Solved

Server A cannot ping Server B in different subnet /Cisco Catalyst 3750

Posted on 2009-05-13
25
1,009 Views
Last Modified: 2012-05-06
I'm having major problems with a new network configuration in our office.  This past weekend, I took the entire network down and started from scratch to implement a 'router on a stick' sort of configuration.  

We have a data server (Server A) with IP Address 10.130.124.10 and a Shoretel server (Server B) for VOIP with IP Address 192.168.10.10.  Both are plugged into the Cisco Catalyst 3750 Core, Routing Switch.  Server A cannot ping Server B and vice versa.

Server A is on Gi1/0/2 and Server B is on Port 24.  Anyone see anything wrong with this?

Below is the Core, Routing Switch configuration.  All ports need to be trunked as they are plugged into a Shoretel 230 voip phone and then plugged into a host.



Core_Switch#sh run
Building configuration...

Current configuration : 9044 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Core_Switch
!
enable secret level 1 5 $1$tu0K$LaONIbxO36fp4XFbejN64/
enable secret 5 $1$J42P$C.uarMKpdNAEmo1.ybYtJ1
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,30,122-124 priority 24576
!
vlan internal allocation policy ascending
!
vlan 30
 name Voice
!
vlan 122
 name Floor2VLAN
!
vlan 123
 name Floor3VLAN
!
vlan 124
 name Floor4VLAN
!
interface Loopback0
 no ip address
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!

-------------Omitted-----------------

interface FastEthernet1/0/24
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/25
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/26
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/27
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/28
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/29
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100

---------Omitted-----------

interface FastEthernet1/0/48
 description To X0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no cdp enable
!
interface GigabitEthernet1/0/1
 description To Backup Core
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description To Data Server
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 description To Procurve
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 description To 3COMVLAN3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 ip address 10.130.125.2 255.255.255.0
!
interface Vlan30
 description PHONES
 ip address 192.168.10.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan122
 ip address 10.130.122.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan123
 ip address 10.130.123.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan124
 ip address 10.130.124.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan200
 no ip address
!
interface Vlan300
 no ip address
!
ip default-gateway 10.130.125.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.130.125.1
ip http server
!
!
control-plane
!
banner exec ^C
!!!Authorized Users ONLY!!! ^C
banner login ^C
Good job logging in ^C
banner motd ^C
Floor4 Cisco Switch VLAN 14 ^C
!
line con 0
 password 7 104D011854371606050A
 login
line vty 0 4
 password 7 104D011854371606050A
 login
 length 0
line vty 5 15
 password 7 110A110446320F010D24
 login
!
end

Core_Switch#
Core.doc
0
Comment
Question by:Boston_IT_Tech
  • 12
  • 9
  • 2
  • +1
25 Comments
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375188
Server A has a default gateway of 10.130.124.10, right?

Server B has a default gateway of 192.168.10.5, right?
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24375192
Can the server and the pc both ping their gateway? Do they communicate with the dhcp server and get appropriate ip address and gateways?

If you hard set the IP information on the clients does this change anything?
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375223
Server A has a default gateway of 10.130.124.5 because its in VLAN 124.

Server B has a gateway of 192.168.10.5, yes.

Yes, both servers can ping their default gateways.  Both IP addresses are assigned statically; the 10.130.124.10 server is the DHCP server.

The clients actually work fine.  I can ping BOTH servers from a host in the 10.130.123.x network (VLAN 123).



Ethernet adapter Local Area Connection 2:

        Physical Address. . . . . . . . . : 00-1D-92-74-C3-E2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.130.123.26
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.130.123.5
        DHCP Server . . . . . . . . . . . : 10.130.124.10
        DNS Servers . . . . . . . . . . . : 10.130.124.10
                                            192.168.20.12
        Primary WINS Server . . . . . . . : 10.130.124.10
        Lease Obtained. . . . . . . . . . : Wednesday, May 13, 2009 8:39:33 AM
        Lease Expires . . . . . . . . . . : Thursday, May 21, 2009 8:39:33 AM

C:\Documents and Settings\dbour>ping 192.168.10.10

Pinging 192.168.10.10 with 32 bytes of data:

Reply from 192.168.10.10: bytes=32 time=6ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 6ms, Average = 1ms

C:\Documents and Settings\dbour>ping 10.130.124.10

Pinging 10.130.124.10 with 32 bytes of data:

Reply from 10.130.124.10: bytes=32 time=6ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127

Ping statistics for 10.130.124.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 6ms, Average = 1ms

C:\Documents and Settings\dbour>
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375263
Oops, yeah, I meant 10.130.124.5.

Can the 10.130.124.10 server ping 192.168.10.5?
Can the 192.168.10.10 server ping 10.130.124.5?
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375290
10.130.124.10 (Server A) can ping 192.168.10.5 (Server B Default Gateway)

192.168.10.10 (Server B) can ping 10.130.124.5 (Server A Default Gateway)
0
 
LVL 10

Expert Comment

by:lanboyo
ID: 24375291

Are the servers behind phone ports as well? If not make them access ports.


The voip servers look to be issues... it looks to me that having vlan 30 as trunked and native on the same port as it is on fa 1/0/24-28 might be confusing.



A good thing to do is to add the command once everything is working correctly...

switchport trunk allowed vlan 30,124 (or whatever the data vlan is for that port) so that the switch doesn't send unnecessary tagged frames.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375318
>10.130.124.10 (Server A) can ping 192.168.10.5 (Server B Default Gateway)

>192.168.10.10 (Server B) can ping 10.130.124.5 (Server A Default Gateway)

Okay, well, its not the switch or routing.  Can you ping a different host on the 10.130.124.x subnet?
0
 

Expert Comment

by:AndrewCaldwell
ID: 24375352
what do these commands show?

sh vlan
sh ip int brief
sh ip route
sh arp
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375369
The 10.130.124.10 (Server A) is on an access link.

interface GigabitEthernet1/0/2
 description To Data Server
 switchport access vlan 124
 switchport trunk native vlan 124
 switchport mode access
----------------------------------------

The 192.168.10.10 (Server B) is on a trunk link.

interface FastEthernet1/0/24
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100



Trunk ports pass all vlan traffic by default;the vlan 30 (phone vlan) packets need to be tagged.  The data vlan (124) packets should not be tagged.  The Native command makes the packets untagged.  

Thats my understanding of it.  So it is a bit complicated/incorrect.  
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375438
JFrederick29:Yes, I can ping hosts in any vlan from both servers.

AndrewCaldwell:  Attached.

sh-arp.txt
sh-ip-int-brief.txt
sh-ip-route.txt
sh-vlan.txt
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375518
Well, since you can ping other things in other subnets, it's not routing or the switch.  Can you ping one way but not the other?  Anything on these servers that could be playing into it?
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375577
JFrederick29:

I agree!  That's why I'm stumped.  Hosts in any subnet can ping both servers.  Both servers can ping hosts in any subnet.  Server A cannot ping Server B.  Ugh.

No windows firewall on either server.  DHCP is screwy though; my 192.168.10.x network is full and we don't even have enough phones to fill it. (Attached)

AND whenever I reconcile the 192.168.10.x subnet, there's always at least 11 address that pop back up immediately.  Verify --> 11 IPs --> Reconcile --> Close box.  Verify --> 11IPs --> reconcile, etc.
phonesubnet.JPG
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375597
I'm tempted to say its because of the ports.  I really still think it's the routing.

Server A is on an access link but still has 'trunk native vlan 124' on it.  Server B is on a trunk link with, 'native vlan 30' on it.  That just seems odd to me.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375629
Tried restarting the servers by chance?
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375645
Yes, did that last night.
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375665
>Server A is on an access link but still has 'trunk native vlan 124' on it.  Server B is on a trunk link with, 'native vlan 30' on it.  That just seems odd to me.

But it really accomplishes the same thing.  With Server A being an access-list, the "trunk native vlan 124" is not in use and can be removed (it doesn't do anything).

Server B being a Trunk with native VLAN 30 essentially makes it an access port in VLAN 30.  Only if the server is sending tagged packets would the trunk be needed.

If the trunk isn't necessary, make it an access port and assign it to VLAN 30.
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375705
Well, anything on VLAN 30 should be tagged.

Anything on VLAN 122, 123, 124 (data) should not be tagged.

Ill try those changes tonight.  Unfortunately, I can't do it during business hours....ugh.

Thank you!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24375764
Well, keep in mind the tag is only on the trunk between the server and switch port.  The tag is removed when entering the switch and put on the appropriate VLAN so if the server doesn't need to process multiple VLAN traffic, it is okay to use an access port in VLAN 30 as it accomplishes the same thing.

I am skeptical it will resolve the issue since it should work the way you have it (native vlan 30) and plus you can ping about anything else except this one server.  Still leaning to something on the server itself...

Can you post a "route print" from the server?
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375815
Attached.
routeprint.txt
0
 
LVL 43

Accepted Solution

by:
JFrederick29 earned 500 total points
ID: 24375830
Ah hah,

You have a route for the 192.168.10.x subnet via 10.130.124.11.

Remove it:

route delete 192.168.10.0
0
 

Expert Comment

by:AndrewCaldwell
ID: 24375895
Weird i dont see the fast eth 0/24 in the sh vlans
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24375907
I saw that too!  

I'm going to do some testing and see if this clears up some issues!  



H:\>route delete 192.168.10.0

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 f0 e0 68 ...... Intel(R) PRO/1000 MT Network Connection #2 - Pac
ket Scheduler Miniport
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.130.124.5    10.130.124.10     10
     10.130.124.0    255.255.255.0    10.130.124.10    10.130.124.10     10
    10.130.124.10  255.255.255.255        127.0.0.1        127.0.0.1     10
    10.130.124.43  255.255.255.255        127.0.0.1        127.0.0.1     50
   10.255.255.255  255.255.255.255    10.130.124.10    10.130.124.10     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0    10.130.124.10    10.130.124.10     10
  255.255.255.255  255.255.255.255    10.130.124.10    10.130.124.10      1
Default Gateway:      10.130.124.5
===========================================================================
Persistent Routes:
  None

H:\>ping 192.168.10.10

Pinging 192.168.10.10 with 32 bytes of data:

Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

H:\>
0
 
LVL 1

Author Closing Comment

by:Boston_IT_Tech
ID: 31580990
So it was the route on the Servers themselves, not on the layer 3 switch doing the routing.  Thank you so much!
0
 
LVL 1

Author Comment

by:Boston_IT_Tech
ID: 24376159
Thats it!  The IP phones now have the correct time/date because SNTP can now reach the time server.

Thank you!!
0
 
LVL 43

Expert Comment

by:JFrederick29
ID: 24376176
You're welcome.  Glad to assist!
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Network Config 9 53
How do I modify Ubigate for new ISP? 2 13
EIGRP Full Mesh 2 32
Making calls on Wi-Fi 5 17
#Citrix #Citrix Netscaler #HTTP Compression #Load Balance
Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now