- Posts: 1
- Thank you received: 0
Cisco 4500 - InterVLAN routing help
- Jasonhitstheswitches
- Topic Author
- Offline
- New Member
Less
More
9 years 3 months ago #38679
by Jasonhitstheswitches
Cisco 4500 - InterVLAN routing help was created by Jasonhitstheswitches
Issue: My clients won't talk across VLANS. They talk fine to one another if they are within their VLAN. My clients cannot ping any gateways except the VLAN they reside in. Meaning if they are in VLAN 1 they can ping 0.1 all day, but not any other VLAN interface gateways. They cannot ping clients in other VLANs. Which makes sense because they can't hit the gateway....
All of the switches can ping any VLAN interface gateway from CLI. All of the switches can ping any client on any VLAN from CLI.
2x 4500's in VSS setup (so one switch for our intents and purposes)
ip routing is enabled ( i don't actually see it when i do a show run, but if i do no ip routing, then do a show run I see "no ip routing". Also sh ip route works)
My VLAN interfaces have IP's set and the VLAN's themselves exist.
sh vlan(4500)
VLAN Name Status Ports
----
1 default active Te1/1/5, Te1/1/6, Te1/1/7
Te1/1/8, Te1/1/9, Te1/1/10
Te1/1/11, Te1/1/12, Te1/1/13
Te1/1/14, Te1/1/15, Te1/1/16
Te2/1/5, Te2/1/6, Te2/1/7
Te2/1/8, Te2/1/9, Te2/1/10
Te2/1/11, Te2/1/12, Te2/1/13
Te2/1/14, Te2/1/15
2 QA active
3 Manufacturing active
4 Security active
5 VLAN0005 active
12 Test active Te2/1/16
32 QAFiber active
1002 fddi-default act/unsup
sh vlan (2960x1)
VLAN Name Status Ports
----
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/8, Gi1/0/9, Gi1/0/12
Gi1/0/20, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/30
Gi1/0/31, Gi1/0/32, Gi1/0/33
Gi1/0/34, Gi1/0/35, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48
2 IntegrationQA active Gi1/0/10, Gi1/0/11, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/21, Gi1/0/22, Gi1/0/36
3 Manufacturing active Gi1/0/5
4 Security active Gi1/0/6
5 VLAN0005 active Gi1/0/4
12 Test active
32 QAFiber active Gi1/0/7
sh vlan(2960x2)
VLAN Name Status Ports
----
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi1/0/23, Gi1/0/24, Gi1/0/25
Gi1/0/26, Gi1/0/27, Gi1/0/28
Gi1/0/29, Gi1/0/30, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48
2 IntegrationQA active
3 Manufacturing active Gi1/0/5
4 Security active Gi1/0/6
5 VLAN0005 active
12 Test active Gi1/0/4
32 QAFiber active Gi1/0/7
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
sh ip route output (4500)
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.18.0.0/21 is directly connected, Vlan32
L 172.18.0.1/32 is directly connected, Vlan32
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, Vlan1
L 192.168.0.1/32 is directly connected, Vlan1
192.168.103.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.103.0/24 is directly connected, Vlan2
L 192.168.103.1/32 is directly connected, Vlan2
192.168.104.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.104.0/24 is directly connected, Vlan3
L 192.168.104.1/32 is directly connected, Vlan3
192.168.105.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.105.0/24 is directly connected, Vlan4
L 192.168.105.1/32 is directly connected, Vlan4
192.168.109.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.109.0/24 is directly connected, Vlan5
L 192.168.109.1/32 is directly connected, Vlan5
192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.122.0/24 is directly connected, Vlan12
L 192.168.122.1/32 is directly connected, Vlan12
Switches all reside on VLAN1.
0.1 = 4500
0.3 = 2960x (1)
0.4 = 2960x (2)
2 Clients.
One on VLAN 5 (109.0) port 4 of a 2960
One on VLAN 12 (122.0) port 4 of other 2960
The links between the switches are trunked.
te1/1/1 - 1/1/2 and te2/1/1 - 2/1/2 are VSS trunks.
Te1/1/3 - go to the same 2960 (x1)
Te2/1/3
Te1/1/4 - go to the same 2960 (x2)
Te2/1/4
show int trunk output: (4500)
Port Mode Encapsulation Status Native vlan
Te1/1/3 on 802.1q trunking 1
Te1/1/4 on 802.1q trunking 1
Te2/1/3 on 802.1q trunking 1
Te2/1/4 on 802.1q trunking 1
Po5 on 802.1q trunking 1
Po10 on 802.1q trunking 1
Port Vlans allowed on trunk
Te1/1/3 1-4094
Te1/1/4 1-4094
Te2/1/3 1-4094
Te2/1/4 1-4094
Po5 1-4094
Po10 1-4094
Port Vlans allowed and active in management domain
Te1/1/3 1-5,12,32
Te1/1/4 1-5,12,32
Te2/1/3 1-5,12,32
Te2/1/4 1-5,12,32
Po5 1-5,12,32
Port Vlans allowed and active in management domain
Po10 1-5,12,32
Port Vlans in spanning tree forwarding state and not pruned
Te1/1/3 1-5,12,32
Te1/1/4 1-5,12,32
Te2/1/3 1-5,12,32
Te2/1/4 1-5,12,32
Po5 none
Po10 none
Show ip int brief output: (partial) (4500)
Vlan1 192.168.0.1 YES NVRAM up up
Vlan2 192.168.103.1 YES manual up up
Vlan3 192.168.104.1 YES manual up up
Vlan4 192.168.105.1 YES manual up up
Vlan5 192.168.109.1 YES manual up up
Vlan12 192.168.122.1 YES manual up up
Vlan32 172.18.0.1 YES manual up up
sh vtp status output: (4500) (Not sure if this is related somehow, but VTP is turned off) (Yes my VLAN's exist on the 2960's. Only one VLAN interface exists on the 2960's. It's "int vlan 1" for the switches to talk to one another on.
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : Domainnamehere
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0200.0000.000a
Configuration last modified by 192.168.0.1 at 0-0-00 00:00:00
Feature VLAN:
VTP Operating Mode : Off
sh arp (4500)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.18.0.1 - 0008.e3ff.fc28 ARPA Vlan32
Internet 192.168.0.1 - 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.3 43 dceb.9473.7fc0 ARPA Vlan1
Internet 192.168.0.4 41 dceb.9473.7d40 ARPA Vlan1
Internet 192.168.103.1 - 0008.e3ff.fc28 ARPA Vlan2
Internet 192.168.104.1 - 0008.e3ff.fc28 ARPA Vlan3
Internet 192.168.105.1 - 0008.e3ff.fc28 ARPA Vlan4
Internet 192.168.109.1 - 0008.e3ff.fc28 ARPA Vlan5
Internet 192.168.109.133 33 0024.e8f6.d288 ARPA Vlan5 (client)
Internet 192.168.122.1 - 0008.e3ff.fc28 ARPA Vlan12
Internet 192.168.122.69 8 0024.e8f1.2b7c ARPA Vlan12 (client)
sh arp (2960x1)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 42 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.3 - dceb.9473.7fc0 ARPA Vlan1
Internet 192.168.0.69 156 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1)
sh arp (2960x2)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 43 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.4 - dceb.9473.7d40 ARPA Vlan1
Internet 192.168.0.69 158 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1)
Some troubleshooting I've done:
So I can add a route to my windows client and it will talk to other VLANS.
Example the windows client ipconfig (my other client resides on 122.0)
192.168.109.133
255.255.255.0
192.168.109.1
if I add this route to the windows client.
route add 192.168.122.0 mask 255.255.255.0 192.168.109.1
it can talk to everything on the 122.0 network (aka vlan5) which is where my other client is sitting. If this isn't there it doesn't work.
All of the switches can ping any VLAN interface gateway from CLI. All of the switches can ping any client on any VLAN from CLI.
2x 4500's in VSS setup (so one switch for our intents and purposes)
ip routing is enabled ( i don't actually see it when i do a show run, but if i do no ip routing, then do a show run I see "no ip routing". Also sh ip route works)
My VLAN interfaces have IP's set and the VLAN's themselves exist.
sh vlan(4500)
VLAN Name Status Ports
----
1 default active Te1/1/5, Te1/1/6, Te1/1/7
Te1/1/8, Te1/1/9, Te1/1/10
Te1/1/11, Te1/1/12, Te1/1/13
Te1/1/14, Te1/1/15, Te1/1/16
Te2/1/5, Te2/1/6, Te2/1/7
Te2/1/8, Te2/1/9, Te2/1/10
Te2/1/11, Te2/1/12, Te2/1/13
Te2/1/14, Te2/1/15
2 QA active
3 Manufacturing active
4 Security active
5 VLAN0005 active
12 Test active Te2/1/16
32 QAFiber active
1002 fddi-default act/unsup
sh vlan (2960x1)
VLAN Name Status Ports
----
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/8, Gi1/0/9, Gi1/0/12
Gi1/0/20, Gi1/0/23, Gi1/0/24
Gi1/0/25, Gi1/0/26, Gi1/0/27
Gi1/0/28, Gi1/0/29, Gi1/0/30
Gi1/0/31, Gi1/0/32, Gi1/0/33
Gi1/0/34, Gi1/0/35, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48
2 IntegrationQA active Gi1/0/10, Gi1/0/11, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/21, Gi1/0/22, Gi1/0/36
3 Manufacturing active Gi1/0/5
4 Security active Gi1/0/6
5 VLAN0005 active Gi1/0/4
12 Test active
32 QAFiber active Gi1/0/7
sh vlan(2960x2)
VLAN Name Status Ports
----
1 default active Gi1/0/1, Gi1/0/2, Gi1/0/3
Gi1/0/8, Gi1/0/9, Gi1/0/10
Gi1/0/11, Gi1/0/12, Gi1/0/13
Gi1/0/14, Gi1/0/15, Gi1/0/16
Gi1/0/17, Gi1/0/18, Gi1/0/19
Gi1/0/20, Gi1/0/21, Gi1/0/22
Gi1/0/23, Gi1/0/24, Gi1/0/25
Gi1/0/26, Gi1/0/27, Gi1/0/28
Gi1/0/29, Gi1/0/30, Gi1/0/31
Gi1/0/32, Gi1/0/33, Gi1/0/34
Gi1/0/35, Gi1/0/36, Gi1/0/37
Gi1/0/38, Gi1/0/39, Gi1/0/40
Gi1/0/41, Gi1/0/42, Gi1/0/43
Gi1/0/44, Gi1/0/45, Gi1/0/46
Gi1/0/47, Gi1/0/48
2 IntegrationQA active
3 Manufacturing active Gi1/0/5
4 Security active Gi1/0/6
5 VLAN0005 active
12 Test active Gi1/0/4
32 QAFiber active Gi1/0/7
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
sh ip route output (4500)
Gateway of last resort is not set
172.18.0.0/16 is variably subnetted, 2 subnets, 2 masks
C 172.18.0.0/21 is directly connected, Vlan32
L 172.18.0.1/32 is directly connected, Vlan32
192.168.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.0.0/24 is directly connected, Vlan1
L 192.168.0.1/32 is directly connected, Vlan1
192.168.103.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.103.0/24 is directly connected, Vlan2
L 192.168.103.1/32 is directly connected, Vlan2
192.168.104.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.104.0/24 is directly connected, Vlan3
L 192.168.104.1/32 is directly connected, Vlan3
192.168.105.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.105.0/24 is directly connected, Vlan4
L 192.168.105.1/32 is directly connected, Vlan4
192.168.109.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.109.0/24 is directly connected, Vlan5
L 192.168.109.1/32 is directly connected, Vlan5
192.168.122.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.122.0/24 is directly connected, Vlan12
L 192.168.122.1/32 is directly connected, Vlan12
Switches all reside on VLAN1.
0.1 = 4500
0.3 = 2960x (1)
0.4 = 2960x (2)
2 Clients.
One on VLAN 5 (109.0) port 4 of a 2960
One on VLAN 12 (122.0) port 4 of other 2960
The links between the switches are trunked.
te1/1/1 - 1/1/2 and te2/1/1 - 2/1/2 are VSS trunks.
Te1/1/3 - go to the same 2960 (x1)
Te2/1/3
Te1/1/4 - go to the same 2960 (x2)
Te2/1/4
show int trunk output: (4500)
Port Mode Encapsulation Status Native vlan
Te1/1/3 on 802.1q trunking 1
Te1/1/4 on 802.1q trunking 1
Te2/1/3 on 802.1q trunking 1
Te2/1/4 on 802.1q trunking 1
Po5 on 802.1q trunking 1
Po10 on 802.1q trunking 1
Port Vlans allowed on trunk
Te1/1/3 1-4094
Te1/1/4 1-4094
Te2/1/3 1-4094
Te2/1/4 1-4094
Po5 1-4094
Po10 1-4094
Port Vlans allowed and active in management domain
Te1/1/3 1-5,12,32
Te1/1/4 1-5,12,32
Te2/1/3 1-5,12,32
Te2/1/4 1-5,12,32
Po5 1-5,12,32
Port Vlans allowed and active in management domain
Po10 1-5,12,32
Port Vlans in spanning tree forwarding state and not pruned
Te1/1/3 1-5,12,32
Te1/1/4 1-5,12,32
Te2/1/3 1-5,12,32
Te2/1/4 1-5,12,32
Po5 none
Po10 none
Show ip int brief output: (partial) (4500)
Vlan1 192.168.0.1 YES NVRAM up up
Vlan2 192.168.103.1 YES manual up up
Vlan3 192.168.104.1 YES manual up up
Vlan4 192.168.105.1 YES manual up up
Vlan5 192.168.109.1 YES manual up up
Vlan12 192.168.122.1 YES manual up up
Vlan32 172.18.0.1 YES manual up up
sh vtp status output: (4500) (Not sure if this is related somehow, but VTP is turned off) (Yes my VLAN's exist on the 2960's. Only one VLAN interface exists on the 2960's. It's "int vlan 1" for the switches to talk to one another on.
VTP Version capable : 1 to 3
VTP version running : 1
VTP Domain Name : Domainnamehere
VTP Pruning Mode : Disabled
VTP Traps Generation : Disabled
Device ID : 0200.0000.000a
Configuration last modified by 192.168.0.1 at 0-0-00 00:00:00
Feature VLAN:
VTP Operating Mode : Off
sh arp (4500)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 172.18.0.1 - 0008.e3ff.fc28 ARPA Vlan32
Internet 192.168.0.1 - 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.3 43 dceb.9473.7fc0 ARPA Vlan1
Internet 192.168.0.4 41 dceb.9473.7d40 ARPA Vlan1
Internet 192.168.103.1 - 0008.e3ff.fc28 ARPA Vlan2
Internet 192.168.104.1 - 0008.e3ff.fc28 ARPA Vlan3
Internet 192.168.105.1 - 0008.e3ff.fc28 ARPA Vlan4
Internet 192.168.109.1 - 0008.e3ff.fc28 ARPA Vlan5
Internet 192.168.109.133 33 0024.e8f6.d288 ARPA Vlan5 (client)
Internet 192.168.122.1 - 0008.e3ff.fc28 ARPA Vlan12
Internet 192.168.122.69 8 0024.e8f1.2b7c ARPA Vlan12 (client)
sh arp (2960x1)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 42 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.3 - dceb.9473.7fc0 ARPA Vlan1
Internet 192.168.0.69 156 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1)
sh arp (2960x2)
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.0.1 43 0008.e3ff.fc28 ARPA Vlan1
Internet 192.168.0.4 - dceb.9473.7d40 ARPA Vlan1
Internet 192.168.0.69 158 0024.e8f1.2b7c ARPA Vlan1 (Old client address on VLAN 1)
Some troubleshooting I've done:
So I can add a route to my windows client and it will talk to other VLANS.
Example the windows client ipconfig (my other client resides on 122.0)
192.168.109.133
255.255.255.0
192.168.109.1
if I add this route to the windows client.
route add 192.168.122.0 mask 255.255.255.0 192.168.109.1
it can talk to everything on the 122.0 network (aka vlan5) which is where my other client is sitting. If this isn't there it doesn't work.
Time to create page: 0.108 seconds