09-24-2014 01:19 PM - edited 03-07-2019 08:52 PM
Hi all
Im studying for my ccna exam and i'm having problems with a basic router on a stick lab i'm trying to create, i cant ping between hosts on seperate vlans. also im able to ping from the hosts to there gateways and from the router im able to ping the host in vlan 20 but not the host in vlan 10. Here is the config.
hostname LABROUTER
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip cef
!
!
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC12414ESB
!
!
!
!
!
!
!
interface GigabitEthernet0/0
no ip address
duplex auto
speed auto
media-type rj45
!
interface GigabitEthernet0/0.1
description LINK TO LABSWITCH
encapsulation dot1Q 1 native
ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/0.10
encapsulation dot1Q 10
ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
encapsulation dot1Q 20
ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1
ip address dhcp
duplex auto
speed auto
media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
banner motd ^C ************** RESTRICED ACCESS ***************
**************** AUTHORIZED PERSONEL ONLY *********************** ^C
!
line con 0
password 7 14101B050314262433
login
line aux 0
line vty 0 4
password 7 094B470716151B1D1C
login
transport input all
line vty 5 15
password 7 110E100B1802070313
login
transport input all
!
LABROUTER#sho ip int brief
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0.1 192.168.100.1 YES manual up up
GigabitEthernet0/0.10 192.168.10.1 YES NVRAM up up
GigabitEthernet0/0.20 192.168.20.1 YES NVRAM up up
GigabitEthernet0/1 unassigned YES NVRAM up down
Gateway of last resort is not set
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L 192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L 192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.100.0/24 is directly connected, GigabitEthernet0/0.1
L 192.168.100.1/32 is directly connected, GigabitEthernet0/0.1
Switch Config
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/2
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/3
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/4
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/5
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/6
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/7
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/8
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/9
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/10
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/11
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/12
switchport access vlan 10
switchport mode access
!
interface FastEthernet1/0/13
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/14
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/15
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/16
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/17
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/18
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/19
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/20
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/21
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/22
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/23
switchport access vlan 20
switchport mode access
!
interface FastEthernet1/0/24
description LINK TO LABROUTER
switchport trunk encapsulation dot1q
switchport mode trunk
speed 100
duplex full
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
ip address 192.168.100.2 255.255.255.0
!
ip default-gateway 192.168.100.1
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts
1 default active Gi1/0/1, Gi1/0/2
10 LAB_VLAN_10 active Fa1/0/1, Fa1/0/2, Fa1/0/3
Fa1/0/4, Fa1/0/5, Fa1/0/6
Fa1/0/7, Fa1/0/8, Fa1/0/9
Fa1/0/10, Fa1/0/11, Fa1/0/12
20 LAB_VLAN_20 active Fa1/0/13, Fa1/0/14, Fa1/0/15
Fa1/0/16, Fa1/0/17, Fa1/0/18
Fa1/0/19, Fa1/0/20, Fa1/0/21
Fa1/0/22, Fa1/0/23
1002 fddi-default act/unsup
1003 token-ring-default act/unsup
1004 fddinet-default act/unsup
Vlan1 192.168.100.2 YES NVRAM up up
FastEthernet1/0/3 unassigned YES unset up up
FastEthernet1/0/15 unassigned YES unset up up
The pc address are: host in vlan 10 192.168.10.5 host in vlan 20 192.168.20.5
Any help will be grateful
Solved! Go to Solution.
09-25-2014 08:46 AM
It doesn't, as that is outbound traffic!
When pinging the host, the firewall would block the ping, by default, therefore OP needs to verify this...
Martin
09-25-2014 11:18 AM
First thing to try is to hardcode the speed/duplex on your router . you have it hardcoded on the switch side and auto on the router , this will create at the minimum a duplex mismatch and cause speed problems. Besides that I dont see anything glaring . If you are trying to ping hosts and they are windows machines you must shutoff the firewall function on the hosts or the pings will fail.
09-24-2014 01:42 PM
Just to be sure, can you post the ip configuration for a host in both vlans? (IP, MASK, Default Gateway)
Ray
09-24-2014 01:55 PM
The host in vlan 10 : 192.168.10.5
255.255.255.0
192.168.10.1
The host in vlan 20: 192.168.20.5
255.255.255.0
192.168.20.1
Thanks
Dai
09-24-2014 04:34 PM
Hmm, if you can ping the gateway for each vlan , that eliminates any firewall settings on PC.
Can you ping 192.168.100.1 from any of the hosts?
Did you add both vlans to the switch and router vlans database?
09-25-2014 08:46 AM
It doesn't, as that is outbound traffic!
When pinging the host, the firewall would block the ping, by default, therefore OP needs to verify this...
Martin
09-25-2014 09:57 AM
firewall? He is able to ping default gateway, so I don't think that is the case
09-27-2014 06:01 AM
Yes, and as I stated above, it's irrelevant.
Firewall's, by default, allow outbound communication, but block all inbound.
Martin
09-25-2014 11:20 AM
Thanks for all the help as normal i storm into the deep end and turns out the config is sound it was my firewall on the devices.
Thanks Again
Dai
09-25-2014 08:22 AM
Dont you need to define the vlans 10 and 20 then give them a gateway IP address?
Int vlan 10
ip address x.x.x.x etc
09-25-2014 11:09 AM
https://learningnetwork.cisco.com/.../Router%20on%20a%20Stick.pdf
09-25-2014 11:20 AM
No he does not , the routing is done on the router so no addressing is needed ont he switch other than the single mgmt address he has.
09-25-2014 11:24 AM
That would be the case for a layer 3 switch but not for router on a stick
09-25-2014 11:18 AM
First thing to try is to hardcode the speed/duplex on your router . you have it hardcoded on the switch side and auto on the router , this will create at the minimum a duplex mismatch and cause speed problems. Besides that I dont see anything glaring . If you are trying to ping hosts and they are windows machines you must shutoff the firewall function on the hosts or the pings will fail.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide