We help IT Professionals succeed at work.

We've partnered with Certified Experts, Carl Webster and Richard Faulkner, to bring you two Citrix podcasts. Learn about 2020 trends and get answers to your biggest Citrix questions!Listen Now

x

InterVLAN routing on a 2801 w/ HWIC-4ESW

Quori
Quori asked
on
Medium Priority
1,044 Views
Last Modified: 2012-05-06
I am having an issue with Inter-VLAN routing on my 2801 using a HWIC-4ESW. Usually you'd create sub-interfaces, however the 4ESW does not allow this so I've created a dot1q trunk to my 3560G switch then created SVI's on the 2801. If I do an extended ping from the 2801 with source being an IP on the 2801 in one VLAN to a host address in another VLAN it simply does not work.

How can I get around this without the ability to create subif's?
Comment
Watch Question

Top Expert 2009
Commented:
No need for subinterfaces.

The trunk to the 3560G and SVI's should do it

Did you create the VLAN's:

vlan database
vlan 2
vlan 3
etc..

Verify the VLAN's exist with "show vlan-switch".

Did you "no shut" the VLAN interfaces?

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
They exist.

I did, yes.

Attached are the configs.

Gi0/7 is the link to the router on the switch.

The issue:
DC-2801-SEC#ping 10.7.255.10 source vlan 10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.10, timeout is 2 seconds:
Packet sent with a source address of 10.7.255.253
.....
Success rate is 0 percent (0/5)
DC-2801-SEC#ping 10.7.255.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
DC-2801-SEC#


This is part of a larger problem which is preventing me from reaching some servers on the 3560G switch, even though the router itself can ping them all successfully and ARP/MAC table tracing shows layer 1 is what it should be.
router.txt
switch.txt
Top Expert 2009
Commented:
10.7.255.10 has a default gateway of 10.7.255.13, right?

Author

Commented:
Yep.

Though (and this really has me boggled) 10.7.255.1 does not have a default-gateway set but works:

DC-2801-SEC#ping 10.7.255.1 source vlan 10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.1, timeout is 2 seconds:
Packet sent with a source address of 10.7.255.253
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
DC-2801-SEC#

Top Expert 2009

Commented:
Could be proxy ARP.  Is the subnet mask set properly (matching the VLAN interface) on these hosts?

Author

Commented:
Yep.

Author

Commented:
I logged a TAC call last night and spent 6 hours on the phone with them plus another 4 hours this morning. So far TAC and I have come up with nothing.

Its confusing.
Top Expert 2009

Commented:
Yes, very odd.  It looks like it should work.  Did you make changes with TAC?  Can you post the new router config? or are you going to keep pursuing this via TAC instead?

Author

Commented:
I've not made any changes with TAC since the posted configs. TAC have escalated it and am awaiting a call from them next week, but going to go into our DC on Tuesday and replace the IOS on all the devices.

Thought I'd come here since the TAC "engineers' simply done nothing and could offer no suggestions, save one, a pair of dud HWIC's.

Author

Commented:
Replacing the IOS on my 3560's seemed to do it....IOS bug I guess, as everything is working now. However I've accepted your two main responses given they are likely to be the cause of similar issues for others.
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.