Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Simple VLAN Problem?

I'm pretty sure this is a simple problem whose resolution I am overlooking. I just added a new VLAN to a 6513. VLAN 241 shows as active and looks no different from any other VLAN when I execute show vlan on the switch. The correct ports are shown in the VLAN and when I use show port 6/1, the port shows as connected. The VLAN is 241 and the interface for the VLAN is 10.241.234.1. I can ping the interface from within any router on the network just fine but I can't ping the station's IP address on the other side of port 6/1. The VLAN show's up correctly in show ip route. VLAN 241 does show up as allowed on the trunk line. I've compared the VLAN to a working one in the running-config for the switch and the router and nothing appears different. There ar eno access lists being used. Any ideas what I am overlooking here?

25 REPLIES
Green

Re: Simple VLAN Problem?

Did you change the default route / default gateway on the clients (either static or via DHCP)?

Can the clients ping out and / or ping (what should be) their default gateway?

Just checking ....

Scott

Community Member

Re: Simple VLAN Problem?

The IP address on the station plugged into 6/1 is a static IP and the gateway for it is 10.241.234.1. The station can ping the gateway but cannot ping the router s on the network.

BTW, thanks for the fast reply :)

Community Member

Re: Simple VLAN Problem?

Something else I should add which makes me believe its not a client config problem, a station which is on the same subnet as the switch 10.30.10.0 /16 cannot ping VLAN 241's interface but I can ping any of the other VLANs' interfaces on the same switch.

Re: Simple VLAN Problem?

Is this 6500 native or hybrid? can you post show run int vlan 241, show int vlan 241? show ip route 10.241.234.x? show vlan, show int 6/1 switch, if native, if CatOS show port 6/1.

Community Member

Re: Simple VLAN Problem?

The device on the other side of 6/1 is a workstation. VLAN 241 does show on the trunk from within any switch on my network.

Re: Simple VLAN Problem?

that's fine. actually, if the device you cannot ping is directly connected on 6/1 of this switch, there is really no need to check the trunk as the ICMP from the MSFC of this switch is sent directly to 6/1 of this switch. If the interface vlan 241 is created on switch A and the device you cannot ping is on 6/1 of switch A, no need to chekc other switches or the trunk to other switches as the device is directly connected, just wnat to make that clear. Other devices in other vlan not able to ping is related and trunks needs to be checked for that but focusing on this directly connected devices will most likely correct those issues, too. If you are sure all the configs are ok, I suggest bouncing the interface vlan 241 if you have not already done so.

Community Member

Re: Simple VLAN Problem?

I'm pretty sure its hybrid.

show run int vlan 241:

!

interface Vlan241

ip address 10.241.234.1 255.255.0.0

end

show int vlan 241:

Vlan241 is up, line protocol is up

Hardware is Cat6k RP Virtual Ethernet, address is 000c.cf9f.203c (bia 000c.cf9f.203c)

Internet address is 10.241.234.1/16

MTU 1500 bytes, BW 1000000 Kbit, DLY 10 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

ARP type: ARPA, ARP Timeout 04:00:00

Last input 00:00:00, output never, output hang never

Last clearing of "show interface" counters never

Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0

Queueing strategy: fifo

Output queue :0/40 (size/max)

5 minute input rate 0 bits/sec, 0 packets/sec

5 minute output rate 0 bits/sec, 0 packets/sec

6791 packets input, 402623 bytes, 0 no buffer

Received 6761 broadcasts, 0 runts, 0 giants, 0 throttles

0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored

2701 packets output, 202689 bytes, 0 underruns

0 output errors, 2 interface resets

0 output buffer failures, 0 output buffers swapped out

Community Member

Re: Simple VLAN Problem?

show ip route 10.241.234.1:

Routing entry for 10.241.0.0/16

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via eigrp 100

Routing Descriptor Blocks:

* directly connected, via Vlan241

Route metric is 0, traffic share count is 1

show vlan:

204 LAB204 active 309 3/30-35

241 LAB241 active 449 6/1-25,6/27-28,6/32

show port 6/1:

* = Configured MAC Address

Port Name Status Vlan Duplex Speed Type

----- -------------------- ---------- ---------- ------ ----- ------------

6/1 connected 241 full 100 10/100BaseTX

Port AuxiliaryVlan AuxVlan-Status InlinePowered PowerAllocated

Admin Oper Detected mWatt mA @42V

----- ------------- -------------- ----- ------ -------- ----- --------

6/1 none none auto off no 0 0

Port Security Violation Shutdown-Time Age-Time Max-Addr Trap IfIndex

----- -------- --------- ------------- -------- -------- -------- -------

6/1 disabled shutdown 0 0 1 disabled 27

Port Num-Addr Secure-Src-Addr Age-Left Last-Src-Addr Shutdown/Time-Left

----- -------- ----------------- -------- ----------------- ------------------

6/1 0 - - - - -

Port Flooding on Address Limit

----- -------------------------

6/1 Enabled

Port Broadcast-Limit Multicast Unicast Total-Drop Action

-------- --------------- --------- ------- -------------------- ------------

6/1 - - - 0 drop-packets

Port Send FlowControl Receive FlowControl RxPause TxPause

admin oper admin oper

----- -------- -------- --------- --------- ---------- ----------

6/1 off off off off 0 0

Port Status Channel Admin Ch

Mode Group Id

----- ---------- -------------------- ----- -----

6/1 connected auto silent 296 0

Port Status ErrDisable Reason Port ErrDisableTimeout Action on Timeout

---- ---------- ------------------- ---------------------- -----------------

6/1 connected - Enable No Change

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize

----- ---------- ---------- ---------- ---------- ---------

6/1 3203 649 0 0 363

Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants

----- ---------- ---------- ---------- ---------- --------- --------- ---------

6/1 0 0 0 0 0 389437 1

Port Last-Time-Cleared

----- --------------------------

6/1 Mon Apr 24 2006, 00:59:18

Idle Detection

--------------

--

Re: Simple VLAN Problem?

This port have a lot of errors:

Port Align-Err FCS-Err Xmit-Err Rcv-Err UnderSize

----- ---------- ---------- ---------- ---------- ---------

6/1 3203 649 0 0 363

Port Single-Col Multi-Coll Late-Coll Excess-Col Carri-Sen Runts Giants

----- ---------- ---------- ---------- ---------- --------- --------- ---------

6/1 0 0 0 0 0 389437 1

This might explain why you cannot ping the device connected on this port.

Community Member

Re: Simple VLAN Problem?

Well I brought up ports 6/2 and 6/3 as 10.241.234.102 and 10.241.234.103 respectively and I of course can't ping those either and they have no errors. I used to use port 6/1 as my laptop connection on VLAN1 prior to converting it over for use on VLAN 241 so I don't think there is necessarily anything wrong with the ports. My guess would be that the errors are generated as a symptom of the problem not necessarily a cause of.

Community Member

Re: Simple VLAN Problem?

Oh, and I take back what I said above about the stations unable to ping out. From the stations behind ports 6/1-6/3, I can ping the 10.241.234.1 interface as well as the IP address of any router on my network. The IP address of the router in the 6513 is 10.30.10.201. The default route for that router is S* 0.0.0.0/0 [1/0] via 10.30.100.20. Even though I can ping the router from the stations, I cannot ping the address specified in the default route. For some reason it appears that the routers are not forwarding traffic to and from this VLAN.

Re: Simple VLAN Problem?

Oh, and I take back what I said above about the stations unable to ping out. From the stations behind ports 6/1-6/3, I can ping the 10.241.234.1 interface as well as the IP address of any router on my network.

>> Ok, so now you can at least ping ip address 10.241.234.1 which is the ip address of the vlan 241 in this switch.

The IP address of the router in the 6513 is 10.30.10.201.

>> You can ping other interface vlan on this same switch including ip address 10.30.10.201.

The default route for that router is S* 0.0.0.0/0 [1/0] via 10.30.100.20. Even though I can ping the router from the stations, I cannot ping the address specified in the default route. For some reason it appears that the routers are not forwarding traffic to and from this VLAN.

>> The 10.30.100.20 is another L3 device, make sure that it has route back to 10.241.0.0/16.

Community Member

Re: Simple VLAN Problem?

Yep, I can ping the interface IP of VLAN 241 (10.241.234.1) and the interface IP of VLAN 1 (10.30.10.201. But I can also ping the interface IP of every other router in my network, not just interfaces on the same switch.

Hall of Fame Super Gold

Re: Simple VLAN Problem?

Is the subnet of VLAN 241 being advertised to the other routers and devices in the network? I wonder if the problem is getting traffic out to remote destinations or is in getting responses back. One way to check this would be to enable debug ip icmp on some remote router and attempt to ping that router from the workstation in VLAN 241. If the debug output show the ping getting there, but the ping is not successful then we can concentrate on problems with return traffic.

HTH

Rick

Community Member

Re: Simple VLAN Problem?

I was initially thinking that too but I can ping any router on my network. It's only other hosts that I can't reach from the 10.241.0.0 network and none of the hosts outside that subnet can ping in.

Purple

Re: Simple VLAN Problem?

Any chance of overlapping address ranges with this 241 vlan or have the incorrect netmask on the router or client pcs. Just throwing stuff out there , it appears to be a fairly simple setup and should work . May have to post the msf and mls configs...

Community Member

Re: Simple VLAN Problem?

Attached are the running-configs from both the switch and the router. Would be interested if anyone that cares to look can point out anything wrong. Thanks.

Community Member

Re: Simple VLAN Problem?

I just noticed that the config for the switch currently only has ports 2-3 in VLAN 241. I changed this as a test. It was originally 1-24.

Re: Simple VLAN Problem?

It would make this a lot easier if you can please post the following:

capture the output of extended ping from 6513 to 10.30.100.20 sourcing from 10.241.234.1.

topology

show run from the 6513 with the new vlan 241.

show ip route 10.241.0.0 from the router with an ip address of 10.30.100.20

Community Member

Re: Simple VLAN Problem?

capture the output of extended ping from 6513 to 10.30.100.20 sourcing from 10.241.234.1.

topology

>>I am no longer on site but I can get this tomorrow.

show run from the 6513 with the new vlan 241.

>>This is posted in my last message

show ip route 10.241.0.0 from the router with an ip address of 10.30.100.20

>>10.30.100.20 is not a router, it is a server running Checkpoint firewall. I hesitate to mention this because someone will undoubtedly point the finger at that. I have already verified the configuration in Checkpoint. A new network was added for 10.241.0.0 /16 and added to the same rule that allows traffic through for all the other VLANs on the same switch that are not having this problem. I even temporarily set up a 10.241.0.0 /16 -> any rule to make sure that the firewall was not blocking any traffic from that subnet.

Community Member

Re: Simple VLAN Problem?

Are you learning the route to 10.30.100.20 from somewhere? Unless that's true, i don't see a route to from this router to your default gateway?

can you show the output of "show ip route 10.30.100.20"?

---

interface Vlan1

ip address 10.30.10.201 255.255.0.0

!

interface Vlan9

ip address 10.9.234.1 255.255.0.0

shutdown

!

interface Vlan10

ip address 10.10.234.1 255.255.0.0

!

interface Vlan204

ip address 10.204.234.1 255.255.0.0

!

interface Vlan211

ip address 10.211.234.1 255.255.0.0

shutdown

!

interface Vlan224

ip address 10.224.234.1 255.255.0.0

!

interface Vlan241

ip address 10.241.234.1 255.255.0.0

!

router eigrp 100

network 10.9.0.0 0.0.255.255

network 10.10.0.0 0.0.255.255

network 10.30.0.0 0.0.255.255

network 10.204.0.0 0.0.255.255

network 10.211.0.0 0.0.255.255

network 10.224.0.0 0.0.255.255

network 10.241.0.0 0.0.255.255

network 10.0.0.0

no auto-summary

no eigrp log-neighbor-changes

!

ip classless

ip route 0.0.0.0 0.0.0.0 10.30.100.20

Community Member

Re: Simple VLAN Problem?

10.30.100.20 is the default route.

show ip route 10.30.100.20:

Routing entry for 10.30.0.0/16

Known via "connected", distance 0, metric 0 (connected, via interface)

Redistributing via eigrp 100

Routing Descriptor Blocks:

* directly connected, via Vlan1

Route metric is 0, traffic share count is 1

Community Member

Re: Simple VLAN Problem?

sorry..i mis-read the config...da~

anyway.. couple questions:

Can the Checkpoint firewall ( 10.30.100.20 ) ping the workstations behind the other VLANs? (e.g. Vlan10, etc)

Can you check the route table of Checkpoint and make sure that it's forwarding the packet destined to 10.241/16 to 10.30.10.201?

Eric

Community Member

Re: Simple VLAN Problem?

I didn't look at the configs but I had a quick thought. You don't have any left over acls from when you used this for your laptop still running on the port by any chance? That might explain the blocked traffic.

Community Member

Re: Simple VLAN Problem?

I didn't look at the configs but I had a quick thought. You don't have any left over acls from when you used this for your laptop still running on the port by any chance? That might explain the blocked traffic.

>>I wasn't running any access-lists previously. There aren't any access-lists configured any where actually.

190
Views
0
Helpful
25
Replies
CreatePlease to create content