10-23-2013 11:36 PM - edited 03-07-2019 04:12 PM
Hi everyone,
This is my first time using this service so please be gentle.
I have an 871 router connected to a 2960 switch via two ports; both ports are configured as trunks.
On one of the router's trunks, I have set up subinterfaces.
My issue is - how come I can't ping across subinterfaces, or even VLANs? Any suggestions would greatly help.
Following are my router's config and CDP output for both the router and switch:
Current configuration : 6000 bytes
!
! Last configuration change at 16:08:47 C Wed Oct 23 2013 by root
! NVRAM config last updated at 14:32:14 C Fri Jul 19 2013 by root
!
version 12.4
no service pad
service timestamps debug datetime msec localtime show-timezone year
service timestamps log datetime msec localtime show-timezone year
service password-encryption
service sequence-numbers
!
hostname kai-vlan-gw
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$lcxP$E3AqTmhjOU7dVGPhEEQCN1
!
no aaa new-model
!
resource policy
!
clock timezone C 3
ip subnet-zero
ip cef
!
!
no ip bootp server
ip domain name kenyanalliance.local
ip name-server 192.168.5.1
ip multicast-routing
ip ssh time-out 60
login block-for 100 attempts 3 within 100
!
!
crypto pki trustpoint TP-self-signed-1536830124
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-1536830124
revocation-check none
rsakeypair TP-self-signed-1536830124
!
!
username root password 7 10455D485044111E1E57
!
!
class-map type port-filter match-all DHCP_Traffic
match port udp 67
class-map type port-filter match-all Telnet_Traffic
match port tcp 23
!
!
policy-map type port-filter Unnecessary_Ports
class DHCP_Traffic
drop
class Telnet_Traffic
drop
!
!
!
!
!
interface FastEthernet0
!
interface FastEthernet1
switchport mode trunk
!
interface FastEthernet2
!
interface FastEthernet3
!
interface FastEthernet4
no ip address
duplex auto
speed auto
!
interface FastEthernet4.5
encapsulation dot1Q 5
ip address 192.168.5.245 255.255.255.0
no snmp trap link-status
!
interface FastEthernet4.10
encapsulation dot1Q 10
ip address 192.168.10.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.10.250
no snmp trap link-status
!
interface FastEthernet4.11
encapsulation dot1Q 11
ip address 192.168.11.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.11.250
no snmp trap link-status
!
interface FastEthernet4.12
encapsulation dot1Q 12
ip address 192.168.12.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.12.250
no snmp trap link-status
!
interface FastEthernet4.13
encapsulation dot1Q 13
ip address 192.168.13.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.13.250
no snmp trap link-status
!
interface FastEthernet4.14
encapsulation dot1Q 14
ip address 192.168.14.254 255.255.255.0
ip helper-address 192.168.14.250
no snmp trap link-status
!
interface FastEthernet4.15
encapsulation dot1Q 15
ip address 192.168.15.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.15.250
no snmp trap link-status
!
interface FastEthernet4.16
encapsulation dot1Q 16
ip address 192.168.16.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.16.250
no snmp trap link-status
!
interface FastEthernet4.20
encapsulation dot1Q 20
ip address 192.168.20.254 255.255.255.0
ip verify unicast reverse-path
ip helper-address 192.168.20.250
no snmp trap link-status
!
interface Vlan1
ip address 10.10.10.25 255.255.255.0
ip route-cache flow
!
ip classless
ip route 0.0.0.0 0.0.0.0 192.168.5.254
ip route 172.20.20.8 255.255.255.248 192.168.5.150
ip route 172.22.254.0 255.255.255.224 192.168.20.253 name TO-AKI
ip route 192.168.0.0 255.255.255.0 192.168.5.252 name Mombasa
ip route 192.168.1.0 255.255.255.0 192.168.5.252 name Thika
ip route 192.168.18.0 255.255.255.0 192.168.5.252 name Kisumu
ip route 192.168.21.0 255.255.255.0 192.168.5.150 name Machakos
ip route 192.168.22.0 255.255.255.0 192.168.5.150 name Bunyala_Yard
ip route 192.168.23.0 255.255.255.0 192.168.5.150 name Meru
ip route 192.168.100.0 255.255.255.0 192.168.5.150
!
no ip http server
ip http authentication local
ip http secure-server
!
!
logging trap debugging
logging 192.168.20.12
access-list 100 permit ip 192.168.5.0 0.0.0.255 any
control-plane host
!
!
control-plane
!
banner exec ^C
Please be advised that you must be an administrator to proceed.
Failure to comply with this notification could lead to prosecution.
^C
banner login ^C
==============================================================
You're logging in to a restricted device. Please contact the
administrator if you need access!!
==============================================================
^C
!
line con 0
no modem enable
line aux 0
line vty 0 4
password 7 130E43435E5F073F3977
login local
transport preferred ssh
transport input ssh
!
scheduler max-task-time 5000
ntp clock-period 17174973
ntp server 128.138.141.172
end
Rouer CDP neighbors:
kai-vlan-gw#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater
Device ID Local Intrfce Holdtme Capability Platform Port ID
etsw1 Fas 1 142 S I WS-C2960-2Fas 0/23
etsw1 Fas 4 152 S I WS-C2960-2Gig 0/1
Switch CDP neighbors:
etsw1#show cdp neighbors
Capability Codes: R - Router, T - Trans Bridge, B - Source Route Bridge
S - Switch, H - Host, I - IGMP, r - Repeater, P - Phone
Device ID Local Intrfce Holdtme Capability Platform Port ID
kai-vlan-gw.kenyanalliance.local
Fas 0/23 150 R S I 871 Fas 1
kai-vlan-gw.kenyanalliance.local
Gig 0/1 156 R S I 871 Fas 4
etsw3 Gig 0/2 177 S I WS-C2960- Gig 0/2
Kenyan_Alliance_MPLS_HQ
Fas 0/7 158 R S I 871 Fas 0
Kenya_Alliance.yourdomain.com
Fas 0/13 151 R S I 1841 Fas 0/0
Kenya_Alliance_HQ
Fas 0/14 158 R S I 881 Fas 3
10-29-2013 10:12 PM
All the default gatewys for the hosts are correct; hosts in Vlan 5 have 192.168.5.245 as the default gateway. Those in Vlan 20 have 192.168.20.254.
I don't know why I suspect it's a Layer 2 issue....
10-28-2013 09:13 AM
Check to make sure all your layer 2 vlans are created on your 2960. Use the show vlan command to verify . The rest looks ok. Change your vtp mode to transparent so you can see the vlans in your config as long as you are not using vtp client/server .
10-29-2013 07:11 AM
pls share the config(all devices) to Sharonsha007@yahoo.co.in, i can help you!
11-19-2013 11:10 PM
Ping...
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide