im trying to set up a new network back at the office but im having problems communicating between vlans.
i hav one router(cisco 1941) and a switch (cisco catalyst 2960g). im using the router on a stick method.
i have two vlans on the switch and i have done everything according to instructions but i still cant ping from one vlan to another. the hosts in the vlan can ping the switch, router and a;; gateways but just not other hosts.
the weird part is that the same configurations works fine in packet tracer.
here are my configurations. just check them and lemme knw where i went wrong.
Couple of things to check -
1) the clients have their default gateways set to the router subinterface IP addresses and not the vlan interface IPs on the switch
2) if 1) is correct check for firewalls on the PCs and either allow ICMP or temporarily disable to test
hi mr jon.marshal
firstly i hav set the clients with the corresponding default getway on the router subinterface. for example if a client is in vlan 10 and on the subinterface the address is 220.127.116.11, that is the one i assigned to the client
secondly i have disabled firewall on my clients. but its still not worning.
lastly it seems that from any vlan i can ping the switch and the router subinterfaces, also any client in other vlans can successfully ping the management vlan, but a client in the management vlan or any other vlan can not ping other vlans.
If from a PC in vlan 10 you can ping -
1) the vlan 10 subinterface on the router
2) the vlan 20 subinterface on the router
then it suggests routing is fine.
So can you -
1) from the router try pinging a client in any vlan and see what happens.
Also you mention a management vlan, which vlan is that ?
well, im back...
from the router i have chekced, i can ping the switch, all clients from both vlans succesfully... i just cant figure out why i cant ping from one host in a vlan to another...also how comes in PT the very same configurations and router types works just fine??
PT does not always emulate real equipment properly.
Can you -
1) remove vlan 1 off the trunk link on the switch
2) on the switch remove the vlan 20 SVI
3) post the following -
"sh int trunk" from the switch
"sh ip route" from the router
here is the output
Switch#show int trunk
Port Mode Encapsulation Status Native vlan
Gi0/1 on 802.1q trunking 30
Port Vlans allowed on trunk
Port Vlans allowed and active in management domain
Port Vlans in spanning tree forwarding state and not pruned
Router#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/1.10
L 192.168.10.1/32 is directly connected, GigabitEthernet0/1.10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet0/1.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/1.20
192.168.30.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.30.0/24 is directly connected, GigabitEthernet0/1.30
L 192.168.30.1/32 is directly connected, GigabitEthernet0/1.30
You don't need the native vlan on the trunk (which you don't have so that is good) but you also don't need a subinterface for it.
So after those changes you still cannot between vlans ?
To be honest i don't know.
Like i say if from a PC in vlan 10 you can ping both the vlan 10 subinterface and the vlan 20 subinterface on the router then it suggests routing is working.
And you can ping from the router to each PC in both vlans so that rules out firewalls.
So the only thing i can think is default gateways but you say you have set these to be the correct router subinterfaces.
Can you post a "sh vlan brief" from the switch ?
Switch#show vlan brief
Here you go
VLAN Name Status Ports
---- -------------------------------- --------- -------------------------------
1 default active Gi0/5, Gi0/6, Gi0/7, Gi0/8
Gi0/9, Gi0/10, Gi0/11, Gi0/12
Gi0/13, Gi0/14, Gi0/15, Gi0/16
Gi0/17, Gi0/18, Gi0/19, Gi0/20
Gi0/21, Gi0/22, Gi0/23, Gi0/24
10 Zimbra active Gi0/2
20 Samba active Gi0/3
30 native active Gi0/4
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
1005 trnet-default act/unsup
I can't see anything wrong with your config.
When you said in one of your posts -
also any client in other vlans can successfully ping the management vlan,
what did you mean by this ?
Right so you can -
from a PC in vlan 20 you can ping a host in vlan 10
but you can't
from a PC in vlan 10 ping a host in vlan 20
If so, can you ping the vlan 20 interface from the vlan 10 PC ?
If you can then it has to be an issue with the vlan 20 PC.
What happens if you swap the PCs around ie. change their IPs and default gateway and move them into each others ports on the switch ?
It's later over here so i'll pick this up tomorrow if no one else does.
Sorry it's taking so long to get working.