cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1042
Views
0
Helpful
12
Replies

2960 switch and 2851 router 802.1q vlan routing

peter.williams
Level 1
Level 1

I have 2 vlans on a 2960 switch. I also have the encapsulation on the 2851 router. I am able to ping the other WAN site from the router but not the 2960 switch even if I source the pings from a vlan. Does anybody know why this is happening?

12 Replies 12

devang_etcom
Level 7
Level 7

will you please post the show run of switch and router... and it will be good if you post topology...

regards

Devang

Topology -

2960 switch -> 2851 Router -> 2621XM router

On the router side add this under the subinterface "encapsulation dot1Q 20 native" , on the switch side add " switchport trunk native vlan 20 " . retest .

Thank you for your reply -

I have 2 vlans on the switch. I have added your suggestions but I am still unable to ping from the switch across the network to the other side.

Just to be sure you wanted me to put the switchport trunk native vlan 20 on fa0/1 on the switch correct? What do I do with vlan 101?

Thank you for your help

That command goes on the subinterface for vlan 20 not the regular interface and nothing would change under the vlan 101 subinterface .

so this would go under the sub interface of the router not the switch?

int g0/1.20 but not g0/1.101?

Can some one please answer this question, I am very stuck and I need help

It looks like you are using vlan101 as your native vlan.

Try this on your config

Thank you for your response - it worked, however now when I try to ping 10.57.0.50 which is a computer on the other end of the tunnel from my switch it does not ping, do you have any ideas why this is happening. I am able to ping the 10.57.0.50 from the router. Thank you fro your help

I would look at your nat statement which you are overloading out the external interface, looks like everything is being natted at the moment.. and not going down the tunnel.

access-list 101 permit ip 10.0.2.0 0.0.0.255 any

access-list 101 permit ip 10.0.101.0 0.0.0.255 any

try adding at the top of your acl the following two statements, and leaving in the two statements above at the bottom of your access-list 101

access-list 101 deny ip 10.0.2.0 0.0.0.255 x.x.x.x mask

access-list 101 deny ip 10.0.101.0 0.0.0.255 x.x.x.x mask

where x.x.x.x mask equals the network on the other side of the tunnel.

effectively saying dont nat anything going to the x.x.x.x mask network, but nat everything else.

hope this helps

I have added this, but it still doesn't work, is there anything else I can do?

access-list 100 deny ip 10.0.0.0 0.0.255.255 10.57.0.0 0.0.255.255

access-list 100 deny ip host 10.0.255.100 host 10.157.255.1

access-list 100 permit ip 10.0.2.0 0.0.0.255 any

access-list 100 permit ip 10.0.101.0 0.0.0.255 any

Hi peter

you should of applied the statements to access-list 101 not 100.

you are referencing route-map SDM_RMAP_3 in your nat overload statement, SDM_RMAP_3 matches access-list 101 not 100.

ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload

route-map SDM_RMAP_3 permit 1

match ip address 101

Try it again on access-list 101.

Hope this helps

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: