Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1557
Views
0
Helpful
12
Replies

Router on a stick problem

Go to solution
daiprice5
Level 1
Level 1

‎09-24-2014 01:19 PM - edited ‎03-07-2019 08:52 PM

Hi all

Im studying for my ccna exam and i'm having problems with a basic router on a stick lab i'm trying to create, i cant ping between hosts on seperate vlans. also im able to ping from the hosts to there gateways and from the router im able to ping the host in vlan 20 but not the host in vlan 10. Here is the config.

 

hostname LABROUTER
!
boot-start-marker
boot-end-marker
!
!
enable secret 4 tnhtc92DXBhelxjYk8LWJrPV36S2i4ntXrpb4RFmfqY
!
no aaa new-model
!
dot11 syslog
ip source-route
!
!
!
ip cef
!
!
no ip domain lookup
no ipv6 cef
multilink bundle-name authenticated
!
!
!
!
voice-card 0
!
!
!
!
!
!
!
crypto pki token default removal timeout 0
!
!
!
!
license udi pid CISCO3845-MB sn FOC12414ESB
!
!
!
!
!
!
!
interface GigabitEthernet0/0
 no ip address
 duplex auto
 speed auto
 media-type rj45
!
interface GigabitEthernet0/0.1
 description LINK TO LABSWITCH
 encapsulation dot1Q 1 native
 ip address 192.168.100.1 255.255.255.0
!
interface GigabitEthernet0/0.10
 encapsulation dot1Q 10
 ip address 192.168.10.1 255.255.255.0
!
interface GigabitEthernet0/0.20
 encapsulation dot1Q 20
 ip address 192.168.20.1 255.255.255.0
!
interface GigabitEthernet0/1
 ip address dhcp
 duplex auto
 speed auto
 media-type rj45
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
!
!
mgcp profile default
!
!
!
!
banner motd ^C ************** RESTRICED ACCESS ***************
**************** AUTHORIZED PERSONEL ONLY *********************** ^C
!
line con 0
 password 7 14101B050314262433
 login
line aux 0
line vty 0 4
 password 7 094B470716151B1D1C
 login
 transport input all
line vty 5 15
 password 7 110E100B1802070313
 login
 transport input all
!

LABROUTER#sho ip int brief
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES unset  up                    up
GigabitEthernet0/0.1       192.168.100.1   YES manual up                    up
GigabitEthernet0/0.10      192.168.10.1    YES NVRAM  up                    up
GigabitEthernet0/0.20      192.168.20.1    YES NVRAM  up                    up
GigabitEthernet0/1         unassigned      YES NVRAM  up                    down

Gateway of last resort is not set

      192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.10.0/24 is directly connected, GigabitEthernet0/0.10
L        192.168.10.1/32 is directly connected, GigabitEthernet0/0.10
      192.168.20.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.20.0/24 is directly connected, GigabitEthernet0/0.20
L        192.168.20.1/32 is directly connected, GigabitEthernet0/0.20
      192.168.100.0/24 is variably subnetted, 2 subnets, 2 masks
C        192.168.100.0/24 is directly connected, GigabitEthernet0/0.1
L        192.168.100.1/32 is directly connected, GigabitEthernet0/0.1

 

Switch Config

spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
!
!
interface FastEthernet1/0/1
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/2
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/3
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/4
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/5
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/6
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/7
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/8
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/9
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/10
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/11
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/12
 switchport access vlan 10
 switchport mode access
!
interface FastEthernet1/0/13
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/14
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/15
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/16
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/17
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/18
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/19
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/20
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/21
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/22
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/23
 switchport access vlan 20
 switchport mode access
!
interface FastEthernet1/0/24
 description LINK TO LABROUTER
 switchport trunk encapsulation dot1q
 switchport mode trunk
 speed 100
 duplex full
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface Vlan1
 ip address 192.168.100.2 255.255.255.0
!
ip default-gateway 192.168.100.1
ip classless
ip http server
ip http secure-server
!
ip sla enable reaction-alerts

 

1    default                          active    Gi1/0/1, Gi1/0/2
10   LAB_VLAN_10                      active    Fa1/0/1, Fa1/0/2, Fa1/0/3
                                                Fa1/0/4, Fa1/0/5, Fa1/0/6
                                                Fa1/0/7, Fa1/0/8, Fa1/0/9
                                                Fa1/0/10, Fa1/0/11, Fa1/0/12
20   LAB_VLAN_20                      active    Fa1/0/13, Fa1/0/14, Fa1/0/15
                                                Fa1/0/16, Fa1/0/17, Fa1/0/18
                                                Fa1/0/19, Fa1/0/20, Fa1/0/21
                                                Fa1/0/22, Fa1/0/23
1002 fddi-default                     act/unsup
1003 token-ring-default               act/unsup
1004 fddinet-default                  act/unsup

Vlan1                  192.168.100.2   YES NVRAM  up                    up

FastEthernet1/0/3      unassigned      YES unset  up                    up

 

FastEthernet1/0/15     unassigned      YES unset  up                    up

 

The pc address are: host in vlan 10 192.168.10.5 host in vlan 20 192.168.20.5

 

Any help will be grateful

 

 

 

 

 

 

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Martin Carr
Level 4
Level 4
In response to rpinon

‎09-25-2014 08:46 AM

It doesn't, as that is outbound traffic!

When pinging the host, the firewall would block the ping, by default, therefore OP needs to verify this...

Martin

View solution in original post

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎09-25-2014 11:18 AM

   First thing to try is to hardcode the speed/duplex on your router . you have it hardcoded on the switch side and auto on the router , this will create at the minimum a duplex mismatch and cause speed problems.   Besides that I dont see anything glaring . If you are trying to ping hosts and they are windows machines you must shutoff the firewall function on the hosts or the pings will fail.

View solution in original post

0 Helpful
12 Replies 12

Go to solution
rpinon
Level 1
Level 1

‎09-24-2014 01:42 PM

 

  Just to be sure, can you post the ip configuration  for a host in both vlans? (IP, MASK, Default Gateway)

Ray

 

0 Helpful

Go to solution
daiprice5
Level 1
Level 1
In response to rpinon

‎09-24-2014 01:55 PM

The host in vlan 10 : 192.168.10.5

                                  255.255.255.0

                                  192.168.10.1

The host in vlan 20: 192.168.20.5

                                 255.255.255.0

                                 192.168.20.1

Thanks

Dai

0 Helpful

Go to solution
rpinon
Level 1
Level 1
In response to daiprice5

‎09-24-2014 04:34 PM

 

Hmm, if you can ping the gateway for each vlan , that eliminates any firewall settings on PC. 

Can you ping 192.168.100.1  from any of the hosts?

Did you add both vlans to the switch and router vlans database?

 

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4
In response to rpinon

‎09-25-2014 08:46 AM

It doesn't, as that is outbound traffic!

When pinging the host, the firewall would block the ping, by default, therefore OP needs to verify this...

Martin

0 Helpful

Go to solution
rpinon
Level 1
Level 1
In response to Martin Carr

‎09-25-2014 09:57 AM

firewall? He is able to ping default gateway, so I don't think that is the case

0 Helpful

Go to solution
Martin Carr
Level 4
Level 4
In response to rpinon

‎09-27-2014 06:01 AM

Yes, and as I stated above, it's irrelevant.

Firewall's, by default, allow outbound communication, but block all inbound.

Martin

 

0 Helpful

Go to solution
daiprice5
Level 1
Level 1
In response to Martin Carr

‎09-25-2014 11:20 AM

Thanks for all the help as normal i storm into the deep end and turns out the config is sound it was my firewall on the devices.

 

Thanks Again

 

Dai

0 Helpful

Go to solution
Mark Jensen
Level 1
Level 1

‎09-25-2014 08:22 AM

Dont you need to define the vlans 10 and 20 then give them a gateway IP address?

 

Int vlan 10

ip address x.x.x.x    etc

0 Helpful

Go to solution
Mark Jensen
Level 1
Level 1
In response to Mark Jensen

‎09-25-2014 11:09 AM

https://learningnetwork.cisco.com/.../Router%20on%20a%20Stick.pdf


Look at this doc.
0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni
In response to Mark Jensen

‎09-25-2014 11:20 AM

 No he does not , the routing is done on the router so no addressing is needed ont he switch other than the single mgmt address he has.

0 Helpful

Go to solution
daiprice5
Level 1
Level 1
In response to Mark Jensen

‎09-25-2014 11:24 AM

That would be the case for a layer 3 switch but not for router on a stick

0 Helpful

Go to solution
glen.grant
VIP Alumni
VIP Alumni

‎09-25-2014 11:18 AM

   First thing to try is to hardcode the speed/duplex on your router . you have it hardcoded on the switch side and auto on the router , this will create at the minimum a duplex mismatch and cause speed problems.   Besides that I dont see anything glaring . If you are trying to ping hosts and they are windows machines you must shutoff the firewall function on the hosts or the pings will fail.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card