07-06-2012 02:48 AM - edited 03-07-2019 07:37 AM
Hello,
A few days ago this was working properly, but I must have changed some things that adjusted some settings because I am unable to ping between 2 devices that are on the same switch, in the same network, in the same VLAN.
I am able to ping to the VLAN interface on the switch.
This is my configuration (Catalyst 3560 Layer 3 switch):
ALGSWI01#show vlan
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/3, Gi0/4, Gi0/7, Gi0/9
Gi0/15, Gi0/16, Gi0/19, Gi0/21
Gi0/23
11 MES_HMI active Gi0/1, Gi0/2, Gi0/8, Gi0/10
Gi0/12, Gi0/13, Gi0/14, Gi0/20
Gi0/22, Gi0/24
12 CONTROL_TA active
13 CONTROL_TC active
14 VM_MGMNT active Gi0/5, Gi0/6, Gi0/17, Gi0/18
ALGSWI01#show running interface vlan 11
Building configuration...
Current configuration : 66 bytes
!
interface Vlan11
ip address 192.168.100.1 255.255.255.224
end
device connected: 192.168.100.10 255.255.255.224 DG 192.168.100.1
ALGSWI01#show int g0/8 switchport
Name: Gi0/8
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 11 (MES_HMI)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
device connected: 192.168.100.11 255.255.255.224 DG 192.168.100.1
ALGSWI01#show int g0/12 switchport
Name: Gi0/12
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: negotiate
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 11 (MES_HMI)
Trunking Native Mode VLAN: 1 (default)
Administrative Native VLAN tagging: enabled
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk Native VLAN tagging: enabled
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk associations: none
Administrative private-vlan trunk mappings: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Unknown unicast blocked: disabled
Unknown multicast blocked: disabled
Appliance trust: none
test:
on device 192.168.100.10
ping 192.168.100.1 = OK
ping 192.168.100.11 = request timed out
on device 192.168.100.11
ping 192.168.100.1 = OK
ping 192.168.100.10 = request timed out
What am I doing wrong? I have no idea?
Need any additional information?
Thanks a lot!
Best Regards,
Joris
Solved! Go to Solution.
07-06-2012 02:59 AM
Hello Joris,
no private vlans are configured and no VACL is applied to the SVI vlan 11.
the first steps to troubleshoot are to check if the switch has ARP entries for both the hosts
on switch
show ip arp 192.168.100.10
show ip arp 192.168.100.11
an entry for 192.168.100.10 should exist because ping between this host and SVI works well.
For the second host if you get an answer compare the reported MAC address with the output of
show mac address-table interface gi0/12
( or show mac-address-table interface gi0/12 IOS release dependent)
They should be the same.
If you have an ARP entry for 192.168.100.11 and the listed MAC address is learned on the right interface gi0/12 the issue may be a firewall running on host 12.168.100.11
if the ARP entry is empty and/or there is no MAC address learned on the port gi0/12 there is an issue you could try to use a shut/no shut cycle of port gi0/12 to see if the behaviour changes
Hope to help
Giuseppe
07-06-2012 02:59 AM
Hello Joris,
no private vlans are configured and no VACL is applied to the SVI vlan 11.
the first steps to troubleshoot are to check if the switch has ARP entries for both the hosts
on switch
show ip arp 192.168.100.10
show ip arp 192.168.100.11
an entry for 192.168.100.10 should exist because ping between this host and SVI works well.
For the second host if you get an answer compare the reported MAC address with the output of
show mac address-table interface gi0/12
( or show mac-address-table interface gi0/12 IOS release dependent)
They should be the same.
If you have an ARP entry for 192.168.100.11 and the listed MAC address is learned on the right interface gi0/12 the issue may be a firewall running on host 12.168.100.11
if the ARP entry is empty and/or there is no MAC address learned on the port gi0/12 there is an issue you could try to use a shut/no shut cycle of port gi0/12 to see if the behaviour changes
Hope to help
Giuseppe
07-06-2012 03:09 AM
Hello Guiseppe,
Thank you for your very usefull help, it was the firewall that was enabled!
Problem solved!
Best Regards,
Joris
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: