Cisco vlan routing issue

I have a simple home network with a Dlink router and a cisco 3550 L3 switch.

(192.168.10.1)Dlink---->Switch-----vlan 1 (192.168.10.2)
                                                   ----vlan 2 (192.168.11.2)





Dlink router is on 192.168.10.1.  This router does not do static internal routes or anything fancy.
Switch is enabled for L3 routing and VLan1 is on 192.168.10.2
Vlan 2 is on 192.168.11.2

Anything on vlan 1 can ping anything on vlan 2.  Vlan 1 can access file shares, network resources, rdp etc to any box in vlan 2.
Vlan 2 can not ping or access anything on vlan 1. I have tried using more than one machine

Vlan2 CAN ping the vlan interface on vlan 1 (192.168.10.2) just can not hit anything behind it.

Vlan 1 test machine DOES have it default gateay set to vlan interface (192.168.10.2)
Vlan 2 test machine DOES have its default gateway set to the vlan interface (192.168.11.2)


All machines have DNS set to router 192.168.10.1.  This router does not have a static route to know how to route to vlan 2 but that shouldnt matter.
PIMP#show run
Building configuration...

Current configuration : 1440 bytes
!
version 12.1
no service single-slot-reload-enable
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
no service dhcp
!
hostname PIMP
!
enable secret 5 xxxxxxxxxxx!
ip subnet-zero
ip routing
!

********DHCP is not active right now it is being handled by the router *******
ip dhcp pool vlan10
   network 192.168.10.0 255.255.255.0
   dns-server 192.168.10.1
   default-router 192.168.10.2
   lease 7
!
!
spanning-tree extend system-id
!
!
!
interface GigabitEthernet0/1
 no ip address
!
interface GigabitEthernet0/2
 no ip address
!
interface GigabitEthernet0/3
 no ip address
!
interface GigabitEthernet0/4
 no ip address
!
interface GigabitEthernet0/5
 no ip address
!
interface GigabitEthernet0/6
 no ip address
!
interface GigabitEthernet0/7
 no ip address
!
interface GigabitEthernet0/8
 no ip address
!
interface GigabitEthernet0/9
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface GigabitEthernet0/10
 switchport access vlan 2
 switchport mode access
 no ip address
!
interface GigabitEthernet0/11
 no ip address
!
interface GigabitEthernet0/12
 no ip address
!
interface Vlan1
 ip address 192.168.10.2 255.255.255.0
!
interface Vlan2
 ip address 192.168.11.2 255.255.255.0
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.10.1
no ip http server
!
!
banner motd ^C F U ^C
!
line con 0
 exec-timeout 0 0
 password xxxx
 login
line vty 0 4
 password xxxxx
 login
line vty 5 15
 password xxxx
 login


**********ip route command*************

Gateway of last resort is 192.168.10.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan1
C    192.168.11.0/24 is directly connected, Vlan2
S*   0.0.0.0/0 [1/0] via 192.168.10.1


PIMP#show vlan brief

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Gi0/1, Gi0/2, Gi0/3, Gi0/4
                                                Gi0/5, Gi0/6, Gi0/7, Gi0/8
                                                Gi0/11, Gi0/12
2    VLAN0002                         active    Gi0/9, Gi0/10
1002 fddi-default                     active
1003 token-ring-default               active
1004 fddinet-default                  active
1005 trnet-default                    active
PIMP#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       * - candidate default, U - per-user static route, o - ODR
       P - periodic downloaded static route

Gateway of last resort is 192.168.10.1 to network 0.0.0.0

C    192.168.10.0/24 is directly connected, Vlan1
C    192.168.11.0/24 is directly connected, Vlan2
S*   0.0.0.0/0 [1/0] via 192.168.10.1
PIMP#

Open in new window

LVL 24
ryansotoAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

ptchubaCommented:
If vlan1 test machine does not have a firewall blocking the ping. disable windows firewall (and any other) and test again.
ptchubaCommented:
correction

Check if vlan1 test machine does not have a firewall blocking the ping. disable windows firewall (and any other) and test again.
ryansotoAuthor Commented:
Way ahead on that aspect there is no firewall in place on the test machine in VLAN1.  To rule that aspect out I tried multiple machines on vlan 1 with no luck.
Introduction to Web Design

Develop a strong foundation and understanding of web design by learning HTML, CSS, and additional tools to help you develop your own website.

sidetrackedCommented:
vlan 2 users won't be able to surf the internet then, if the dlink router cant answer their dns-requests.

are u using static ip for machines in vlan 2?

please make a route print from cmd on a machine in vlan2 and also one from vlan 1
ryansotoAuthor Commented:
Correct vlan2 users will not be able to hit the internet because the router sucks and cant do static routes back to vlan 2.  Fine no problem.
The machines on vlan 2 are static
Their gateway points to the vlan interface
IE vlan interface is 192.168.11.2

In tcpip config default gateway is 192.168.11.2

I will post a route print once I get back home.
mikebernhardtCommented:
When you ping, are you trying to ping by host name or IP address? I can't see any reason why hosts on vlan 1 shoudn't be able to talk to hosts on vlan 2, and vice versa. If pings can go one way, they should be able to go the other way IF YOU ARE PINGING BY IP ADDRESS.

If you are pinging by name, you have a problem-- because the hosts on vlan 2 will be able to reach 192.168.10.1 to query for an address- but that router doesn't know how to get back to 192.168.11.x to respond to the query without a static route.
ryansotoAuthor Commented:
Correct I am using IP address.  I do know that names will not work from vlan 2 since there is no route back from router to vlan 2.

This is whats driving me mad is the configs look right.
ryansotoAuthor Commented:
Not only can I ping from vlan 1 to 2 I can RDP into the machines, pull up vcenter, access file shares, etc
SHEEPCommented:
Are you sure that you have the machines connected to the correct switch ports?

If so, can you post a tracert from vlan 1 to vlan 2 and in the other direction.
jonathanalesCommented:
DHCP should be handled by the switch if possible, because the switch would have access to both network, so any vlan would have a dhcp pool assigned and reachable.

You need to enable ip routing on the switch so the switch could do routing between the vlans.
 
sidetrackedCommented:
what happened to the route print from the machines? it is vital

there is no error in switch config from what i can see

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ryansotoAuthor Commented:
OK the switch wasnt the issue - the issue lied somewhere in the SOHO router.  I had a new router on standby that would do static routing to fix the DNS issue.
I implemented the router and viola everythign worked.

I implemented the static route then tested and made sure that the switch was doing the intervlan routing not the router.

A tracert shows all is well.  I am not sure what is was with the router but there was no firewall rules enabled on it.  Weird why it would block it in some way.
ryansotoAuthor Commented:
Thanks for the help.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.