HELP!!!!!!!Default Gateway for VLAN

Unanswered Question
Feb 7th, 2008
User Badges:

Hello everyone...


I'm facing an issues I have never seen before..



I have a 2811 Cisco router with a switch module on slot 1.


I have configure a VLAN (in this case is VLAN 4), assigned it an ip address and mask (192.168.4.3 /29 )

and have place 2 out of the 4 ports of the swicth module into VLAN 4.


ROUTER-HQ#show run....

output truncated...


interface FastEthernet0/0/0

switchport access vlan 4

!

interface FastEthernet0/0/1

switchport access vlan 4

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

!

interface Vlan4

ip address 192.168.4.3 255.255.255.248


The problem I'm having is that I can't route packets outside VLAN 4 to one of the other directly connected network on my router

(192.168.2.0 /24)


I connected my laptop directly to the second available switchport on VALN 4 (FastEthernet0/0/1), assigned an static

ip address on the same subnet (192.168.4.4 /29) DG(192.168.4.3) and here's the results



C:\Documents and Settings\Glenn>ipconfig


Windows IP Configuration



Ethernet adapter Wireless Network Connection 2:


Media State . . . . . . . . . . . : Media disconnected


Ethernet adapter Local Area Connection:


Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.4.4

Subnet Mask . . . . . . . . . . . : 255.255.255.248

Default Gateway . . . . . . . . . : 192.168.4.3


C:\Documents and Settings\Glenn>ping 192.168.4.3


Pinging 192.168.4.3 with 32 bytes of data:


Reply from 192.168.4.3: bytes=32 time=1ms TTL=255

Reply from 192.168.4.3: bytes=32 time<1ms TTL=255

Reply from 192.168.4.3: bytes=32 time=1ms TTL=255

Reply from 192.168.4.3: bytes=32 time=1ms TTL=255


Ping statistics for 192.168.4.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms


C:\Documents and Settings\Glenn>ping 192.168.2.4


Pinging 192.168.2.4 with 32 bytes of data:


Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time=1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255


Ping statistics for 192.168.2.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms


C:\Documents and Settings\Glenn>ping 192.168.2.18


Pinging 192.168.2.18 with 32 bytes of data:


Request timed out.

Request timed out.

Request timed out.

Request timed out.


Ping statistics for 192.168.2.18:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


C:\Documents and Settings\Glenn>tracert 192.168.2.18


Tracing route to 192.168.2.18 over a maximum of 30 hops


1 <1 ms <1 ms <1 ms 192.168.4.3

2 * * * Request timed out.

3 * * * Request timed out.

4 * ^C

C:\Documents and Settings\Glenn>


As you can see... I can ping the directly connected interfaces from my laptop

BUT I CAN'T ping the internal resources on subnet 192.168.2.0 /24

Its like if VLAN 4 would not know how to route packets to other subnets I guess.... :(


I need help on this one.... thanks in advanced to all


Glenn




  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (2 ratings)
Loading.
Jon Marshall Thu, 02/07/2008 - 07:32
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Glenn


Couple of things to check


1) Any access-lists on the interfaces

2) 192.168.2.4 - that is an interface on your router ?. If so is this IP address the default-gateway for 192.168.2.18

3) Can you ping 192.168.2.18 from the router.


Jon

glenn.guzman Thu, 02/07/2008 - 09:45
User Badges:

Thanks for your quick response...


Here's the responses for the questions....


1.) No access-list on the interfaces...


2.) Yes, 192.168.2.4 its an interface on my router... and No 192.168.2.4 is not the default gateway for 192.168.2.18, actually the 192.168.2.18 address belongs to an ISA server that filters all traffic from the inside to the outside networks so 192.168.2.18 its actually the DG for the whole 192.168.2.0 / 24 subnet.


I'm in a Hub-and-spoke topology where the spokes send all internet traffic through the Hub site (this is accomplish through an MPLS VPN implementation not a layer 2 WAN solution) So far I'm able to successfully route all internet traffic from the spokes sites to the HUB's HQ router (192.168.4.3)BUT I can't get any packets outside VALN 4 :S!!


3.) Yes, I can ping 192.168.2.18 or any other host from the router.


Any ideas Jon ?

Thanks in advanced!


Glenn

Jon Marshall Thu, 02/07/2008 - 10:09
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Glenn


How does the ISA server know how to route the packets back.


So on the ISA server, what is it's default-gateway ?


If ISP router then you need to add a route on the ISA eg.


route add 192.168.4.0 mask 255.255.255.0 192.168.2.4 (note that this may not be correct syntax for ISA server - not an ISA server person i'm afraid).


If your ISA server has a default-gateway that points to a router owned by you then you could add a static route to that router


ip route 192.168.4.0 255.255.255.0 192.168.2.4


HTH


Jon

glen.grant Thu, 02/07/2008 - 17:24
User Badges:
  • Purple, 4500 points or more

Did you create vlan 4 in the vlan database ? If you do a "show vlan" command not a show interface vlan does vlan 4 show active ? I know this sounds like a simple question but sometimes those get overlooked , if yes then we will move on from there.

Richard Burts Thu, 02/07/2008 - 20:54
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Glenn


I agree with Jon in suspecting that the issue is that devices in the 192.168.2.0 subnet may not have routes back to the 192.168.4.0 subnet. One good way to prove this would be to ping to addresses in 192.168.2.0 from the router - which we assume will be successful. And then to use extended ping on the router. In the expended ping use the same destination address (192.168.2.x) and now specify the source address as the VLAN 4 interface address. I suspect that the extended ping will fail.


HTH


Rick

gleguzgo0166 Fri, 02/08/2008 - 15:43
User Badges:



Hi Rick,


Sorry for the late response but guess what...

You're right. I'm able to ping hosts on the 192.168.2.0 /24 subnet fom the router

BUT Extended ping failed.


UACA-HQ#ping

Protocol [ip]:

Target IP address: 192.168.2.18

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.4.3

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.18, timeout is 2 seconds:

Packet sent with a source address of 192.168.4.3

.....

Success rate is 0 percent (0/5)

UACA-HQ#


But after adding the static route to the server the problem still persist.!!!



192.168.2.0 /24 default's gateway is 192.168.2.18 so packets destined to any network outside 192.168.2.0 /24 should go out 192.168.2.18

and since this host already has an static route that instructs packets destined for subnet 192.168.4.0 to go out 192.168.2.4

(which is the directly connected interface of the router that faces my LAN) I do not see why still hosts on the 192.168.2.0 /24

subnet can't reach hosts on the 192.168.4.0 subnet and vice versa




see below....


C:\Documents and Settings\manager>ipconfig


Windows IP Configuration



Ethernet adapter Interna 192.168.2.18:


Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.2.18

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :


C:\Documents and Settings\manager>

C:\Documents and Settings\manager>route print


IPv4 Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10003 ...00 08 54 04 46 f2 ...... VIA VT6105 Rhine III Fast Ethernet Adapter

0x10004 ...00 0c 76 51 8e d8 ...... Broadcom NetXtreme Gigabit Ethernet

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 201.196.33.25 201.196.33.29 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.2.0 255.255.255.0 192.168.2.18 192.168.2.18 10

192.168.2.18 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.2.255 255.255.255.255 192.168.2.18 192.168.2.18 10

192.168.4.0 255.255.255.248 192.168.2.4 192.168.2.18 1


Default Gateway: 201.196.XX.25

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

192.168.4.0 255.255.255.248 192.168.2.4 1


C:\Documents and Settings\manager>ping 192.168.2.4


Pinging 192.168.2.4 with 32 bytes of data:


Reply from 192.168.2.4: bytes=32 time=1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255


Ping statistics for 192.168.2.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms


C:\Documents and Settings\manager>ping 192.168.4.3


Pinging 192.168.4.3 with 32 bytes of data:


Request timed out.

Destination host unreachable.

Destination host unreachable.

Destination host unreachable.


Ping statistics for 192.168.4.3:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),


C:\Documents and Settings\manager>


Any ideas guys ?


Glenn

gleguzgo0166 Fri, 02/08/2008 - 18:13
User Badges:

Already taken care of!!

You and Jon were right!!

Thanks a lot my friend


Glenn

gleguzgo0166 Fri, 02/08/2008 - 15:19
User Badges:

Hello Glen


Yes my friend, I created VALN 4 through valn dtabase and it does shows as activeif I do the "show vlan" command

gleguzgo0166 Fri, 02/08/2008 - 18:12
User Badges:

Already taken care of......

You, Rick and Jon rock!


thx a lot


Glenn


gleguzgo0166 Fri, 02/08/2008 - 18:10
User Badges:

you were right!!!!!!

Taken care of....

awesome


thx a bunch my friend!


Glenn

Actions

This Discussion