|
Welcome,
Guest
|
TOPIC: Cisco 4500 - InterVLAN routing help
Cisco 4500 - InterVLAN routing help 3 years 2 weeks ago #38679
|
Issue: My clients won't talk across VLANS. They talk fine to one another if they are within their VLAN. My clients cannot ping any gateways except the VLAN they reside in. Meaning if they are in VLAN 1 they can ping 0.1 all day, but not any other VLAN interface gateways. They cannot ping clients in other VLANs. Which makes sense because they can't hit the gateway....
All of the switches can ping any VLAN interface gateway from CLI. All of the switches can ping any client on any VLAN from CLI. 2x 4500's in VSS setup (so one switch for our intents and purposes) ip routing is enabled ( i don't actually see it when i do a show run, but if i do no ip routing, then do a show run I see "no ip routing". Also sh ip route works) My VLAN interfaces have IP's set and the VLAN's themselves exist. sh vlan(4500) VLAN Name Status Ports ---- 1 default active Te1/1/5, Te1/1/6, Te1/1/7 Te1/1/8, Te1/1/9, Te1/1/10 Te1/1/11, Te1/1/12, Te1/1/13 Te1/1/14, Te1/1/15, Te1/1/16 Te2/1/5, Te2/1/6, Te2/1/7 Te2/1/8, Te2/1/9, Te2/1/10 Te2/1/11, Te2/1/12, Te2/1/13 Te2/1/14, Te2/1/15 2 QA active 3 Manufacturing active 4 Security active 5 VLAN0005 active 12 Test active Te2/1/16 32 QAFiber active 1002 fddi-default act/unsup sh vlan (2960x1) VLAN Name Status Ports ---- 1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3 Gi1/0/8, Gi1/0/9, Gi1/0/12 Gi1/0/20, Gi1/0/23, Gi1/0/24 Gi1/0/25, Gi1/0/26, Gi1/0/27 Gi1/0/28, Gi1/0/29, Gi1/0/30 Gi1/0/31, Gi1/0/32, Gi1/0/33 Gi1/0/34, Gi1/0/35, Gi1/0/37 Gi1/0/38, Gi1/0/39, Gi1/0/40 Gi1/0/41, Gi1/0/42, Gi1/0/43 Gi1/0/44, Gi1/0/45, Gi1/0/46 Gi1/0/47, Gi1/0/48 2 IntegrationQA active Gi1/0/10, Gi1/0/11, Gi1/0/13 Gi1/0/14, Gi1/0/15, Gi1/0/16 Gi1/0/17, Gi1/0/18, Gi1/0/19 Gi1/0/21, Gi1/0/22, Gi1/0/36 3 Manufacturing active Gi1/0/5 4 Security active Gi1/0/6 5 VLAN0005 active Gi1/0/4 12 Test active 32 QAFiber active Gi1/0/7 sh vlan(2960x2) VLAN Name Status Ports ---- 1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3 Gi1/0/8, Gi1/0/9, Gi1/0/10 Gi1/0/11, Gi1/0/12, Gi1/0/13 Gi1/0/14, Gi1/0/15, Gi1/0/16 Gi1/0/17, Gi1/0/18, Gi1/0/19 Gi1/0/20, Gi1/0/21, Gi1/0/22 Gi1/0/23, Gi1/0/24, Gi1/0/25 Gi1/0/26, Gi1/0/27, Gi1/0/28 Gi1/0/29, Gi1/0/30, Gi1/0/31 Gi1/0/32, Gi1/0/33, Gi1/0/34 Gi1/0/35, Gi1/0/36, Gi1/0/37 Gi1/0/38, Gi1/0/39, Gi1/0/40 Gi1/0/41, Gi1/0/42, Gi1/0/43 Gi1/0/44, Gi1/0/45, Gi1/0/46 Gi1/0/47, Gi1/0/48 2 IntegrationQA active 3 Manufacturing active Gi1/0/5 4 Security active Gi1/0/6 5 VLAN0005 active 12 Test active Gi1/0/4 32 QAFiber active Gi1/0/7 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup sh ip route output (4500) Gateway of last resort is not set 172.18.0.0/16 is variably subnetted, 2 subnets, 2 masks C 172.18.0.0/21 is directly connected, Vlan32 L 172.18.0.1/32 is directly connected, Vlan32 192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.0.0/24 is directly connected, Vlan1 L 192.168.0.1/32 is directly connected, Vlan1 192.168.103.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.103.0/24 is directly connected, Vlan2 L 192.168.103.1/32 is directly connected, Vlan2 192.168.104.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.104.0/24 is directly connected, Vlan3 L 192.168.104.1/32 is directly connected, Vlan3 192.168.105.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.105.0/24 is directly connected, Vlan4 L 192.168.105.1/32 is directly connected, Vlan4 192.168.109.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.109.0/24 is directly connected, Vlan5 L 192.168.109.1/32 is directly connected, Vlan5 192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks C 192.168.122.0/24 is directly connected, Vlan12 L 192.168.122.1/32 is directly connected, Vlan12 Switches all reside on VLAN1. 0.1 = 4500 0.3 = 2960x (1) 0.4 = 2960x (2) 2 Clients. One on VLAN 5 (109.0) port 4 of a 2960 One on VLAN 12 (122.0) port 4 of other 2960 The links between the switches are trunked. te1/1/1 - 1/1/2 and te2/1/1 - 2/1/2 are VSS trunks. Te1/1/3 - go to the same 2960 (x1) Te2/1/3 Te1/1/4 - go to the same 2960 (x2) Te2/1/4 show int trunk output: (4500) Port Mode Encapsulation Status Native vlan Te1/1/3 on 802.1q trunking 1 Te1/1/4 on 802.1q trunking 1 Te2/1/3 on 802.1q trunking 1 Te2/1/4 on 802.1q trunking 1 Po5 on 802.1q trunking 1 Po10 on 802.1q trunking 1 Port Vlans allowed on trunk Te1/1/3 1-4094 Te1/1/4 1-4094 Te2/1/3 1-4094 Te2/1/4 1-4094 Po5 1-4094 Po10 1-4094 Port Vlans allowed and active in management domain Te1/1/3 1-5,12,32 Te1/1/4 1-5,12,32 Te2/1/3 1-5,12,32 Te2/1/4 1-5,12,32 Po5 1-5,12,32 Port Vlans allowed and active in management domain Po10 1-5,12,32 Port Vlans in spanning tree forwarding state and not pruned Te1/1/3 1-5,12,32 Te1/1/4 1-5,12,32 Te2/1/3 1-5,12,32 Te2/1/4 1-5,12,32 Po5 none Po10 none Show ip int brief output: (partial) (4500) Vlan1 192.168.0.1 YES NVRAM up up Vlan2 192.168.103.1 YES manual up up Vlan3 192.168.104.1 YES manual up up Vlan4 192.168.105.1 YES manual up up Vlan5 192.168.109.1 YES manual up up Vlan12 192.168.122.1 YES manual up up Vlan32 172.18.0.1 YES manual up up sh vtp status output: (4500) (Not sure if this is related somehow, but VTP is turned off) (Yes my VLAN's exist on the 2960's. Only one VLAN interface exists on the 2960's. It's "int vlan 1" for the switches to talk to one another on. VTP Version capable : 1 to 3 VTP version running : 1 VTP Domain Name : Domainnamehere VTP Pruning Mode : Disabled VTP Traps Generation : Disabled Device ID : 0200.0000.000a Configuration last modified by 192.168.0.1 at 0-0-00 00:00:00 Feature VLAN: VTP Operating Mode : Off sh arp (4500) Protocol Address Age (min) Hardware Addr Type Interface Internet 172.18.0.1 - 0008.e3ff.fc28 ARPA Vlan32 Internet 192.168.0.1 - 0008.e3ff.fc28 ARPA Vlan1 Internet 192.168.0.3 43 dceb.9473.7fc0 ARPA Vlan1 Internet 192.168.0.4 41 dceb.9473.7d40 ARPA Vlan1 Internet 192.168.103.1 - 0008.e3ff.fc28 ARPA Vlan2 Internet 192.168.104.1 - 0008.e3ff.fc28 ARPA Vlan3 Internet 192.168.105.1 - 0008.e3ff.fc28 ARPA Vlan4 Internet 192.168.109.1 - 0008.e3ff.fc28 ARPA Vlan5 Internet 192.168.109.133 33 0024.e8f6.d288 ARPA Vlan5 (client) Internet 192.168.122.1 - 0008.e3ff.fc28 ARPA Vlan12 Internet 192.168.122.69 8 0024.e8f1.2b7c ARPA Vlan12 (client) sh arp (2960x1) Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.0.1 42 0008.e3ff.fc28 ARPA Vlan1 Internet 192.168.0.3 - dceb.9473.7fc0 ARPA Vlan1 Internet 192.168.0.69 156 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1) sh arp (2960x2) Protocol Address Age (min) Hardware Addr Type Interface Internet 192.168.0.1 43 0008.e3ff.fc28 ARPA Vlan1 Internet 192.168.0.4 - dceb.9473.7d40 ARPA Vlan1 Internet 192.168.0.69 158 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1) Some troubleshooting I've done: So I can add a route to my windows client and it will talk to other VLANS. Example the windows client ipconfig (my other client resides on 122.0) 192.168.109.133 255.255.255.0 192.168.109.1 if I add this route to the windows client. route add 192.168.122.0 mask 255.255.255.0 192.168.109.1 it can talk to everything on the 122.0 network (aka vlan5) which is where my other client is sitting. If this isn't there it doesn't work. |
Time to create page: 0.174 seconds