leblanc
asked on
Cisco switch SVI
This question is based on the attached network diagram. I am trying to understand why sw2 could not ping 10.10.100.254 when I removed SVI 100 from sw2. Couldn't it go through sw0 and sw0 can do the intervlan and reach 10.10.100.254 for sw2. Thanks
Niten Kumar
The vlan needs to be created on the switch so that the switch is able to tag packets for that particular vlan.
ASKER
The vlan100 was created on sw2. I could only ping 10.10.100.254 if the SVI is configured on sw2. In other words, it only worked if I assigned an IP address to int vlan 100 on sw2. I'd like to know why. Thx
vlan100 was created on sw2You need also vlan 100 on sw1 and sw3 and VLAN100 to be enabled on all trunks.
If it is GNS3 lab, it happens sometimes that I need to add SVI to make ping work (although it does not make much sense).
All you need for ping is:
- VLAN100 on every switch (except fw - IP address assigned to interface)
- VLAN100 allowed on all trunks
- on sw2 Fa0/3 configured as access port VLAN 100
- routing configured on FW with proper routes (without routing default gateway should be configured as 10.10.100.1) for the case that you are pinging from other VLANs. If you are pinging from sw0 SVI VLAN100 you can ignore this line.
But again, if it is GNS3 and everything configured as above - I would go with GNS3 bug.
Question: how did you create VLANs on switches? should be created through database VLAN:
switch>en
switch# datebase vlan
switch# vlan 100
switch# exit
ASKER
I did not use GNS3. I am using Packet Tracer. Yes I have everything setup as you mentioned I ping from sw2 to fw. I can ping fine if I have the SVI configured. If I remove the SVI, I cannot ping the fw. The same issue applied to sw1 & sw3.
PS. Also, you can create vlan without using the database command with gns3 v13.1.3. I tried the database vlan command and it did nto work. Thanks
PS. Also, you can create vlan without using the database command with gns3 v13.1.3. I tried the database vlan command and it did nto work. Thanks
Can you paste configurations?
Can you test this for me in your config on sw2 please?
1. clear arp table
2. with SVI 100 interface, ping 10.10.100.254
3. check arp by sh ip arp | i 10.10.100.254
4. clear arp table again
5. shutdown or remove SVI 100 and ping 10.10.100.254
6. check arp table by sh ip arp | i 10.10.100.254
Please post results of steps 3 and 6.
1. clear arp table
2. with SVI 100 interface, ping 10.10.100.254
3. check arp by sh ip arp | i 10.10.100.254
4. clear arp table again
5. shutdown or remove SVI 100 and ping 10.10.100.254
6. check arp table by sh ip arp | i 10.10.100.254
Please post results of steps 3 and 6.
ASKER
sw2-1#clear arp
sw2-1#ping 10.10.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.100.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
sw2-1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.20.2 - 000A.41DE.74A1 ARPA Vlan20
Internet 10.10.100.3 - 000A.41DE.74A1 ARPA Vlan100
Internet 10.10.100.254 1 000C.CF16.1703 ARPA Vlan100
sw2-1#clear arp
sw2-1(config)#no int vlan 100
sw2-1(config)#
%LINK-5-CHANGED: Interface Vlan100, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
sw2-1#ping 10.10.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.100.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
sw2-1#clear arp
sw2-1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.20.1 0 000A.F3BC.2DB7 ARPA Vlan20
Internet 10.10.20.2 - 000A.41DE.74A1 ARPA Vlan20
sw2-1#ping 10.10.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.100.254, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/1 ms
sw2-1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.20.2 - 000A.41DE.74A1 ARPA Vlan20
Internet 10.10.100.3 - 000A.41DE.74A1 ARPA Vlan100
Internet 10.10.100.254 1 000C.CF16.1703 ARPA Vlan100
sw2-1#clear arp
sw2-1(config)#no int vlan 100
sw2-1(config)#
%LINK-5-CHANGED: Interface Vlan100, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan100, changed state to down
sw2-1#ping 10.10.100.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.100.254, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
sw2-1#clear arp
sw2-1#sh ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.10.20.1 0 000A.F3BC.2DB7 ARPA Vlan20
Internet 10.10.20.2 - 000A.41DE.74A1 ARPA Vlan20
That's your answer then why you need to have SVI 100 up.
Every packet needs to have source and destination. ARP traffic is constrained to a vlan so the switch needs to have one interface in that vlan to use as a source for ARP packets.
Every packet needs to have source and destination. ARP traffic is constrained to a vlan so the switch needs to have one interface in that vlan to use as a source for ARP packets.
ASKER
My thought was as I don't have SVI 100 on sw2, sw2 will go to his default gateway sw0 to be intervlan to vlan 100 thus sw2 should be able to ping 10.10.100.254. Doesn't it work that way?
ASKER
This is the original question from my post "I am trying to understand why sw2 could not ping 10.10.100.254 when I removed SVI 100 from sw2."
Original answer - paste configurations.
:)
It should work if you have configured VLAN 20 and VLAN 100 on every switch.
You need VLAN 20 and 100 on every switch and enabled on every trunk along the way, otherwise it will not work.
:)
It should work if you have configured VLAN 20 and VLAN 100 on every switch.
You need VLAN 20 and 100 on every switch and enabled on every trunk along the way, otherwise it will not work.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Predrag,
I think you got it. I need to have all vlans on all switches. I do not need to have an IP address assigned to int vlan100 on sw2. However, from the FW, I need a static route pointed to the internal network with next hop as sw0 because that is where all intervlan is done. I did that and I was able to pin 10.10.100.254 from all switches.
No I understand why. Thx
I think you got it. I need to have all vlans on all switches. I do not need to have an IP address assigned to int vlan100 on sw2. However, from the FW, I need a static route pointed to the internal network with next hop as sw0 because that is where all intervlan is done. I did that and I was able to pin 10.10.100.254 from all switches.
No I understand why. Thx
You are welcome.