Server A cannot ping Server B in different subnet /Cisco Catalyst 3750

I'm having major problems with a new network configuration in our office.  This past weekend, I took the entire network down and started from scratch to implement a 'router on a stick' sort of configuration.  

We have a data server (Server A) with IP Address 10.130.124.10 and a Shoretel server (Server B) for VOIP with IP Address 192.168.10.10.  Both are plugged into the Cisco Catalyst 3750 Core, Routing Switch.  Server A cannot ping Server B and vice versa.

Server A is on Gi1/0/2 and Server B is on Port 24.  Anyone see anything wrong with this?

Below is the Core, Routing Switch configuration.  All ports need to be trunked as they are plugged into a Shoretel 230 voip phone and then plugged into a host.



Core_Switch#sh run
Building configuration...

Current configuration : 9044 bytes
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
hostname Core_Switch
!
enable secret level 1 5 $1$tu0K$LaONIbxO36fp4XFbejN64/
enable secret 5 $1$J42P$C.uarMKpdNAEmo1.ybYtJ1
!
no aaa new-model
clock timezone UTC -5
clock summer-time UTC recurring
switch 1 provision ws-c3750-48p
system mtu routing 1500
vtp mode transparent
ip subnet-zero
ip routing
!
!
!
!
no file verify auto
!
spanning-tree mode pvst
spanning-tree extend system-id
spanning-tree vlan 1,30,122-124 priority 24576
!
vlan internal allocation policy ascending
!
vlan 30
 name Voice
!
vlan 122
 name Floor2VLAN
!
vlan 123
 name Floor3VLAN
!
vlan 124
 name Floor4VLAN
!
interface Loopback0
 no ip address
!
interface FastEthernet1/0/1
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/2
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/3
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100
!

-------------Omitted-----------------

interface FastEthernet1/0/24
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/25
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
!
interface FastEthernet1/0/26
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/27
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/28
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100
 duplex full
!
interface FastEthernet1/0/29
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
 speed 100

---------Omitted-----------

interface FastEthernet1/0/48
 description To X0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
 no cdp enable
!
interface GigabitEthernet1/0/1
 description To Backup Core
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/2
 description To Data Server
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 124
 switchport mode trunk
!
interface GigabitEthernet1/0/3
 description To Procurve
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface GigabitEthernet1/0/4
 description To 3COMVLAN3
 switchport trunk encapsulation dot1q
 switchport mode trunk
!
interface Vlan1
 ip address 10.130.125.2 255.255.255.0
!
interface Vlan30
 description PHONES
 ip address 192.168.10.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan122
 ip address 10.130.122.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan123
 ip address 10.130.123.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan124
 ip address 10.130.124.5 255.255.255.0
 ip helper-address 10.130.124.10
!
interface Vlan200
 no ip address
!
interface Vlan300
 no ip address
!
ip default-gateway 10.130.125.1
ip classless
ip route 0.0.0.0 0.0.0.0 10.130.125.1
ip http server
!
!
control-plane
!
banner exec ^C
!!!Authorized Users ONLY!!! ^C
banner login ^C
Good job logging in ^C
banner motd ^C
Floor4 Cisco Switch VLAN 14 ^C
!
line con 0
 password 7 104D011854371606050A
 login
line vty 0 4
 password 7 104D011854371606050A
 login
 length 0
line vty 5 15
 password 7 110A110446320F010D24
 login
!
end

Core_Switch#
Core.doc
LVL 1
Boston_IT_TechAsked:
Who is Participating?
 
JFrederick29Connect With a Mentor Commented:
Ah hah,

You have a route for the 192.168.10.x subnet via 10.130.124.11.

Remove it:

route delete 192.168.10.0
0
 
JFrederick29Commented:
Server A has a default gateway of 10.130.124.10, right?

Server B has a default gateway of 192.168.10.5, right?
0
 
lanboyoCommented:
Can the server and the pc both ping their gateway? Do they communicate with the dhcp server and get appropriate ip address and gateways?

If you hard set the IP information on the clients does this change anything?
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Boston_IT_TechAuthor Commented:
Server A has a default gateway of 10.130.124.5 because its in VLAN 124.

Server B has a gateway of 192.168.10.5, yes.

Yes, both servers can ping their default gateways.  Both IP addresses are assigned statically; the 10.130.124.10 server is the DHCP server.

The clients actually work fine.  I can ping BOTH servers from a host in the 10.130.123.x network (VLAN 123).



Ethernet adapter Local Area Connection 2:

        Physical Address. . . . . . . . . : 00-1D-92-74-C3-E2
        Dhcp Enabled. . . . . . . . . . . : Yes
        Autoconfiguration Enabled . . . . : Yes
        IP Address. . . . . . . . . . . . : 10.130.123.26
        Subnet Mask . . . . . . . . . . . : 255.255.255.0
        Default Gateway . . . . . . . . . : 10.130.123.5
        DHCP Server . . . . . . . . . . . : 10.130.124.10
        DNS Servers . . . . . . . . . . . : 10.130.124.10
                                            192.168.20.12
        Primary WINS Server . . . . . . . : 10.130.124.10
        Lease Obtained. . . . . . . . . . : Wednesday, May 13, 2009 8:39:33 AM
        Lease Expires . . . . . . . . . . : Thursday, May 21, 2009 8:39:33 AM

C:\Documents and Settings\dbour>ping 192.168.10.10

Pinging 192.168.10.10 with 32 bytes of data:

Reply from 192.168.10.10: bytes=32 time=6ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 6ms, Average = 1ms

C:\Documents and Settings\dbour>ping 10.130.124.10

Pinging 10.130.124.10 with 32 bytes of data:

Reply from 10.130.124.10: bytes=32 time=6ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127
Reply from 10.130.124.10: bytes=32 time<1ms TTL=127

Ping statistics for 10.130.124.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 6ms, Average = 1ms

C:\Documents and Settings\dbour>
0
 
JFrederick29Commented:
Oops, yeah, I meant 10.130.124.5.

Can the 10.130.124.10 server ping 192.168.10.5?
Can the 192.168.10.10 server ping 10.130.124.5?
0
 
Boston_IT_TechAuthor Commented:
10.130.124.10 (Server A) can ping 192.168.10.5 (Server B Default Gateway)

192.168.10.10 (Server B) can ping 10.130.124.5 (Server A Default Gateway)
0
 
lanboyoCommented:

Are the servers behind phone ports as well? If not make them access ports.


The voip servers look to be issues... it looks to me that having vlan 30 as trunked and native on the same port as it is on fa 1/0/24-28 might be confusing.



A good thing to do is to add the command once everything is working correctly...

switchport trunk allowed vlan 30,124 (or whatever the data vlan is for that port) so that the switch doesn't send unnecessary tagged frames.
0
 
JFrederick29Commented:
>10.130.124.10 (Server A) can ping 192.168.10.5 (Server B Default Gateway)

>192.168.10.10 (Server B) can ping 10.130.124.5 (Server A Default Gateway)

Okay, well, its not the switch or routing.  Can you ping a different host on the 10.130.124.x subnet?
0
 
AndrewCaldwellCommented:
what do these commands show?

sh vlan
sh ip int brief
sh ip route
sh arp
0
 
Boston_IT_TechAuthor Commented:
The 10.130.124.10 (Server A) is on an access link.

interface GigabitEthernet1/0/2
 description To Data Server
 switchport access vlan 124
 switchport trunk native vlan 124
 switchport mode access
----------------------------------------

The 192.168.10.10 (Server B) is on a trunk link.

interface FastEthernet1/0/24
 description To ShoreTel Servers/Switches
 switchport trunk encapsulation dot1q
 switchport trunk native vlan 30
 switchport mode trunk
 speed 100



Trunk ports pass all vlan traffic by default;the vlan 30 (phone vlan) packets need to be tagged.  The data vlan (124) packets should not be tagged.  The Native command makes the packets untagged.  

Thats my understanding of it.  So it is a bit complicated/incorrect.  
0
 
Boston_IT_TechAuthor Commented:
JFrederick29:Yes, I can ping hosts in any vlan from both servers.

AndrewCaldwell:  Attached.

sh-arp.txt
sh-ip-int-brief.txt
sh-ip-route.txt
sh-vlan.txt
0
 
JFrederick29Commented:
Well, since you can ping other things in other subnets, it's not routing or the switch.  Can you ping one way but not the other?  Anything on these servers that could be playing into it?
0
 
Boston_IT_TechAuthor Commented:
JFrederick29:

I agree!  That's why I'm stumped.  Hosts in any subnet can ping both servers.  Both servers can ping hosts in any subnet.  Server A cannot ping Server B.  Ugh.

No windows firewall on either server.  DHCP is screwy though; my 192.168.10.x network is full and we don't even have enough phones to fill it. (Attached)

AND whenever I reconcile the 192.168.10.x subnet, there's always at least 11 address that pop back up immediately.  Verify --> 11 IPs --> Reconcile --> Close box.  Verify --> 11IPs --> reconcile, etc.
phonesubnet.JPG
0
 
Boston_IT_TechAuthor Commented:
I'm tempted to say its because of the ports.  I really still think it's the routing.

Server A is on an access link but still has 'trunk native vlan 124' on it.  Server B is on a trunk link with, 'native vlan 30' on it.  That just seems odd to me.
0
 
JFrederick29Commented:
Tried restarting the servers by chance?
0
 
Boston_IT_TechAuthor Commented:
Yes, did that last night.
0
 
JFrederick29Commented:
>Server A is on an access link but still has 'trunk native vlan 124' on it.  Server B is on a trunk link with, 'native vlan 30' on it.  That just seems odd to me.

But it really accomplishes the same thing.  With Server A being an access-list, the "trunk native vlan 124" is not in use and can be removed (it doesn't do anything).

Server B being a Trunk with native VLAN 30 essentially makes it an access port in VLAN 30.  Only if the server is sending tagged packets would the trunk be needed.

If the trunk isn't necessary, make it an access port and assign it to VLAN 30.
0
 
Boston_IT_TechAuthor Commented:
Well, anything on VLAN 30 should be tagged.

Anything on VLAN 122, 123, 124 (data) should not be tagged.

Ill try those changes tonight.  Unfortunately, I can't do it during business hours....ugh.

Thank you!
0
 
JFrederick29Commented:
Well, keep in mind the tag is only on the trunk between the server and switch port.  The tag is removed when entering the switch and put on the appropriate VLAN so if the server doesn't need to process multiple VLAN traffic, it is okay to use an access port in VLAN 30 as it accomplishes the same thing.

I am skeptical it will resolve the issue since it should work the way you have it (native vlan 30) and plus you can ping about anything else except this one server.  Still leaning to something on the server itself...

Can you post a "route print" from the server?
0
 
Boston_IT_TechAuthor Commented:
Attached.
routeprint.txt
0
 
AndrewCaldwellCommented:
Weird i dont see the fast eth 0/24 in the sh vlans
0
 
Boston_IT_TechAuthor Commented:
I saw that too!  

I'm going to do some testing and see if this clears up some issues!  



H:\>route delete 192.168.10.0

H:\>route print

IPv4 Route Table
===========================================================================
Interface List
0x1 ........................... MS TCP Loopback interface
0x2 ...00 11 43 f0 e0 68 ...... Intel(R) PRO/1000 MT Network Connection #2 - Pac
ket Scheduler Miniport
0x10003 ...00 53 45 00 00 00 ...... WAN (PPP/SLIP) Interface
===========================================================================
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0     10.130.124.5    10.130.124.10     10
     10.130.124.0    255.255.255.0    10.130.124.10    10.130.124.10     10
    10.130.124.10  255.255.255.255        127.0.0.1        127.0.0.1     10
    10.130.124.43  255.255.255.255        127.0.0.1        127.0.0.1     50
   10.255.255.255  255.255.255.255    10.130.124.10    10.130.124.10     10
        127.0.0.0        255.0.0.0        127.0.0.1        127.0.0.1      1
        224.0.0.0        240.0.0.0    10.130.124.10    10.130.124.10     10
  255.255.255.255  255.255.255.255    10.130.124.10    10.130.124.10      1
Default Gateway:      10.130.124.5
===========================================================================
Persistent Routes:
  None

H:\>ping 192.168.10.10

Pinging 192.168.10.10 with 32 bytes of data:

Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127
Reply from 192.168.10.10: bytes=32 time<1ms TTL=127

Ping statistics for 192.168.10.10:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms

H:\>
0
 
Boston_IT_TechAuthor Commented:
So it was the route on the Servers themselves, not on the layer 3 switch doing the routing.  Thank you so much!
0
 
Boston_IT_TechAuthor Commented:
Thats it!  The IP phones now have the correct time/date because SNTP can now reach the time server.

Thank you!!
0
 
JFrederick29Commented:
You're welcome.  Glad to assist!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.