Why can't i ping secondary from LAN but I can from WAN

Unanswered Question
Apr 26th, 2010

Tryin to set up a new network in the current LAN..using secondary IP address..currently using glbp

so 172.20.255.17 would be the GW of the device in it.


From the WAN i can hit the gw ip addres and the real ip address on g0/0...but from the directly connected switch on g0/0 i can not.



interface GigabitEthernet0/0
ip address 192.168.120.1 255.255.255.0 secondary
ip address 172.20.255.18 255.255.255.248 secondary
ip address 192.168.119.246 255.255.255.0
duplex auto
speed auto
media-type rj45
glbp 1 ip 192.168.119.247
glbp 1 ip 172.20.255.17 secondary
glbp 1 weighting track 1 decrement 100



router1#sh cdp ne
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
                  S - Switch, H - Host, I - IGMP, r - Repeater


Device ID        Local Intrfce     Holdtme    Capability  Platform  Port ID
switch1       Gig 0/0            148        R S I      WS-C4006  Fas 2/1



swtich1# sh cdp neigh det


Device ID: XR1.IAD1
Entry address(es):
  IP address: 192.168.119.246
  IP address: 192.168.120.1
  IP address: 172.20.255.18-----------------------------------------------new network
Platform: Cisco 3845,  Capabilities: Router Switch IGMP
Interface: FastEthernet2/1,  Port ID (outgoing port): GigabitEthernet0/0


switch1#sh run int fastethernet 2/1

interface FastEthernet2/1
switchport access vlan 119
qos trust dscp
end



so it looks like the switchport on the switch is configured as an accessport which is connected to the router..

is there any way to make this work without creating subinterfaces on the router gig port and trunking on the switch?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Federico Coto F... Mon, 04/26/2010 - 19:18

Hi,


You have a switch (4006) connected to Gig0/0 of the router 3845 correct?

From that switch you can PING the real IP of the Gig0/0 (192.168.119.246) but not the secondary IP (172.20.255.18) correct?


I would think that is because the 4006 does not have an IP from the 172.20.255.x subnet?

If you check the IP routing table of the 4006, which is the next-hop to reach 172.20.255.x?


Federico.

nygenxny123 Mon, 04/26/2010 - 19:36

swtich1#sh ip int br

Interface              IP-Address      OK? Method Status                Protoco

Vlan1                  unassigned      YES manual up                    up

Vlan119                192.168.119.155 YES manual up                    up

Vlan172                172.20.255.21   YES manual up                    up

GigabitEthernet1/1     unassigned      YES unset  up                    up




you are correct about being able to ping 119.246..and not the 172.20.255.17 or .18


as you can see..i do have an interface configured on that network



I looked at another router/switch on our network


and i noticed in that worknig situation...the gig interface on the switch is not configured for any vlan

however in that sitatution there are not vlans configured, everything is on vlan 1

Federico Coto F... Mon, 04/26/2010 - 19:47

The connection from the 4006 to the Gig0/0 of the 3845 is an access port on VLAN 119
The interface VLAN on 4006 that has an IP of 172.20.255.x is part of VLAN 172

I would have this scenario working with trunk on the switch and subinterfaces on the router
(why don't you want this setup)?


In terms of routing, if you do a ''sh ip route'' on the 4006, do you get a directly connected entry for
172.20.255.x through port Fas2/1?


Federico.

Federico Coto F... Mon, 04/26/2010 - 21:41

This is what I think is happening (I may be wrong ;-))


At Layer2, Switch 4006 Fas2/1 is directly connected to Router 3845 Gig0/0
When you try to PING from the 4006 to 172.20.255.128, the 4006 sends an ARP for 172.20.255.18, it will send that ARP in its broadcast domain
(VLAN 172 which is where the SVI for 172.20.255.x resides)


This broadcast is not going to be propagated out Fas2/1 (since Fas2/1 is an access port on VLAN 119)

So, if you check the ARP table on 4006, you will not get an entry for 172.20.255.18
This is why you don't get a PING to that IP from the switch.


Federico.

nygenxny123 Tue, 04/27/2010 - 11:22

when i do a show ip route


Gateway of last resort is not set

     172.20.0.0/29 is subnetted, 1 subnets
C       172.20.255.16 is directly connected, Vlan172
C    192.168.119.0/24 is directly connected, Vlan119


however when i remove the ip address from int vlan 172 on the 4006

i only get


Gateway of last resort is not set

C    192.168.119.0/24 is directly connected, Vlan119



im not sure why i would need an interface vlan configured with an IP address on it.....we have many

situation where there are no IP addresses associated with a vlan on a layer 2 switch


in any event...the gw is unpingable with or without an ip address on vlan 172

Federico Coto F... Tue, 04/27/2010 - 13:10

If you change Fas2/1 on the 4006 to be an access port on VLAN 172, you can then PING  172.20.255.x from the 4006 correct?

I think that the problem is that the only connection between 4006 and 3845 is a single physical interface Fast2/1 (which is an access port on VLAN 119)


If you configure Fas2/1 to a trunk port or access port on VLAN 172 (just to do the test), can you then PING the 172.20.255.x?


Federico.

Actions

This Discussion