unable to ping the SVI VLAN

os73355os73355 Member Posts: 13 ■□□□□□□□□□
in CCNA & CCENT
i am stuck in a issue! unable to ping the SVI
i am design a small network for a office.
1 router 2811
1 switch 3750-e

Router is connected to the mpls cloud with ospf.

here re the config.

Router#
int fa0/0
ip 10.10.10.1 255.255.255.252
des connected to switch
no shut
!
int fa0/1
ip 20.20.20.1 255.255.255.252
des connected to MPLS cloud
no shut
!

SWITCH#config t
Vlan 201
exit
int vln 201
ip address 22.0.68.251 255.255.255.0
des USER VLAN
no shut
int fa1/0/48
no switchport
ip address 10.10.10.2 255.255.255.252
no shut
!
ip routing
ip route 0.0.0.0 0.0.0.0 10.10.10.1
!
!
!
int fa1/0/1
switchport
switchport mode access
switchport access vlan 201
no shut
+++++++++++++++++++++++++++++++
SVI VLAN201 is UP
i connect my laptop and give ip 22.0.68.1 255.255.255.0 and default gateway 22.0.68.251
but can not ping SVI VLAN 201 (22.0.68.251) ?

and from the SWITCH i can not ping the 20.20.20.2?

please help.
· Share on FacebookShare on Twitter

Comments

  • SubnetZeroSubnetZero Member Posts: 124
    When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.

    I assume 20.20.20.2 is your CE router on the other end of the MPLS cloud?

    Where is the config for 20.20.20.2? Does this router have a route back to the to the 22.0.68.0/24 network?

    Also why are you using a non-RFC 1918 range for your internal network?

    Please do a show ip route from 20.20.20.1 and 20.20.20.2

    Thanks

    While no trees were harmed in the transmission of this message, several electrons were severely inconvenienced     :cool:
    · Share on FacebookShare on Twitter
  • TurgonTurgon Banned Posts: 6,308 ■■■■■■■■■□
    You could have any number of issues here. Start basic and small and work from there. What port is your laptop plugged into and is it up? Is your windows firewall turned off?
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    thanks for your input, please find my answer....

    When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.
    yes I connect my laptop on fa1/0/1.
    1. VLAN 201 become up as soon I connect the laptop.
    but can not ping the Default gateway.

    Q- I assume 20.20.20.2 is your CE router on the other end of the MPLS cloud?
    yes 20.20.20.2 is CE and other end is MPLS cloud (PE)

    Q- Where is the config for 20.20.20.2? Does this router have a route back to the to the 22.0.68.0/24 network?
    1. I did not do this , please guide on it.

      Q- Also why are you using a non-RFC 1918 range for your internal network?
    this is my internal approved segment.

    Please do a show ip route from 20.20.20.1 and 20.20.20.2
    1. Show IP route from CE or Switch?

      Thanks
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    thank you for your input, please find my answer. i am still not undestrain why i can not ping SVI although its very simple. did i need to creat l2 vlan through vlan databse command?

    1. When you plug your laptop into the switch you are plugging into FA1/0/1? Based on FA1/0/1's configuration you're going to have a delay of about 30 seconds while it goes through the listening and learning states. Consider turning on portfast to seed this up.
    yes I connect my laptop on fa1/0/1.
    1. VLAN 201 become up as soon I connect the laptop.
    but can not ping the Default gateway.

    Q- I assume 20.20.20.2 is your CE router on the other end of the MPLS cloud?
    yes 20.20.20.2 is CE and other end is MPLS cloud (PE)

    Q- Where is the config for 20.20.20.2? Does this router have a route back to the to the 22.0.68.0/24 network?
    1. I did not do this , please guide on it.

      Q- Also why are you using a non-RFC 1918 range for your internal network?
    this is my internal approved segment.

    Please do a show ip route from 20.20.20.1 and 20.20.20.2
    1. Show IP route from CE or Switch?

      Thanks
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    I am using ct6 straight cable.
    Connected to fa 1/0/1
    Firewall is turn off.
    · Share on FacebookShare on Twitter
  • bermovickbermovick Member Posts: 1,135 ■■■■□□□□□□
    Designing a small network for ... a Department of Defense office?

    NetRange: 22.0.0.0 - 22.255.255.255
    CIDR: 22.0.0.0/8
    OriginAS:
    NetName: DNIC-SNET-022
    NetHandle: NET-22-0-0-0-1
    Parent:
    NetType: Direct Allocation
    RegDate: 1989-06-26
    Updated: 2009-04-15
    Ref: http://whois.arin.net/rest/net/NET-22-0-0-0-1


    OrgName: DoD Network Information Center
    OrgId: DNIC
    Address: 3990 E. Broad Street
    City: Columbus
    StateProv: OH
    PostalCode: 43218
    Country: US
    RegDate:
    Updated: 2011-08-17
    Ref: http://whois.arin.net/rest/org/DNIC
    Latest Completed: CISSP

    Current goal: Dunno
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    ok USER VLAN change now:
    VLAN 201
    int vlan 201
    ip address 30.30.30.251 255.255.255.0
    no shut

    now still unable to ping ?
    · Share on FacebookShare on Twitter
  • gregorio323gregorio323 Member Posts: 201 ■■■□□□□□□□
    can you do a show ip int bri and see if both status and protocol are up. I'm willing to help you out you can send me a private msg i'll be up for a while.
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    interface is UP and line protocol both are up.
    · Share on FacebookShare on Twitter
  • gregorio323gregorio323 Member Posts: 201 ■■■□□□□□□□
    check your arp table/mac-address-table.
    · Share on FacebookShare on Twitter
  • SubnetZeroSubnetZero Member Posts: 124
    You're probably missing something because I just used your configs in my lab and I have FULL reachability end-to-end.

    First let's configure the switch

    Switch Config

    SW1(config)#vlan 201
    SW1(config-vlan)#name TEST
    SW1(config-vlan)#exit

    SW1(config)#int vlan 201
    SW1(config-if)#ip address 22.0.68.251 255.255.255.0
    SW1(config-if)#des USER VLAN
    SW1(config-if)#no shut
    SW1(config-if)#exit

    *Mar 5 11:59:30.077: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan201, changed state to up

    SW1(config)#inter giga0/2
    SW1(config-if)#no switchport
    SW1(config-if)#ip address 10.10.10.2 255.255.255.252

    *Mar 5 12:02:14.435: %LINK-3-UPDOWN: Interface GigabitEthernet0/2, changed state to up
    *Mar 5 12:02:15.441: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/2, changed state to up

    SW1(config-if)#ip routing
    SW1(config)#ip route 0.0.0.0 0.0.0.0 10.10.10.1

    SW1(config-if)#int gig0/1
    SW1(config-if)#switchport
    SW1(config-if)#switchport mode access
    SW1(config-if)#switchport access vlan 201
    SW1(config-if)#spann portf
    %Warning: portfast should only be enabled on ports connected to a single
    host. Connecting hubs, concentrators, switches, bridges, etc... to this
    interface when portfast is enabled, can cause temporary bridging loops.
    Use with CAUTION

    %Portfast has been configured on GigabitEthernet0/1 but will only
    have effect when the interface is in a non-trunking mode.

    SW1(config-if)#do sh ip int br | ex un
    Interface IP-Address OK? Method Status Protocol
    Vlan201 22.0.68.251 YES manual up up
    GigabitEthernet0/2 10.10.10.2 YES manual up up

    Now let's configure the router

    Router Config

    Router(config)#ho R2
    R2(config)#interface FastEthernet0/0
    R2(config-if)# description connected to switch
    R2(config-if)# ip address 10.10.10.1 255.255.255.252
    R2(config-if)# no shut

    R2(config-if)#interface FastEthernet0/1
    R2(config-if)# description connected to MPLS cloud
    R2(config-if)# ip address 20.20.20.1 255.255.255.252
    R2(config-if)# no shut

    R2(config)#router ospf 1
    R2(config-router)# router-id 2.2.2.2
    R2(config-router)# log-adjacency-changes
    R2(config-router)# network 10.10.10.1 0.0.0.0 area 0
    R2(config-router)# network 20.20.20.0 0.0.0.3 area 0

    Now once we get OSPF up and running we are still going to have an issue, mainly that the other side won't have a clue how to get to the 22.0.68.0/24 network. In order to fix this we will create a static route pointing to the switch and then redistribute this into OSPF

    R2(config)#access-list 1 permit 22.0.68.0 0.0.0.255
    R2(config)#route-map REDSTAT permit 10
    R2(config-route-map)#match ip address 1
    R2(config-route-map)#exit

    R2(config)#router ospf 1
    R2(config-router)#redist static route-map REDSTAT subnets
    R2(config-router)#exit

    Now I don't know if you're running Layer2 or Layer3 VPN's here and to be honest it really doesn't matter. What matters is that I will be able to ping across just fine with either or. For this example I will pretend that R4 is the MPLS PE router running in a VRF named DoD.

    R4(config-vrf)#ip vrf DoD
    R4(config-vrf)# rd 1:1
    R4(config-vrf)# route-target export 1:1
    R4(config-vrf)# route-target import 1:1
    R4(config-vrf)#exit

    R4(config)#inter e0/0
    R4(config-if)#ip vrf forward DoD
    R4(config-if)#ip addr 20.20.20.1 255.255.255.252
    R4(config-if)#no shut
    R4(config-if)#exit

    R4(config)#do ping vrf DoD 20.20.20.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

    As you can see my PE (R4) can already ping the CE (R2). Now let's run OSPF between the CE and the PE (I already configured this on the CE)

    R4(config)#router ospf 1 vrf DoD
    R4(config-router)#router-id 4.4.4.4
    R4(config-router)#network 20.20.20.2 0.0.0.0 area 0
    R4(config-router)#exit

    *Sep 29 17:37:23.419: %OSPF-5-ADJCHG: Process 1, Nbr 2.2.2.2 on Ethernet0/0 from LOADING to FULL, Loading Done

    R4(config)#do sh ip o n
    Neighbor ID Pri State Dead Time Address Interface
    2.2.2.2 1 FULL/DR 00:00:37 20.20.20.1 Ethernet0/0

    And now we should see both your 10.10.10.0/30 and your 22.0.68.0/24

    R4#show ip route vrf DoD ospf
    Routing Table: DoD
    22.0.0.0/24 is subnetted, 1 subnets
    O E2 22.0.68.0 [110/20] via 20.20.20.1, 00:00:23, Ethernet0/0
    10.0.0.0/30 is subnetted, 1 subnets
    O 10.10.10.0 [110/11] via 20.20.20.1, 00:05:54, Ethernet0/0

    Now since I don't have a PC I will use another router as a host (not routing)

    Host Config (My host is a router)

    interface FastEthernet0/0
    ip address 22.0.68.1 255.255.255.0

    Now you will see that from the host i can ping all addresses

    R1(config)#do ping 10.10.10.1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
    R1(config)#
    R1(config)#do ping 10.10.10.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 10.10.10.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
    R1(config)#
    R1(config)#do ping 20.20.20.1

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 20.20.20.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
    R1(config)#do ping 20.20.20.2

    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 20.20.20.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

    While no trees were harmed in the transmission of this message, several electrons were severely inconvenienced     :cool:
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    thank you SubnetZero!
    now SVI is ping able from the computer.
    from the computer can not ping 10.10.10.1 although can ping 10.10.10.2

    secoundly on the router as sson i introduce the access-list 1 permit 22.0.68.0 0.0.0.255
    i lost the AAA (taccac) access to my head office and also can not ping 22.0.68.251 from the router.
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    here is some progress i have made..... and still require your guide line.

    SWitch-1

    ip routing
    !
    interface Vlan201
    description USER VLAN
    ip address 22.0.68.251 255.255.255.0
    !
    ip classless
    ip route 0.0.0.0 0.0.0.0 10.10.10.1
    !
    interface FastEthernet1/0/47
    no switchport
    ip address 10.10.10.2 255.255.255.252
    !
    +++
    from switch-1
    ping 50.50.50.33 (Head office)
    Sending 5, 100-byte ICMP Echos to 50.50.50.33, timeout is 2 seconds:
    !!!!!
    but when ping from Computer
    Request time out ?
    ========================================
    Router-1
    interface FastEthernet0/1
    description *** MPLS
    bandwidth 2048
    ip address 20.20.20.1 255.255.255.252
    !
    interface FastEthernet0/1
    description *** Switch-1
    ip address 10.10.10.1 255.255.255.252
    !
    outer ospf 1
    log-adjacency-changes
    redistribute static
    passive-interface default
    no passive-interface FastEthernet0/1
    network 22.0.68.0 0.0.0.255 area 0
    network 10.0.10.1 0.0.0.0 area 0
    network 20.20.20.0 0.0.0.3 area 0
    !
    ip route 0.0.0.0 0.0.0.0 20.20.20.2
    ip route 22.0.68.0 255.255.255.0 10.10.10.2
    !
    ++++++++++++++++++++++++++++++++++++++++++++++
    Headend (head office)
    bgp 100
    network 22.0.68.0 mask 255.255.255.0
    ++++++++++++++++++++++++++++++++++++++++++++++
    botom line i can not ping the user segment from the head office
    and i can not ping the headoffice ip 50.50.50.33 from the computer connectd to switch1.
    but from the switch-1 i can ping head office ip address 50.50.50.33 :D
    please guide.
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    thank you Subnet ZerooO
    i was doing as you say but i did not add the static route and trying to do the redistribuite :P
    i just add static route for USER segment and redistribute it and now its working fine!!!

    i will come back to you soon as i receive backup link of this branch :p

    thanks you!!!
    · Share on FacebookShare on Twitter
  • os73355os73355 Member Posts: 13 ■□□□□□□□□□
    Hi - i have received back-up link with the same routing protocol OSPF !


    CE Edge (20.20.20.17 255.255.255.252) - My router2
    PE Edge (20.20.20.18 255.255.255.252)


    Router2#int fa0/1
    ip address 20.20.20.17 255.255.255.252
    des connect to MPLS cloud

    Router2#int fa0/1
    ip address 10.10.10.5 255.255.255.252
    des connect to Switch-1





    could you please guide how to configure it into this existing setup.
    i need when primary link failed backup link should take place.
    · Share on FacebookShare on Twitter
  • shyam4050shyam4050 Registered Users Posts: 1 ■□□□□□□□□□
    Hi os73355,

    What changes u made in you Switch/PC to ping SVi created ons witch SVI VLAN 201 (22.0.68.251).

    Thanks


    os73355 wrote: »
    thank you SubnetZero!
    now SVI is ping able from the computer.
    from the computer can not ping 10.10.10.1 although can ping 10.10.10.2

    secoundly on the router as sson i introduce the access-list 1 permit 22.0.68.0 0.0.0.255
    i lost the AAA (taccac) access to my head office and also can not ping 22.0.68.251 from the router.
    · Share on FacebookShare on Twitter
Sign In or Register to comment.