Solved: Router on Stick (I can't do Inter Vlan communication)

bravealikhan · ‎07-04-2009

Hello,

I wanted to configure Router on Stick. But I can't inter communicate in two vlans, both vlans can ping their own default gateways but can't ping each other default getways. I'll appreciate if some one plz help me that were im doing mistake so i'm not be able to do inter vlan communication?

I'm using Cisco Switch 2950 and Cisco Router 3660.

I can ping the default gateway of my 172.12.2.1

But I can't ping the other vlan's default geteway 172.12.4.1

The configuration of my router and switch are:

Router # show run

version 12.2

!

hostname Router

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 172.12.2.1 255.255.255.0

!

interface FastEthernet0/0.4

encapsulation dot1Q 4

ip address 172.12.4.1 255.255.255.0

!

Router#show interface fa0/0

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 000d.281c.64a0 (bia 000d.281c.64a0)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation 802.1Q Virtual LAN, Vlan ID 1., loopback not set

Keepalive set (10 sec)

Switch#show inter trunk

Port Mode Encapsulation Status Native vlan

Fa0/1 on 802.1q trunking 1

Port Vlans allowed on trunk

Fa0/1 1-4094

Port Vlans allowed and active in management domain

Fa0/1 1-2,4

Port Vlans in spanning tree forwarding state and not pruned

Fa0/1 1-2,4

Switch#show vlan bri

VLAN Name Status Ports

---- -------------------------------- --------- -------------------------------

1 default active Fa0/3, Fa0/5, Fa0/6, Fa0/7

Fa0/8, Fa0/9, Fa0/10, Fa0/11

Fa0/12

2 VLAN0002 active Fa0/2

4 VLAN0004 active Fa0/4

Switch#show interface fa0/2

FastEthernet0/2 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 000b.5fde.d0c2 (bia 000b.5fde.d0c2)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 100BaseTX

Switch#show interface fa0/4

FastEthernet0/4 is up, line protocol is up (connected)

Hardware is Fast Ethernet, address is 000b.5fde.d0c4 (bia 000b.5fde.d0c4)

MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,

reliability 255/255, txload 1/255, rxload 1/255

Encapsulation ARPA, loopback not set

Keepalive set (10 sec)

Full-duplex, 100Mb/s, media type is 100BaseTX

C:\>ping 172.12.2.1

Pinging 172.12.2.1 with 32 bytes of data:

Reply from 172.12.2.1: bytes=32 time=2ms TTL=255

Reply from 172.12.2.1: bytes=32 time=1ms TTL=255

Reply from 172.12.2.1: bytes=32 time<1ms TTL=255

Ping statistics for 172.12.2.1:

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 2ms, Average = 0ms

C:\>ping 172.12.4.1

Pinging 172.12.4.1 with 32 bytes of data:

Request timed out.

Ping statistics for 172.12.4.1:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Thank you

Regards

Ali

Danilo Dy · ‎07-06-2009

Although I hate Vista (I considered beta of Windows 7 code). But I don't think they will cause the problem :)

Check this link and see what you may have missed http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml

View solution in original post

Giuseppe Larosa · ‎07-04-2009

Hello Ali,

basic question:

have you configured the default gateway on the PCs?

b)

if no default-gateway is configured on the PCs you need

int f0/0.2

ip proxy-arp

int f0/0.4

ip proxy-arp

to fix this

you can use the following commands to troubleshoot the issue:

sh vlan on the router shows packets for each vlan

debug arp

debug ip icmp

terminal monitor

see if anything is received by the router

when you attempt to ping 172.12.4.1 from PC1.

Hope to help

Giuseppe

jimmysands73_2 · ‎07-05-2009

If after you have done as giuslar suggested, you might read this (found on Cisco Learning Network):

http://blogs.msdn.com/p2p/archive/2007/07/03/ping.aspx

I found the article interesting, never would of tried the step in the article. I have never tried the step in the article, so can not vouch for it, but its simple enough to try though.

Cheers

Jimmy

bravealikhan · ‎07-06-2009

Hi Jimmy

Thank you very much for your reply, I read that article about ICMP firewall blocking, but I'm trying to ping my Vlan's default gateway, such as I can ping successfully VLAN 2's default gateway from PC1, but when I'm trying to ping Vlan 4's Default gateway I can't do it from PC1.

Both vlans are working and PCs form their own Vlans can ping their default gateways but PCs from other Vlans not be able to ping each other vlans. So there is no inter vlan communication.

Thank you

Regards

Ali

Jon Marshall · ‎07-06-2009

Ali

Can you post "sh ip route" from the 3660.

Jon

bravealikhan · ‎07-06-2009

Hi Jon

here it is:

Router#show ip route

Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP

D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area

N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2

E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP

i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area

* - candidate default, U - per-user static route, o - ODR

P - periodic downloaded static route

Gateway of last resort is not set

172.12.0.0/24 is subnetted, 2 subnets

C 172.12.2.0 is directly connected, FastEthernet0/0.2

C 172.12.4.0 is directly connected, FastEthernet0/0.4

Router#

------------------------------------

Router#debug ip routing

IP routing debugging is on

Router#ping 172.12.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

---------------------------------

Ping from Router to Pc 2 ip address:

Router#ping 172.12.4.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.4.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms

Router#

00:28:44: ICMP: echo reply rcvd, src 172.12.4.4, dst 172.12.4.1

----------------------------------

Ping from Router to PC1 ip address:

Router#ping 172.12.2.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.2.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Router#

00:28:56: ICMP: echo reply rcvd, src 172.12.2.2, dst 172.12.2.1

Jon Marshall · ‎07-06-2009

Ali

Strange as config looks good. Can you post the following

1) PC1 - "ipconfig /all"

2) PC2 - "ipconfig /all"

3) Full router config

4) Full switch config

Jon

bravealikhan · ‎07-06-2009

Hi Giuseppe,

Thank you very much for your reply,

Yes i gave the default Getway on both pcs

Also disable my norton 360 firewall completly, but i still can't ping eath other vlan Default Gatway. but i can successfully ping 2 & 4 Vlan's owns getways.

PC1:- 172.12.2.2

Msk:- 255.255.255.0

DGet:- 172.12.2.1

(i can ping successully Default getway 172.12.2.1 from my PC1)

PC2:- 172.12.4.4

Msk:- 255.255.255.0

DGet:- 172.12.4.1

(i can ping successully Default getway 172.12.4.1 from my PC2)

Here are some replys from Pings & Debugs:

Router#ping 172.12.2.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.2.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms

Router#ping 172.12.4.1

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 172.12.4.1, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

-------------------------------------

Router#show vlan

Virtual LAN ID: 1 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0

This is configured as native Vlan for the following interface(s) :

FastEthernet0/0

Protocols Configured: Address: Received: Transmitted:

Virtual LAN ID:2 (IEEE 802.1Q Encapsion)

vLAN Trunk Interface: FastEthernet0/0.2

Protcls Confid: Addrs: Recved: Trasmitd:

IP 172.12.2.1 21 18

Virtual LAN ID: 4 (IEEE 802.1Q Encapsulation)

vLAN Trunk Interface: FastEthernet0/0.4

Protocols Configured: Address: Received: Transmitted:

IP 172.12.4.1 130 14

-------------------------------------

Router#debug ip icmp

ICMP packet debugging is on

Router#

00:14:12: ICMP: echo reply sent, src 172.12.2.1, dst 172.12.2.2

00:14:13: ICMP: echo reply sent, src 172.12.2.1, dst 172.12.2.2

00:14:43: ICMP: echo reply sent, src 172.12.4.1, dst 172.12.4.4

00:14:44: ICMP: echo reply sent, src 172.12.4.1, dst 172.12.4.4

------------------------------------

Router#debug arp

ARP packet debugging is on

Router#

00:16:05: IP ARP: rcvd req src 172.12.4.4 001e.6831.bb83, dst 172.12.4.1 FastEth

ernet0/0.4

00:16:05: IP ARP: sent rep src 172.12.4.1 000d.281c.64a0,

dst 172.12.4.4 001e.6831.bb83 FastEthernet0/0.4

Router#

00:17:32: IP ARP: rcvd req src 172.12.2.2 0024.e8a8.3b4d, dst 172.12.2.1 FastEth

ernet0/0.2

00:17:32: IP ARP: sent rep src 172.12.2.1 000d.281c.64a0,

dst 172.12.2.2 0024.e8a8.3b4d FastEthernet0/0.2

-----------------------------------

Router(config)#inter

Router(config)#interface fa0/0.2

Router(config-subif)#ip pro

Router(config-subif)#ip proxy-arp

Router(config-subif)#interf fa0/0.4

Router(config-subif)#ip proxy-arp

Router(config-subif)#exit

Router(config)#^Z

Router#wr

-----------------------------------

Router#debug ip packet

IP packet debugging is on

Router#

00:28:21: IP: s=172.12.2.2 (FastEthernet0/0.2), d=172.12.2.1 (FastEthernet0/0.2)

, len 60, rcvd 3

00:28:21: IP: s=172.12.2.1 (local), d=172.12.2.2 (FastEthernet0/0.2), len 60, se

nding

00:28:23: IP: s=172.12.2.2 (FastEthernet0/0.2), d=172.12.2.1 (FastEthernet0/0.2)

, len 60, rcvd 3

00:28:23: IP: s=172.12.2.1 (local), d=172.12.2.2 (FastEthernet0/0.2), len 60, se

nding

00:28:24: IP: s=172.12.2.2 (FastEthernet0/0.2), d=172.12.2.1 (FastEthernet0/0.2)

, len 60, rcvd 3

00:28:24: IP: s=172.12.2.1 (local), d=172.12.2.2 (FastEthernet0/0.2), len 60, se

nding

-----------------------------

Giuseppe Larosa · ‎07-06-2009

Hello Muhammad,

I agree with Jon and Danilo your switch configuration looks like fine.

There can be some Vista issue.

One point I see in ipconfig /all different from Win XP output is:

autoconfiguration enabled yes

I think this should be related to IPv6.

May you post from PC on the shell

route print

let's see what is the usage it thinks to do of the default gateway.

Hope to help

Giuseppe

Danilo Dy · ‎07-06-2009

I look at your config and they look good.

I think in IOS 12.2, the following default is;

!

no ip subnet-zero

no ip classless

Can you check if they are in that settings and set them to the following;

!

ip subnet-zero

ip classless

bravealikhan · ‎07-06-2009

PC 1 / ip config

C:\Users\Ali>ipconfig/all

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : Realtek RTL8168D/8111D Family PCI-E

IC

Physical Address. . . . . . . . . : 00-24-E8-A8-3B-4D

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 172.12.2.2(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.12.2.1

NetBIOS over Tcpip. . . . . . . . : Enabled

PC 2 ip config /all

C:\Users\Shameer>ping 172.12.4.1

Pinging 172.12.4.1 with 32 bytes of data:

Request timed out.

Reply from 172.12.4.1: bytes=32 time<1ms TTL=255

Reply from 172.12.4.1: bytes=32 time=1ms TTL=255

Ping statistics for 172.12.4.1:

Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),

Approximate round trip times in milli-seconds:

Minimum = 0ms, Maximum = 1ms, Average = 0ms

C:\Users\Shameer>ipconfig /all

Windows IP Configuration

Ethernet adapter Local Area Connection:

Connection-specific DNS Suffix . :

Description . . . . . . . . . . . : NVIDIA nForce 10/100/1000 Mbps Ethernet

Physical Address. . . . . . . . . : 00-1E-68-31-BB-83

DHCP Enabled. . . . . . . . . . . : No

Autoconfiguration Enabled . . . . : Yes

IPv4 Address. . . . . . . . . . . : 172.12.4.4(Preferred)

Subnet Mask . . . . . . . . . . . : 255.255.255.0

Default Gateway . . . . . . . . . : 172.12.4.1

NetBIOS over Tcpip. . . . . . . . : Enabled

IPv6 Address. . . . . . . . . . . : 2002:ac0c:404::ac0c:404(Preferred)

Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301

NetBIOS over Tcpip. . . . . . . . : Disabled

On Switch:

Switch#show run

Building configuration...

Current configuration : 925 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport mode trunk

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/3

!

interface FastEthernet0/4

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/5

!

interface FastEthernet0/12

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Switch#

On Router:

Router#show run

Building configuration...

Current configuration : 1095 bytes

!

version 12.2

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

logging rate-limit console 10 except errors

no logging monitor

!

ip subnet-zero

!

no ip finger

no ip domain-lookup

!

no ip dhcp-client network-discovery

call rsvp-sync

!

fax interface-type modem

mta receive maximum-recipients 0

!

controller E1 4/0

!

controller E1 4/1

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 172.12.2.1 255.255.255.0

!

interface FastEthernet0/0.4

encapsulation dot1Q 4

ip address 172.12.4.1 255.255.255.0

!

interface FastEthernet4/0

no ip address

shutdown

duplex auto

speed auto

!

ip classless

ip http server

!

dial-peer cor custom

!

line con 0

transport input none

line aux 0

line vty 0 4

login

!

end

Router#

bravealikhan · ‎07-06-2009

Hi,

i put no ip classess but it still showing the only no ip subnet-zero!

here is Show Configuration of my Router:

Router#show run

Building configuration...

Current configuration : 1098 bytes

!

version 12.2

no service single-slot-reload-enable

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Router

!

logging rate-limit console 10 except errors

no logging monitor

!

ip subnet-zero

!

no ip finger

no ip domain-lookup

!

no ip dhcp-client network-discovery

call rsvp-sync

!

fax interface-type modem

mta receive maximum-recipients 0

!

controller E1 4/0

!

controller E1 4/1

!

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.2

encapsulation dot1Q 2

ip address 172.12.2.1 255.255.255.0

!

interface FastEthernet0/0.4

encapsulation dot1Q 4

ip address 172.12.4.1 255.255.255.0

!

interface Serial3/0

no ip address

shutdown

!

interface Serial3/1

no ip address

shutdown

!

interface Serial3/2

no ip address

shutdown

!

interface Serial3/3

no ip address

shutdown

!

interface FastEthernet4/0

no ip address

shutdown

duplex auto

speed auto

!

no ip classless

ip http server

!

dial-peer cor custom

!

line con 0

transport input none

line aux 0

line vty 0 4

login

!

end

Router#

------------------------------

Show Run of my Switch:

Switch#show run

Building configuration...

Current configuration : 925 bytes

!

version 12.1

no service pad

service timestamps debug uptime

service timestamps log uptime

no service password-encryption

!

hostname Switch

!

ip subnet-zero

!

ip ssh time-out 120

ip ssh authentication-retries 3

!

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

!

interface FastEthernet0/1

switchport mode trunk

!

interface FastEthernet0/2

switchport access vlan 2

switchport mode access

!

interface FastEthernet0/3

!

interface FastEthernet0/4

switchport access vlan 4

switchport mode access

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Switch#

Danilo Dy · ‎07-06-2009

Hi Muhammad,

The following config is correct;

ip subnet-zero

ip classless

Don't change them. I'm just checking them earlier as you didn't post all the config.

Regards,

Dandy

bravealikhan · ‎07-06-2009

Hi Dandy

do you think there could be the prolem in Windows Visa busines Ed? that are not allowing me to ping any other default gateway? except its own?

Thanks

Muhammand

Danilo Dy · ‎07-06-2009

Although I hate Vista (I considered beta of Windows 7 code). But I don't think they will cause the problem :)

Check this link and see what you may have missed http://www.cisco.com/en/US/tech/tk389/tk815/technologies_configuration_example09186a00800949fd.shtml