?
Solved

InterVLAN routing on a 2801 w/ HWIC-4ESW

Posted on 2009-02-12
10
Medium Priority
?
999 Views
Last Modified: 2012-05-06
I am having an issue with Inter-VLAN routing on my 2801 using a HWIC-4ESW. Usually you'd create sub-interfaces, however the 4ESW does not allow this so I've created a dot1q trunk to my 3560G switch then created SVI's on the 2801. If I do an extended ping from the 2801 with source being an IP on the 2801 in one VLAN to a host address in another VLAN it simply does not work.

How can I get around this without the ability to create subif's?
0
Comment
Question by:Quori
  • 6
  • 4
10 Comments
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 2000 total points
ID: 23629145
No need for subinterfaces.

The trunk to the 3560G and SVI's should do it

Did you create the VLAN's:

vlan database
vlan 2
vlan 3
etc..

Verify the VLAN's exist with "show vlan-switch".

Did you "no shut" the VLAN interfaces?
0
 
LVL 13

Author Comment

by:Quori
ID: 23629189
They exist.

I did, yes.

Attached are the configs.

Gi0/7 is the link to the router on the switch.

The issue:
DC-2801-SEC#ping 10.7.255.10 source vlan 10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.10, timeout is 2 seconds:
Packet sent with a source address of 10.7.255.253
.....
Success rate is 0 percent (0/5)
DC-2801-SEC#ping 10.7.255.10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.10, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
DC-2801-SEC#


This is part of a larger problem which is preventing me from reaching some servers on the 3560G switch, even though the router itself can ping them all successfully and ARP/MAC table tracing shows layer 1 is what it should be.
router.txt
switch.txt
0
 
LVL 43

Assisted Solution

by:JFrederick29
JFrederick29 earned 2000 total points
ID: 23629231
10.7.255.10 has a default gateway of 10.7.255.13, right?
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 13

Author Comment

by:Quori
ID: 23629362
Yep.

Though (and this really has me boggled) 10.7.255.1 does not have a default-gateway set but works:

DC-2801-SEC#ping 10.7.255.1 source vlan 10

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.7.255.1, timeout is 2 seconds:
Packet sent with a source address of 10.7.255.253
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
DC-2801-SEC#

0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 23629378
Could be proxy ARP.  Is the subnet mask set properly (matching the VLAN interface) on these hosts?
0
 
LVL 13

Author Comment

by:Quori
ID: 23629386
Yep.
0
 
LVL 13

Author Comment

by:Quori
ID: 23629419
I logged a TAC call last night and spent 6 hours on the phone with them plus another 4 hours this morning. So far TAC and I have come up with nothing.

Its confusing.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 23632075
Yes, very odd.  It looks like it should work.  Did you make changes with TAC?  Can you post the new router config? or are you going to keep pursuing this via TAC instead?
0
 
LVL 13

Author Comment

by:Quori
ID: 23643418
I've not made any changes with TAC since the posted configs. TAC have escalated it and am awaiting a call from them next week, but going to go into our DC on Tuesday and replace the IOS on all the devices.

Thought I'd come here since the TAC "engineers' simply done nothing and could offer no suggestions, save one, a pair of dud HWIC's.
0
 
LVL 13

Author Closing Comment

by:Quori
ID: 31546407
Replacing the IOS on my 3560's seemed to do it....IOS bug I guess, as everything is working now. However I've accepted your two main responses given they are likely to be the cause of similar issues for others.
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to set-up an On Demand, IPSec, Site to SIte, VPN from a Draytek Vigor Router to a Cyberoam UTM Appliance. A concise guide to the settings required on both devices
I recently attended Cisco Live! in Las Vegas, a conference that boasted over 28,000 techies in attendance, and a week of hands-on learning hosted by a solid partner with which Concerto goes to market.  Every year, Cisco displays cutting-edge technol…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question