!

interface FastEthernet0/26

!

interface FastEthernet0/27

!

interface FastEthernet0/28

!

interface FastEthernet0/29

!

interface FastEthernet0/30

!

interface FastEthernet0/31

!

interface FastEthernet0/32

!

interface FastEthernet0/33

!

interface FastEthernet0/34

!

interface FastEthernet0/35

!

interface FastEthernet0/36

!

interface FastEthernet0/37

!

interface FastEthernet0/38

!

interface FastEthernet0/39

!

interface FastEthernet0/40

!

interface FastEthernet0/41

!

interface FastEthernet0/42

!

interface FastEthernet0/43

!

interface FastEthernet0/44

!

interface FastEthernet0/45

!

interface FastEthernet0/46

!

interface FastEthernet0/47

!

interface FastEthernet0/48

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface GigabitEthernet0/3

!

interface GigabitEthernet0/4

!

interface Vlan1

ip address 172.16.0.254 255.255.248.0

!

interface Vlan8

ip address 172.16.8.1 255.255.254.0

!

interface Vlan10

ip address 172.16.10.1 255.255.254.0

!

ip classless

ip http server

ip http secure-server

!

!

control-plane

!

!

line con 0

line vty 5 15

!

end

Switch#

-----------------------------------------------------

Switch#show ip route

Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP

       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

       E1 - OSPF external type 1, E2 - OSPF external type 2

       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2

       ia - IS-IS inter area, * - candidate default, U - per-user static route

       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     172.16.0.0/16 is variably subnetted, 2 subnets, 2 masks

C       172.16.8.0/23 is directly connected, Vlan8

C       172.16.0.0/21 is directly connected, Vlan1

Switch#

Can not able to ping remote address via desktop.

I don't think you're going to have to much luck considering that the L2 switch can't do routing. Is the Plain switch a unmanaged dumb switch?

New Member

Can not able to ping remote address via desktop.

as of now i am not considering to do routing using l2 here i am using l3 switch.

we lan created on l3 once evey think is fine to extend the number of host i will connect l2 with l3 as a trunk.

as of now all host are conneted to the l3.

yes the plane switch is un managebale switch.

New Member

Can not able to ping remote address via desktop.

Hello,

This is to inform you that i have manage to fix the problem.

After doing routing on my firewall destination to newlaly cretaed vlan. i can manager to ping gateway of vlan.

since the interface is directally connected with firewall vlan interface is pinging.

for desktop connected to vlan i have creted a filter rule in firewall. after that its working fine..

we can able to ping all rdevices from both direction.

Thanks

Can not able to ping remote address via desktop.

I'm glad to hear it dipak. Getting it to work is always a good thing

Have a good one!

1086
Views
0
Helpful
26
Replies
CreatePlease login to create content