Unable to ping the interface VLAN through a trunk, but OK on subinterface

Unanswered Question
Nov 27th, 2013
User Badges:

                   Hello,


I have a 1941 router with some interfaces VLAN. I have also a 2970 with interface VLAN.


From the 2970, I can't ping the 1941 if the IP address is on the interface VLAN.

If the IP address is on the subinterface, it is OK.


Here is a part of 1941 conf :

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

!

interface GigabitEthernet0/0.108

encapsulation dot1Q 108

no ip dhcp client request tftp-server-address

ip address 172.30.8.57 255.255.255.0

ip access-group acl-deny-dhcp in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

no cdp enable

crypto ipsec client ezvpn Vers-dCloud

!

interface Vlan100

description ### VLAN Voix Filaire ###

ip address 10.65.33.49 255.255.255.240

ip helper-address 198.19.255.21

ip helper-address 198.19.255.22

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

no autostate

crypto ipsec client ezvpn Vers-dCloud inside



On the 2970 I have this config :

interface GigabitEthernet0/21

switchport trunk encapsulation dot1q

switchport mode trunk

!

interface Vlan100

ip address 10.65.33.60 255.255.255.240

no ip route-cache

!

interface Vlan108

ip address 172.30.8.59 255.255.255.0

no ip route-cache


=> So from 2970 I can ping 172.30.8.57 which is a 1941 subinterface IP, but not 10.65.33.49 which is a interface VLAN IP.

=> On the 1941, if I put the 10.65.33.49 on the GigabitEthernet0/0.100 subinterface, it works.


Is something wrong ?


Thank you,

Clement

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
glen.grant Wed, 11/27/2013 - 05:41
User Badges:
  • Purple, 4500 points or more

  Do you have a switch card installed in the 1941 ?  Generally you only use SVI's on a router if you have an installed switchcard (hwic)  .  You then can use a SVI for routing .   If you only have a single link from the router to the 2970 then it hs to be on the subinterface to work. Are you routing on the 2970 seeing you have multiple SVI's defined on the 2970 ???  If not then you only need a single SVI defined on the 2970 to manage the switch .

Clement BONNAL Wed, 11/27/2013 - 05:57
User Badges:

Yes I have a "8 Port GE POE EHWIC Switch on Slot 0 SubSlot 1", DESCR: "8 Port GE POE EHWIC Switch"

PID: EHWIC-D-8ESG-P  on my 1941.


I agree that I only need one IP address on the 2970. But behind the 2970 I have a 2811 which is Call Manager Express, and I need to pick vlan 100 and 108 on this router.

When I saw that ping on vlan 100 was'nt OK on 2811 to 1941 through 2970, I decided to put an IP on this vlan into my 2970.


So from 2970 to 2811 it ok, but from 2970 to 1941 it's not ok.


On my 2811, IP are configured on subinterfaces :

interface FastEthernet0/0

no ip address

duplex auto

speed auto

!

interface FastEthernet0/0.100

encapsulation dot1Q 100

ip address 10.65.33.62 255.255.255.240

!

interface FastEthernet0/0.108

encapsulation dot1Q 108

ip address 172.30.8.58 255.255.255.0


So what is the solution the get connectivity on VLAN 100 ?

Jon Marshall Wed, 11/27/2013 - 06:28
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Clement


What port on the 1941 connects to the 2970 ?


Jon

Clement BONNAL Wed, 11/27/2013 - 06:29
User Badges:

It's Gig0/0

      

I did another test. I put all the SVI 100 command lines, on the Gi0/0.100 subinterface.

Now, I can ping the 1941 from 2811 through 2970.


All phones which are on my 2970 on voice vlan 100 are OK, but all phones which are connected to the 1941 EHWIC card PoE on voice vlan 100, don't have connectivity anymore.

Jon Marshall Wed, 11/27/2013 - 06:31
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Then if you want to use vlans this must be made into a trunk ie.


int gi0/0

switchport

switchport trunk encasulation dot1q

switchport mode trunk


I don't think you can do that on a inbuilt router port though ?


Edit - but you may be able to do it on one of the switch module ports.


Jon

Clement BONNAL Wed, 11/27/2013 - 06:36
User Badges:

You're right, Gi0/0 is a WAN port and does'nt support trunks, this is the reason why I implement subinterfaces.


I thinked to do a trunk with one of the switchmodule ports, but I have many phones and I lost a PoE port...

Jon Marshall Wed, 11/27/2013 - 06:50
User Badges:
  • Super Blue, 32500 points or more
  • Hall of Fame,

    Founding Member

  • Cisco Designated VIP,

    2017 LAN, WAN

Well, if the switch module ports support trunking that is the only way to do it. If you want to use gi0/0 then you will have to use subintefaces.


Jon

Clement BONNAL Wed, 11/27/2013 - 06:59
User Badges:

Ok,


So if I keep uplink on Gi0/0, is there a way to bridge subinterfaces and SVIs to keep using my PoE ports on this vlan ?


I tried ip unnumbered, here is 1941 the current conf :

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

ip unnumbered Vlan100

bridge-group 100

!

interface Vlan100

description ### VLAN Voix Filaire ###

ip address 10.65.33.49 255.255.255.240

ip helper-address 198.19.255.21

ip helper-address 198.19.255.22

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

no autostate

crypto ipsec client ezvpn Vers-dCloud inside

bridge-group 100


this output shows that vlan100 & gi0/0.100 have same IP but ping from 2970 is not OK :

GigabitEthernet0/0         unassigned      YES unset  up                    up

GigabitEthernet0/0.10      10.64.33.49     YES manual up                    up

GigabitEthernet0/0.100     10.65.33.49     YES TFTP   up                    up

GigabitEthernet0/0.101     unassigned      YES manual up                    up

GigabitEthernet0/0.108     172.30.8.57     YES manual up                    up

Vlan1                      unassigned      YES unset  administratively down down

Vlan11                     unassigned      YES unset  up                    up

Vlan100                    10.65.33.49     YES manual up                    up

Vlan101                    unassigned      YES unset  up                    up


I don't understand the method "TFTP" on my gi0/0.100 ?

Clement BONNAL Fri, 11/29/2013 - 00:15
User Badges:

Ok I found the solution!


I bridge my subif Gi0/0.100 with bridge-group 100.

I bridge the SVI vlan 100 with bridge-group 100.

I create BVI100 and do all IP config here.


At this time, layer 2 frames (ARP resolution) can pass, but not layer 3 (ping).


Last action is do ip unnumbered BVI100 on SVI and subif. The order is important, if I configure IP parameters on SVI and ip unnumbered vlan100, it doesn't work.


Here is the conf :

interface GigabitEthernet0/0

no ip address

duplex auto

speed auto

!

interface GigabitEthernet0/0.10

encapsulation dot1Q 10

ip unnumbered BVI10

bridge-group 10

!

interface GigabitEthernet0/0.100

encapsulation dot1Q 100

ip unnumbered BVI100

bridge-group 100

!

interface GigabitEthernet0/0.108

encapsulation dot1Q 108

ip unnumbered BVI108

bridge-group 108

!

interface GigabitEthernet0/0.200

encapsulation dot1Q 200

ip unnumbered BVI200

bridge-group 200

!

interface wlan-ap0

description ### Module de gestion AP WiFI ###

ip unnumbered BVI1

arp timeout 0

no mop enabled

no mop sysid

!

interface GigabitEthernet0/1

no ip address

duplex auto

speed auto

!

interface Wlan-GigabitEthernet0/0

description ### Interface interne entre AP et Router ###

switchport trunk native vlan 11

switchport mode trunk

no ip address

!

interface Vlan1

no ip address

shutdown

!

interface Vlan10

ip unnumbered BVI10

bridge-group 10

!

interface Vlan11

ip unnumbered BVI1

bridge-group 1

!

interface Vlan100

ip unnumbered BVI100

bridge-group 100

!

interface Vlan101

ip unnumbered BVI101

bridge-group 101

!

interface Vlan108

ip unnumbered BVI108

bridge-group 108

!

interface Vlan200

ip unnumbered BVI200

bridge-group 200

!

interface BVI1

description ### VLAN Data Wi-Fi ###

ip address 10.66.33.49 255.255.255.240

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

crypto ipsec client ezvpn Vers-dCloud inside

!

interface BVI10

description ### VLAN Donnees Filaire ###

ip address 10.64.33.49 255.255.255.240

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

crypto ipsec client ezvpn Vers-dCloud inside

!

interface BVI100

description ### VLAN Voix Filaire ###

ip address 10.65.33.49 255.255.255.240

ip helper-address 198.19.255.21

ip helper-address 198.19.255.22

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

crypto ipsec client ezvpn Vers-dCloud inside

!

interface BVI101

description ### VLAN Voix Wi-Fi ###

ip address 10.67.33.49 255.255.255.240

ip helper-address 198.19.255.21

ip helper-address 198.19.255.22

ip dns view-group splitdns

ip nat inside

ip virtual-reassembly in

ip tcp adjust-mss 1000

crypto ipsec client ezvpn Vers-dCloud inside

!

interface BVI108

description ### VLAN xxxxx- xxxxx###

no ip dhcp client request tftp-server-address

ip address 172.30.8.57 255.255.255.0

ip access-group acl-deny-dhcp in

no ip redirects

no ip unreachables

no ip proxy-arp

ip flow ingress

ip nat outside

ip virtual-reassembly in

crypto ipsec client ezvpn Vers-dCloud

!

interface BVI200

description ### VLAN Voix Filaire - CME ###

no ip address



And for sure, active stp and IP protocol on the bridges :

bridge 1 protocol ieee

bridge 1 route ip

bridge 10 protocol ieee

bridge 10 route ip

bridge 100 protocol ieee

bridge 100 route ip

bridge 101 protocol ieee

bridge 101 route ip

bridge 108 protocol ieee

bridge 108 route ip

bridge 200 protocol ieee

bridge 200 route ip


Thanks for your help

Actions

This Discussion