cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4970
Views
0
Helpful
23
Replies

Wacky Routing issue with VLAN

mbj
Level 1
Level 1

I have a 3825 router that I have setup with the following:

interface GigabitEthernet0/0

no ip address

ip flow ingress

ip flow egress

duplex auto

speed auto

media-type rj45

negotiation auto

no mop enabled

service-policy output MARK-PCOM-VIDEO

end

interface GigabitEthernet0/0.1

description Baraboo, WI LAN$ETH-LAN$

encapsulation dot1Q 1 native

ip address 10.22.10.7 255.255.0.0

ip helper-address 10.22.10.241

no snmp trap link-status

end

interface GigabitEthernet0/0.172

description Baraboo VLAN 172

encapsulation dot1Q 172

ip address 172.22.1.1 255.255.255.0

no snmp trap link-status

end

Its on a trunked port to my 3750 switch. I am new to this compnay and havent changed it over to IP routing on the switch quite yet.

Both Vlans are setup on the 3750 without an SVI. All hosts on VLAN 1 can ping both interfaces without issue.

If I put a host on the 172 VLAN it cannot ping anything on the router. If I put another host on the VLAN they can ping each other. If I put an SVI on switch the 172 VLAN hosts can ping the switch, but still not the router. ONce I put the SVI on the switch, it can no longer ping the  router. I am giving the SVI ip 172.22.1.5/24.

I have verfied with TAC that the trunk is allowing the vlans to the router.

I have been working with TAC. They have asked me to update the code on the switch, but I think they are just punting.

Swith is running:

c3750e-universalk9-mz.122-58.SE2

TAC wants me to go to c3750e-universalk9-tar.122-55.SE5.tar:

Router is running:

c3825-advsecurityk9-mz.124-3i.bin

thoughts?

Also this is my first time posting, so if I left out some info let me know.

1 Accepted Solution

Accepted Solutions

Aaron

Thanks for posting back with the update. I am very glad that you have solved the issue and have shared the solution with us.

If anyone needs it, this is a very good reminder that in troubleshooting what might appear to be a layer 3 routing problem that we need to be very careful to verify layers 1 and 2.

Now perhaps you can mark this question as answered?

HTH

Rick

HTH

Rick

View solution in original post

23 Replies 23

Reza Sharifi
Hall of Fame
Hall of Fame

Hi and welcome to the forum.

From you description above, it appears that the vlan 172 has not been added to the trunk that connects the layer-2 switch (3750) to the router.

can you post "sh run" from the switch?

HTH

The SW and Router are on PORT 10/23

!

! Last configuration change at 16:01:16 UTC Fri Apr 6 2012 by admin

! NVRAM config last updated at 09:01:09 UTC Sat Mar 3 2012 by admin

!

version 12.2

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Cisco3750-a

!

boot-start-marker

boot-end-marker

!

!

logging buffered 200000

no logging console

enable secret 5 $1$6hZG$eouW1LK7ORf0KVsXcQC.A.

!

username admin privilege 15 password 0 2p0wer

no aaa new-model

clock timezone UTC -6 0

clock summer-time UTC recurring

switch 1 provision ws-c3750e-24td

switch 2 provision ws-c3750e-24td

switch 3 provision ws-c3750e-48td

system mtu routing 1500

!

!

!

udld aggressive

!

mls qos map cos-dscp 0 8 16 26 32 46 46 56

!

!

!

spanning-tree mode rapid-pvst

spanning-tree loopguard default

spanning-tree extend system-id

!

!

!

errdisable recovery cause link-flap

errdisable recovery interval 60

!

vlan internal allocation policy ascending

!

!

!

!

!

!

macro global description cisco-global

!

interface Port-channel1

switchport mode access

!

interface Port-channel2

switchport mode access

!

interface Port-channel3

switchport mode access

!

interface Port-channel4

switchport mode access

!

interface Port-channel5

switchport mode access

!

interface FastEthernet0

no ip address

no ip route-cache cef

no ip route-cache

!

interface GigabitEthernet1/0/1

description EthCh1-2960

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/2

description EthCh1-2960

switchport mode access

channel-group 1 mode on

!

interface GigabitEthernet1/0/3

!

interface GigabitEthernet1/0/4

description Polycom RSS

!

interface GigabitEthernet1/0/5

!

interface GigabitEthernet1/0/6

description Polycom CMA

!

interface GigabitEthernet1/0/7

description EthCh2-SANAB0

switchport mode access

channel-group 2 mode on

!

interface GigabitEthernet1/0/8

description EthCh3-SANAB1

switchport mode access

channel-group 3 mode on

!

interface GigabitEthernet1/0/9

description EthCh2-SANAB0

switchport mode access

channel-group 2 mode on

!

interface GigabitEthernet1/0/10

description EthCh3-SANAB1

switchport mode access

channel-group 3 mode on

!

interface GigabitEthernet1/0/11

!

interface GigabitEthernet1/0/12

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/13

!

interface GigabitEthernet1/0/14

!

interface GigabitEthernet1/0/15

!

interface GigabitEthernet1/0/16

!

interface GigabitEthernet1/0/17

!

interface GigabitEthernet1/0/18

!

interface GigabitEthernet1/0/19

!

interface GigabitEthernet1/0/20

!

interface GigabitEthernet1/0/21

!

interface GigabitEthernet1/0/22

!

interface GigabitEthernet1/0/23

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet1/0/24

!

interface GigabitEthernet1/0/25

!

interface GigabitEthernet1/0/26

!

interface GigabitEthernet1/0/27

!

interface GigabitEthernet1/0/28

!

interface TenGigabitEthernet1/0/1

!

interface TenGigabitEthernet1/0/2

!

interface GigabitEthernet2/0/1

!

interface GigabitEthernet2/0/2

!

interface GigabitEthernet2/0/3

!

interface GigabitEthernet2/0/4

switchport access vlan 172

!

interface GigabitEthernet2/0/5

!

interface GigabitEthernet2/0/6

!

interface GigabitEthernet2/0/7

description EthCh4-SANAB2

switchport mode access

channel-group 4 mode on

!

interface GigabitEthernet2/0/8

description EthCh5-SANAB3

switchport mode access

channel-group 5 mode on

!

interface GigabitEthernet2/0/9

description EthCh4-SANAB2

switchport mode access

channel-group 4 mode on

!

interface GigabitEthernet2/0/10

description EthCh5-SANAB3

switchport mode access

channel-group 5 mode on

!

interface GigabitEthernet2/0/11

!

interface GigabitEthernet2/0/12

!

interface GigabitEthernet2/0/13

!

interface GigabitEthernet2/0/14

!

interface GigabitEthernet2/0/15

!

interface GigabitEthernet2/0/16

!

interface GigabitEthernet2/0/17

!

interface GigabitEthernet2/0/18

!

interface GigabitEthernet2/0/19

!

interface GigabitEthernet2/0/20

!

interface GigabitEthernet2/0/21

!

interface GigabitEthernet2/0/22

!

interface GigabitEthernet2/0/23

!

interface GigabitEthernet2/0/24

!

interface GigabitEthernet2/0/25

!

interface GigabitEthernet2/0/26

!

interface GigabitEthernet2/0/27

!

interface GigabitEthernet2/0/28

!

interface TenGigabitEthernet2/0/1

!

interface TenGigabitEthernet2/0/2

!

interface GigabitEthernet3/0/1

switchport access vlan 172

switchport mode access

!

interface GigabitEthernet3/0/2

!

interface GigabitEthernet3/0/3

!

interface GigabitEthernet3/0/4

!

interface GigabitEthernet3/0/5

!

interface GigabitEthernet3/0/6

!

interface GigabitEthernet3/0/7

!

interface GigabitEthernet3/0/8

!

interface GigabitEthernet3/0/9

!

interface GigabitEthernet3/0/10

!

interface GigabitEthernet3/0/11

switchport access vlan 172

switchport mode access

!

interface GigabitEthernet3/0/12

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet3/0/13

!

interface GigabitEthernet3/0/14

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet3/0/15

!

interface GigabitEthernet3/0/16

switchport access vlan 172

!

interface GigabitEthernet3/0/17

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet3/0/18

!

interface GigabitEthernet3/0/19

switchport mode access

!

interface GigabitEthernet3/0/20

!

interface GigabitEthernet3/0/21

!

interface GigabitEthernet3/0/22

!

interface GigabitEthernet3/0/23

!

interface GigabitEthernet3/0/24

!

interface GigabitEthernet3/0/25

!

interface GigabitEthernet3/0/26

!

interface GigabitEthernet3/0/27

!

interface GigabitEthernet3/0/28

!

interface GigabitEthernet3/0/29

!

interface GigabitEthernet3/0/30

!

interface GigabitEthernet3/0/31

!

interface GigabitEthernet3/0/32

!

interface GigabitEthernet3/0/33

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface GigabitEthernet3/0/34

!

interface GigabitEthernet3/0/35

!

interface GigabitEthernet3/0/36

!

interface GigabitEthernet3/0/37

!

interface GigabitEthernet3/0/38

!

interface GigabitEthernet3/0/39

!

interface GigabitEthernet3/0/40

!

interface GigabitEthernet3/0/41

!

interface GigabitEthernet3/0/42

!

interface GigabitEthernet3/0/43

!

interface GigabitEthernet3/0/44

!

interface GigabitEthernet3/0/45

!

interface GigabitEthernet3/0/46

!

interface GigabitEthernet3/0/47

!

interface GigabitEthernet3/0/48

!

interface GigabitEthernet3/0/49

!

interface GigabitEthernet3/0/50

!

interface GigabitEthernet3/0/51

!

interface GigabitEthernet3/0/52

!

interface TenGigabitEthernet3/0/1

!

interface TenGigabitEthernet3/0/2

!

interface Vlan1

ip address 10.22.10.8 255.255.0.0

!

ip default-gateway 10.22.10.7

!

no ip http server

no ip http secure-server

!

!

logging esm config

!

snmp-server community SNMPR1 RO

snmp-server community SNMPW1 RW

snmp-server enable traps license

!

!

line con 0

login local

line vty 0 4

password 0n10n

login local

length 0

line vty 5 15

password 0n10n

login local

!

ntp server 10.22.10.7

end

VLAN Config

Cisco3750-a#sho vlan brief

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

1    default                          active    Gi1/0/2, Gi1/0/3, Gi1/0/4

                                                Gi1/0/5, Gi1/0/6, Gi1/0/11

                                                Gi1/0/13, Gi1/0/14, Gi1/0/15

                                                Gi1/0/16, Gi1/0/17, Gi1/0/18

                                                Gi1/0/19, Gi1/0/20, Gi1/0/21

                                                Gi1/0/22, Gi1/0/24, Te1/0/1

                                                Te1/0/2, Gi2/0/1, Gi2/0/2

                                                Gi2/0/3, Gi2/0/5, Gi2/0/6

                                                Gi2/0/11, Gi2/0/12, Gi2/0/13

                                                Gi2/0/14, Gi2/0/15, Gi2/0/16

                                                Gi2/0/17, Gi2/0/18, Gi2/0/19

                                                Gi2/0/20, Gi2/0/21, Gi2/0/22

                                                Gi2/0/23, Gi2/0/24, Te2/0/1

                                                Te2/0/2, Gi3/0/2, Gi3/0/3

                                                Gi3/0/4, Gi3/0/5, Gi3/0/6

                                                Gi3/0/7, Gi3/0/8, Gi3/0/9

                                                Gi3/0/10, Gi3/0/13, Gi3/0/15

                                                Gi3/0/18, Gi3/0/19, Gi3/0/20

                                                Gi3/0/21, Gi3/0/22, Gi3/0/23

                                                Gi3/0/24, Gi3/0/25, Gi3/0/26

                                                Gi3/0/27, Gi3/0/28, Gi3/0/29

VLAN Name                             Status    Ports

---- -------------------------------- --------- -------------------------------

                                                Gi3/0/30, Gi3/0/31, Gi3/0/32

                                                Gi3/0/33, Gi3/0/34, Gi3/0/35

                                                Gi3/0/36, Gi3/0/37, Gi3/0/38

                                                Gi3/0/39, Gi3/0/40, Gi3/0/41

                                                Gi3/0/42, Gi3/0/43, Gi3/0/44

                                                Gi3/0/45, Gi3/0/46, Gi3/0/47

                                                Gi3/0/48, Te3/0/1, Te3/0/2, Po2

                                                Po3, Po4, Po5

172  DMZ                              active    Gi2/0/4, Gi3/0/1, Gi3/0/11

                                                Gi3/0/16


can you also post "sh interface trunk"?

Cisco3750-a#sho int trunk

Port        Mode             Encapsulation  Status        Native vlan

Gi1/0/1     on               802.1q         trunking      1

Gi1/0/12    on               802.1q         trunking      1

Gi1/0/23    on               802.1q         trunking      1

Gi3/0/12    on               802.1q         trunking      1

Gi3/0/14    on               802.1q         trunking      1

Gi3/0/17    on               802.1q         trunking      1

Port        Vlans allowed on trunk

Gi1/0/1     1-4094

Gi1/0/12    1-4094

Gi1/0/23    1-4094

Gi3/0/12    1-4094

Gi3/0/14    1-4094

Gi3/0/17    1-4094

Port        Vlans allowed and active in management domain

Gi1/0/1     1,172

Gi1/0/12    1,172

Gi1/0/23    1,172

Gi3/0/12    1,172

Gi3/0/14    1,172

Gi3/0/17    1,172

Port        Vlans in spanning tree forwarding state and not pruned

Gi1/0/1     1,172

Gi1/0/12    1,172

Gi1/0/23    1,172

Gi3/0/12    1,172

Gi3/0/14    1,172

Gi3/0/17    1,172

What is the VTP status?

sh vtp sta

can you change the mode to transparent and test again?

Cisco3750-a#sho vtp stat

VTP Version capable             : 1 to 3

VTP version running             : 1

VTP Domain Name                 : MSA

VTP Pruning Mode                : Disabled

VTP Traps Generation            : Disabled

Device ID                       : 0022.bda2.b700

Configuration last modified by 10.22.10.8 at 3-21-12 18:51:37

Local updater ID is 10.22.10.8 on interface Vl1 (lowest numbered VLAN interface found)

Feature VLAN:

--------------

VTP Operating Mode                : Server

Maximum VLANs supported locally   : 1005

Number of existing VLANs          : 6

Configuration Revision            : 6

MD5 digest                        : 0xD4 0x42 0x9B 0xD4 0x43 0x6C 0x45 0x8D

                                    0x30 0xBA 0xEA 0x09 0x03 0x4E 0xC4 0x5D

I dont think I can change to Transparent without blowing up.

Aaron

When you connect PCs on VLAN 172 are they getting IP addresses via DHCP or are they static addresses configured on the PC?

What is the default gateway for the PCs on VLAN 172?

HTH

Rick

HTH

Rick

Static assigned on the 172 vlan

GW

172.22.1.1(Router)

glen.grant
VIP Alumni
VIP Alumni

      Do a show cdp neighbor detail , make sure you dont have a native vlan mismatch .  Sounds like for some reason the trunk isn't working like it should .  Have you tried bouncing the port ?  Make sure routing is not turned on the 3750 , "no ip routing"  .

Cisco3750-a#sho cdp neigh detail

-------------------------

Device ID: MSA3800.msa-ps.com

Entry address(es):

  IP address: 10.22.10.7

Platform: Cisco 3825,  Capabilities: Router Switch IGMP

Interface: GigabitEthernet1/0/23,  Port ID (outgoing port): GigabitEthernet0/0.1

Holdtime : 175 sec

Version :

Cisco IOS Software, 3800 Software (C3825-ADVSECURITYK9-M), Version 12.4(3i), RELEASE SOFTWARE (fc2)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2007 by Cisco Systems, Inc.

Compiled Thu 29-Nov-07 03:50 by stshen

advertisement version: 2

VTP Management Domain: ''

Duplex: full

Management address(es):

-------------------------

Device ID: 2960g

Entry address(es):

  IP address: 10.22.10.3

Platform: cisco WS-C2960G-48TC-L,  Capabilities: Switch IGMP

Interface: GigabitEthernet1/0/1,  Port ID (outgoing port): GigabitEthernet0/48

Holdtime : 176 sec

Version :

Cisco IOS Software, C2960 Software (C2960-LANBASEK9-M), Version 12.2(50)SE5, RELEASE SOFTWARE (fc1)

Technical Support: http://www.cisco.com/techsupport

Copyright (c) 1986-2010 by Cisco Systems, Inc.

Compiled Tue 28-Sep-10 13:44 by prod_rel_team

advertisement version: 2

Protocol Hello:  OUI=0x00000C, Protocol ID=0x0112; payload len=27, value=00000000FFFFFFFF010221FF00000000000064D9895F0E80FF0000

VTP Management Domain: 'MSA'

Native VLAN: 1

Duplex: full

Management address(es):

  IP address: 10.22.10.3

Aaron

The output of show vlan shows that there are 4 ports configured to be access ports in VLAN 172.

172  DMZ                              active    Gi2/0/4, Gi3/0/1, Gi3/0/11

                                                Gi3/0/16

Is there any possibility that the PCs configured with addresses in 172.22.1 were connected to ports that are actually in vlan 1?

Is it possible that PCs set up in VLAN 172 had incorrect subnet masks configured or not the correct default gateway?

HTH

Rick

HTH

Rick

Checked and double checked. Also they are in the right VLAN for sure.

Aaron

Thanks for checking and double checking. Can test from one of the PCs in VLAN 172 attempting to ping its gateway address and then immediately do arp -a on the PC (assuming that these are Windows PCs) and post the output. Also could you post the output of ipconfig from the PC?

HTH

Rick

HTH

Rick
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco