unable to ping the SVI VLAN

i am stuck in a issue! unable to ping the SVI
i am design a small network for a office.
1 router 2811
1 switch 3750-e

Router is connected to the mpls cloud with ospf.

here re the config.

Router#
int fa0/0
ip 10.10.10.1 255.255.255.252
des connected to switch
no shut
!
int fa0/1
ip 20.20.20.1 255.255.255.252
des connected to MPLS cloud
no shut
!

SWITCH#config t
Vlan 201
exit
int vln 201
ip address 22.0.68.251 255.255.255.0
des USER VLAN
no shut
int fa1/0/48
no switchport
ip address 10.10.10.2 255.255.255.252
no shut
!
ip routing
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
!
int fa1/0/1
switchport
switchport mode access
switchport access vlan 201
no shut
+++++++++++++++++++++++++++++++
SVI VLAN201 is UP
i connect my laptop and give ip 22.0.68.1 255.255.255.0 and default gateway 22.0.68.251
but can not ping SVI VLAN 201 (22.0.68.251) ?

and from the SWITCH i can not ping the 20.20.20.2?

please help.

Find more posts tagged with

SAVE $250 on Your CISCO Boot Camp — Use Code "EXAM26"

Exclusively for TechExams members for Infosec Boot Camps starting before April 30, 2026

View CISCO Boot Camps

Comments

SubnetZero

When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.

I assume 20.20.20.2 is your CE router on the other end of the MPLS cloud?

Where is the config for 20.20.20.2? Does this router have a route back to the to the 22.0.68.0/24 network?

Also why are you using a non-RFC 1918 range for your internal network?

Please do a show ip route from 20.20.20.1 and 20.20.20.2

Thanks

Turgon

You could have any number of issues here. Start basic and small and work from there. What port is your laptop plugged into and is it up? Is your windows firewall turned off?

os73355

thanks for your input, please find my answer....

When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.

yes I connect my laptop on fa1/0/1.

VLAN 201 become up as soon I connect the laptop.

but can not ping the Default gateway.

Q- I assume 20.20.20.2 is your CE router on the other end of the MPLS cloud?
yes 20.20.20.2 is CE and other end is MPLS cloud (PE)

Q- Where is the config for 20.20.20.2? Does this router have a route back to the to the 22.0.68.0/24 network?

I did not do this , please guide on it.

Q- Also why are you using a non-RFC 1918 range for your internal network?

this is my internal approved segment.

Please do a show ip route from 20.20.20.1 and 20.20.20.2

Show IP route from CE or Switch?

Thanks

os73355

thank you for your input, please find my answer. i am still not undestrain why i can not ping SVI although its very simple. did i need to creat l2 vlan through vlan databse command?

When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.

yes I connect my laptop on fa1/0/1.

VLAN 201 become up as soon I connect the laptop.

I did not do this , please guide on it.

Q- Also why are you using a non-RFC 1918 range for your internal network?

this is my internal approved segment.

Please do a show ip route from 20.20.20.1 and 20.20.20.2

Show IP route from CE or Switch?

Thanks

os73355

I am using ct6 straight cable.
Connected to fa 1/0/1
Firewall is turn off.

bermovick

Designing a small network for ... a Department of Defense office?

NetRange: 22.0.0.0 - 22.255.255.255
CIDR: 22.0.0.0/8
OriginAS:
NetName: DNIC-SNET-022
NetHandle: NET-22-0-0-0-1
Parent:
NetType: Direct Allocation
RegDate: 1989-06-26
Updated: 2009-04-15
Ref: http://whois.arin.net/rest/net/NET-22-0-0-0-1

OrgName: DoD Network Information Center
OrgId: DNIC
Address: 3990 E. Broad Street
City: Columbus
StateProv: OH
PostalCode: 43218
Country: US
RegDate:
Updated: 2011-08-17
Ref: http://whois.arin.net/rest/org/DNIC

os73355

ok USER VLAN change now:
VLAN 201
int vlan 201
ip address 30.30.30.251 255.255.255.0
no shut

now still unable to ping ?

gregorio323

can you do a show ip int bri and see if both status and protocol are up. I'm willing to help you out you can send me a private msg i'll be up for a while.

os73355

interface is UP and line protocol both are up.

gregorio323

check your arp table/mac-address-table.

SubnetZero

You're probably missing something because I just used your configs in my lab and I have FULL reachability end-to-end.

First let's configure the switch

Switch Config

SW1(config)#vlan 201
SW1(config-vlan)#name TEST
SW1(config-vlan)#exit

SW1(config)#int vlan 201
SW1(config-if)#ip address 22.0.68.251 255.255.255.0
SW1(config-if)#des USER VLAN
SW1(config-if)#no shut
SW1(config-if)#exit

*Mar 5 11:59:30.077: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan201, changed state to up

SW1(config)#inter giga0/2
SW1(config-if)#no switchport
SW1(config-if)#ip address 10.10.10.2 255.255.255.252

*Mar 5 12:02:14.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
*Mar 5 12:02:15.441: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

SW1(config-if)#ip routing
SW1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1

SW1(config-if)#int gig0/1
SW1(config-if)#switchport
SW1(config-if)#switchport mode access
SW1(config-if)#switchport access vlan 201
SW1(config-if)#spann portf
%Warning: portfast should only be enabled on ports connected to a single
host. Connecting hubs, concentrators, switches, bridges, etc... to this
interface when portfast is enabled, can cause temporary bridging loops.
Use with CAUTION

%Portfast has been configured on GigabitEthernet0/1 but will only
have effect when the interface is in a non-trunking mode.

SW1(config-if)#do sh ip int br | ex un
Interface IP-Address OK? Method Status Protocol
Vlan201 22.0.68.251 YES manual up up
GigabitEthernet0/2 10.10.10.2 YES manual up up

Now let's configure the router

Router Config

Router(config)#ho R2
R2(config)#interface FastEthernet0/0
R2(config-if)# description connected to switch
R2(config-if)# ip address 10.10.10.1 255.255.255.252
R2(config-if)# no shut

R2(config-if)#interface FastEthernet0/1
R2(config-if)# description connected to MPLS cloud
R2(config-if)# ip address 20.20.20.1 255.255.255.252
R2(config-if)# no shut

R2(config)#router ospf 1
R2(config-router)# router-id 2.2.2.2
R2(config-router)# log-adjacency-changes
R2(config-router)# network 10.10.10.1 0.0.0.0 area 0
R2(config-router)# network 20.20.20.0 0.0.0.3 area 0

Now once we get OSPF up and running we are still going to have an issue, mainly that the other side won't have a clue how to get to the 22.0.68.0/24 network. In order to fix this we will create a static route pointing to the switch and then redistribute this into OSPF

R2(config)#access-list 1 permit 22.0.68.0 0.0.0.255
R2(config)#route-map REDSTAT permit 10
R2(config-route-map)#match ip address 1
R2(config-route-map)#exit

R2(config)#router ospf 1
R2(config-router)#redist static route-map REDSTAT subnets
R2(config-router)#exit

Now I don't know if you're running Layer2 or Layer3 VPN's here and to be honest it really doesn't matter. What matters is that I will be able to ping across just fine with either or. For this example I will pretend that R4 is the MPLS PE router running in a VRF named DoD.

R4(config-vrf)#ip vrf DoD
R4(config-vrf)# rd 1:1
R4(config-vrf)# route-target export 1:1
R4(config-vrf)# route-target import 1:1
R4(config-vrf)#exit

R4(config)#inter e0/0
R4(config-if)#ip vrf forward DoD
R4(config-if)#ip addr 20.20.20.1 255.255.255.252
R4(config-if)#no shut
R4(config-if)#exit

R4(config)#do ping vrf DoD 20.20.20.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

As you can see my PE (R4) can already ping the CE (R2). Now let's run OSPF between the CE and the PE (I already configured this on the CE)

R4(config)#router ospf 1 vrf DoD
R4(config-router)#router-id 4.4.4.4
R4(config-router)#network 20.20.20.2 0.0.0.0 area 0
R4(config-router)#exit

*Sep 29 17:37:23.419: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0/0 from LOADING to FULL, Loading Done

R4(config)#do sh ip o n
Neighbor ID Pri State Dead Time Address Interface
2.2.2.2 1 FULL/DR 00:00:37 20.20.20.1 Ethernet0/0

And now we should see both your 10.10.10.0/30 and your 22.0.68.0/24

R4#show ip route vrf DoD ospf
Routing Table: DoD
22.0.0.0/24 is subnetted, 1 subnets
O E2 22.0.68.0 [110/20] via 20.20.20.1, 00:00:23, Ethernet0/0
10.0.0.0/30 is subnetted, 1 subnets
O 10.10.10.0 [110/11] via 20.20.20.1, 00:05:54, Ethernet0/0

Now since I don't have a PC I will use another router as a host (not routing)

Host Config (My host is a router)

interface FastEthernet0/0
ip address 22.0.68.1 255.255.255.0

Now you will see that from the host i can ping all addresses

R1(config)#do ping 10.10.10.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1(config)#
R1(config)#do ping 10.10.10.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R1(config)#
R1(config)#do ping 20.20.20.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1(config)#do ping 20.20.20.2

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

os73355

thank you SubnetZero!
now SVI is ping able from the computer.
from the computer can not ping 10.10.10.1 although can ping 10.10.10.2

secoundly on the router as sson i introduce the access-list 1 permit 22.0.68.0 0.0.0.255
i lost the AAA (taccac) access to my head office and also can not ping 22.0.68.251 from the router.

os73355

here is some progress i have made..... and still require your guide line.

SWitch-1

ip routing
!
interface Vlan201
description USER VLAN
ip address 22.0.68.251 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
interface FastEthernet1/0/47
no switchport
ip address 10.10.10.2 255.255.255.252
!
+++
from switch-1
ping 50.50.50.33 (Head office)
Sending 5, 100-byte ICMP Echos to 50.50.50.33, timeout is 2 seconds:
!!!!!
but when ping from Computer
Request time out ?
========================================
Router-1
interface FastEthernet0/1
description *** MPLS
bandwidth 2048
ip address 20.20.20.1 255.255.255.252
!
interface FastEthernet0/1
description *** Switch-1
ip address 10.10.10.1 255.255.255.252
!
outer ospf 1
log-adjacency-changes
redistribute static
passive-interface default
no passive-interface FastEthernet0/1
network 22.0.68.0 0.0.0.255 area 0
network 10.0.10.1 0.0.0.0 area 0
network 20.20.20.0 0.0.0.3 area 0
!
ip route 0.0.0.0 0.0.0.0 20.20.20.2
ip route 22.0.68.0 255.255.255.0 10.10.10.2
!
++++++++++++++++++++++++++++++++++++++++++++++
Headend (head office)
bgp 100
network 22.0.68.0 mask 255.255.255.0
++++++++++++++++++++++++++++++++++++++++++++++
botom line i can not ping the user segment from the head office
and i can not ping the headoffice ip 50.50.50.33 from the computer connectd to switch1.
but from the switch-1 i can ping head office ip address 50.50.50.33

please guide.

os73355

thank you Subnet ZerooO
i was doing as you say but i did not add the static route and trying to do the redistribuite :P
i just add static route for USER segment and redistribute it and now its working fine!!!

i will come back to you soon as i receive backup link of this branch

thanks you!!!

os73355

Hi - i have received back-up link with the same routing protocol OSPF !

CE Edge (20.20.20.17 255.255.255.252) - My router2
PE Edge (20.20.20.18 255.255.255.252)

Router2#int fa0/1
ip address 20.20.20.17 255.255.255.252
des connect to MPLS cloud

Router2#int fa0/1
ip address 10.10.10.5 255.255.255.252
des connect to Switch-1

could you please guide how to configure it into this existing setup.
i need when primary link failed backup link should take place.

shyam4050

Hi os73355,

What changes u made in you Switch/PC to ping SVi created ons witch SVI VLAN 201 (22.0.68.251).

Thanks

os73355 wrote: »

thank you SubnetZero!
now SVI is ping able from the computer.
from the computer can not ping 10.10.10.1 although can ping 10.10.10.2

secoundly on the router as sson i introduce the access-list 1 permit 22.0.68.0 0.0.0.255
i lost the AAA (taccac) access to my head office and also can not ping 22.0.68.251 from the router.