cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1325
Views
0
Helpful
15
Replies

Any explanation on why this simple 'router on a stick' does not work?

news2010a
Level 3
Level 3

Imagine I have:

client1: IP=10.0.0.1/12, default-gateway=10.15.255.254

connected to switch1, port fa0/2.

client2: IP=10.31.255.1/12, default-gateway=10.31.255.254

connected to switch1, port fa0/3.

From client1 and client2, I can ping respective default-gateways OK.

However, neither client1 nor client2 can ping each other.

It seems this router on a stick config is not working. Based on the output of the show tech for both rotuer and switch, do you have any idea why this does not work?

2 Accepted Solutions

Accepted Solutions

news2010a wrote:

From the router, ping to each PC times out.

When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.

From the switch, I can't ping the PC's either.

Marlon

For a ping test you would need to configure the vlan interface on the switch to be in vlan 298 not vlan 1 ie.

int vlan 298

ip address 10.15.255.253 255.240.0.0

Can you do this and then ping router from switch and switch from router.

Jon

View solution in original post

news2010a wrote:

Once I powered on devices and client machines in the rack to work on this again, everything worked fine.

One thing that I learned though:
I thought that placing an IP address (which belongs to vlan 298 network range) under vlan 1 for example could let me establish IP communications. I see that I had to place it under vlan 298. Interesting.


Thanks everyone for all your help.

Marlon

Glad you got it working.

The reason you need to use an SVI for vlan 298 is because the connection between the switch and the router is an 802.1q trunk so the vlan packets will be tagged. And the router expects to see vlan tags for vlans 298, 442, 503 and 550. So if it receives a packet with a vlan 1 tag it doesn't know what to do. And if the native vlan is vlan 1 and so the packet is sent untagged it still doesn't know what to do as you have not explicitly configured any of the subinterfaces as the native vlan.

Jon

View solution in original post

15 Replies 15

Jon Marshall
Hall of Fame
Hall of Fame

news2010a wrote:

Imagine I have:

client1: IP=10.0.0.1/12, default-gateway=10.15.255.254

connected to switch1, port fa0/2.

client2: IP=10.31.255.1/12, default-gateway=10.31.255.254

connected to switch1, port fa0/3.

From client1 and client2, I can ping respective default-gateways OK.

However, neither client1 nor client2 can ping each other.

It seems this router on a stick config is not working. Based on the output of the show tech for both rotuer and switch, do you have any idea why this does not work?

Marlon

Can you check to see if there are any personal firewalls running on the PC's that would block an incoming ICMP request ?

Jon

I checked that; I turned off Microsoft firewall thing and I am familiar with the PC's and I know there are no firewalls blocking ICMP.

Marlon

Quick test -

from the router can you ping each PC ?

Jon

From the router, ping to each PC times out.

When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.

From the switch, I can't ping the PC's either.

news2010a wrote:

From the router, ping to each PC times out.

When I added an IP address to SVI on the switch int vlan 1 (only did this for a ping test), I can't ping the router default-gateways either from the switch.

From the switch, I can't ping the PC's either.

Marlon

For a ping test you would need to configure the vlan interface on the switch to be in vlan 298 not vlan 1 ie.

int vlan 298

ip address 10.15.255.253 255.240.0.0

Can you do this and then ping router from switch and switch from router.

Jon

Ding, I click 'correct' instead of clicking on 'reply'.

True, OK Jon, please give me few days and I will have access to  hardware rack again. I will post the result back.

Checked your config.  I have one question:  Where is your VLAN instance?

vlan 298
vlan 442
vlan 503
vlan 550

I am not sure if I understand your question ab out "instance". The respective Vlans were created on vlan.dat as shown below.

Port        Mode         Encapsulation  Status        Native vlan
Fa0/24      on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/24      1-4094

Port        Vlans allowed and active in management domain
Fa0/24      1-3,298,442,503,550

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/24      1-3,298,442,503,550

------------------ show cdp neighbors ------------------


Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone

Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
Router1          Fas 0/24           170         R S I     2811      Fas 0/0

------------------ show spanning-tree summary ------------------

Switch is in pvst mode
Root bridge for: VLAN0001-VLAN0003, VLAN0298, VLAN0442, VLAN0503, VLAN0550
EtherChannel misconfig guard is enabled
Extended system ID           is enabled
Portfast Default             is disabled
PortFast BPDU Guard Default  is disabled
Portfast BPDU Filter Default is disabled
Loopguard Default            is disabled
UplinkFast                   is disabled
BackboneFast                 is disabled
Pathcost method used         is short

Name                   Blocking Listening Learning Forwarding STP Active
---------------------- -------- --------- -------- ---------- ----------
VLAN0001                     0         0        0          1          1
VLAN0002                     0         0        0          1          1
VLAN0003                     0         0        0          1          1
VLAN0298                     0         0        0          2          2
VLAN0442                     0         0        0          2          2
VLAN0503                     0         0        0          1          1
VLAN0550                     0         0        0          1          1
---------------------- -------- --------- -------- ---------- ----------
7 vlans                      0         0        0          9          9

Maybe I'm running a different IOS but what is the result with the "sh vlan"?  Do you see your VLANS there and ports associated to the VLANs?

Yes it is assigned correctly.

------------------ show vlan ------------------

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/1, Fa0/6, Fa0/7, Fa0/8
                                                Fa0/9, Fa0/10, Fa0/11, Fa0/12
                                                Fa0/13, Fa0/14, Fa0/15, Fa0/16
                                                Fa0/17, Fa0/18, Fa0/19, Fa0/20
                                                Fa0/21, Fa0/22, Fa0/23
2    VLAN2                            active   
3    VLAN#                            active   
298  KELLY                            active    Fa0/2
442  MRBROWN                         active    Fa0/3

503  CHRIS                            active    Fa0/4
550  DAN                              active    Fa0/5
1002 fddi-default                     act/unsup

Can you post the output of  a "show ip route" command from the router?

I have seen on rare occasions I have seen routing turned off on a router.  If that is the case, the output of the above command is different than normal.  It can be turned back on with the "ip routing" command.

It is a long shot, but I just don't see anything immediately wrong with your configs.

Robert

nqtran1979
Level 1
Level 1

From the configs you've attached, it looks like vlan 1 is in the same subnet as vlan 298. I would suggest changing this or even removing it altogether. You also don't really need the ip default-gateway configuration on the switch aswell. Just make sure the vlans are allowed on the trunk ports. best way to check this out is a "show int fa0/24 trunk"

On Switch:

interface Vlan1
ip address 10.15.255.253 255.240.0.0
no ip route-cache

On Router:

interface FastEthernet0/0.298
description KELLY
encapsulation dot1Q 298
ip address 10.15.255.254 255.240.0.0
no snmp trap link-status

Yes, initially I had no SVI whatsoever and no default-gateway configured on the switch. So I added

the SVI IP address for a quick test. Yes, this can be removed. I will have access to the gear tonight and I will update you.

Once I powered on devices and client machines in the rack to work on this again, everything worked fine.

One thing that I learned though:
I thought that placing an IP address (which belongs to vlan 298 network range) under vlan 1 for example could let me establish IP communications. I see that I had to place it under vlan 298. Interesting.


Thanks everyone for all your help.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: