2900 CANNOT PING ITS GATEWAY

Unanswered Question
Dec 14th, 2009

HI all,

         I have a 2900 switch connected to 1700 series router. The router is configured as router on a stick with multiple DHCP pools, so the port connected to the switch is a trunk port at both end.

Hosts connected to the switch are able to grab dhcp address on their respestives vlan. Howver, from the switch ip I cannot ping the router and from the router I cannot ping the switch. For this example, let say that the IP is 10.0.0.0/24, 10.0.0.1 is the router IP address and 10.0.0.2 is the switch. I did add ip default-gateway 10.0.0.1 on the switch. But it still cannot ping 10.0.0.1.

Any ideas is more than welcome.

Thanks,

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Jean Paul Enerst Mon, 12/14/2009 - 15:34

There is the config for the switch

Current configuration:
!
version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
service password-encryption
!
!
aaa new-model
aaa authentication login local_authen local
aaa authorization exec local_author local
aaa authorization network localgroups local
enable secret 5 $1$O2H2$rTjfYZ8Ay73qs8qrpWF290
!

!
!
!
!
!
interface FastEthernet0/1
description TRUNK TO CONNECT TO 1760 F0/0
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface FastEthernet0/2
shutdown
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
description VOICE_VLAN
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/5
description VOICE_VLAN
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/6
description VOICE_VLAN
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/7
description VOICE-VLAN
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/8
description VOICE-VLAN
switchport access vlan 10
spanning-tree portfast
!
interface FastEthernet0/9
description DATA_VLAN
switchport access vlan 20
spanning-tree portfast
!
interface FastEthernet0/10
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/11
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/12
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/13
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/14
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/15
description DATA_VLAN
switchport access vlan 20
!
interface FastEthernet0/16
description DATA_VLAN
switchport access vlan 20
!
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface VLAN1
ip address 192.168.x.2 255.255.255.0
no ip directed-broadcast
no ip route-cache
!
ip default-gateway 192.168.x.1
access-list 10 permit 192.168.x.0 0.0.0.255
access-list 10 permit 10.x.x.0 0.0.255.255
access-list 10 deny   any
!
end

there is the router

!
!
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
service password-encryption
!
hostname
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$3WaI$ca2G.pqG7xjTExp8IFXvN.
!
aaa new-model
!
!
aaa authentication login local_authen local
aaa authorization exec local_authen local
aaa authorization network localgroups local
!
aaa session-id common
memory-size iomem 25
clock timezone MDT -7
clock summer-time MDT recurring
ip cef
!
!

ip dhcp pool GP-VOICE-POOL
   network 10.x.x.0 255.255.255.0
   default-router 10.169.4.1
   option 150 ip 10.x.x.254
   dns-server 10.x.x.254
!
ip dhcp pool GP-DATA-POOL
   network 192.x.x.0 255.255.255.0
   default-router 192.x.x.1
  
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
crypto isakmp policy 10
encr 3des
hash md5
authentication pre-share
group 2
crypto isakmp key abcbbc address 209.x.x.x no-xauth
crypto isakmp keepalive 20 3
!
!
crypto ipsec transform-set adios esp-3des esp-md5-hmac
mode transport
!
crypto ipsec profile nopim
set transform-set adios
!
!
!
!
!
!
!
!
interface Tunnel1
bandwidth 1000
ip address 10.x.x.x 255.255.255.240
no ip redirects
ip mtu 1436
ip nhrp authentication nocvpn
ip nhrp map multicast 209.x.x.x
ip nhrp map 10.x.x.1 209.x.x.x
ip nhrp network-id 8199
ip nhrp nhs 10.x.x.1
delay 1000
tunnel source Ethernet1/0
tunnel mode gre multipoint
tunnel key cvvvv
tunnel protection ipsec profile adios
!
interface FastEthernet0/0
no ip address
speed auto
!
!
interface FastEthernet0/0.10
description DATA_VLAN
encapsulation dot1Q 10
ip address 192.x.x.1 255.255.255.0
!
interface FastEthernet0/0.20
description VOICE_VLAN
encapsulation dot1Q 20
ip address 10.x.x.1 255.255.255.0
!
interface Ethernet1/0
ip address dhcp
full-duplex
!
ip forward-protocol nd

!
!
!
no ip http server
no ip http secure-server
!
access-list 10 permit 192.x.x.0 0.0.0.255
access-list 10 permit 10.x.x.0 0.0.255.255
access-list 10 deny   any
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 999 0
password 7 10673A542B1206260D0A
logging synchronous
line aux 0
line vty 0 4
access-class 20 in
exec-timeout 5 0
authorization exec local_author
login authentication local_authen
transport input telnet ssh
!

Jerry Ye Mon, 12/14/2009 - 15:39

In your switch, do the following and test

int vlan 1

no ip address

shut

int vlan 10

ip address 192.168.x.2 255.255.255.0
no ip directed-broadcast
no ip route-cache

no shutdown

You didn't assign any IP address for VLAN 1 on the router's trunk interface.

Regards

jerry

glen.grant Mon, 12/14/2009 - 16:26

JEYE is correct you have your switch ip in vlan 1 and on the router you have the address space on the router in vlan 10  so there is no way it can reach the router because the switch is not tagging the traffic as vlan 10 traffic  , you have it one .  Either change the switch to 10 or change the router so its in vlan 1 instead of 10 .

Actions

This Discussion