I have 2 vlans on a 2960 switch. I also have the encapsulation on the 2851 router. I am able to ping the other WAN site from the router but not the 2960 switch even if I source the pings from a vlan. Does anybody know why this is happening?
On the router side add this under the subinterface "encapsulation dot1Q 20 native" , on the switch side add " switchport trunk native vlan 20 " . retest .
Thank you for your reply -
I have 2 vlans on the switch. I have added your suggestions but I am still unable to ping from the switch across the network to the other side.
Just to be sure you wanted me to put the switchport trunk native vlan 20 on fa0/1 on the switch correct? What do I do with vlan 101?
Thank you for your help
That command goes on the subinterface for vlan 20 not the regular interface and nothing would change under the vlan 101 subinterface .
Thank you for your response - it worked, however now when I try to ping 10.57.0.50 which is a computer on the other end of the tunnel from my switch it does not ping, do you have any ideas why this is happening. I am able to ping the 10.57.0.50 from the router. Thank you fro your help
I would look at your nat statement which you are overloading out the external interface, looks like everything is being natted at the moment.. and not going down the tunnel.
access-list 101 permit ip 10.0.2.0 0.0.0.255 any
access-list 101 permit ip 10.0.101.0 0.0.0.255 any
try adding at the top of your acl the following two statements, and leaving in the two statements above at the bottom of your access-list 101
access-list 101 deny ip 10.0.2.0 0.0.0.255 x.x.x.x mask
access-list 101 deny ip 10.0.101.0 0.0.0.255 x.x.x.x mask
where x.x.x.x mask equals the network on the other side of the tunnel.
effectively saying dont nat anything going to the x.x.x.x mask network, but nat everything else.
hope this helps
I have added this, but it still doesn't work, is there anything else I can do?
access-list 100 deny ip 10.0.0.0 0.0.255.255 10.57.0.0 0.0.255.255
access-list 100 deny ip host 10.0.255.100 host 10.157.255.1
access-list 100 permit ip 10.0.2.0 0.0.0.255 any
access-list 100 permit ip 10.0.101.0 0.0.0.255 any
you should of applied the statements to access-list 101 not 100.
you are referencing route-map SDM_RMAP_3 in your nat overload statement, SDM_RMAP_3 matches access-list 101 not 100.
ip nat inside source route-map SDM_RMAP_3 interface GigabitEthernet0/0 overload
route-map SDM_RMAP_3 permit 1
match ip address 101
Try it again on access-list 101.
Hope this helps