Inter-VLAN Routing Not Working — No Route Between VLANs
Presenting Symptom
Hosts on different VLANs cannot communicate with each other, even though they can ping their default gateway.
Network Context
A small branch office with a single Layer 3 switch (Cisco Catalyst 3650 running IOS XE 16.9) acting as the default gateway for VLANs 10 (192.168.10.0/24) and 20 (192.168.20.0/24). The switch has SVIs configured for both VLANs, but inter-VLAN routing fails. Hosts on VLAN 10 can ping the SVI (192.168.10.1) and hosts on VLAN 20 can ping their SVI (192.168.20.1), but cross-VLAN pings fail.
Diagnostic Steps
Check IP routing is enabled globally
show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
C 192.168.10.0/24 is directly connected, Vlan10
C 192.168.20.0/24 is directly connected, Vlan20If only connected routes appear and no 'O' or other dynamic routes, IP routing may be disabled. The output shows only directly connected networks, indicating that the switch is not routing between VLANs. A normal output would also show the connected routes, but the key is that the switch should be able to route between them even without dynamic routing; the absence of any inter-VLAN routing capability suggests 'ip routing' is off.
Verify IP routing is enabled globally
show running-config | include ip routingno ip routing
If 'no ip routing' appears, IP routing is disabled. The switch is operating as a Layer 2 device only. The expected output for a working router would be 'ip routing' (without 'no').
Check if VLANs exist and are active
show vlan briefVLAN Name Status Ports ---- -------------------------------- --------- ------------------------------- 1 default active Gi1/0/1, Gi1/0/2 10 VLAN0010 active Gi1/0/3 20 VLAN0020 active Gi1/0/4 1002 fddi-default act/unsup 1003 token-ring-default act/unsup 1004 fddinet-default act/unsup 1005 trnet-default act/unsup
Ensure VLANs 10 and 20 are present and active. If missing, they need to be created. Also verify that the appropriate access ports are assigned to the correct VLANs.
Check SVI interface status and IP configuration
show ip interface brief | include VlanVlan10 192.168.10.1 YES manual up up Vlan20 192.168.20.1 YES manual up up
Both SVIs should be up/up. If one is down/down, the VLAN may not exist or the SVI is administratively down. If up/down, the VLAN is active but no physical ports are in that VLAN. Verify that the SVIs have correct IP addresses and are not in 'down' state.
Root Cause
The global command 'ip routing' is disabled on the Layer 3 switch. Without IP routing enabled, the switch cannot forward packets between VLANs, even though SVIs are configured and up. The switch acts as a Layer 2 device only, dropping any packets destined for a different subnet.
Resolution
Verification
Run 'show ip route' again. Expected output should now show both connected routes and the switch should be able to route between VLANs. Also test with ping from a host on VLAN 10 to a host on VLAN 20. The ping should succeed.
Prevention
1. Always ensure 'ip routing' is enabled on any Layer 3 switch that needs to route between VLANs. 2. Use a standard configuration template that includes 'ip routing' for all Layer 3 switches. 3. Verify routing functionality as part of the initial configuration validation checklist.
CCNA Exam Relevance
On the CCNA 200-301 exam, this scenario tests the candidate's understanding of Layer 3 switching and the necessity of the 'ip routing' command. Questions may present a troubleshooting scenario where inter-VLAN routing fails, and the candidate must identify that IP routing is disabled. The exam may ask in multiple-choice format: 'What command is missing?' or present a drag-and-drop to place the correct command. Key fact: A Layer 3 switch requires 'ip routing' to forward packets between VLANs; without it, SVIs act as default gateways but cannot route.
Exam Tips
Memorize that 'ip routing' is disabled by default on some Catalyst switches (e.g., 2960-XR) but enabled on others (e.g., 3650). Always check if inter-VLAN routing fails.
The 'show ip route' command is critical: if only connected routes appear, suspect 'ip routing' is off.
Remember that 'no ip routing' makes the switch a Layer 2 device; SVIs can still be pinged from their respective VLANs but cannot forward between VLANs.
Commands Used in This Scenario
show ip interface brief
Displays a summary of all IP interfaces on the device, including their IP address, status, and protocol state, used for quick verification of interface configuration and connectivity.
show ip route
Displays the current IP routing table on a Cisco router, used to verify routes, check next-hop addresses, and troubleshoot connectivity issues.
show running-config
Displays the current active configuration in DRAM, showing all non-default settings.
show vlan brief
Displays a summary of all VLANs configured on the switch, including VLAN ID, name, status, and ports, used to quickly verify VLAN configuration and port assignments.
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions