Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

unable to access vlan

Hi All,

I have configured different vlans on 6500 for different dept and floor's , all of which are working, just today I created a vlan # 116 and discovered that I cannot ping this particular vlan from the other switch 3650-E in the network which is suppose to have ppl associated to this vlan.

I can see all vlans in this switch including this one and all the other switches in the network are working properly, I can ping other vlan gateways from this switch as well but I cannot ping the gateway of this vlan from any other switch even.

I deleted it , I recreated it , I changed it's IP to another subnet just to test that maybe something is wrong or anything (stupid but I tried this) , I checked the interface and it shows up/up , I can even see in all switches once I delete it and recreate it , vtp revisions are changing in all the switches as I do any change in vlans but for some reason I cannot even ping the gateway of this vlan.

Only one thing which I can do which is when the vlan in up I can ping itself from 6500 but any other switch in the network cannot ping it's gateway.

Any suggestions will be highly appericated.

9 REPLIES
Blue

Re: unable to access vlan

Hi:

Can you clarify the design? The 3560 is a Layer 2 switch that has a trunk connection to the 6500? And on the 6500, you have an SVI configured for that vlan and it is "up,up"? Do you have HSRP configured? Any ACLs? Where are you PINGing from and what are you PINGing?

Can you post the pertinent configs?

Thanks

Community Member

Re: unable to access vlan

Hi lamav,

6509 switch is connected over fiber to 3650-E ,

----------------------------------------------------------

3650-E

interface GigabitEthernet0/49
description Sixth_Floor_VLAN
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 116
switchport mode trunk

VTP Version                     : 2
Configuration Revision          : 45
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 57
VTP Operating Mode              : Client
VTP Domain Name                 : SWITCHES
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x3C 0x2B 0x3A 0xB5 0xE3 0xE2 0x15 0x5F

--------------------------------------------------

6509-E

interface GigabitEthernet1/1
description Sixth Floor Vlan
switchport
switchport trunk encapsulation dot1q
switchport trunk allowed vlan 116
switchport mode trunk

VTP Version                     : 2
Configuration Revision          : 45
Maximum VLANs supported locally : 1005
Number of existing VLANs        : 57
VTP Operating Mode              : Server
VTP Domain Name                 : SWITCHES
VTP Pruning Mode                : Enabled
VTP V2 Mode                     : Enabled
VTP Traps Generation            : Disabled
MD5 digest                      : 0x3C 0x2B 0x3A 0xB5 0xE3 0xE2 0x15 0x5F

------------------------------------------------------------------

All other switches in the network has the same configuration paremeter , also I discovered something new today that if I create any new VLAN I cannot ping it's gateway IP address from any switch in the network although old VLANs are working fine.

no ACL and no HSRP

Community Member

Re: unable to access vlan

Hi,

When you say you are trying to ping vlan 116 IP on 6500 from 3750 I will assume you are pinging from the 3750 CLI. If this is the case the the source IP of that ping will be the management IP for that switch (the 3750). If the 6500 and 3750 share the same management VLAN, icmp request from 3750 will go to 6500 via this VLAN and then the 6500 will have to route traffic from the managment VLAN to VLAN 116 and back.

I see from your configuration below you have a direct trunk link between the 6500 and 3750. If this is the only trunk configuration between these switches, your pings wont work the way you expect. You will need end to end IP connection between these switches for pings to your new VLAN to work from the 3750. Trunk your managment VLAN to these new switches and it should work. 

Finally, when you create new L3 VLANs, you will need to have some access devices present (by configuring access ports for vlan 116 on 3750 or 6500 and connecting a PC to this port) within the newly created VLANs for routes to be dynamically populated on the switch which has VLAN 116 as L3 endpoint. Try using the command, 'show ip int brief' on the 6500. If you see line protocol down, then this is one problem. Also try 'show ip route' and see if the network of the new VLANs you are created are present on the 6500. If the route is missing, create an access port on the 3750-E  or any other switch to which new VLANs are trunked to with some PC connecting to it.

On the other hand if you are trying to ping from a PC within VLAN 116 on 3750 to a PC on a different VLAN you will have to make sure the routes are present on the 6500 for intervlan routing and the VLANs are trunked to respective switchs appropriately.

Let me know how this turns out.

Regards,

Jet

Blue

Re: unable to access vlan

Hi:

I dont see the SVI configs for the vlan on the 6500. I will assume that they exist.

So, make sure of the following:

1. vlan 116 is created on both switches in layer 2. If not, use the command vlan 116 in global configuration mode. You can also name it using the name command.

2. Both trunk ports are in the 'up,up' state.

3. The SVI is in the 'up,up' state.

4. Make sure that the 6500 has a route to the device you are PINGing from. I assume you are pinging from the CLI of the layer 2 switch.

HTH

Victor

Community Member

Re: unable to access vlan

Hi,

Connect a PC with 3750  and put it in vlan 116 assign static IP address of vlan 116 and then try to ping the vlan 116 gateway it will work, if SVI is up.

Thanks/Bhisham

Community Member

Re: unable to access vlan

Please check the trunk configuration between two switches and ensure that new vlan is allowed through trunk

with regards,

Shailesh Hardas

Community Member

Re: unable to access vlan

Just check in the running config of the 3560 if there is a line that says:

no spanning-tree vlan XX, where XX is the vlan number that does not work.

If so first remove a vlan not needed on that 3560 with no spanning-tree YY

Then enter spanning-tree vlan XX

Now it should work

gr Marc

Community Member

Re: unable to access vlan

Just check in the running config of the 3560 if there is a line that says:

no spanning-tree vlan XX, where XX is the vlan number that does not work.

If so first remove a vlan not needed on that 3560 with no spanning-tree YY

Then enter spanning-tree vlan XX

Now it should work

gr Marc

Community Member

Re: unable to access vlan

The 3560 can only use 128 vlans, any number higher and it will enter the line and block some vlans with spanning-tree entries.

1411
Views
0
Helpful
9
Replies
CreatePlease to create content