cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1287
Views
10
Helpful
10
Replies

HELP!!!!!!!Default Gateway for VLAN

glenn.guzman
Level 1
Level 1

Hello everyone...

I'm facing an issues I have never seen before..

I have a 2811 Cisco router with a switch module on slot 1.

I have configure a VLAN (in this case is VLAN 4), assigned it an ip address and mask (192.168.4.3 /29 )

and have place 2 out of the 4 ports of the swicth module into VLAN 4.

ROUTER-HQ#show run....

output truncated...

interface FastEthernet0/0/0

switchport access vlan 4

!

interface FastEthernet0/0/1

switchport access vlan 4

!

interface FastEthernet0/0/2

!

interface FastEthernet0/0/3

!

!

interface Vlan4

ip address 192.168.4.3 255.255.255.248

The problem I'm having is that I can't route packets outside VLAN 4 to one of the other directly connected network on my router

(192.168.2.0 /24)

I connected my laptop directly to the second available switchport on VALN 4 (FastEthernet0/0/1), assigned an static

ip address on the same subnet (192.168.4.4 /29) DG(192.168.4.3) and here's the results

C:\Documents and Settings\Glenn>ipconfig

Windows IP Configuration

Ethernet adapter Wireless Network Connection 2:

Media State . . . . . . . . . . . : Media disconnected

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.4.4

Subnet Mask . . . . . . . . . . . : 255.255.255.248

Default Gateway . . . . . . . . . : 192.168.4.3

C:\Documents and Settings\Glenn>ping 192.168.4.3

Pinging 192.168.4.3 with 32 bytes of data:

Reply from 192.168.4.3: bytes=32 time=1ms TTL=255

Reply from 192.168.4.3: bytes=32 time<1ms TTL=255

Reply from 192.168.4.3: bytes=32 time=1ms TTL=255

Reply from 192.168.4.3: bytes=32 time=1ms TTL=255

Ping statistics for 192.168.4.3:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Documents and Settings\Glenn>ping 192.168.2.4

Pinging 192.168.2.4 with 32 bytes of data:

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time=1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.2.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Documents and Settings\Glenn>ping 192.168.2.18

Pinging 192.168.2.18 with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

Ping statistics for 192.168.2.18:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\Glenn>tracert 192.168.2.18

Tracing route to 192.168.2.18 over a maximum of 30 hops

1 <1 ms <1 ms <1 ms 192.168.4.3

2 * * * Request timed out.

3 * * * Request timed out.

4 * ^C

C:\Documents and Settings\Glenn>

As you can see... I can ping the directly connected interfaces from my laptop

BUT I CAN'T ping the internal resources on subnet 192.168.2.0 /24

Its like if VLAN 4 would not know how to route packets to other subnets I guess.... :(

I need help on this one.... thanks in advanced to all

Glenn

10 Replies 10

Jon Marshall
Hall of Fame
Hall of Fame

Glenn

Couple of things to check

1) Any access-lists on the interfaces

2) 192.168.2.4 - that is an interface on your router ?. If so is this IP address the default-gateway for 192.168.2.18

3) Can you ping 192.168.2.18 from the router.

Jon

Thanks for your quick response...

Here's the responses for the questions....

1.) No access-list on the interfaces...

2.) Yes, 192.168.2.4 its an interface on my router... and No 192.168.2.4 is not the default gateway for 192.168.2.18, actually the 192.168.2.18 address belongs to an ISA server that filters all traffic from the inside to the outside networks so 192.168.2.18 its actually the DG for the whole 192.168.2.0 / 24 subnet.

I'm in a Hub-and-spoke topology where the spokes send all internet traffic through the Hub site (this is accomplish through an MPLS VPN implementation not a layer 2 WAN solution) So far I'm able to successfully route all internet traffic from the spokes sites to the HUB's HQ router (192.168.4.3)BUT I can't get any packets outside VALN 4 :S!!

3.) Yes, I can ping 192.168.2.18 or any other host from the router.

Any ideas Jon ?

Thanks in advanced!

Glenn

Glenn

How does the ISA server know how to route the packets back.

So on the ISA server, what is it's default-gateway ?

If ISP router then you need to add a route on the ISA eg.

route add 192.168.4.0 mask 255.255.255.0 192.168.2.4 (note that this may not be correct syntax for ISA server - not an ISA server person i'm afraid).

If your ISA server has a default-gateway that points to a router owned by you then you could add a static route to that router

ip route 192.168.4.0 255.255.255.0 192.168.2.4

HTH

Jon

Did you create vlan 4 in the vlan database ? If you do a "show vlan" command not a show interface vlan does vlan 4 show active ? I know this sounds like a simple question but sometimes those get overlooked , if yes then we will move on from there.

Glenn

I agree with Jon in suspecting that the issue is that devices in the 192.168.2.0 subnet may not have routes back to the 192.168.4.0 subnet. One good way to prove this would be to ping to addresses in 192.168.2.0 from the router - which we assume will be successful. And then to use extended ping on the router. In the expended ping use the same destination address (192.168.2.x) and now specify the source address as the VLAN 4 interface address. I suspect that the extended ping will fail.

HTH

Rick

HTH

Rick

Hi Rick,

Sorry for the late response but guess what...

You're right. I'm able to ping hosts on the 192.168.2.0 /24 subnet fom the router

BUT Extended ping failed.

UACA-HQ#ping

Protocol [ip]:

Target IP address: 192.168.2.18

Repeat count [5]:

Datagram size [100]:

Timeout in seconds [2]:

Extended commands [n]: y

Source address or interface: 192.168.4.3

Type of service [0]:

Set DF bit in IP header? [no]:

Validate reply data? [no]:

Data pattern [0xABCD]:

Loose, Strict, Record, Timestamp, Verbose[none]:

Sweep range of sizes [n]:

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 192.168.2.18, timeout is 2 seconds:

Packet sent with a source address of 192.168.4.3

.....

Success rate is 0 percent (0/5)

UACA-HQ#

But after adding the static route to the server the problem still persist.!!!

192.168.2.0 /24 default's gateway is 192.168.2.18 so packets destined to any network outside 192.168.2.0 /24 should go out 192.168.2.18

and since this host already has an static route that instructs packets destined for subnet 192.168.4.0 to go out 192.168.2.4

(which is the directly connected interface of the router that faces my LAN) I do not see why still hosts on the 192.168.2.0 /24

subnet can't reach hosts on the 192.168.4.0 subnet and vice versa

see below....

C:\Documents and Settings\manager>ipconfig

Windows IP Configuration

Ethernet adapter Interna 192.168.2.18:

Connection-specific DNS Suffix . :

IP Address. . . . . . . . . . . . : 192.168.2.18

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . :

C:\Documents and Settings\manager>

C:\Documents and Settings\manager>route print

IPv4 Route Table

===========================================================================

Interface List

0x1 ........................... MS TCP Loopback interface

0x10003 ...00 08 54 04 46 f2 ...... VIA VT6105 Rhine III Fast Ethernet Adapter

0x10004 ...00 0c 76 51 8e d8 ...... Broadcom NetXtreme Gigabit Ethernet

===========================================================================

===========================================================================

Active Routes:

Network Destination Netmask Gateway Interface Metric

0.0.0.0 0.0.0.0 201.196.33.25 201.196.33.29 20

127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1

192.168.2.0 255.255.255.0 192.168.2.18 192.168.2.18 10

192.168.2.18 255.255.255.255 127.0.0.1 127.0.0.1 10

192.168.2.255 255.255.255.255 192.168.2.18 192.168.2.18 10

192.168.4.0 255.255.255.248 192.168.2.4 192.168.2.18 1

Default Gateway: 201.196.XX.25

===========================================================================

Persistent Routes:

Network Address Netmask Gateway Address Metric

192.168.4.0 255.255.255.248 192.168.2.4 1

C:\Documents and Settings\manager>ping 192.168.2.4

Pinging 192.168.2.4 with 32 bytes of data:

Reply from 192.168.2.4: bytes=32 time=1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Reply from 192.168.2.4: bytes=32 time<1ms TTL=255

Ping statistics for 192.168.2.4:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Documents and Settings\manager>ping 192.168.4.3

Pinging 192.168.4.3 with 32 bytes of data:

Request timed out.

Destination host unreachable.

Destination host unreachable.

Destination host unreachable.

Ping statistics for 192.168.4.3:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

C:\Documents and Settings\manager>

Any ideas guys ?

Glenn

Already taken care of!!

You and Jon were right!!

Thanks a lot my friend

Glenn

Hello Glen

Yes my friend, I created VALN 4 through valn dtabase and it does shows as activeif I do the "show vlan" command

Already taken care of......

You, Rick and Jon rock!

thx a lot

Glenn

you were right!!!!!!

Taken care of....

awesome

thx a bunch my friend!

Glenn

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco