Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

routing between vlan with SVI and switch routed port

Hi,

I have a network as shown in attached diagram. I would like to make communication between VLANs using switch. I am able to communicate between the VLANs with SVI, but not to the subnet connected through routed port.

Can any one know how to correct the same.

the config on switch is as follows :

==========================================

sw1#sh run
Building configuration...
Current configuration : 7206 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname xxxxxxxxxxxxx
!
enable secret 5 $1$QQqC$sd%JPYiadWIZ22yUZXNlE6NH0
enable password xxxxxxxxxxxx
!
username xxxxxxx privilege 15 password 0 %#$729E93$2@
aaa new-model
aaa authentication login default local
!
aaa session-id common
switch 1 provision ws-c3750-24ts
vtp domain den1
vtp mode transparent
ip subnet-zero
ip routing
!
ip dhcp pool DHCP-SERVERS
network 192.168.1.0 255.255.255.0
default-router 192.168.1.1
dns-server 61.88.88.88 4.2.2.2
!
!
!
!
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
vlan 10
!
vlan 20

!
!
!
interface FastEthernet1/0/10
switchport mode access
switchport access vlan 20
!
interface FastEthernet1/0/11
switchport mode access
switchport access vlan 20
!
interface FastEthernet1/0/12
switchport mode access
switchport access vlan 20
!
interface FastEthernet1/0/20
description [routed Port]
no switchport
ip address 10.10.6.254 255.255.255.0
logging event status
!

interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
ip address dhcp
!
interface Vlan10
ip address 10.10.4.254 255.255.255.0
!
!
interface Vlan20
ip address 192.168.1.1 255.255.255.0
no ip unreachables
no ip proxy-arp
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.4.1
ip route 10.10.7.0 255.255.255.0 10.10.6.1

ip http server
ip http secure-server
!
================================================== =======================
Response on PC (192.168.1.0 Subnet when pinging to subnet connected to routed port)

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\Administrator>tracert 10.10.6.1
Tracing route to 10.10.6.1 over a maximum of 30 hops
1 <1 ms <1 ms <1 ms 192.168.1.1
2 * * * Request timed out.
3 * * * Request timed out.
4 * * * Request timed out.
5 * * * Request timed out.
6 * * * Request timed out.
7 * * * Request timed out.
8 * * * Request timed out.
9 ^C
C:\Documents and Settings\Administrator>

I am able to ping routed port IP 10.10.6.254 but not 10.10.6.1 or 10.10.7.1


Sandip

1 ACCEPTED SOLUTION

Accepted Solutions
Silver

Re: routing between vlan with SVI and switch routed port

I would suspect that R2 dosn't have a route back to SW1.  If you exectute a 'show ip route 192.168.1.1' on R2 do you see a next hop of 10.10.6.254?



Chris

3 REPLIES
Silver

Re: routing between vlan with SVI and switch routed port

I would suspect that R2 dosn't have a route back to SW1.  If you exectute a 'show ip route 192.168.1.1' on R2 do you see a next hop of 10.10.6.254?



Chris

New Member

Re: routing between vlan with SVI and switch routed port

Hi,

Thanks for pointing that out.

Till the time I could check that,

Is there any way to look into switch(any debug command) to ensure that the routing from VLAN 192.168.1.0 to the subnet (10.10.6.0/24) connected on routed port happens when ping command(to 10.10.6.1) from PC initiated?

Regards,
Sandip

Silver

Re: routing between vlan with SVI and switch routed port

A 'show ip route 10.10.6.1' should reveal the egress interface.  I'm fond of netflow but that feature isn't supported on the 3750.

You could use a 'debup ip packet' with an ACL.  something like this:

access-list 1 permit 10.10.6.1

debug ip packet 1 detail

Keep in mind this will only evaluate packets originated or destined to the network device; not traffic passing through the device.  This command is very useful in a lab and is conducive to learning.  This command is dangerous in production and can crash a network device.


Chris

605
Views
0
Helpful
3
Replies