cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2053
Views
0
Helpful
23
Replies

inter vlan routing

rafcisco101
Level 1
Level 1

Hi,

I am currently preparing for my CCNA and am having a lot of difficulty in getting inter vlan routing to work.  I managed to get it up and running quite easily using a simulator but I am having issues when using real equipment.

I have a single 2950 switch connected from 'fastethernet 0/1' to 'fastethernet 0/0' on a 2621XM (12.4) router.  I have two pc's connected to fastethernet 0/7 & 8 on the switch.

I have followed some standard instructions found on the net but can someone please explain the following before I go jump off a cliff!

PC1 (10.0.2.100/24) can ping its default gateway (10.0.2.2/24).

PC2 (10.0.1.100/24) can ping its own default gateway  (10.0.1.2/24)  as well as PC1's default gateway  (10.0.2.2/24).

The router can ping PC1 and PC2.

Both PC's cannot ping each other!

All I want is the two PCs to be able to ping each other.

Any help is much appreciated

Cheers

Raf

Please find configs and other stuff below:

Config for router

===========

Using 950 out of 29688 bytes
!
version 12.4
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname ROUTER_A
!
boot-start-marker
boot system flash:c2600-advsecurityk9-mz.124-15.T9.bin
boot-end-marker
!
!
no aaa new-model
no network-clock-participate slot 1
no network-clock-participate wic 0
ip cef
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
archive
log config
  hidekeys
!
!
!
!
!
!
!
interface FastEthernet0/0
no ip address
duplex auto
speed auto
!
interface FastEthernet0/0.10
encapsulation dot1Q 10
ip address 10.0.2.2 255.255.255.0
!
interface FastEthernet0/0.20
encapsulation dot1Q 20
ip address 10.0.1.2 255.255.255.0
!
interface Serial0/0
no ip address
shutdown
!

interface FastEthernet0/1
no ip address
duplex auto
speed auto
!
no ip forward-protocol nd
!
!
ip http server
no ip http secure-server
!
!
!
!
!
control-plane
!
!
!
line con 0
line aux 0
line vty 0 4
login
!
!
end

Config for Switch

============


Using 1829 out of 32768 bytes
!
version 12.1
no service pad
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname SWITCHa
!
enable secret 5 $1$yymb$0MAHtzrTsrJe8wIyPfKtr/
enable password cent
!
username raf password 0 csas
ip subnet-zero
!
ip domain-name cisco.com
ip ssh time-out 120
ip ssh authentication-retries 3
!
spanning-tree mode pvst
no spanning-tree optimize bpdu transmission
spanning-tree extend system-id
!
!
!
!
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/2
!

interface FastEthernet0/3
!
interface FastEthernet0/4
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security mac-address sticky 0016.360b.a1d4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport access vlan 10
switchport mode access
!
interface FastEthernet0/8
switchport access vlan 20
switchport mode access
!
interface FastEthernet0/9
!
interface FastEthernet0/10
!
interface FastEthernet0/11
!
interface FastEthernet0/12
!
interface FastEthernet0/13
!
interface FastEthernet0/14
!
interface FastEthernet0/15
!
interface FastEthernet0/16
!
interface FastEthernet0/17
!
interface FastEthernet0/18
!
interface FastEthernet0/19
!
interface FastEthernet0/20
!
interface FastEthernet0/21
!
interface FastEthernet0/22
!
interface FastEthernet0/23
!
interface FastEthernet0/24
!
interface FastEthernet0/25
!
interface FastEthernet0/26
!
interface Vlan1
ip address 20.0.1.1 255.255.255.0
no ip route-cache
!
ip http server
banner login ^CMy lab^C
!
line con 0
password 7 110A1016141D5A5E57
logging synchronous
login local
line vty 0 4
password cisco
login local
transport input telnet ssh
line vty 5 15
password cisco
login local
transport input telnet ssh
!
!
end

Output from ip route

===============

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 2 subnets
C       10.0.2.0 is directly connected, FastEthernet0/0.10
C       10.0.1.0 is directly connected, FastEthernet0/0.20

Vlan brief

=======

VLAN Name                             Status    Ports
---- -------------------------------- --------- -------------------------------
1    default                          active    Fa0/2, Fa0/3, Fa0/4, Fa0/5
                                                Fa0/6, Fa0/9, Fa0/10, Fa0/11
                                                Fa0/12, Fa0/13, Fa0/14, Fa0/15
                                                Fa0/16, Fa0/17, Fa0/18, Fa0/19
                                                Fa0/20, Fa0/21, Fa0/22, Fa0/23
                                                Fa0/24, Fa0/25, Fa0/26
10   net1                             active    Fa0/7
20   net2                             active    Fa0/8

1 Accepted Solution

Accepted Solutions

rafcisco101 wrote:

still not working, do you think there is any merit in clearing down both configs and starting again?

Might be worth a try. It's weird because your config looks fine and PC2 seems to be working okay. It is PC1 that is having issues.

If you do start over when you configure the trunk link on the 2950 can you do this -

int fa0/1

switchport mode trunk

switch trunk allowed vlan 10,20

don't bother with the native stuff i just sent when you redo the router.

I don't suppose you have a different PC you could use other than PC1 ?

Jon

View solution in original post

23 Replies 23

Jon Marshall
Hall of Fame
Hall of Fame

Can you confirm that you have correctly set the right subnet mask and default-gateway on both PCs ie. if windows can you post "ipconfig" from both PCs.

Jon

Ipconfig for PC1

============

Ethernet adapter Local Area Connection 6:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::d4eb:1232:3e15:8895%19
   IPv4 Address. . . . . . . . . . . : 10.0.2.100
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 10.0.2.2

Ipconfig for PC2

============

Ethernet adapter Local Area Connection:

   Connection-specific DNS Suffix  . :
    IP Address. . . . . . . . . . . . . .: 10.0.1.100
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 10.0.1.2

Cheers for the quick response.


Cheers for the quick response.

So

1) from PC1 can you ping 10.0.1.2

Because you can ping both PCs from the router i'm assuming there are no issues with firewalls on the pcs.

Can you also post a "sh int trunk" from the 2950 switch.

Jon

From PC1 i cannot ping 10.0.1.2, i can only ping 10.0.2.2.

From PC2 i can ping both default gateways.

Output from sh int trunk:

Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1       1-4094

Port        Vlans allowed and active in management domain
Fa0/1       1,10,20-21,23-26,28-30,41-53,72,141-153

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

With regards to firewalls, i assume that because i can ping both PC's from the router its ok.

Cheers

Raf

rafcisco101 wrote:

From PC1 i cannot ping 10.0.1.2, i can only ping 10.0.2.2.

From PC2 i can ping both default gateways.

Output from sh int trunk:

Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1       1-4094

Port        Vlans allowed and active in management domain
Fa0/1       1,10,20-21,23-26,28-30,41-53,72,141-153

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

With regards to firewalls, i assume that because i can ping both PC's from the router its ok.

Cheers

Raf

I'm wondering if it the IPv6 config on PC1 that is causing the problem. Can you disable IPv6 on that PC and try again ?

Jon

I have disabled IPv6, but to no avail. still can't ping 10.0.1.2

output from ipconfig now:

==================

Connection-specific DNS Suffix  . :
IPv4 Address. . . . . . . . . . . : 10.0.2.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.2.2

rafcisco101 wrote:

I have disabled IPv6, but to no avail. still can't ping 10.0.1.2

output from ipconfig now:

==================

Connection-specific DNS Suffix  . :
IPv4 Address. . . . . . . . . . . : 10.0.2.100
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.2.2

Can you check cabling ie.

PC1 is connected to fa0/7

PC2 is connected to fa0/8

2950 fa0/1 is connected to router fa0/0

Jon

I can check the cables, but i thought if the router can ping both PCs it should ok?

rafcisco101 wrote:

I can check the cables, but i thought if the router can ping both PCs it should ok?

Agreed but can't see a lot wrong with your config and the PC2 seems to be working correctly, the issue seems to be with PC1. The output from the "sh interface trunk" is also not quite right ie.

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       none

It should be listing vlans 10 & 20 rather than none but as it is router-on-a-stick i can't remember if this is specific to that type of configuration. Certainly with 2 switches interconnected the "none" here would be an issue.

The cabling i asked you check, are they the only connections you have in your setup ?

Can you also post "sh spanning-tree vlan 10" and "sh spanning-tree vlan 20" from the 2950.

Jon

thanks for your help so far, unfortunatly its getting late here in the uk. i will look into what you have said and get back to you in the morning, if you dont mind?

rafcisco101 wrote:

thanks for your help so far, unfortunatly its getting late here in the uk. i will look into what you have said and get back to you in the morning, if you dont mind?

No problem. I'm in the uk as well, just watching some of the winter olympics

Jon

Hi,

The cables you asked me to check are the only ones in my setup.

Below is the spanning tree output.  Any help is much appreciated.

CHeers

Raf


sh spanning-tree vlan 10

==================

VLAN0010
  Spanning tree enabled protocol ieee
  Root ID    Priority    32778
             Address     0008.2124.6cc0
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32778  (priority 32768 sys-id-ext 10)
             Address     0008.2124.6cc0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/7            Desg FWD 19        128.7    P2p

sh spanning-tree vlan 20

==================

VLAN0020
  Spanning tree enabled protocol ieee
  Root ID    Priority    32788
             Address     0008.2124.6cc0
             This bridge is the root
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec

  Bridge ID  Priority    32788  (priority 32768 sys-id-ext 20)
             Address     0008.2124.6cc0
             Hello Time   2 sec  Max Age 20 sec  Forward Delay 15 sec
             Aging Time 300

Interface        Role Sts Cost      Prio.Nbr Type
---------------- ---- --- --------- -------- --------------------------------
Fa0/1            Desg FWD 19        128.1    P2p
Fa0/8            Desg FWD 19        128.8    P2p

I tried the 'sh int trunk' command on the switch again this morning to find the output has changed from last night.  As far as i'm concerned I didn't do anything to warrant this change (other than a power down).

What the hell is going on?


Port        Mode         Encapsulation  Status        Native vlan
Fa0/1       on           802.1q         trunking      1

Port      Vlans allowed on trunk
Fa0/1       1-4094

Port        Vlans allowed and active in management domain
Fa0/1       1,10,20-21,23-26,28-30,41-53,72,141-153

Port        Vlans in spanning tree forwarding state and not pruned
Fa0/1       1,10,20-21,23-26,28-30,41-53,72,141-153

Are you still having problems pinging between the 2 PCs ?

Jon

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco