vlan configuration for routing unable to ping own subnet

  • 0
  • 2
  • Problem
  • Updated 2 years ago
  • Solved
Hi guys, First of all, I'm really new to this and have been stumbling through to figure out a nagging issue

We created 4 VLANs with corresponding Virtual Routers (as well as separate subnets) in our brand new environment (Users,Server, Lab,Phone).  One of our VLANs ("User") is the only one currently utilized. It is on a 10.1.15.x subnet (part of a B5 stack) seems to be restricting certain computers from accessing the internet. Most of the other client computers (on same subnet) are able to access the network and internet, with the exception of a few. The VLANs were setup last weekend, and I believe it may be a configuration issue.

The affected clients receive IP via DHCP and are able to get IPs;

IP:     10.1.15.x
Subnet Mask:

but are unable to ping the internal VLAN gateway ( They can ping any IP on the same subnet (and vice versa) but are unable to ping any other IP on other subnet (the unnafected computers on same subnet are able to ping other subnets just fine, and have no problems connecting to internet).

I suspect some sort of MAC blocking?? It happens no matter what active port i try them on.

Any assistance in troubleshooting is hugely appreciated. We have had no luck figuring it out.
Photo of Rasheed Folami

Rasheed Folami

  • 174 Points 100 badge 2x thumb

Posted 2 years ago

  • 0
  • 2
Photo of Straw, Glyn

Straw, Glyn, Employee

  • 2,092 Points 2k badge 2x thumb
Official Response
Hi Rasheed, 

If you are connecting to another C5 you should not use static lags. 

Here is a recommendation of how to configure LACP on a securestack ( ports are examples ). Clear the static lag configuration first.

LACP configuration for link aggregation
  • LACP is enabled globally but disabled per port (on most current products).
  • Use the default dynamic lacp in most cases and simply configure the aadminkey to a fixed figure manually to control the association after reboot.
  • example config below is all that is needed to get a lag up if both ends run lacp
    • set lacp aadminkey lag.0.10 10
      set port lacp port ge.1.1 aadminkey 10
      set port lacp port ge.1.2 aadminkey 10
      set port lacp port ge.1.1-2 enable
- Don't forget to enable lacp on the ports.
- Don't forget that you will need to egress the required vlans over the logical lag port ( lag.0.x )also as the member ports become a part of a lag. This could be why you are not getting the vlans across the lonk to the gateway. Try this and let us know how you get on. If you still have problems a diagram of what you are trying to acheive and where the gaetway is would be useful. Also , here is an article with L2 best practises for EOS .