How can I obtain reachability from vlan terminated on the L3 swap to routed port on the router, FW?
F.E
int vlan 10,50 are the SVI’s on L3 swap
vlan 10 - 10.0.10.254 /24
vlan 50 - 10.0.50.254 /24
vlan 50 is the native vlan on trunk hyperlink in the direction of (router, FW)
Routed port is configured on the bodily interface with 10.0.50.1/24
Downside is that I can attain routed port sourcing from each SVI’s however no from the machine being inside vlan 10
Taking tcpdump on the routed interface i can see solely icmp requests however no replies. Change does have default gateway set to 10.0.50.1
I’ve enabled ospf on FW and swap however with no luck.
Thanks @Zac67 for the trace, perhaps I wasn’t clear what I attempt to obtain.
I wish to have few vlans terminated on the L3 swap, a few of them on the FW to have visibility in them. Downside is that I want to use bodily interface on the FW to be their DG to succeed in exterior world or path to the vlans terminated on the FW.
It appears like router on the stick however with utilization of bodily interface by placing ip tackle on it.
So vlans 5,10,15.20 terminating on the L3 swap in order that they have SVI’s created on it.
Vlans 30,40,50 simply present on the swap and going to the router via trunk and so they have their very own subinterfaces created.
I’m in search of a manner to make use of one other vlan only for connectivity between SVI and router bodily interface.
What I did till now’s for instance create SVI for vlan 100 put ip on it – set vlan 100 as a local vlan on the trunk to succeed in the router untagged.
However it does not work sadly…
==========================================================
To start with sorry for all of the errors I made and making on this query – that is first time posting on stack.
Thanks all who’s making an attempt to assist remedy this drawback. Please discover the topology and configs under:
Change config
Present configuration : 3350 bytes
!
! Final configuration change at 06:18:12 UTC Thu Aug 26 2021
!
model 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname Change
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
!
!
spanning-tree mode rapid-pvst
spanning-tree lengthen system-id
!
vlan inner allocation coverage ascending
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet0/0
media-type rj45
negotiation auto
!
interface GigabitEthernet0/1
switchport entry vlan 20
switchport mode entry
media-type rj45
negotiation auto
!
interface GigabitEthernet0/2
media-type rj45
negotiation auto
!
interface GigabitEthernet0/3
switchport trunk encapsulation dot1q
switchport trunk native vlan 40
switchport mode trunk
media-type rj45
negotiation auto
!
interface GigabitEthernet1/0
switchport entry vlan 30
media-type rj45
negotiation auto
!
interface GigabitEthernet1/1
media-type rj45
negotiation auto
!
interface GigabitEthernet1/2
media-type rj45
negotiation auto
!
interface GigabitEthernet1/3
media-type rj45
negotiation auto
!
interface Vlan20
ip tackle 10.0.20.254 255.255.255.0
!
interface Vlan40
ip tackle 10.0.40.254 255.255.255.0
!
router ospf 1
community 0.0.0.0 255.255.255.255 space 0
!
ip forward-protocol nd
!
no ip http server
no ip http secure-server
!
!
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
logging synchronous
line aux 0
line vty 0 4
login
!
!
finish
Router config
Router#sh run
Constructing configuration...
Present configuration : 3144 bytes
!
! Final configuration change at 06:18:16 UTC Thu Aug 26 2021
!
model 15.6
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
ethernet lmi ce
!
!
!
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
!
!
!
!
!
!
!
!
!
!
!
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip tackle 3.3.3.3 255.255.255.255
!
interface GigabitEthernet0/0
ip tackle 10.0.40.1 255.255.255.0
duplex auto
velocity auto
media-type rj45
!
interface GigabitEthernet0/0.30
encapsulation dot1Q 30
ip tackle 10.0.30.1 255.255.255.0
!
interface GigabitEthernet0/1
no ip tackle
shutdown
duplex auto
velocity auto
media-type rj45
!
interface GigabitEthernet0/2
no ip tackle
shutdown
duplex auto
velocity auto
media-type rj45
!
interface GigabitEthernet0/3
no ip tackle
shutdown
duplex auto
velocity auto
media-type rj45
!
router ospf 1
community 0.0.0.0 255.255.255.255 space 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
banner exec ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
banner incoming ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
banner login ^C
**************************************************************************
* IOSv is strictly restricted to make use of for analysis, demonstration and IOS *
* training. IOSv is supplied as-is and isn't supported by Cisco's *
* Technical Advisory Heart. Any use or disclosure, in entire or partially, *
* of the IOSv Software program or Documentation to any third celebration for any *
* functions is expressly prohibited besides as in any other case approved by *
* Cisco in writing. *
**************************************************************************^C
!
line con 0
line aux 0
line vty 0 4
login
transport enter none
!
no scheduler allocate
!
finish
Sourcing from VPC10 I can ping
VPCS> ip 10.0.30.100 /24 10.0.30.1
Checking for duplicate tackle...
PC1 : 10.0.30.100 255.255.255.0 gateway 10.0.30.1
VPCS> ping 10.0.30.1
84 bytes from 10.0.30.1 icmp_seq=1 ttl=255 time=16.253 ms
VPCS> ping 10.0.40.1
84 bytes from 10.0.40.1 icmp_seq=1 ttl=255 time=8.569 ms
VPCS> ping 10.0.40.254
84 bytes from 10.0.40.254 icmp_seq=1 ttl=254 time=12.776 ms
VPCS> ping 10.0.20.254
84 bytes from 10.0.20.254 icmp_seq=1 ttl=254 time=15.602 ms
VPCS> ping 10.0.20.100
10.0.20.100 icmp_seq=1 timeout
VPCS> ping 3.3.3.3
84 bytes from 3.3.3.3 icmp_seq=1 ttl=255 time=11.675 ms
Solely machine which isn't pingable is different VPCS 10.0.20.100
**However from VPC which is terminated on the swap solely SVI's on the swap**
VPCS> ip 10.0.20.100 /24 10.0.20.254
Checking for duplicate tackle...
PC1 : 10.0.20.100 255.255.255.0 gateway 10.0.20.254
VPCS> ping 10.0.20.254
84 bytes from 10.0.20.254 icmp_seq=1 ttl=255 time=25.344 ms
VPCS> ping 10.0.30.1
10.0.30.1 icmp_seq=1 timeout
VPCS> ping 10.0.40.254
84 bytes from 10.0.40.254 icmp_seq=1 ttl=255 time=7.528 ms